Tag Archives | security suite

Removing AntiVir Solution Pro Fake Anti-virus

The only rogue I’ve been seeing this month (over and over again) is the AntiVir Solution Pro (a.k.a – Antivir Security Suite).  This rogue (fake) Anti-Virus installs itself instantly and then:

  • prevents the user from using the internet.
  • loads generic porn sites.
  • tells the user that a “key logger” may have been installed or their credit card information is being stolen or that they have dozens of viruses on their PC.
  • prevents any other .exe from opening saying that “.exe is infected”.
  • sets proxy server settings to 127.0.0.1 (localhost) and a random port which the rogue listens on.  This is so it can redirect you to a random porn site or to the rogue’s “buy me now” page.Antivir-Solution-Pro-Rogue
  • may or may not come with a “pack” of other infections such other downloaders or a rootkit (if this is a 32-bit  OS).  64-Bit OS’s may see an increase in downloaders in c:\Users\*

How To Remove AntiVir Solution Pro:

  1. Download Dr. Web’s Live CD and burn the ISO to disc.
  2. Boot from the Dr. Web Live CD.
  3. Scan the following directories (if they exist) – c:\users or c:\documents and settings and c:\windows\.  This may take about an hour to complete.  Dis-infect (cure) anything that it finds.
  4. Reboot into safemode with networking by tapping the F8 key.
  5. Now that you’re inside safemode with networking we need to turn off the proxy server settings.  Refer to this article on how to turn off proxy server settings.
  6. Download CCleaner.
  7. Run it and clean all the temporary data for the user logged on (you have to do this for each account on your computer).
  8. It’s time to load Malwarebytes.   Download the latest copy of Malwarebytes and update it.
  9. Run a Full scan with Malwarebytes (if you have the time, if not, quick scans are usually enough).  Remove anything Malwarebytes finds and reboot into normal mode.
  10. You should be all clean now.

Look for my next post which will show you how to block rogues like AntiVir Solution Pro.

Continue Reading · 26

Windows Security Suite Rogue

Well, I figured I’d see a rogue that is pretending to be Microsoft Security Essentials and here it is. Windows Security Suite is a fake antivirus (rogue) that really registers itself (as an antivirus) in the Microsoft Security Center (first time I’ve seen that). This rogue terminates every user spawned exe except of course for itself. This is pretty bad. If a user wants their computer back they MUST purchase the fake antivirus or have their computer cleaned by a professional.

I removed this rogue along with 8 rootkits via bootable antimalware (UBCD4WIN).

Continue Reading · 24

HIPS products that you probably haven’t heard of…

One of my subscribers on YouTube  (1oxo1) left me a list of HIPS applications that I had barely heard of to tell ya the truth, so I wanted to share them with everyone.

BufferZone SAE/Home/Pro – http://www.trustware.com
GreenBorder – http://greenborder.com/
Virtual Sandbox -http://www.fortresgrand.com/products/vsb/vsb.htm
VELite – http://www.secureol.com
SandBoxie – http://www.sandboxie.com/
RunSafe – http://www.runsafe.com/
1-Defender – http://amustsoft.com/1-defender
Privacyware Dynamic Security Agent – http://www.privacyware.com
All-Seeing-Eyes – http://www.fortego.com/ase
Ghost Security Suite – http://www.ghostsecurity.com
Process guard – http://www.diamondcs.com.au/processguard
System safety monitor – http://syssafety.com/
winpooch – http://sourceforge.net/projects/winpooch
winpatrol- http://www.winpatrol.com
Safe’n’Sec– http://www.safensoft.com
Cyberhawk — http://www.novatix.com/cyberhawk
eeye — http://www.eeye.com/html/products/blink/personal/index.html
Prevx-1 — http://www.prevx.com
Parador – http://www.e-securion.com
SafeSystem – http://www.gemiscorp.com/english/main.html
EQSecure – http://www.eqspywatch.com/

Continue Reading · 16