Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
Anyone hit with this one? This incarnation calls itself, "Windows
Activity Inspector." Looks very slick and comes complete with Microsoft
logo.
Client had me out to fix it, but I'm more hardware than software. A
Google of "windows activity inspector" turned up zero hits from any
recognizable website, but plenty of ones I never heard of offering a
free scanning tool. The tool allegedly finds the threats, but doesn't
remove them with out a payment. Very slick operation, build the fake
anti-virus and have already googled to the top a bunch of sites that are
likely authored by the same people.
I guess I'm going to have to wait a few days to get a solution, since
this thing is only 48 hours old. The client wanted to just pay until I
told him his credit card will be charged in a former eastern block
country for a much larger amount and then sold.
If anyone has a solution, please post!
Page 1 of 1
"New" Fake Anti-Virus "windows activity inspector"
new updated malware on an old theme
Rate Topic:
#1
- Newbie
- Group: Members
- Posts: 12
- Joined: 18-December 10
- OS:Windows 7 x64
-
Country:
Posted 17 May 2011 - 06:27 PM
Back to top
#2
- MSFN Addict
-
- Group: Supreme Sponsor
- Posts: 1,710
- Joined: 19-March 09
- OS:XP Pro x86
-
Country:
Posted 17 May 2011 - 06:41 PM
http://www.bleepingc...ivity-inspector
http://trojan-killer...inspector-scam/
http://www.remove-vi...vity-inspector/
Google search seems to be throwing out plenty of hits. It goes without saying I can't verify if they are true, since I haven't had/seen the infection, but most of these sites are dated 16 May 2011.
http://trojan-killer...inspector-scam/
http://www.remove-vi...vity-inspector/
Google search seems to be throwing out plenty of hits. It goes without saying I can't verify if they are true, since I haven't had/seen the infection, but most of these sites are dated 16 May 2011.
#3
- Newbie
- Group: Members
- Posts: 12
- Joined: 18-December 10
- OS:Windows 7 x64
-
Country:
Posted 18 May 2011 - 01:22 AM
Sp0iLedBrAt, on 17 May 2011 - 06:41 PM, said:
http://www.bleepingc...ivity-inspector
http://trojan-killer...inspector-scam/
http://www.remove-vi...vity-inspector/
Google search seems to be throwing out plenty of hits. It goes without saying I can't verify if they are true, since I haven't had/seen the infection, but most of these sites are dated 16 May 2011.
http://trojan-killer...inspector-scam/
http://www.remove-vi...vity-inspector/
Google search seems to be throwing out plenty of hits. It goes without saying I can't verify if they are true, since I haven't had/seen the infection, but most of these sites are dated 16 May 2011.
My client got it on 16 May 2011 which leads me to the conclusion that, for now, google reflects websites created by the authors of the malware. I tried the second one that you listed, it's pay-to-fix.
It's only day 3, so none of the major anti-virus software players have anything on this, yet.
This post has been edited by seth1066: 18 May 2011 - 01:24 AM
#4
- Not really Newbie
-
- Group: Members
- Posts: 1,737
- Joined: 13-January 06
Posted 18 May 2011 - 02:02 AM
Did you tried booting in safe mode ?
Most of those fake anti-virus exe usually are stored in the user profile, so booting into safe mode shouldn't allow them to run and there you should able to create a new account. Then you'll need to try it in normal mode. If everything is ok, all you have to do is to backup only the needed files from the old profile.
Most of those fake anti-virus exe usually are stored in the user profile, so booting into safe mode shouldn't allow them to run and there you should able to create a new account. Then you'll need to try it in normal mode. If everything is ok, all you have to do is to backup only the needed files from the old profile.
#5
- Newbie
- Group: Members
- Posts: 12
- Joined: 18-December 10
- OS:Windows 7 x64
-
Country:
Posted 18 May 2011 - 02:15 AM
allen2, on 18 May 2011 - 02:02 AM, said:
Did you tried booting in safe mode ?
Most of those fake anti-virus exe usually are stored in the user profile, so booting into safe mode shouldn't allow them to run and there you should able to create a new account. Then you'll need to try it in normal mode. If everything is ok, all you have to do is to backup only the needed files from the old profile.
