robertplattbell
2008-12-12, 19:11
I have searched online about this and most of the information is unhelpful.
On one computer in our network, occassionally, the Antivirus 2009 image pops up UNDER the Explorer IE7 window. When you "close" IE7, this image is on the screen. "This just popped up!" the user says. They had opened IE7, gone to hotmail, and then closed out.
You kow how this antivirus 2009 fake pop-up looks - a slightly different version of the Windows (R) virus shield, and a message to "click here to install Antivirus 2009" and of course, as an image, it is slightly out of focus compared to the rest of the screen.
Since it an image, not a real IE7 window, anywhere you click on this (including the X close box) takes to you their malware site - offering to sell you the "fix". Many old people here on retirement island have fallen for this gag recently. How is it spreading?
Most of the sites discussing this assume you already installed av2009.exe by purchasing it. I have followed the insructions, but the files, directories and .dll's mentioned in the helpful removal web pages (including here) are not present on my computer.
(* why does spybot not seem to remove this effectively?)
I read here recently:
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
We see many members with old versions of Sun Java on their computers.
Vulnerabilities in old Sun Java versions may be partly responsible for Vundo/Winfixer/Virtuemonde infections.
I have just deleted ALL versions of Java from this machine after running a file search on *.dll and realzing that the only recently added .dll files on the computer were java related (and the problem seemed to start when the user was prompted to download a "new" version of java on some website).
BTW, I presume it is the dll that is loading this fake pop-up? Or is it some malware embedded into a program?
The user is using hotmail, so however this is happening, it is not through an Outlook worm.
The problem seems to have disappeared for now. I have spybot running on this machine, and also have run both fixvundo and vundo fix. None have found any problems at any time. So I am not sure why this thing was "popping up".
One concern I have is that there are a lot of solutions offererd online and in forums like this - sugesting that users use varuous shareware .exe tools to fix these problems. How do we know whether these tools are not themselves malware?
As the computer in question is basically used for net surfing, I am thinking of offloading the data files from it and re-installing windows. It will probably run faster as a result.
I've read some of the threads here - complicated instructions to run hijack this, and various other malware removal tools, and frankly, it seems like just re-installing the operating system would be simpler.
Comments and suggestions are welcome.
On one computer in our network, occassionally, the Antivirus 2009 image pops up UNDER the Explorer IE7 window. When you "close" IE7, this image is on the screen. "This just popped up!" the user says. They had opened IE7, gone to hotmail, and then closed out.
You kow how this antivirus 2009 fake pop-up looks - a slightly different version of the Windows (R) virus shield, and a message to "click here to install Antivirus 2009" and of course, as an image, it is slightly out of focus compared to the rest of the screen.
Since it an image, not a real IE7 window, anywhere you click on this (including the X close box) takes to you their malware site - offering to sell you the "fix". Many old people here on retirement island have fallen for this gag recently. How is it spreading?
Most of the sites discussing this assume you already installed av2009.exe by purchasing it. I have followed the insructions, but the files, directories and .dll's mentioned in the helpful removal web pages (including here) are not present on my computer.
(* why does spybot not seem to remove this effectively?)
I read here recently:
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
We see many members with old versions of Sun Java on their computers.
Vulnerabilities in old Sun Java versions may be partly responsible for Vundo/Winfixer/Virtuemonde infections.
I have just deleted ALL versions of Java from this machine after running a file search on *.dll and realzing that the only recently added .dll files on the computer were java related (and the problem seemed to start when the user was prompted to download a "new" version of java on some website).
BTW, I presume it is the dll that is loading this fake pop-up? Or is it some malware embedded into a program?
The user is using hotmail, so however this is happening, it is not through an Outlook worm.
The problem seems to have disappeared for now. I have spybot running on this machine, and also have run both fixvundo and vundo fix. None have found any problems at any time. So I am not sure why this thing was "popping up".
One concern I have is that there are a lot of solutions offererd online and in forums like this - sugesting that users use varuous shareware .exe tools to fix these problems. How do we know whether these tools are not themselves malware?
As the computer in question is basically used for net surfing, I am thinking of offloading the data files from it and re-installing windows. It will probably run faster as a result.
I've read some of the threads here - complicated instructions to run hijack this, and various other malware removal tools, and frankly, it seems like just re-installing the operating system would be simpler.
Comments and suggestions are welcome.