Antivirus System Pro popup

[MiCarl]

This morning I picked up a nasty that kept popping up and warning my computer was infected and did I want to scan etc. The little sucker couldn't be killed. It's known as

Antivirus System Pro

 

 

It was preventing me from opening the windows task manager so I could wring it's filthy little neck.

 

Finally I logged off and back in and started the windows task manager before the malware got started. I was able to kill the processes and go after the damage it caused.

 

If course I was aggravated and went after it with an axe and didn't really think about documenting what I did. My best recollections here for anyone that needs to rip it out:

 

It had created a folder in "My Documents" named "Program Files". All it's nasty executables were in there. I deleted the folder.

 

I use a hosts file to suppress ads. It had re-written the hosts file so it could phone home via a fake web name. I fixed the hosts file.

 

I used CCcleaner to clean out the registry.

 

For anyone using a hosts file the following entries should block it from phoning home:

 

127.0.0.1 winwarepro.microsoft.com

127.0.0.1 winwarepro.com

127.0.0.1 http://www.winwarepro.com

 

It probably overwrites them, so you might have to re-add after an infection.

 

[SilvrT]

For those who don't know, the "hosts" file is located in C:\Windows\System32\drivers\etc

 

If you go to Start | Run and type in "drivers" (without the quotes) and hit Enter, it takes you there and you just have to open the "etc" folder.

 

You open the hosts file with notepad. If you are running any spyware such as Spybot S&D, you will see a lot of entries in there.