The last few weeks
I have worked on several computers that were blasted by the Antivirus Pro 2010 mlaware. This one is NASTY! Nothing prepares average users for this attack. Having had to work with it I am now suggesting to my clients that if they get it, they do not move the mouse, but either press the on/off switch on their computer and hold it down for 10-15 seconds until the machine turns off, or unplug it (or turn their surge protector switch off). Then call me.
The screen that comes up can be seen at
http://remove-malware.net/how-to-remove-antivirus-system-pro-rogue-anti-spyware/
Go to : http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
to obtain a useful tool.
For the rkill program, go to: BleepingComputer.com
It may look a little different each time one sees it, but notice the shield to the upper left that looks like it came from Microsoft. I have been told that either clicking the X in the upper right hand corner to close the window or (in some cases) passing the cursor arrow over it can caust it to download itself (more than once).
I removed it on a couple of computers using instructions found on the web, rkill and Malwarebytes Anti Malware and, in one ase, Spyware Doctor. In other cases when I had not been called until the client used her computer for several days after it first appeared, I had to backup her data files, use killdisk to scour the hard disk, and reinstall windows. Even doing the manual cleaning of the registry (in safe mode) did not find all the instances. It kept coming back and bringing it's cousins.
If you are my client and have this problem, please call ASAP. If you are a tech faced with this problem, at the very least disconnect from the Internet, use rkill after downloading it on another computer and putting a copy on a USB stick or CD and boot into safe mode. Then use the tooks recommended or do the manual work and try it again. If that does not work, you may have to back up data files (external hard drive), disconnect the external drive, reboot using Killdisk (get it fro the web and make a bootable CD) and scour, scour, scour. Then reinstall windows, Malwarebytes program, and maybe Spyware Doctor. Connect the external drive and test it for any instances of this nasty thing.
Finally reconnect to the Internet and see what happens. Be careful, use protection, and stay alert.
October 13, 2010 at 5:28 AM
Does a good antivirus software stop this virus. Are the people being affected by this virus unprotected?
January 5, 2011 at 3:30 PM
A good antivirus program does NOT seem to stop this. The 2011 version has popped up for me reacently on a client computer and he was running a good AV program.