The Magic Café
Username:
Password:
[ Lost Password ]
  [ Forgot Username ]
The Magic Cafe Forum Index » » Not very magical, still... » » AV Antispyware Alert pop ups (0 Likes) Printer Friendly Version

 Go to page 1~2 [Next]
RicHeka
View Profile
Inner circle
3999 Posts

Profile of RicHeka
I keep getting these AV Antispyware Alert popups...very annoying.Does anyone here know the best way to get rid of this? They even planted an icon in my tray.

Thanks for any help.

Rich
EsnRedshirt
View Profile
Special user
Newark, CA
895 Posts

Profile of EsnRedshirt
Do you have a real anti-virus program? Because it sounds like you've gotten some mal-ware installed on your system, which has turned your computer into an ad server.

If you're lucky, it's only malware. If you're unlucky, it's a root kit. (They install inside the operating system itself in such a way that they're almost impossible to remove.) You may need a good AV program- some of the more nefarious malware actively blocks attempts to download free ones like AdAware, or prevents you from taking your browser to AV sites. Good luck!
Self-proclaimed Jack-of-all-trades and google expert*.

* = Take any advice from this person with a grain of salt.
gaddy
View Profile
Inner circle
Agent of Chaos
3149 Posts

Profile of gaddy
That one sucks. I don't know how to get rid of it. Also, be careful of google searches when you're looking for a way to get rid of it, as some of those sites are actually installers of the very same mal-ware you're trying to get rid of.
*due to The Magic Cafe's editorial policies, words on this site attributed to me cannot necessarily be held to be my own.*
Payne
View Profile
Inner circle
Seattle
4572 Posts

Profile of Payne
Malware Bytes can get rid of this for you
http://www.malwarebytes.org/
"America's Foremost Satirical Magician" -- Jeff McBride.
JoeJoe
View Profile
Inner circle
Myrtle Beach
1910 Posts

Profile of JoeJoe
It sounds like you are infected with the Conflicker virus. This is the nastiest virus ever created, you don't need to click anything, open anything, nothing ... it just spreads all by itself with no human interaction what-so-ever.

It is most likely too late for anti-virus, this thing is so nasty few programs actually remove it correctly. And even the ones that do remove it don't remove it's side effects.

Don't even trust a Conflicker detection program ... of the four programs that I tested, only two actually detected it. It is mutating faster than the detection tools can keep up with.

I could be wrong ... but if I am right ... you will want to re-install Windows. Sorry.

-JoeJoe
Amazing JoeJoe on YouTube[url=https://www.youtube.com/user/AmazingJoeJoe]
JoeJoe
View Profile
Inner circle
Myrtle Beach
1910 Posts

Profile of JoeJoe
I did some research on google for you ... re-install windows, trust me. You will save yourself a lot of headaches.

I went through a couple of sites that explain how to remove the virus manually ... and ... as I suspected ... each one was slightly different. Some said remove this file, others did not. The best option is to re-install windows, as even if you stop the popups you may still have lingering side effects.

Not to mention there are mutations, thus the remove instructions you follow may not be for the version of the virus you are infected with. Compare the screen shots of these two sites and you can see how the popups have changed; an earlier version I saw just did a system popup at the task bar.

http://remove-malware.net/how-to-remove-......spyware/
http://www.411-spyware.com/av-antispyware-alert-removal



And incidentally ... the very first thing you do after you re-install, go to http://update.microsoft.com and update your windows. After you reboot, go back to http://update.microsoft.com ... and after you re-boot, go back again! Keep going back until it tells you your computer is up-to-date. If you fail to do this, you may get reinfected. The reason you have to go back is because the more recent updates can not be installed until after the earlier updates have been installed.

And don't forget to update your virus protection ... in most cases, after you reset your computer to factory settings you get a new "trial version" of your anti-virus software so you can get it all up-to-date without paying for it again.



-JoeJoe
Amazing JoeJoe on YouTube[url=https://www.youtube.com/user/AmazingJoeJoe]
Matthew W
View Profile
Inner circle
New York
2456 Posts

Profile of Matthew W
I use Spybot and Antivir. Both are free and very good. I suggest installing both, and running both often.
-Matt
balducci
View Profile
Loyal user
Canada
230 Posts

Profile of balducci
Quote:
On 2009-04-26 16:09, JoeJoe wrote:
It sounds like you are infected with the Conflicker virus.