Most of those fake anti-virus exe usually are stored in the user profile, so booting into safe mode shouldn't allow them to run and there you should able to create a new account. Then you'll need to try it in normal mode. If everything is ok, all you have to do is to backup only the needed files from the old profile.
I did that, but I don't know what other malware may have been installed. Currently, it has blocked MSSE from being implemented from any account, which leads me to believe there is something else on there. Before I deleted the infected user account, I ran the Kaspersky Rescue disk with fresh updates, which is a CD loaded O/S that scans the hard disk. It found nothing
#6
- Group: Supreme Sponsor
- Posts: 9
- Joined: 19-November 08
- OS:none specified
-
Country:
Posted 18 May 2011 - 03:38 AM
It sounds like a variation of the MS Antivirus Security Center malware that's been around for a while. A friend got that one earlier this month (it was calling itself MS Security Essentials) and I thought it looked very slick. It had all the right styles and logo for Windows Vista/Seven and would have been really convincing except it was on an old XP machine. On startup it would go into its routine before the desktop appeared which makes it a real pain to try and stop (CTRL-ALT-DEL will not bring up the task manager). The worst thing this one did was to set the HIDDEN file attribute on everything in the user's Documents and Settings folder – 'bout gave my friend a heart attack thinking everything had been deleted.
I used the methods described over at bleepingcomputer.com, especially the Rkill program, to stop the **** thing from running and then Malwarebyte's Anti Malware to remove it. After scans by two different antivirus programs it said it was clean but it just didn't run quite right. A week after I gave the computer back it returned so this time I backed up all the files and reformatted (and repartitioned). It's time consuming to start over but that might be the safest thing to do.
I used the methods described over at bleepingcomputer.com, especially the Rkill program, to stop the **** thing from running and then Malwarebyte's Anti Malware to remove it. After scans by two different antivirus programs it said it was clean but it just didn't run quite right. A week after I gave the computer back it returned so this time I backed up all the files and reformatted (and repartitioned). It's time consuming to start over but that might be the safest thing to do.
#7
- Newbie
- Group: Members
- Posts: 12
- Joined: 18-December 10
- OS:Windows 7 x64
-
Country:
Posted 18 May 2011 - 04:08 AM
dougdeep, on 18 May 2011 - 03:38 AM, said:
It sounds like a variation of the MS Antivirus Security Center malware that's been around for a while. A friend got that one earlier this month (it was calling itself MS Security Essentials) and I thought it looked very slick. It had all the right styles and logo for Windows Vista/Seven and would have been really convincing except it was on an old XP machine. On startup it would go into its routine before the desktop appeared which makes it a real pain to try and stop (CTRL-ALT-DEL will not bring up the task manager). The worst thing this one did was to set the HIDDEN file attribute on everything in the user's Documents and Settings folder – 'bout gave my friend a heart attack thinking everything had been deleted.
I used the methods described over at bleepingcomputer.com, especially the Rkill program, to stop the **** thing from running and then Malwarebyte's Anti Malware to remove it. After scans by two different antivirus programs it said it was clean but it just didn't run quite right. A week after I gave the computer back it returned so this time I backed up all the files and reformatted (and repartitioned). It's time consuming to start over but that might be the safest thing to do.
I used the methods described over at bleepingcomputer.com, especially the Rkill program, to stop the **** thing from running and then Malwarebyte's Anti Malware to remove it. After scans by two different antivirus programs it said it was clean but it just didn't run quite right. A week after I gave the computer back it returned so this time I backed up all the files and reformatted (and repartitioned). It's time consuming to start over but that might be the safest thing to do.
Same thing here, locks out the normal desktop, hides the user settings, blocks task mgr. Client bought the machine second hand and didn't want me to reinstall the O/S because it came with some good software (no disks, of course). I'm going to reinstall the O/S from scratch, unless he wants his credit card data to end up in East Beserkistan the next time he buys something online.
#8
- Group: Members
- Posts: 1
- Joined: 23-May 11
- OS:none specified
-
Country:
Posted 23 May 2011 - 09:11 AM
http://www.bleepingc...ivity-inspector
Removed this by using: Automated Removal Instructions for Windows Activity Inspector using Malwarebytes' Anti-Malware from above link
Removed this by using: Automated Removal Instructions for Windows Activity Inspector using Malwarebytes' Anti-Malware from above link
Share this topic:
Page 1 of 1