Tag Archives | proxy server settings

Removing AntiVir Solution Pro Fake Anti-virus

The only rogue I’ve been seeing this month (over and over again) is the AntiVir Solution Pro (a.k.a – Antivir Security Suite).  This rogue (fake) Anti-Virus installs itself instantly and then:

  • prevents the user from using the internet.
  • loads generic porn sites.
  • tells the user that a “key logger” may have been installed or their credit card information is being stolen or that they have dozens of viruses on their PC.
  • prevents any other .exe from opening saying that “.exe is infected”.
  • sets proxy server settings to 127.0.0.1 (localhost) and a random port which the rogue listens on.  This is so it can redirect you to a random porn site or to the rogue’s “buy me now” page.Antivir-Solution-Pro-Rogue
  • may or may not come with a “pack” of other infections such other downloaders or a rootkit (if this is a 32-bit  OS).  64-Bit OS’s may see an increase in downloaders in c:\Users\*

How To Remove AntiVir Solution Pro:

  1. Download Dr. Web’s Live CD and burn the ISO to disc.
  2. Boot from the Dr. Web Live CD.
  3. Scan the following directories (if they exist) – c:\users or c:\documents and settings and c:\windows\.  This may take about an hour to complete.  Dis-infect (cure) anything that it finds.
  4. Reboot into safemode with networking by tapping the F8 key.
  5. Now that you’re inside safemode with networking we need to turn off the proxy server settings.  Refer to this article on how to turn off proxy server settings.
  6. Download CCleaner.
  7. Run it and clean all the temporary data for the user logged on (you have to do this for each account on your computer).
  8. It’s time to load Malwarebytes.   Download the latest copy of Malwarebytes and update it.
  9. Run a Full scan with Malwarebytes (if you have the time, if not, quick scans are usually enough).  Remove anything Malwarebytes finds and reboot into normal mode.
  10. You should be all clean now.

Look for my next post which will show you how to block rogues like AntiVir Solution Pro.

Continue Reading · 26

Comodo Internet Security 3.8 Review – Usability, Detection and Removal

On Saturday I reviewed Comodo’s new Internet Security suite (version 3.8).  The review went a bit long, but lets face it, CIS 3.8 is a huge suite (and that’s a good thing).  The Comodo team made numerous enhancements to version 3.5 and released 3.8 on Feb 12th.

So, if you’re looking for an all-in-one security suite (for free!) then give Comodo a shot, because no other free security suite compares to the power, quality and support of Comodo Internet Security!

httpvh://www.youtube.com/watch?v=jDBjsiKAYaA

Below is a quote from the Comodo 3.8 release notes:

  • FIXED! Applications do not run when CIS is installed in Vista 64
  • FIXED! BSOD in Windows XP 64 when NWLink protocol is installed
  • FIXED! Defense+ conflicts with certain security applications
  • FIXED! Firewall does not filter traffic on some dialup/adsl adapters
  • FIXED! AV crashes while scanning certain files
  • FIXED! AV Exclusions do not work
  • IMPROVED! File submission engine has been redesigned

Version 3.8.64739.471 : 19th Feb, 2009

  • FIXED! AV engine crashes while scanning some files
  • FIXED! Firewall blocks all the traffic in some vista PCs when checksum verification is enabled
  • FIXED! Some applications consume 100% CPU while CIS is installed

Version 3.8.64263.468 : 12th Feb, 2009

  • NEW! COMODO Threatcast – COMODO’s community based alerts statistics
  • NEW! Native Vista Firewall – Improved Firewall with Windows Vista enhancements
  • NEW! Native Vista HIPS – Improved HIPS compatible with Windows Vista enhancements
  • NEW! Buffer Overflow Prevention – Defense+ can now detect and prevent one of the most common attacks used by attackers: shellcode injection
  • NEW! Antivirus Heuristics: The Antivirus engine now includes heuristics scanning capabilities
  • NEW! Proxy server settings for AV and program updates
  • IMPROVED! Trusted software vendor list is expanded, capable of detecting thousands of applications generically without any signatures
  • IMPROVED! Revised AV engine – AV engine scanning and updating speed increased significantly
Continue Reading · 12