How do you figure?

As far as I've seen and read, AV Antispyware and Conflicker are unrelated.

RicHeka, I'd go with 2 or 3 of the anti-malware packages like Malwarebytes and SUPERAntiSpyware before I even considered reinstalling the operating system.

Basic instructions for using Malwarebytes to get rid of AV AntiSpyware:

http://www.bleepingcomputer.com/virus-re......ispyware

http://www.malwarebytes.org/
Make America Great Again! - Trump in 2020 ... "We're a capitalistic society. I go into business, I don't make it, I go bankrupt. They're not going to bail me out. I've been on welfare and food stamps. Did anyone help me? No." - Craig T. Nelson, actor.
balducci
View Profile
Loyal user
Canada
230 Posts

Profile of balducci
FYI:

Are You Infected With Conficker? A Smart and Simple Test.

A common tactic used by malware is to block the infected computer from connecting to the Web sites of antivirus and security companies. Such blocks are meant to prevent you and your antivirus program from getting help in removing the infection.To solve this problem Conficker Working Group, an industry coalition formed to fight the worm.This group created a chart which can be found here. Well it is pretty simple.All you have to do is check whether you can see all the images in the chart!!

It’s a smart and near-instantaneous test that couldn’t be any easier, but keep in mind that if your computer uses a proxy server for Web traffic,you might be infected and still be able to see the images.

http://www.confickerworkinggroup.org/inf......art.html
Make America Great Again! - Trump in 2020 ... "We're a capitalistic society. I go into business, I don't make it, I go bankrupt. They're not going to bail me out. I've been on welfare and food stamps. Did anyone help me? No." - Craig T. Nelson, actor.
JoeJoe
View Profile
Inner circle
Myrtle Beach
1910 Posts

Profile of JoeJoe
Quote:
On 2009-04-26 16:38, balducci wrote:
How do you figure?

As far as I've seen and read, AV Antispyware and Conflicker are unrelated.


Because AV Antispyware blocks anti-virus sites, just like conflicker. If it is not conflicker, they used conflicker as a role model or visa-versa ... for example, they both block anti-virus sites thus the image test posted above will be an infection. And both try to get you to purchase removal software.

And removing the virus does not restore your system to the way it was before infection (ie: after removal, you still may not be able to visit anti-virus sites). Not to mention there are many variations of this virus, and removal program for one variation may not work on another variation ... and it is being updated faster than the anti-virus people can keep up, so if your infection is recent there may not even be a removal program for your particular variation of the virus.

You can spend hours and hours trying to remove this ... and still not get it removed. The best method is to reinstall, you will save yourself a lot of time and a lot of headaches - this is a very nasty virus.



Quoting from http://en.wikipedia.org/wiki/Antivirus_2009:

It can also disable real antivirus programs to protect itself from removal.

The malware can also block access to known spyware removal sites and in some instances, searching for "antivirus 2009" (or similar search terms) on a search engine will result in a blank page or an error page. Some variants will also redirect the user from the actual Google search page to a false Google search page that states that the user has a virus and should get Antivirus 2009 with a hotlink to the virus’s page.

AntiVirus2009 can also disable legitimate anti-malware programs and prevent the user from opening or re-enabling them. Antimalware applications disabled by AntiVirus2009 include McAfee, Spybot - Search & Destroy, AVG and Superantispyware.

MS Antivirus is constantly updated and re-released to prevent detection by common legitimate anti-virus scanners.





-JoeJoe
Amazing JoeJoe on YouTube[url=https://www.youtube.com/user/AmazingJoeJoe]
kcg5
View Profile
Inner circle
who wants four fried chickens and a coke
1875 Posts

Profile of kcg5
Get a mac:)
Nobody expects the spanish inquisition!!!!!



"History will be kind to me, as I intend to write it"- Sir Winston Churchill
MagicSanta
View Profile
Inner circle
Northern Nevada
5845 Posts

Profile of MagicSanta
Ohhhhh mannnnnn. A couple years ago I started getting those pop ups. I finally tried to get a download to fix it and that download completely jammed me (and I paid for it!) and made it worse. I had to pay microsoft to walk me manually through saving the computer and it took a long time but it worked. I'd like to track down the people who came up with such evil ideas.
RicHeka
View Profile
Inner circle
3999 Posts

Profile of RicHeka
Hey Guy's,thanks a million for all the information.I am a non technical person,and I have learned much from your comments.

