Tag Archives | Proxy server

Removing AntiVir Solution Pro Fake Anti-virus

The only rogue I’ve been seeing this month (over and over again) is the AntiVir Solution Pro (a.k.a – Antivir Security Suite).  This rogue (fake) Anti-Virus installs itself instantly and then:

  • prevents the user from using the internet.
  • loads generic porn sites.
  • tells the user that a “key logger” may have been installed or their credit card information is being stolen or that they have dozens of viruses on their PC.
  • prevents any other .exe from opening saying that “.exe is infected”.
  • sets proxy server settings to (localhost) and a random port which the rogue listens on.  This is so it can redirect you to a random porn site or to the rogue’s “buy me now” page.Antivir-Solution-Pro-Rogue
  • may or may not come with a “pack” of other infections such other downloaders or a rootkit (if this is a 32-bit  OS).  64-Bit OS’s may see an increase in downloaders in c:\Users\*

How To Remove AntiVir Solution Pro:

  1. Download Dr. Web’s Live CD and burn the ISO to disc.
  2. Boot from the Dr. Web Live CD.
  3. Scan the following directories (if they exist) – c:\users or c:\documents and settings and c:\windows\.  This may take about an hour to complete.  Dis-infect (cure) anything that it finds.
  4. Reboot into safemode with networking by tapping the F8 key.
  5. Now that you’re inside safemode with networking we need to turn off the proxy server settings.  Refer to this article on how to turn off proxy server settings.
  6. Download CCleaner.
  7. Run it and clean all the temporary data for the user logged on (you have to do this for each account on your computer).
  8. It’s time to load Malwarebytes.   Download the latest copy of Malwarebytes and update it.
  9. Run a Full scan with Malwarebytes (if you have the time, if not, quick scans are usually enough).  Remove anything Malwarebytes finds and reboot into normal mode.
  10. You should be all clean now.

Look for my next post which will show you how to block rogues like AntiVir Solution Pro.

Continue Reading · 26

Can’t Access The Internet After Removing A Rogue?

The latest generation of Rogue Anti-Virus changes your internet connection settings, specifically the proxy settings.  On an infected PC all traffic is routed through a local proxy on your pc (which is malware based).  Currently these settings are usually:

The is your PC and the 5555 is an open port on your pc listening for instructions (and possibly capturing traffic).  Why do the rogues do this?  To intercept ALL internet activity initiated by you (no matter if you’re using IE, FireFox or Chrome).

Once you remove the rogue the proxy settings stay in place and that means you can’t get to the internet.  Fixing this is really easy.

  1. Open Internet Explorer
  2. Click Tools
  3. Internet Options
  4. Connections
  5. Click Lan Settings
  6. Uncheck the first proxy server setting
  7. Click OK twice.

You should be able to get on the internet with any browser now.

Continue Reading · 18

Comodo Internet Security 3.8 Released!

One of the best internet security suites (Comodo Internet Security) just got a few major upgrades! …and Yes, I’m preparing a full review on install, config, detection, removal and prevention.  I have a newly infected machine, so CIS 3.8 will be going up threats that are about 2 weeks old (at most).

Comodo Firewall Pro – Release Notes
Version 3.8.64263.468 : 12th Feb, 2009

* NEW! COMODO Threatcast – COMODO’s community based alerts statistics
* NEW! Native Vista Firewall – Improved Firewall with Windows Vista enhancements
* NEW! Native Vista HIPS – Improved HIPS compatible with Windows Vista enhancements
* NEW! Buffer Overflow Prevention – Defense+ can now detect and prevent one of the most common attacks used by attackers: shellcode injection
* NEW! Antivirus Heuristics: The Antivirus engine now includes heuristics scanning capabilities
* NEW! Proxy server settings for AV and program updates
* IMPROVED! Trusted software vendor list is expanded, capable of detecting thousands of applications generically without any signatures
* IMPROVED! Revised AV engine – AV engine scanning and updating speed increased significantly
* IMPROVED! File submission engine has been redesigned

Continue Reading · 14