Virus and keyloggers on my350z
#41
Registered User
iTrader: (1)
Join Date: Aug 2009
Location: Bay Area
Posts: 11
Likes: 0
Received 0 Likes
on
0 Posts
Just got infected by xp security 2010 virus while checking out the diy section. Let me tell you, it's one tricky malware to remove. Nevertheless it's out of my comp. Hope the mods can clear it up.
#44
New Member
iTrader: (24)
Join Date: Dec 2008
Location: Greensboro, NC
Posts: 2,910
Likes: 0
Received 0 Likes
on
0 Posts
If you are experiencing the fake windows antivirus, here's the removal instructions. I did this and it worked for me:
http://www.2-spyware.com/remove-antivirus-xp-2010.html
http://www.2-spyware.com/remove-antivirus-xp-2010.html
Here are the registry changes I had to make to remove it:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\comman d "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFO X.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFO X.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLO RE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
#45
Man, now, you guys got me all paranoid. I haven't seen anything that you've brought up on both my machines. But, I think I'm gonna run Malwarebytes anyways. Both machines are running FF+ABP+Kaspersky AV.
Last edited by Black Z Eddie; 03-07-2010 at 08:51 PM.
#47
Registered User
iTrader: (47)
This blows...got my comp just now and I am running AVG pro...It installs that fake internet security crap....I think IB better make this a higher priority - def not cool at all. currently trying to remove using fix.reg and malwarebytes..
http://www.bleepingcomputer.com/viru...rus-vista-2010
http://www.bleepingcomputer.com/viru...rus-vista-2010
#48
Super Moderator
MY350Z.COM
MY350Z.COM
iTrader: (8)
Ya i got popped with the Virus on friday morning. Got my computer up and running again today.
#49
Registered User
iTrader: (14)
Join Date: Apr 2008
Location: Southern MD
Posts: 4,026
Likes: 0
Received 0 Likes
on
0 Posts
Another good security practice is to NOT log on as a administrator for daily use. You should only be using an account with user permissions. Registry settings can't be changed under user permissions. Renaming the admin account and setting a password of 15 characters or more will also help.
#53
New Member
iTrader: (16)
Another good security practice is to NOT log on as a administrator for daily use. You should only be using an account with user permissions. Registry settings can't be changed under user permissions. Renaming the admin account and setting a password of 15 characters or more will also help.
I've seen this on a few machines at work and on one of my home pc's when my pal was using it.
also, while this has popped up three times for me, I've just closed my browser and it prevented the install.
#56
Registered User
iTrader: (9)
I got infected 3 times last week....IT fixed my comp and i went on My350 this morning at work and got it as soon as the My350Z page loaded....
This is rediculous!!!!!!!!!!!!!!!!! MODS PLEASE FIX!!!!
Ok guys i keep getting this like crazy, and i found out that when you go into task manager, the malware's id in task manager is AV.exe or something with AV.****.
If you end that process, you will be able to access everything (IE, Programs, etc) but it somehow is still blocking my Malwarebytes program so i cant remove it. Also, it is still running after you end this process because the icon for it is still in my tray on the start bar.
MODS, please fix this if you can, IT is getting pissed at me because they keep having to fix my CPU, lol.
This is rediculous!!!!!!!!!!!!!!!!! MODS PLEASE FIX!!!!
Ok guys i keep getting this like crazy, and i found out that when you go into task manager, the malware's id in task manager is AV.exe or something with AV.****.
If you end that process, you will be able to access everything (IE, Programs, etc) but it somehow is still blocking my Malwarebytes program so i cant remove it. Also, it is still running after you end this process because the icon for it is still in my tray on the start bar.
MODS, please fix this if you can, IT is getting pissed at me because they keep having to fix my CPU, lol.
#57
350Z-holic
iTrader: (3)
Join Date: Dec 2005
Location: H-town
Posts: 5,301
Likes: 0
Received 0 Likes
on
0 Posts
Mods/Admins can't do anything about it. Its all in the hands of IB staff. Believe me when I say that we are complaining as well. I gotten the phishing web twice already. 3ree5ive0ero already sent a High priority ticket to the IB staff yesterday. Hopefully it should be resolved soon.
Shift_SpecV
Shift_SpecV
#58
Registered User
iTrader: (4)
I got infected 3 times last week....IT fixed my comp and i went on My350 this morning at work and got it as soon as the My350Z page loaded....
This is rediculous!!!!!!!!!!!!!!!!! MODS PLEASE FIX!!!!
Ok guys i keep getting this like crazy, and i found out that when you go into task manager, the malware's id in task manager is AV.exe or something with AV.****.
If you end that process, you will be able to access everything (IE, Programs, etc) but it somehow is still blocking my Malwarebytes program so i cant remove it. Also, it is still running after you end this process because the icon for it is still in my tray on the start bar.
MODS, please fix this if you can, IT is getting pissed at me because they keep having to fix my CPU, lol.
This is rediculous!!!!!!!!!!!!!!!!! MODS PLEASE FIX!!!!
Ok guys i keep getting this like crazy, and i found out that when you go into task manager, the malware's id in task manager is AV.exe or something with AV.****.
If you end that process, you will be able to access everything (IE, Programs, etc) but it somehow is still blocking my Malwarebytes program so i cant remove it. Also, it is still running after you end this process because the icon for it is still in my tray on the start bar.
MODS, please fix this if you can, IT is getting pissed at me because they keep having to fix my CPU, lol.
^^^ shhhh....chill out homie.
You might get banned here quicker than this virus gets taken care of.
#59
'12 TL SH-AWD
iTrader: (26)
I'll let IB know.
I don't know why some of you guys have this issue. I've been on this site for years and I've never had an issue.
BTW, MC never owned this site. He became an admin back in the day because he used to contribute a lot to this forum (mostly Nismo stuff). Too bad when he was asked to step down, he deleted all the contributions he made.
I don't know why some of you guys have this issue. I've been on this site for years and I've never had an issue.
BTW, MC never owned this site. He became an admin back in the day because he used to contribute a lot to this forum (mostly Nismo stuff). Too bad when he was asked to step down, he deleted all the contributions he made.
#60
Retired Admin
iTrader: (95)
Remember that in order for forums to exist, knowledge must be shared and retained.