I am going to take my computer tommorrow to The Geek Squad Service at Best Buy and let them deal with it.[I bought the computer there].


Also,I will get the best antivirus/adware/malware availabe,This is the most annoying thing I have ever encountered.

Santa,I agree,the creator of this bug is defintely due for some bad Karma...or at least a good beating.

Rich
gaddy
View Profile
Inner circle
Agent of Chaos
3149 Posts

Profile of gaddy
In a way those virii are quite amazing. Unfortunately, this is only the leading edge of the coming cyber-crime storm front...
*due to The Magic Cafe's editorial policies, words on this site attributed to me cannot necessarily be held to be my own.*
JoeJoe
View Profile
Inner circle
Myrtle Beach
1910 Posts

Profile of JoeJoe
RicHeka: if you do that, tell them you want windows re-installed - don't settle for letting them just remove the virus; these virus' dig in deep and hide well, and anything less than a re-install puts you at risk of reinfection.

It's not really hard to re-install windows, it is actually easy. Depending on who you bought your computer from you may have a "recovery CD" - just pop it in. Or you might have Windows saved on your harddrive, which you may need to press F12 when you power on your computer and follow the prompts.

It does take time - several hours, if you do it yourself don't forget to get the windows updates.



Gaddy: you are so very right. After my run in with a virus two months ago, I realize that until people start taking cybercrime seriously it is only going to get worse. Microsoft, apple, and linux all need to totally rethink computer security! Get an apple is not a suitable solution - don't forget that apple was hacked in minutes at a previous DefCon. This issue goes beyond just the operating system.



-JoeJoe
Amazing JoeJoe on YouTube[url=https://www.youtube.com/user/AmazingJoeJoe]
RicHeka
View Profile
Inner circle
3999 Posts

Profile of RicHeka
JoeJoe:I do have 4 recovery discs that the Geek Squad gave me when I purchased the Computer three years ago.

If I attempt this myself will all my files:Documents;ebooks;pictures etc. automatically be saved?

I do have 2G of stuff in storage with my Norton Security,but I dread the thought of losing files by making a mistake.Geek Squad charges $200.00[I would rather not have to pay that] when you bring your computer in for repair.

Could I just purchase another computer,for a couple of hundred more[they are so inexpensive these days],and use the Norton storage,and transfer my files to the new computer?

Thanks for your help,and everyone else too.

P.S.Balducci:I took the test and I could see all images,so according to the interpretation it's not 'conficker'.I don't really know what a proxy server is,but as far as I am aware it's just me,my cable company, and my personal computer.Thanks for that test info.

Rich
JoeJoe
View Profile
Inner circle
Myrtle Beach
1910 Posts

Profile of JoeJoe
Quote:
On 2009-04-27 04:12, RicHeka wrote:
If I attempt this myself will all my files:Documents;ebooks;pictures etc. automatically be saved?


That depends on the recovery CD ... I was able to reinstall without formatting, so I did not lose any data. I had to reinstall all my programs, but the data files themselves were all still there. In some cases, I had to hunt from them.

I would say at the very least you should pop in the recovery CD and see what comes up - you should get a menu that should enlighten you. Mine offered me an option to either install, or to format and install. I am personally not keen on geek squad ... you can find numerous complaints against them on google.

The install process itself is easy, but it is time consuming. By the time it's all said and done, you could spend a couple of hours doing this ... best option is to have something to do and keep checking in on the computer.

Also ... make sure you have a non-USB keyboard! I like a non-USB mouse as well. The reason is that your USB keyboard and mouse may not work until after Windows is installed, and you can get stuck and not be able to answer the prompts. You may not have that problem with your recovery CD, but I ended up having to purchase a cheap $10 keyboard at wal-mart to finish the job.



Quote:
I do have 2G of stuff in storage with my Norton Security,but I dread the thought of losing files by making a mistake.Geek Squad charges $200.00[I would rather not have to pay that] when you bring your computer in for repair.


Be careful with backups ... there is the risk that you have the virus in one of the files you backed up. Also be careful with USB memory cards - don't plug any USB memory cards into the computer until after you have your anti-virus protection installed and up-to-date.

