Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 



Sign in to follow this  
Droiyan3

How to protect yourself against Antivirus 2009

Recommended Posts

Good morning all,

I have about 100 machines in the domain. Most of them XPSP3 with about 54 of MS critical updates. One of them has been infected with Antivirus 2009 ( http://www.bleepingcomputer.com/viru...antivirus-2009) after that it started to jump over the network to other users . I can remove it , but then it pops out in another PC. After a while the PC that i have cleaned get it again.

How do i protect the PC actually against it ?

Anti-virus software is McAfee 8.5 to 8.7 which detects the virus but cant remove it.

please let me know if you need any more information .

Thanks a lot

Diego

Share this post


Link to post
Share on other sites

In my opinion mcafee is one of the worst av's on the market. :( But every AV has it's flaws. Antivirus 2009 is a very tricky virus. I didn't know it could replicate across the network though. :blink:

That makes me wonder if there is an infected executable being shared around the network? Or a website a lot of the users are going to that may be infected? A company email everyone is sharing? Or maybe someone is using an infected flash drive?

I have also seen a virus that actually will change your dns settings on a router which uses the default password. It then will send all the computers to a site which will download tons of viruses. So be sure to check the routers settings.

Once you get a computer cleaned up I would install K9 Web Protection on it. This will allow you to control what types of websites the users can go to.

Malwarebytes Antimalware and Combofix are the programs I usually use to clean up this virus. This virus can be very tricky though. Sometimes you will think you have completely gotten rid of it but it creeps back up on you out of nowhere. So be sure to reboot and run scans multiple times to be sure it is completely gone from the system.

You should send a company wide email letting everyone know there is a horrible virus going around and each system should be checked for this risk.

Good luck to you. I hope you get this resolved.

Share this post


Link to post
Share on other sites

you cant relaly protect yourself against it unless you stop using stuff like IE that can use active X controls oh and the users stop clicking on stuff they dont have any idea what the pop up is there

you could also look into just not using windows sytem restore a few variants like to hide in there

Share this post


Link to post
Share on other sites

ahm, being honest i know that there is no such a thing as total protection, but i just want to able to protect the users pc from this virus .

as for turning off system restore thats a good idea ( i have at 3 % )

so far i've managed to remove it without letting it coming back to the infected PC , but new ones get infected. Its very strange . i just dont understaтв why some PC are affected and others are not

Share this post


Link to post
Share on other sites

Droiyan3 these can be inside root kits so they can be getting cleaned and auto reinfecting.

To be hones thy all infect the systems from domains or the stupid pop ups if you want to prevent it restrict your uses so thier profiles will not allow them to install anytthing and get something with a web content scanner as a BHO and see if that does it

Share this post


Link to post
Share on other sites

My computer was infected last year with this specific virus because I ran peer to peer application without an antivirus, I learned my lesson :)

My personal analysis with this virus is:

  • it infects ALL executables (exe, com, dll, ocx, etc) on ALL drives
  • after initial infection, it downloads its main program from total-secure2009.com

What I did was:

  1. deleted ALL executables on ALL drives (I was left with only image files (jpg, bmp, etc) docs (doc, xls, mdb, pub), and mp3s :( :angrym:)
  2. install from uninfected CD installer
  3. and placed this on my HOSTS file "127.0.0.1 total-secure2009.com", this prevented accidental infection again in which I did, really, this time it tried to download from total-secure2009.com but now can't download its main prog from there

Edited by mau-yong

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×