I seem to be getting hit by a URL based phishing virus everytime I come on my350z.

Dosnt happen when I am on any other sites apart for this one.

Appears to be a malware that loads up as a webpage and is something like "Antispyware 2010" and a popup then appears

Have managed to get rid by hitting "x" on the popups rather than the "ok" or "cancel" buttons

Anyone else had the same? Its generally when I use a previous saved item in my history and then click on the next page or "view new posts"

 

you're going to have to do more than just x'ing out of those screens, you need to update registry settings and delete the .exe program that is running. restart in safe mode with networking and google for a guide to remove it. Look for one that is just a step by step guide of manual things, dont install any kind of 'remover' that is specific to it...

good luck!

 

Yeh ran malwarebytes before and it found it and removed. Just reformatted my machine to reload win7 and Office 10 yesterday and been on a few websites but the first time its happened again was when I was on here

 

3fiddyzed, I will ask IB staff about this.

 

I've had a similar experience this entire week with "Vista Guardian 2010" First I infected my gf's laptop. She said it's probably your 350club site, i said non sense, then my home desktop. Then her home desktop all two days in a row. this blows.

 

Same thing happened to me today

 

I just installed a brand new hard drive with a fresh windows setup and I've gotten this b.s. three times in the past four days.

 

Run Malwarebytes in safe mode... It happened to my work PC and it worked. Update your virus definitions too.

 

Phreak...if you get it like I did on my work PC...it won't even let you open Malwarebytes...and quickly not even allow you on the net.

IB needs to do something about this.

 

The older versions of this malware can easily be removed with Malwarebytes. For those of you that have the newer version, its a little tricky.

If your infected and need to get on the net do this: (for Internet Explorer) go to internet options, click the connections tab, click the LAN settings button and uncheck the option "use proxy for LAN connection." That's a setting that is changed by the malware. Now you should be able to get on the net.

If you can't open any executables (.exe), there is a workaround that I found. Download smitfraudfix.exe, its a removal tool created specifically for this malware. You don't have to install it since it runs from the command line. When you try to run it, the malware won't let you and you get a popup that says "the .exe is infected blah blah." When you get this popup LEAVE IT THERE, don't click OK or exit. While its open press ctrl-alt-del and you'll be able to get to the task manager, you might have to do it twice. Now end all processes that are running under your username except explorer.exe. Now update and run malwarebytes and/or the removal tool, restart in safemode and run the programs again.

If it matters to anyone this is my line of work. Hope this helps some of you guys. Feel free to PM me.

 

Ok guys i keep getting this like crazy, and i found out that when you go into task manager, the malware's id in task manager is AV.exe or something with AV.****.

If you end that process, you will be able to access everything (IE, Programs, etc) but it somehow is still blocking my Malwarebytes program so i cant remove it. Also, it is still running after you end this process because the icon for it is still in my tray on the start bar.

MODS, please fix this if you can, IT is getting pissed at me because they keep having to fix my CPU, lol.