Rogue.System AntiVirus 2008

Not sure if this is the right forum or not; if it isn't I apologize. Last night I ran SuperAntiSpyware and it detected and quarantined "Rogue.System AntiVirus 2008". It contains the following:

C:\Program Files\SAV
C:\Program Files\WIN32
C:\Program Files\WIN32\0x0409.ini
C:\Program Files\WIN32\Data.cab
C:\Program Files\WIN32\instmsiw.exe
C:\Program Files\WIN32\Setup.exe
C:\Program Files\WIN32\Setup.ini
C:\Program Files\WIN32\Symantec AntiVirus.msi
C:\Program Files\WIN32\VDefHub.zip
C:\Program Files\WIN32\vpremote.dat
C:\Program Files\WIN32\VPREMOTE.exe

Anyone ever here of this? I was wondering if I would be safe in deleting it from quarantine. I haven't noticed anything different in the way my computer acts and I have ran different security programs that have detected nothing. All replies will be appreciated and I thank you in advance.

John

 

Dunno what's going on there as most of those entries seem related to Symantec antivirus?

XP Antivirus 2008 and Vista Antivirus 2008 seem to be rogues of the smitfraud type.Have you ever downloaded those?

 

jpcummins,
I could identify this one : instmsiw.exe (= FirstDefense-ISR), but only under
C:\Program Files\FDISR\instmsiw.exe, not under C:\Program Files\WIN32\instmsiw.exe

The file 0x0409.ini is also on my harddisk in 3 different folders :
C:\Program Files\FDISR (= FirstDefense-ISR)
C:\Program Files\RAXCO\PD80Install\X64 (= PerfectDisk)
C:\Program Files\RAXCO\PD80Install\X86 (= PerfectDisk)

C:\Program Files\WIN32\VDefHub.zip (= probably Symantec)
C:\Program Files\WIN32\vpremote.dat (= probably Symantec)
C:\Program Files\WIN32\VPREMOTE.exe (= probably Symantec)

Your system is a classical mess, most probably caused, by installing and uninstalling software with leftovers.
High time for you to find a solution to install-test-uninstall new softwares without a trace, unless you like it this way.

 

EricAlbert I appreciate your response to my post; however, you are way off base. I have not installed a program on my system since last year. And I take offense to you saying my system is a mess. You don't know me or anything about me or you would know I am very careful about what goes on or off my system. The only thing I have done lately is to update Adobe Flash Player and that came from the Adobe Home Page. But regardless, I do appreciate you replying. I have no doubt you are far more knowledgeable than I regarding computers. Last week SuperAntiSpyware found nothing this week it did. I was only trying to find out what "Rogue.System Antivirus 2008 was and whether or not it would be safe to delete the quarantined file.

John

 

If you can't explain how these objects got on your computer, it's still a mess.
Don't take this personal and I don't take your remarks also not personal.
Fix it or don't fix it. It's not my computer.

EDIT:
If your system doesn't change that much, use something like DeepFreeze and you won't have any objects-too-many anymore.
This list might also help you in the future, not to install rogue scanners :
http://www.malwarebytes.org/roguenet.php

 

I would leave them in quarantine until the SAS rep has a say.He does drop in every now and then.

If those files belong to Symatec then it has to be a false positive.

 

This scanner might remove rogue software or rogue objects :
http://www.malwarebytes.org/rogueremover.php

 

Is "Program Files\Win32\" even a legit folder?
It doesn't seem so.

You could download "rougue removal kit" from elitekiller.com and run smitfraudfix.

 

System Antivirus is a new clone of XPAntivirus, and without a doubt it is rogue.

http://www.malwarebytes.org/malwarenet.php?name=Rogue.SystemAntivirus2008

 

You are right, that doesn't seem cosher either.

 

Hi John,

Which OS do you have?
Do you have installed norton antivirus?

If you use windows 98 or Me and have norton antivirus installed it's possible that they are legitimate files/forlders of your norton.

 

I would like to thank each and every one of you for your assistance. I appreciate it very much. In answer to your questions please see below:

1. I have installed on my system Symantec Antivirus Corporate Version
2. I have never downloaded either XP Antivirus 2008 or Vista Antivirus 2008
3. My operating system is XP Professional (service pack 2)

What I don't understand is why SuperAntiSpyware detected 'Rogue.System AntiVirus 2008' during a manual scan but did not detect it when it was apparently loaded on to my system.

Be that as it may I will contact both Symantec and SuperAntiSpyware and ask their assistance.

Again, thank you all very much.

John

 

In the meanwhile, why don't you ask for a second opinion from MBAM? Quick scan takes less than 5 minutes on my system.

EDIT: does anybody else use your PC? Is there a chance that anyone else click "yes" on a popup?

 

Are you using the Pro version with real-time enabled? If not then there is your answer.

 

This will be my last post regarding the above title. I contacted SuperAntiSpyware and was relieved to receive the following replies from their Customer Service:

~Private communication removed per the TOS....Bubba~

I wish to thank everyone for their replies to my post; for the most part the replies were helpful. I am relieved that my system is not a classical mess as one forum member suggested.

John

 

That must be me, the bad guy. We are waiting until it happens again and then we spend our time again on solving it, because you didn't fix it forever, you only solved this incident.

 

Then again Erik not many people could live with your setup.

 

I wonder what is so difficult about my setup. I do normal things, nothing that requires knowledge.

 

yes but if you install that program update when you reboot its gone.
plus updates with reboots wont even happern.

 

That's not true I can handle any update.