Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AVG Free version allowing infection from Antivirus 2009

Status
Not open for further replies.
GlenJohnson

GlenJohnson

MIS
Aug 2, 2001
5,203
0
0
US
I have a friend that had Antivirus 2009. I cleaned it up, and installed AVG freebie, which is what I've used for years. Now, she called me and has the virus again. She swears she didn't open any attachments. Any ideas how she got this virus. I've never gotten a virus using the same software. Thanks. (Cleaned it up again using Malware in a matter of minutes.)


 
Sort by date Sort by votes
In my experience, infections from Antivirus 2009 come not from email attachments, but from web pages/popups. The screens are designed to mimick real Windows screens, so it's possible your friend was tricked into clicking something that was bad.

Besides AVG, make sure that the computer is up to date on Windows updates, and has the latest Java. The Secunia Online Software Inspector (OSI) is free, and tells you what vulnerabilities exist on a given computer:
 
Upvote 0 Downvote
When your friend cleaned her machine, did she turn off system restore? Most of the time people get reinfected because they don't turn off system restore. The virus will stay there.
 
Upvote 0 Downvote
GlenJohnson said:
Any ideas how she got this virus.
Click to expand...
Yes, read the following:
The typical place you’ll pick up this Trojan is on “adult” sites (which will prompt you to install a codec before you can see videos of naked scammers), on sites promoting piracy through making cracks available online as well as through third-party advertisers (on reputable sites) who will advertise this Trojan as a genuine anti-virus. Also on fake youtube sites or a couple of scammers on facebook are also promoting it (mostly users pretending to be females between the ages of 20 and 25 dressed in skimpy clothes who will then add you and send you a link to their webcam which will then contain a popup or something similar trying to sell you this crap).
Click to expand...
source: Antivirus 2009, infecting your PC … since 2008

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

How to ask a question, when posting them to a professional forum.
 
Upvote 0 Downvote
BadBigBen,

I'd be careful in bluntly recommending that is the cause. It may be a pretty big cause, but I know it's not the only source, and I actually doubt it's the "main" source.

Typically those places are where such viruses would start:
>bad web sites
>peer to peer file sharing

But then, they start spreading via:
>PING attacks
>email
>social networking
>Search Engine redirections occasionally - such as where they slip in a fake result link for a particular search query.

I've seen a few instances, myself, where I can confirm there were no P2P activities, no adult websites, etc. And I've seen confirmed instances of it coming from PING attacks as well as Facebook.

I wanted to clarify this point, b/c the OP could end up causing some undue emotional drama with their friend. I don't know them, but I know people. There are people out there who have never been exposed to such, and therefore to accuse them of it, could do so much as to cause a heart attack b/c of emotional stress.

I've had people get deeply upset when I tried to explain some dangers, and had to quickly assure them that they are fine, and likely would be - from the specifics of the discussion. [smile]

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
kjv1611 - I guess you did not read past the first part of the quote and stopped right after the ADULT part... ;-)

where it states: FAKE youtube, Facebook, third-party advertisers (on reputable sites), etc... but a PING attack, now that is a new one to me, as I did not know that ICMP could carry such luggage...

and I am quite sure that the GlenJohnson's friend (a female) did not go onto sleazy adult websites...




Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

How to ask a question, when posting them to a professional forum.
 
Upvote 0 Downvote
[BLUSH]

Yup, oops, mmm, apparently the answer is yes. I somehow missed that.

That's what I get for trying to read things quickly, and assuming I catch everything... though mind is split on too many other things to fully concentrate on one..

Yeah, all that.
[ROFL2]

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
[lol] I stopped after the first part because I was laughing my tail off. My friend is a widow in her 60's. Wonder what the grandkids are sending her? Guess I should have made that clear in the first post. Thanks.


