TechnologyTell

Shields Up!:Vista Internet Security 2010

Sections: Columns, Computers, Features, Originals, Security

55
Print Friendly

Internet Security 2010 Late Sunday night my husband was working on his blog when he decided to check out one of his trackbacks. Bad idea. He was immediately redirected to a fake anti-virus site and even though he knows not to click on anything and shut the browser down via Task Manager, somehow the program, called Vista Internet Security 2010 installed itself anyway! He was immediately tormented by pop up after pop up with dire warnings like:

System warning!
Intercepting programs that may compromise your privacy and harm your system has been detected on your PC. It’s highly recommended you scan your PC right now.

and

System warning!
Continue working in unprotected mode is very dangerous. Virus can damage your confidential data and work on your computer. Click here to protect your computer.

All fake of course. A fake version of the Windows Security Center opened up as well, and it claimed that his anti-virus and firewall were nowhere to be found. The infection happened about 11pm and it took me until 8am to finally get him back to a clean system. This rogue anti-virus is particularly nasty and frightening too. Here’s why:

  1. Our firewall didn’t stop it and neither AVG nor Malwarebytes detected it when I ran scans with each of them. They are both fully updated so this means either this rouge so new the anti-virus programs haven’t caught up with it yet, or it is able to avoid detection/disable anti-virus programs.
  2. It completely disabled Windows Security Center. Even when I went to Control Panel and launched it there, it presented me with the fake one.
  3. It dropped a nasty Trojan that inserts a browser hijack into every browser it finds installed on the system. The hijack throws up a fake warning that the site you are accessing is infected and keeps redirecting you to scam sites.
  4. It also dropped a keylogger-not the fake one it claims Firefox is infected with, but a real one. For those not familiar with the term, a keylogger is a malicious program that records everything typed into a computer, saves that info, and sends it off to the hackers. So if you have a keylogger installed and log into say, Paypal or your bank, the hacker gets your login and password.

So how did I clean up the mess? Well since neither MalwareBytes or AVG was able to detect the malicious files, first I went to my computer and downloaded Malwarebytes to a flash drive and tried to run it on the infected system. No dice. I then opened the Windows Registry and tried to delete the files it had placed there but I was denied access. Finally I fought through the redirects, went to TrendMicro’s site and used their HouseCall scanner. I did two full scans and it found all the nasty files and deleted them. Once the system was clean I ran a Hijack This log to make sure no rogue files were lurking around plus another virus scan. Once I was confident the system had been cleared, I had my husband change the password to every site, service and forum he’s registered with.

If you find yourself redirected to a fake anti-virus site, shutting down the browser via Task Manager may not be enough. If it’s not the first thing to do is disconnect any other computers from your network, if you have one. This will keep all them from getting infected if the rouge anti-virus happens to be network aware. If your anti-virus software didn’t catch the infection, it’s probably been disabled or the variant is so new the anti-virus companies haven’t caught up yet. It is possible to manually delete some of these rouge anti-virus programs but if you get an access denied or you don’t feel comfortable messing with your registry (if you don’t know what you’re doing you can render your entire computer inoperable!) try using another computer to download an antivirus program to a flash drive or use an online scanner like HouseCall.

How do you prevent infections in the first place? Think before clicking on any link. If it’s got gibberish in it, came in an email from a stranger or from a friend but with no explanation, delete it. When dealing with URL shortened links like bit.ly, don’t click unless you know and trust the source completely. Never ever click on a banner ad or pop up that warns you your system is infected, and always keeps your anti-virus program updated and your firewall on. It’s not fool proof but following these steps will help significantly reduce your chances of getting infected.

55
Print Friendly
  • Mike Duncan

    I read with great interest your article on Vista Internet Security 2010.

    It's a bug with many variants that we've been fighting for a while now. Our new portable scanner is the tool for that job. As you pointed out, some of the other tools won't run remotely, but our portable has an up-to-date definition database and will run from a USB without software installation or internet access on the infected PC.

    You can access it here: http://www.superantispyware.com/portable

    It's free!

