Jump to content

AV360 and how do virii spread??

gregatkins
 Share

Recommended Posts

gregatkins

gregatkins

Posted
Posted

The latest virus to rear it's head is AV360. Some users say a false alarm popped up while they were browsing the web page..other say it was on there desktop when they walked away and came back to the computer. Does this malware install itself automatically with console privileges without user interaction? Most users logon, then are away from their machine so if the malware pop-up comes on asking them to install they won't be around to ALT F4 out of it.

Also, do most viruses spread without having to open up any kind of file? Are they self sufficient and able to sniff out open ports and automatically launch themselves into other machines without the use of infected files shared between people, bad emails, etc.???

Link to post
Share on other sites
deathtospyware

deathtospyware

Posted
Posted

Right now, 3/3/09:13:52 if you go to Foxsports web site and go to the College Football page and click on the lead story you will get the AV360 rogue program. It loads as the ads on the page are loading. Too bad there is no way to let them know they are infected. (At least that I know of.) That is how they get on people's PCs.

Link to post
Share on other sites
mynorgeek

mynorgeek

Posted
Posted
Some users say a false alarm popped up while they were browsing the web page..

I tracked down the site that was launching AntiVirus 360 pop ups on my machine and I blocked it. I was getting them while on the Hotmail page. http: / /proantimalwareonlinescan.com/

Edit: link disabled by mynorgeek ;)

Link to post
Share on other sites
Guest ~BD~

Guest ~BD~

Posted
Posted

Hi ;)

Will Malwarebytes remove the AntiVirus 360 infection?

If not, is there a relatively simple explanation of why MBAM cannot do the job?

Thanks

Dave

Link to post
Share on other sites
mynorgeek

mynorgeek

Posted
Posted
The latest virus to rear it's head is AV360. Some users say a false alarm popped up while they were browsing the web page..other say it was on there desktop when they walked away and came back to the computer. Does this malware install itself automatically with console privileges without user interaction? Most users logon, then are away from their machine so if the malware pop-up comes on asking them to install they won't be around to ALT F4 out of it.

Also, do most viruses spread without having to open up any kind of file? Are they self sufficient and able to sniff out open ports and automatically launch themselves into other machines without the use of infected files shared between people, bad emails, etc.???

To the best of my knowledge, and as was pointed out to me yesterday by a member of MBAM staff, "the end user would still have to select to open a file via prompt window for any infection to import onto their machine". My experience with the pop ups was that "no means yes", wherein attempts to close out the dialogs by clicking cancel just opened another dialog. Ultimately the pop ups and phony scans resulted in a download dialog (as posted), and x'ing out of that did work. What I experienced was while on the Windows Live Hotmail page (something I keep open for extended periods of time while online), the page suddenly resolved into a browser window tabbed "My computer Online Scan". I've posted that screenie as well.

post-2708-1236179317_thumb.jpg

post-2708-1236179336_thumb.jpg

post-2708-1236179317_thumb.jpg

post-2708-1236179336_thumb.jpg

Link to post
Share on other sites
mynorgeek

mynorgeek

Posted
Posted
mynorgeek, use Ctrl+Alt+Del to bring up Taskmanager then End Process iexplore.exe to terminate the rogue installer.

Hi YoKenny1 and thanks for the helpful reminder about Task Manager. Truth is, I was just sort of playing with the pop ups, feeling relatively safe and secure with IE isolated behind GeSWall. Also, as noted in a thread I started on this topic about a week ago, I engaged my firewall's internet lock right away, so the malware couldn't download anything. By no means do I have either of my computers set up as test machines, but between the two precautions mentioned above and a recent Acronis disk image on hand, I felt comfortable enough to mess around a little bit in order to see what sort of creature I was dealing with. I appreciate the advice. ;)

Link to post
Share on other sites
Guest ~BD~

Guest ~BD~

Posted
Posted
Yes, MBAM should remove it, although because varients and updated versions are coming out all the time, there may be certain machines where it won't be able to.

Thanks for your advice, Insomniac.

I suppose the easiest way to find out is for folk to simply try MBAM and see! ;)

Dave

Link to post
Share on other sites
mynorgeek

mynorgeek

Posted
Posted
Right now, 3/3/09:13:52 if you go to Foxsports web site and go to the College Football page and click on the lead story you will get the AV360 rogue program. It loads as the ads on the page are loading. Too bad there is no way to let them know they are infected. (At least that I know of.) That is how they get on people's PCs.

Steps you can take involve blocking popups from that site. I run IE7 with pop-up blocker enabled, but I still got AntiVirus 360 pop ups from Windows Live Hotmail. At the time I did not realize that I merely needed to block those pop ups. I already was running the browser pop up blocker, so I assumed it was ineffective against the AV360 variety. Then I was perusing the settings under Tools|Pop-up Blocker and discovered mail.live.com listed under allowed sites. I removed that setting right away! So I recommend you check your browser pop up blocker or third party ad blocking software to see if you can prevent the Foxsports site from dishing up those funky AV360 ads. :)

Link to post
Share on other sites
Fatdcuk

Fatdcuk

Posted
Posted
Hi :)

Will Malwarebytes remove the AntiVirus 360 infection?

If not, is there a relatively simple explanation of why MBAM cannot do the job?

Thanks

Dave

With Reguards Av360 we have IPH rules that will block its install in realtime for our customers that have paid for Realtime protection.

At several points during its install process our protection module will offer the chance to terminate various process's which will block its install even if the initial installer file is not known to our database.

If av360 is already installed then depending on which variant of it you have installed will determine the outcome scenario.Our heurististic's will detect and remove all current AV360 variants if MBAM is able to run.

The only problem being is some recent versions will block MBAM(&other tools) from running on the infected system.In this case it is executable file called av360.exe when loaded into memory terminates other tools. so if this process is terminated via task manager or like tool then MBAM will rip it off the infected system everytime :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.