Reply
Stone Emissary
jellygator
Posts: 7
Registered: ‎06-07-2011

Re: Fake AV & oddities

[ Edited ]

Guys, the computer WILL NOT BOOT! The furthest I can go is to the BIOS system or the settings for recovery (though the recovery program will not complete, either.) There is nothing else available at all. The ONLY commands I can execute between hitting the "on" button and the black screen of death are: F10 (takes me to recovery program), followed by a choice for destructive reformat or checkpoint recovery (neither option works, though), or F1 to enter the CMOS/BIOS system, and the options available in that system. I cannot even access DOS now, much less safe mode. 

 

Since there's no safe mode or (a workable) recovery available at this point, I'm asking about putting the HDD into an external drive to run a virus scan on it from my new computer's USB port. What I need to know is how to protect the new computer from infection. Housecall has never failed me before, but it apparently only removed part of the infection I had, so I am worried about crashing my brand new computer, too.

 

I included the virus details because I imagine I need to install a purchased version of one of your products, but I find it confusing to understand exactly what will meet my needs. (And if nothing will do the job, then I'd rather just not try to recover my past files.) If I can install protection on my new computer and run the corrupted drive from it, then scan and recover that drive, then *that* is what I'd like to do.

Please use plain text.
Honored Noble
galbicka
Posts: 157
Registered: ‎02-26-2010

Re: Fake AV & oddities

Is the F10 recovery option that you tried to run from the manufacturer? If so and it failed for some reason and is in an endless loop then you are looking at a rebuild from scratch for that drive. Usually the manufacturer (Dell for instance) has a recovery option (F11 or F12 in their case) to do a system recovery to factory conditions which will wipe out all of your data or a recovery to a stored backup if one has been made. It sounds like you tried the latter and now your only option is the former which will wipe the data. Yes, you can slave that drive in another computer and try and clean it. Can it infect that computer? Possible but highly improbable. Something would have to start the malware routines like clicking on the executables because nothing would be in the registry of the new machine to call those routines. If it was my machine that is what I would try BUT I would make an image of the new machine to a separate hard drive just in case something happened and I had to recover it.

Please use plain text.
Stone Emissary
jellygator
Posts: 7
Registered: ‎06-07-2011

Re: Fake AV & oddities

Thank you. That's what I was trying to ask. Must have been using the wrong words. I appreciate your thorough, direct answer.

Please use plain text.
Stone Esquire
Gruil
Posts: 1
Registered: ‎06-10-2011

Re: Fake AV & oddities

[ Edited ]

the new FakeAV very disturbing

 

If the anti-counterfeit (Rogue Antivirus), others have a typical scare their victims with false reports of virus infections, it is a fake antivirus which one has a hobby of doing a block on segambreng security software and transfer of Windows hosts file so that the victim computer was not successful in the infection can access the sites security services provider. Transfer of Hosts file is a need to watch out by komptuer users, especially users of internet banking due to the transfer of hosts, phishing websites and the right social engineering techniques, it has the potential to cause break-ins on internet banking account. Although already equipped with a protection calculator PIN / Token (two-factor authentication). Because that's important for those of you who use Internet Banking to use antivirus protection features the Hosts file as given by Trend Micro

 

The characteristics and symptoms of the virus

The virus is made ​​using Visual Basic programming language with a size of about 62 KB by using Visual Basic icon. (see Figure 1)


 

Figure 1, the parent virus Trojan.FakeAV.3510

 

One characteristic that can be recognized adalalah, every user opens Internet Explorer will display a website resembling a website search engine www.google.com (see Figure 2). In addition, you will see several shortcut files with different icons, the good news is temporary shortcut file will only appear in the USB Flash. Shortcut file is a duplicate file from the file / directory that is hidden by the virus in order to trick the user. (see Figure 3)...

 



 

Figure 2, the main Internet Explorer page that has been changed

 

 

File parent virus

When the user runs the file parent virus, it will display an error message (see figure 5) then he will make a master file that will be run automatically when the computer boots.


 

Here are some files that will be created by the virus:

 

     C: \ Documents and Settings \% username% \ 132616c4 \ winlogon.exe

 

Note:% user%, is a user that is used during Windows login

 

Windows Registry

In order for these files can be enabled automatically when the computer boots up, it will create some registry follows:

     HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run

         74e4144414 = C: \ Documents and Settings \% username% \ 132616c4 \ winlogon.exe

 

     HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run

         74e4144414 = C: \ Documents and Settings \% username% \ 132616c4 \ winlogon.exe

 

Note:% user% is the user that is used during Windows login


 

I just wanted to share the information to fellow users do not become victims trend micro

Please use plain text.
Stone Esquire
Jim1964
Posts: 1
Registered: ‎06-27-2011

Re: Fake AV & oddities

Hello people

The same thing happened to me,with my security settings  where set to high,both with trend and My web Browser?

In the past two weeks , i got two Fake Av  infections also with sites that the trend tool bar said where "safe" Had use my recovery tools to put my computer back to factory settings,had to do this twice. If trend says "it's safe"  I used to trust it? I'm not sure about that any more

Please use plain text.