Rogue.System AntiVirus 2008

Discussion in 'other anti-malware software' started by jpcummins, Jun 26, 2008.

Thread Status:
Not open for further replies.
  1. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    420
    Location:
    Terre Haute, IN
    Not sure if this is the right forum or not; if it isn't I apologize. Last night I ran SuperAntiSpyware and it detected and quarantined "Rogue.System AntiVirus 2008". It contains the following:

    C:\Program Files\SAV
    C:\Program Files\WIN32
    C:\Program Files\WIN32\0x0409.ini
    C:\Program Files\WIN32\Data.cab
    C:\Program Files\WIN32\instmsiw.exe
    C:\Program Files\WIN32\Setup.exe
    C:\Program Files\WIN32\Setup.ini
    C:\Program Files\WIN32\Symantec AntiVirus.msi
    C:\Program Files\WIN32\VDefHub.zip
    C:\Program Files\WIN32\vpremote.dat
    C:\Program Files\WIN32\VPREMOTE.exe

    Anyone ever here of this? I was wondering if I would be safe in deleting it from quarantine. I haven't noticed anything different in the way my computer acts and I have ran different security programs that have detected nothing. All replies will be appreciated and I thank you in advance.

    John
     
  2. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Dunno what's going on there as most of those entries seem related to Symantec antivirus?

    XP Antivirus 2008 and Vista Antivirus 2008 seem to be rogues of the smitfraud type.Have you ever downloaded those?
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    jpcummins,
    I could identify this one : instmsiw.exe (= FirstDefense-ISR), but only under
    C:\Program Files\FDISR\instmsiw.exe, not under C:\Program Files\WIN32\instmsiw.exe

    The file 0x0409.ini is also on my harddisk in 3 different folders :
    C:\Program Files\FDISR (= FirstDefense-ISR)
    C:\Program Files\RAXCO\PD80Install\X64 (= PerfectDisk)
    C:\Program Files\RAXCO\PD80Install\X86 (= PerfectDisk)

    C:\Program Files\WIN32\VDefHub.zip (= probably Symantec)
    C:\Program Files\WIN32\vpremote.dat (= probably Symantec)
    C:\Program Files\WIN32\VPREMOTE.exe (= probably Symantec)

    Your system is a classical mess, most probably caused, by installing and uninstalling software with leftovers.
    High time for you to find a solution to install-test-uninstall new softwares without a trace, unless you like it this way. :)
     
    Last edited: Jun 26, 2008
  4. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    420
    Location:
    Terre Haute, IN
    EricAlbert I appreciate your response to my post; however, you are way off base. I have not installed a program on my system since last year. And I take offense to you saying my system is a mess. You don't know me or anything about me or you would know I am very careful about what goes on or off my system. The only thing I have done lately is to update Adobe Flash Player and that came from the Adobe Home Page. But regardless, I do appreciate you replying. I have no doubt you are far more knowledgeable than I regarding computers. Last week SuperAntiSpyware found nothing this week it did. I was only trying to find out what "Rogue.System Antivirus 2008 was and whether or not it would be safe to delete the quarantined file.

    John
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If you can't explain how these objects got on your computer, it's still a mess.
    Don't take this personal and I don't take your remarks also not personal.
    Fix it or don't fix it. It's not my computer. :)

    EDIT:
    If your system doesn't change that much, use something like DeepFreeze and you won't have any objects-too-many anymore.
    This list might also help you in the future, not to install rogue scanners :
    http://www.malwarebytes.org/roguenet.php
     
    Last edited: Jun 26, 2008
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    I would leave them in quarantine until the SAS rep has a say.He does drop in every now and then.

    If those files belong to Symatec then it has to be a false positive.
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
  8. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Is "Program Files\Win32\" even a legit folder?
    It doesn't seem so.

    You could download "rougue removal kit" from elitekiller.com and run smitfraudfix.
     
  9. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX

    Attached Files:

  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    You are right, that doesn't seem cosher either.
     
  11. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,549
    Hi John,

    Which OS do you have?
    Do you have installed norton antivirus?

    If you use windows 98 or Me and have norton antivirus installed it's possible that they are legitimate files/forlders of your norton.
     
  12. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    420
    Location:
    Terre Haute, IN
    I would like to thank each and every one of you for your assistance. I appreciate it very much. In answer to your questions please see below:

    1. I have installed on my system Symantec Antivirus Corporate Version
    2. I have never downloaded either XP Antivirus 2008 or Vista Antivirus 2008
    3. My operating system is XP Professional (service pack 2)

    What I don't understand is why SuperAntiSpyware detected 'Rogue.System AntiVirus 2008' during a manual scan but did not detect it when it was apparently loaded on to my system.

    Be that as it may I will contact both Symantec and SuperAntiSpyware and ask their assistance.

    Again, thank you all very much.

    John
     
  13. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    In the meanwhile, why don't you ask for a second opinion from MBAM? Quick scan takes less than 5 minutes on my system.

    EDIT: does anybody else use your PC? Is there a chance that anyone else click "yes" on a popup?
     
  14. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Are you using the Pro version with real-time enabled? If not then there is your answer.:)
     
  15. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    420
    Location:
    Terre Haute, IN
    This will be my last post regarding the above title. I contacted SuperAntiSpyware and was relieved to receive the following replies from their Customer Service:

    ~Private communication removed per the TOS....Bubba~

    I wish to thank everyone for their replies to my post; for the most part the replies were helpful. I am relieved that my system is not a classical mess as one forum member suggested.

    John
     
    Last edited by a moderator: Jun 27, 2008
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That must be me, the bad guy. We are waiting until it happens again and then we spend our time again on solving it, because you didn't fix it forever, you only solved this incident.
     
  17. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Then again Erik not many people could live with your setup.
     
  18. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I wonder what is so difficult about my setup. I do normal things, nothing that requires knowledge.
     
  19. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    yes but if you install that program update when you reboot its gone.
    plus updates with reboots wont even happern.
     
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's not true I can handle any update.
     
Thread Status:
Not open for further replies.