    I'm happy to help in any way, and thank you again for the good advice you provide to computer users. It's very much appreciated.

    Mike Duncan
    SUPERAntiSpyware

  • Daniel

    Hi,
    Can't thank you enough for posting this.
    My version looked slightly different but I had the exact same problem.

    It was an extremely good job :S, it looked entirely genuine (apart from a later notice of a grammar mistake :P). A number of other sites had suggested various programs to download, however like you said, the program had hijacked internet explorer 8 and attempts to navigate away from a "warning" page were of no use.

    Thanks Mike for the great program, I could download it onto a USB and run it from its original location, on the infected computer without installing anything onto the start menu or program files. The software saves itself as a random generated filename, so the virus doesn't pick up the software.

    Thankyou sooo much Sue, and Mike.
    Your information was very much appreciated!

  • Kelsie

    Thank you so much for posting this! I, at first, thought that it was actually something from the security center except that it wanted me to buy something. AVG didn't work. Hopefully HouseCall will. (I'm running it as I type this on another computer.)

    Thanks Again!
    Kelsie

  • D

    Housecall didn't work for me- all it found was a trojan. The program Mike provided did- I suspect it may have taken out a necessary file though, or something else got screwed up- that may be entirely my fault (I was drunk when I was running it LOL). I wound up restoring my system back to last week (after fighting my way through EVERY shortcut on my computer being broken…I had to open Firefox by first going into MSN messenger, lol.)

    Seems to be all clean now though. Thanks guys!

  • M.R.

    I used the program from Mike and it seemed to work. But I also ran into the same problem the D went through in that all my shortcuts arent working and when I try to access the internet I keep getting an ssvagent.exe warning. I also cant restore my system cause the shortcut for that isnt working either. Can anyone help?

  • jhaycee

    thanks for this .You can protect your system with a good antivirus like nod32 eset-nod32-antivirus.co.uk

  • M.R.

    Never mind, I think I got it.

  • D

    M.R. -

    Restore your system back to before you got the virus (say, last week or something). Right click on system restore and hit "run as administrator", that should work (it did for me).

  • Michael

    Thanks for the program mike. However, I foolishly ran the program without checking to see if i had any system restore points created, which of course i didn't. Is there any other way to get my short cuts to work again?

  • D

    Doesn't your system automatically create restore points?

    I have no idea. :(

  • Michael

    It was set to not create restore points i guess

  • D

    I don't know what to tell you. If you can go on Mike's site and contact their support? If three of us here have had this problem, I'm sure a lot more have had this problem with the program.

  • AnhTam

    Thank you for your post. AT

  • Kat

    I've got the damn thing. I didn't download it or register for it or whatever it says but it has still managed to place a fake windows security centre.

    I've tried HouseCall but it hasn't found anything and neither has my McAfee Security. I downloaded HijackThis but I'm not techie enough to be able to do anything on it without wiping my whole hardrive.

    As I haven't registered for it, can I just ignore it? This would mean my Windows Security Centre wouldn't work. It has also not started to mess up any internet sites I go on to, though pops up all the time.

    Am I safe to log on to my accounts as well?

    Shall I download Mike's programme?

    Please help!! Thanks!

  • D

    Don't ignore it- it downloads other shit on your comp and besides, it's annoying as hell!

    Check to make sure you have restore points then use the program mike posted in comments- it'll disable your icons. Go to Start-programs-accessories-system tools-system restore *right click* on system restore and do "run as administrator". That should bypass the disfunctional icon BS and restore to before you got the virus, you should be good to go. Worked for me, anyways.

  • becerril

    Can anyone help me? I bought the program vista security 2010 but, it did not download onto my computer or how does it work also does anyone know the # for the program i could not find one? I need help I'm lost here

  • D

    Wait…you BOUGHT the virus? Um….

    Or am I missing something here.

