Just got infected by xp security 2010 virus while checking out the diy section. Let me tell you, it's one tricky malware to remove. Nevertheless it's out of my comp. Hope the mods can clear it up.

 

This has been reported and labeled as high priority. Today is Sunday so most likely it will not be resolved until Monday at the earliest.

 

It's JVanquish.

 

That is exactly what happened to me. It blocked me from accessing any websites at all. I used another computer and found those directions. The problem was I couldn't get to it from the infected computer and do a copy and paste to Notepad.

Here are the registry changes I had to make to remove it:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\comman d "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFO X.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFO X.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLO RE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

 

Man, now, you guys got me all paranoid. I haven't seen anything that you've brought up on both my machines. But, I think I'm gonna run Malwarebytes anyways. Both machines are running FF+ABP+Kaspersky AV.

 

got hit today too by some fake virus scanner.

 

This blows...got my comp just now and I am running AVG pro...It installs that fake internet security crap....I think IB better make this a higher priority - def not cool at all. currently trying to remove using fix.reg and malwarebytes..

http://www.bleepingcomputer.com/viru...rus-vista-2010

 

Ya i got popped with the Virus on friday morning. Got my computer up and running again today.

 

Another good security practice is to NOT log on as a administrator for daily use. You should only be using an account with user permissions. Registry settings can't be changed under user permissions. Renaming the admin account and setting a password of 15 characters or more will also help.

 

Good to see it's a high priority for most of the mods........

 

this bug was preventing me from installing any programs. just reformatted and installed avg, hopefully it keeps anything else OFF my comp.

 

This thing jack my 'puter up too. Got it all fixed now.

 

while this is definitely best practice and something I recomend doing (really, how hard is it to shift right click something and run as the admin account when needed?), this will *not* prevent this particular infection from installing.

I've seen this on a few machines at work and on one of my home pc's when my pal was using it.

also, while this has popped up three times for me, I've just closed my browser and it prevented the install.

 

Caught the AV.exe here Friday 3/5/2010 at 3:57pm

 

Got rocked twice! Is this still an issue?

 

I got infected 3 times last week....IT fixed my comp and i went on My350 this morning at work and got it as soon as the My350Z page loaded....

This is rediculous!!!!!!!!!!!!!!!!! MODS PLEASE FIX!!!!

Ok guys i keep getting this like crazy, and i found out that when you go into task manager, the malware's id in task manager is AV.exe or something with AV.****.

If you end that process, you will be able to access everything (IE, Programs, etc) but it somehow is still blocking my Malwarebytes program so i cant remove it. Also, it is still running after you end this process because the icon for it is still in my tray on the start bar.

MODS, please fix this if you can, IT is getting pissed at me because they keep having to fix my CPU, lol.

 

Mods/Admins can't do anything about it. Its all in the hands of IB staff. Believe me when I say that we are complaining as well. I gotten the phishing web twice already. 3ree5ive0ero already sent a High priority ticket to the IB staff yesterday. Hopefully it should be resolved soon.

Shift_SpecV

 

^^^ shhhh....chill out homie.

You might get banned here quicker than this virus gets taken care of.

 

I don't blame MC for doing so either as it was his contributions. Nothing against this site or you, it just makes sense.

 

I'm not blaming him for anything. I just think it's ridiculous that he did that. What if every single member here who no longer visits this site decided to erase all trace of their activity on here? How much info do you think we'd have?

Remember that in order for forums to exist, knowledge must be shared and retained.