Scots Taffer on 14/8/2010 at 01:36
Hey,
I returned away from 3 weeks on holiday and within an evening my computer was plagued with something called the Antivir virus which fakes an antivirus program and hijacks all your processes so that you can't kill or quit etc unless in Safe Mode.
I had been running AVG Free for some time without incident. I haven't been at any dodgy websites (honest!) nor opened any suspect attachments.
Anyway, long story short, I went into safe mode, restored to a prior point, which seemed to solve the immediate hijacking issue. It came back fairly shortly after and I repeated the process, and then I installed Avast (which didn't work?), Avira (which did and does), Spybot S&D, which found some innocuous stuff (no majors) and quarantined it.
Anyway, after a week or so it looks like it's coming back - the early warning sign is that I get these "failure to launch Java virtual machine" pop-up messages that only appear when the computer is idle and disappear as soon as I touch keyboard/mouse. This happened just prior to last time the Antivir program hijacked everything.
Advice?
Am I fucked?
I guess we'll see if it crops up full force again but scans are finding nothing. I just reran updated Avira, Anti-Malware etc.
Mortal Monkey on 14/8/2010 at 02:12
You might have gotten hit by a (
http://support.microsoft.com/kb/2219475) Microsoft Help Centre exploit. The vulnerability hadn't been published long before the exploits started appearing. They were even on fairly reputable sites that I visited, probably came with a banner ad.
Microsoft eventually patched it, so you won't get it again if you have the latest updates. You may or may not be fucked depending on what the malware broke or installed though.
If you decide to nuke it from orbit with a reformat, I can recommend getting Comodo Personal Firewall for next time. It nags you a lot, but it stopped that exploit dead in its tracks. Also, (
http://ninite.com/) this site supposedly lets you install a bunch of stuff all in one go.
Renzatic on 14/8/2010 at 02:43
I've removed about 50 billion trillion of these things over the last couple of years. Except for one occasion, they're fairly easy to get rid of. First thing you should do is get Malwarebytes. Run it in safe mode and see what it finds. Usually that'll be enough to kill it off. But if you want to be extra sure, you always have...
(
http://www.bleepingcomputer.com/virus-removal/remove-antivir) Bleeping Computer to fall back on. This link will tell you where all the bits and pieces of Antivir is hiding on your computer, along with all the registry entries and other miscellaneous details.
Have a ball, man. :P
Scots Taffer on 19/8/2010 at 03:44
Well... it's been days now since I started this thread and the java virtual machine error persists in isolation with no further signs of infection. This, of course, should not be taken as a sign of confidence.
I'm wondering if I should pre-empt the virus and simply remove everything anyway, clean install...
Just thought I'd let you guys know that nothing's come a cropper yet.
N'Al on 19/8/2010 at 10:55
I recently had the same problem (Antivir) on my desktop too. Right old PITA.
Not sure whether your Java virtual machine issue is linked to this, but you should definitely follow the Bleeping Computer uninstall instructions Renz linked to, if you haven't already. That seems to have cleaned up my computer completely.
