seth1066

"New" Fake Anti-Virus "windows activity inspector"

8 posts in this topic

Anyone hit with this one? This incarnation calls itself, "Windows

Activity Inspector." Looks very slick and comes complete with Microsoft

logo.

Client had me out to fix it, but I'm more hardware than software. A

Google of "windows activity inspector" turned up zero hits from any

recognizable website, but plenty of ones I never heard of offering a

free scanning tool. The tool allegedly finds the threats, but doesn't

remove them with out a payment. Very slick operation, build the fake

anti-virus and have already googled to the top a bunch of sites that are

likely authored by the same people.

I guess I'm going to have to wait a few days to get a solution, since

this thing is only 48 hours old. The client wanted to just pay until I

told him his credit card will be charged in a former eastern block

country for a much larger amount and then sold.

If anyone has a solution, please post!

0

Share this post


Link to post
Share on other sites

http://www.bleepingcomputer.com/virus-removal/remove-windows-activity-inspector

http://trojan-killer.net/windows-activity-inspector-rogue-application-how-to-delete-windows-activity-inspector-scam/

http://www.remove-virus.net/windows-activity-inspector/

Google search seems to be throwing out plenty of hits. It goes without saying I can't verify if they are true, since I haven't had/seen the infection, but most of these sites are dated 16 May 2011.

0

Share this post


Link to post
Share on other sites

http://www.bleepingcomputer.com/virus-removal/remove-windows-activity-inspector

http://trojan-killer.net/windows-activity-inspector-rogue-application-how-to-delete-windows-activity-inspector-scam/

http://www.remove-virus.net/windows-activity-inspector/

Google search seems to be throwing out plenty of hits. It goes without saying I can't verify if they are true, since I haven't had/seen the infection, but most of these sites are dated 16 May 2011.

My client got it on 16 May 2011 which leads me to the conclusion that, for now, google reflects websites created by the authors of the malware. I tried the second one that you listed, it's pay-to-fix.

It's only day 3, so none of the major anti-virus software players have anything on this, yet.

Edited by seth1066
0

Share this post


Link to post
Share on other sites

Did you tried booting in safe mode ?

Most of those fake anti-virus exe usually are stored in the user profile, so booting into safe mode shouldn't allow them to run and there you should able to create a new account. Then you'll need to try it in normal mode. If everything is ok, all you have to do is to backup only the needed files from the old profile.

0

Share this post


Link to post
Share on other sites

Did you tried booting in safe mode ?

Most of those fake anti-virus exe usually are stored in the user profile, so booting into safe mode shouldn't allow them to run and there you should able to create a new account. Then you'll need to try it in normal mode. If everything is ok, all you have to do is to backup only the needed files from the old profile.

I did that, but I don't know what other malware may have been installed. Currently, it has blocked MSSE from being implemented from any account, which leads me to believe there is something else on there. Before I deleted the infected user account, I ran the Kaspersky Rescue disk with fresh updates, which is a CD loaded O/S that scans the hard disk. It found nothing

0

Share this post


Link to post
Share on other sites

It sounds like a variation of the MS Antivirus Security Center malware that's been around for a while. A friend got that one earlier this month (it was calling itself MS Security Essentials) and I thought it looked very slick. It had all the right styles and logo for Windows Vista/Seven and would have been really convincing except it was on an old XP machine. On startup it would go into its routine before the desktop appeared which makes it a real pain to try and stop (CTRL-ALT-DEL will not bring up the task manager). The worst thing this one did was to set the HIDDEN file attribute on everything in the user's Documents and Settings folder – 'bout gave my friend a heart attack thinking everything had been deleted.

I used the methods described over at bleepingcomputer.com, especially the Rkill program, to stop the **** thing from running and then Malwarebyte's Anti Malware to remove it. After scans by two different antivirus programs it said it was clean but it just didn't run quite right. A week after I gave the computer back it returned so this time I backed up all the files and reformatted (and repartitioned). It's time consuming to start over but that might be the safest thing to do.

0

Share this post


Link to post
Share on other sites

It sounds like a variation of the MS Antivirus Security Center malware that's been around for a while. A friend got that one earlier this month (it was calling itself MS Security Essentials) and I thought it looked very slick. It had all the right styles and logo for Windows Vista/Seven and would have been really convincing except it was on an old XP machine. On startup it would go into its routine before the desktop appeared which makes it a real pain to try and stop (CTRL-ALT-DEL will not bring up the task manager). The worst thing this one did was to set the HIDDEN file attribute on everything in the user's Documents and Settings folder – 'bout gave my friend a heart attack thinking everything had been deleted.

I used the methods described over at bleepingcomputer.com, especially the Rkill program, to stop the **** thing from running and then Malwarebyte's Anti Malware to remove it. After scans by two different antivirus programs it said it was clean but it just didn't run quite right. A week after I gave the computer back it returned so this time I backed up all the files and reformatted (and repartitioned). It's time consuming to start over but that might be the safest thing to do.

Same thing here, locks out the normal desktop, hides the user settings, blocks task mgr. Client bought the machine second hand and didn't want me to reinstall the O/S because it came with some good software (no disks, of course). I'm going to reinstall the O/S from scratch, unless he wants his credit card data to end up in East Beserkistan the next time he buys something online.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.