 
Upvote 0 Downvote
I've cleaned a fair few of these infections.
Firstly i always use a program called "malwarebytes" i'm sure you are aware of this and it's excellent. I recommend installing it to a non default path and renaming the executable before you run it as some of the variants i have seen prevent it from executing by name.
Install the latest updates, scan and Remove.
One this is done ensure system restore is turned off.
Then i use 'ccleaner' to remove all the temporary folders etc....
Sometimes i even used 'combofix' as a finisher but be warned due to the nature of the program it can sometimes screw things up.

I posted this because in nearly all cases where the problem has returned is down to it not being removed fully and it then subsequently gets back into the system.
I've spent many hours trying to remove this beastie and the above steps are what i found the most effective..

Good luck!
 
Upvote 0 Downvote
Thanks, netbuster91. I've been using malwarebytes to get rid of it. I've not used ccleaner because I thought the first would get rid of all of it. I've heard of combofix, but that one makes me nervous. I'll get a copy of ccleaner and run it on her machine. Appreciate it.


 
Upvote 0 Downvote
ccleaner is a good tool to keep handy, in general. The reason it works is it cleans out temp files, which is where oftentimes many different "baddies" will hang out. [wink]

You could also try one or both of these general clean-up tools that I've used on occasion, and they both seem to actually work rather well, from my experience:

Glary Utilities

and

Iobit Advanced SystemCare Free

------------

The next 2 items are really the things I'd suggest installing after you clean your system up in order to prevent reinfection:

A good app to keep installed, and updated ever so often, to help prevent the installation of any malware:

SpywareBlaster - That one doesn't use ANY resources, as it doesn't have to actively run in your system. They do have another related tool which is more of an active scanning program, but I found, at least on a couple machines on which I tested it, that it seemed to use too many resources - for my liking.

And especially if you aren't sharing files between PCs, then this program is EXCELLENT for protection:
Online Armor - it's a firewall with built in "program guard". It's extremely powerful, yet uses very little system resources.

------------

If you REALLY want to make sure the malware is gone, do this:

[ol][li]Download DBAN.[/li]
[li]Burn the ISO image to a CD (or use the floppy or USB drive method).[/li]
[li]Back up any important data. {If you backed up your data to an attached hard drive, then once finished, shut your PC off, unplug THAT hard drive, and THEN continue to the next step.[/li]
[li]Boot from the CD you burned.[/li]
[li]Type [blue]autonuke[/blue] and walk away from the PC - it'll take typically at LEAST an hour or two, and can sometimes take more than a full day - normally, it seems to complete within a couple hours[/li]
[li]Reinstall Windows from scratch[/li]
[li]Be sure Windows is up do date[/li]
[li]Install your security apps - your choice from what you have tried, what's listed here in this thread, etc.[/li]
[li]AFTER all of that, shut down the PC and reconnect the hard drive you used to back-up your data (if it was on an attached hard drive), restart Windows... Or if you just backed up to a Thumb/Flash drive or CD/DVD or something, you can connect/insert that now.[/li]
[li]Before copying your backed up data back to the preferred location(s), I'd suggest scanning all those files with at least 2 scanners to be sure that is clean as well, since it wouldn't be all that difficult for a virus to have copied itself to your "My Documents" or "Favorites" for instance.[/LI]
[li]Once you verify your data is clean, you can copy it back in place.[/li][/ol]


If you have the time to do so, a reinstall is generally the best option once you've been infected. And besides that, you do get performance benefits, usually, as you by default clear out any temp files and/or system changes that could be hindering your system even w/o a virus. [smile]

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
64
Henry Pence
Henry Pence
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
173
ChrisHirst
ChrisHirst
1DMF
  • Locked
  • Question
AVAST latest free version causing nothing but problems 2
2
Replies
20
Views
167
1DMF
1DMF
xit
  • Locked
  • News
New beta product from Malwarebytes 1
Replies
4
Views
70
kjv1611
kjv1611
Sentrif
  • Locked
  • Question
New laptop win7, antivirus needed 2
2
Replies
21
Views
153
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top