Public Service Announcement:

A rogue antivirus program called Antispyware Soft appears to have (re)erupted in April and can get on your machine* even if you have genuine anti-virus software running (as I do: AVG on XP machine). From bleepingcomputer.com:

Once installed, Antivirus Soft will be configured to start automatically when Windows starts. Once running it will scan your computer and display numerous infections, but will state it will not remove them until you purchase the program. In reality, the infected files it detects are all fake and do not actually exist on your computer.

This program also uses aggressive techniques to protect itself from being removed by anti-malware programs. When the Antivirus Soft process is running it will close almost any running program while falsely stating that they are infected. Antivirus Soft will also change the Proxy settings in Internet Explorer so that you cannot browse to any web site other than the site for Antivirus Soft so that you can purchase the program. It does this so that you cannot browse the web to find removal guides or download software that will help you remove the infection. Using these two methods, the program essentially ransoms the normal use of your computer until you purchase the program or use the guide below to remove the infection.

(watch video here)

I advise that, as a defensive mechanism, you download Malwarebytes Anti-Malware module now, so that you can run it (in SAFE MODE) if you get infected. Also, you should run MSIE and under Tools/Connections/LAN uncheck the USE PROXY setting, which is part of the take-over.

* when I got infected, it was not from suspect websites (e.g. adult or gaming oriented - which is often a source). I was using the FireFox browser (v 3.0) while reading the usual political/financial blogs that many of us visit: Salon, Calculated Risk, Kevin Drum. Although it's possible (?) the infection came from an MP3 podcast from a legit radio station.


posted by Quiddity at 4/25/2010 03:04:00 AM