  • Archie

    I downloaded the program onto another machine. I then transferred it using a USB from an uninfected machine to the infected machine. Opened the program and ran the quick scan. The quick scan found 7 threats to be quarantined. I then rebooted and the desktop appeared however no icons were functional ie if I clicked on superantispyware you get "chose the program you want to use to open the file", this is the same message I get when clicking on any icons. Starting in safe mode produced the same result. Could not even use system restore. Thank you in advance for any assistance.

  • D

    Yea everyone who used that program had the same problem.

    Go to Start -> programs -> accessories -> system tools -> system restore RIGHT CLICK on system restore and hit "run as administrator". that should bypass the broken icon issue and get it running for you. Restore to before you got the virus (like last week or something) and you should be fine. All your icons should work again. :)

  • pr

    DOES THIS WORK OR DOES MIKES

  • D

    Mike's. But it will disable your icons, look above for instructions on how to fix that.

  • pr

    ok but does ur icons work when u run as administraor

  • D

    Right click and hit run as administrator and it should- it did for me.

  • pr

    do u have 2 run as admin each time

  • D

    System restore (make sure you have restore points before you run the program!) will work if you run as admin- and THAT will fix the icon issue.

  • pr

    kk thanks

  • D

    NP :)

  • pr

    o and what was it called when u used it the virus i mean

  • D

    Um…what?

  • pr

    u no when it scans stuff i got trojans? tht make any sence

  • D

    Yea have it clear out everything it finds. Then do the system restore to fix the broken icons.

  • pr

    one more question thanks 4 bearing with me how many trojans u get

  • D

    I honestly don't remember.

  • pr

    lol i have 2 so far and its benn going 22 minutes HOLY SHIT ADWARE TRACKING COOKIE WO IS THT NORMALL

  • D

    Just have it get rid of everything it finds. Tracking cookies are generally not good things, lol.

    When you get it done and do a system restore then change all your passwords to the sites you visit.

  • pr

    nice how long it take u for it 2 be finished

  • D

    Not nearly as long as the whole day it took me to try a whole bunch of other things *lol*.

  • pr

    damn i hope its over soon so i can get on with my life

  • D

    Just run the program and do the restore, lol, it'll be fine.

  • pr

    i no but as we speak its still going its taking forever

  • D

    It might take a couple of hours. Just let it work. The more you're surfing the web, the longer it's going to take because you're utilizing resources that it could be using for the scan. ;)

  • pr

    well i NEED 2 DO AN AMERICAN HISTORY PROJECT IN THE 1920S SO IM A LITTLE ON EDGE

  • D

    Well…you have a virus…cleaning them up takes as long as it takes. Just be glad you found the right program and didn't have to spend a day trying to get rid of it like I did. ;)

  • pr

    ya well ur right i only spent 3 hours

  • pr

    OMG IT WORKED YESYEYSEYSYEYSEYE

  • FF

    I have do the System Restore to different point in time (do it couple of times) but the links are still broken. Any other ways in fixing the broken link?

  • D

    Not that I know of. :( Maybe someone else will have some ideas.

    How far did you restore it back to?

  • janegho

    D, sometimes System Restore wont work a hundred percent. I suggest you download the free version of malwarebytes and scan your computer. This program has proven to remove rogue programs such as Vista Internet Security 2010.
    http://www.precisesecurity.com/rogue/vista-internet-security/

  • D

    Actually Malwarebytes has been shown NOT to remove Vista Internet Security 2010. It gets just about everything else though.

  • FF

    D, actually I restore couple of days ago – way before the infection.

  • D

    I dunno what to tell you then- maybe try a week or two ago and see if that works?

  • cagim

    I do not have any restore points!!! What should I do now??? :(

  • D

    I suggest you go to the site of the program you used and contact their technical support.

  • cagim

    In fact, I think that icons were broken when I got the virus, this is not because of this antispyware. Right now I am running it, it is now at 48 min and so far has found 632 tracking cookie!!.. Before that I run malwarebytes, it found several infected files and cleaned them but nothing has changed… This is so frustrating… :( I am gonna try to contact with techncal support but I don't have much hope..

  • D

    My icons weren't broken before I ran the program…but this virus seems to do different things to different people so IDK.