I am not familiar with Norton Security, but two gigs is not that much data - you should be able to back it up easily. I would use a USB memory stick. And be careful with the USB card - if you save data from an infected computer, it could become infected and re-infect you! To prevent re-infection, turn off "auto-play" before plugging it in ... instructions found here:

http://www.howtogeek.com/howto/windows/d......-drives/




Quote:
Could I just purchase another computer,for a couple of hundred more[they are so inexpensive these days],and use the Norton storage,and transfer my files to the new computer?


You could do that, but you will still have an infected computer on your hands so you will still need to deal with the problem.

I myself have four boxes running, two linux two windows. The advantage is that if I catch a Windows virus, I still have my data on a linux computer. I have my important data on two computers, each acting as a backup for each other.



Quote:
Thanks for your help,and everyone else too.

Rich


Welcome. For me ... the worst part of the whole process was losing my browser's password file. It is a good thing sites have a "forgot your password" link. Here is a tutorial you may want to check out:

http://www.pcworld.com/article/129977/ho......_xp.html



-JoeJoe
Amazing JoeJoe on YouTube[url=https://www.youtube.com/user/AmazingJoeJoe]
JoeJoe
View Profile
Inner circle
Myrtle Beach
1910 Posts

Profile of JoeJoe
Quote:
On 2009-04-27 04:12, RicHeka wrote:
P.S.Balducci:I took the test and I could see all images,so according to the interpretation it's not 'conficker'.I don't really know what a proxy server is,but as far as I am aware it's just me,my cable company, and my personal computer.Thanks for that test info.


Then it may be a version of the virus that is not as bad as the version I was infected with; have you noticed any other problems? Like not being able to search for "av antispyware" on google? Or getting "page not found" when you click on one of the google search results?

Press CTRL-ALT-DELETE and on the tab titled "Processes" look for ava.exe ... click it once and click "End Process". That should stop the popups and give you some peace of mind while you try to figure things out.

Now you need to find the file ava.exe and delete it; that is the easy part. The hard part is finding all the files that belong to the virus and deleting them as well ... and each site I have looked at has a different list of files you need to delete.

http://www.bleepingcomputer.com/virus-re......ispyware
http://www.enigmasoftware.com/support/avantispyware-removal/
http://www.anti-spyware-101.com/remove-avantispyware

A removal program may work, but I would still re-install if it were my computer.

-JoeJoe
Amazing JoeJoe on YouTube[url=https://www.youtube.com/user/AmazingJoeJoe]
RicHeka
View Profile
Inner circle
3999 Posts

Profile of RicHeka
Hey JoeJoe,Thanks!!!I did what you said,and so far the pop ups have stopped!Also,the nasty little AV Antispy alert icon is gone from my task bar. Smile Smile

JoeJoe,Do you think I would be able to install the 4 back up discs myself with out screwing anything up?Also will all my files be saved?[that is the most important thing to me].

Man it's nice to see those pop ups gone.

Many thanks
balducci
View Profile
Loyal user
Canada
230 Posts

Profile of balducci
RicHeka, I still think you should give the anti-malware software route a go before you think about reinstalling anything. Why use a sledgehammer if the use of a tack hammer is appropriate and will suffice? I'll repeat the links I gave you a while back:

Basic instructions for using Malwarebytes to get rid of AV AntiSpyware:

http://www.bleepingcomputer.com/virus-re......ispyware

http://www.malwarebytes.org/

Use the package above, and it should remove everything automatically. Malwarebytes is simple to use and easy to install and free, so why not give it go? Download it from the second link I gave, install it, run it once, then reboot, then run it again (I only say that because evidently you've started deleting files by hand and that might have changed things up a bit).
Make America Great Again! - Trump in 2020 ... "We're a capitalistic society. I go into business, I don't make it, I go bankrupt. They're not going to bail me out. I've been on welfare and food stamps. Did anyone help me? No." - Craig T. Nelson, actor.
The Magic Cafe Forum Index » » Not very magical, still... » » AV Antispyware Alert pop ups (0 Likes)
 Go to page 1~2 [Next]
[ Top of Page ]
All content & postings Copyright © 2001-2020 Steve Brooks. All Rights Reserved.
This page was created in 0.54 seconds requiring 5 database queries.
The views and comments expressed on The Magic Café
are not necessarily those of The Magic Café, Steve Brooks, or Steve Brooks Magic.
> Privacy Statement <

ROTFL Billions and billions served! ROTFL