Last week, BleepingComputer.com reported on how to remove a new variant of an old scareware. This new nasty, known most commonly as Antivirus2010 or Anti-Virus-1, points you to spoofed versions of Download.com, ZDNet, PCMag.com, and other software sites, demanding that you download their program to clean your computer. Of course, it does nothing of the sort, merely perpetuating the infection.
Antivirus2010, Anti-Virus-1, and other variants of the AntivirusXP infection have never been hosted on Download.com.
(Credit: Seth Rosenblatt/CNET Networks)However, the manner and methods Anti-Virus-1 uses to get you there are extremely clever. The infection part of the malware does whatever it's been designed to do, so you can see that you've been infected with malware. What you don't realize at this point is that it's hacked your hosts file, too, so that when you go to a software site you don't ever make it to the site you're trying to get to.
You wind up on a skinned Web site that looks like the site you're expecting, but isn't. With the Download.com spoof, you can see that they're using our old design, which CNET abandoned last summer. Clicking on any link besides the download button will take you to the same page that the legitimate site would've taken you to. Hit the download button, though, and you get their fake malware remover, which in fact does the opposite, perpetuating the infection.
Removing the infection is tricky because of the differences between the variants. Some people have complained that they get locked out of their Task Manager, for example, but not all reports include that complaint. The fix that I cited for Antivirus XP 2008 may work, but users who have Windows XP Home Edition don't have a gpedit.msc. Home Edition users will have to edit their Registry directly.
Malwarebytes' Anti-Malware has proven to be one of the few malware killers that can effectively remove Antivirus XP 2008 and its variants, and it should work against the latest ones, too. The First Look video of Malwarebytes' Anti-Malware on the right will help you get started with the program.
Keep in mind that there is no substitute for cautious browsing. Don't install every Facebook app that comes your way, don't click on ads on unfamiliar sites or sites that are known vectors for attacks, and don't install software from anybody that's not a vouchsafed source.
I've pasted below the entire list from BleepingComputer of changes to your hosts file for your edification. Be warned that it may change as variants are developed.
O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.comO1 - Hosts: 217.20.175.74 review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 a1.review.zdnet.com
O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com
O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 www.reviews.download.com
O1 - Hosts: 217.20.175.74 reviews.download.com
O1 - Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk
O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.pcmag.com
O1 - Hosts: 217.20.175.74 reviews.pcmag.com
O1 - Hosts: 217.20.175.74 www.reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.reevoo.com
O1 - Hosts: 217.20.175.74 reviews.reevoo.com
O1 - Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.techradar.com
O1 - Hosts: 217.20.175.74 reviews.techradar.com
(Via Ars Technica)
Easy on your RAM and able to complete a Quick Scan in around 8 minutes, Malwarebytes' Anti-Malware wouldn't be as impressive if it didn't do its job well. Fortunately, it does.
The app has some nice features, too. It supports multiple- and networked-drive scanning, context menu options, including a scan-on-demand for individual files, and a FileAssassin for killing locked files.
Malwarebytes Anti-Malware is a surprisingly effective antimalware tool. And, for what it's worth, it's mighty popular. It's a relatively speedy malware remover, with the quick scan taking about 10 minutes. The heuristics engine proved on multiple computers during empirical testing that it was capable of determining the difference between false positives and dangerous apps.
The app has some nice features rolled in, too. It supports multiple drive scanning, context menu options including a scan-on-demand for individual files, and the FileAssassin option under the More Tools section for removing locked files. This can help remove malware files that are so insidious that you can't delete them merely by hitting the Delete key.
The interface is simple, but pleasant-looking and well-organized. Tabs live just below the oversized logo, with few options per tab to keep down the clutter. The installation process was fast enough, but interestingly offered up the well-kept changelog and an instant definition file update. Do note that the real-time protection is restricted to the paid version, as is the scheduler for updates and scans. Overall, though, Malwarebytes Anti-Malware is a responsive malware remover that does what it should with a minimum of fuss.
I just took a look at Malwarebytes Anti-Malware, and it's a worthwhile security application. Some users and reviewers even think it's the best free malicious-software-only engine out there, and it's true that it has a lot going for it.
The basic interface is uncluttered and easy to navigate.
(Credit: Malwarebytes)Surprisingly effective, it's a relatively speedy malicious software remover, with the quick scan taking about 10 minutes. The heuristics engine proved on multiple computers during empirical testing that it was capable of determining the difference between false positives and threatening dangers.
Notably, Malwarebytes was one of the few malicious software removal tools that proved useful to many people in removing the Antivirus XP 2008 spyware.
The application has some nice features rolled in, too. It supports multiple drive scanning, context menu options including a scan-on-demand for individual files, and the FileAssassin option under the More Tools section for removing locked files. Testing them engendered no problems. Single-serving size file testing saw the program load fast, although I wasn't able to test the FileAssassin because I lacked a locked file.
The interface is simple, but pleasant-looking and well organized. Tabs live just below the oversized logo, with few options per tab to keep down the clutter. The installation process was fast enough, even with an instant definition file update. It interestingly offered a well-maintained change log, which was informative if not overly useful.
Like many programs these days, the freeware version can be upgraded for a fee to include more features. In this case, the $24.95 price gets you a lifelong access code to turn on real-time protection and a scheduler for updates and scans. If Malwarebytes is used as a strong second to your rolled-into-one antivirus and malicious software removal engine such as Antivir or AVG, you probably won't miss much from the paid edition. Overall, Malwarebytes Anti-Malware is a responsive malicious software remover that does what it should with a minimum of fuss.
- prev
- 1
- next
