Computer Virus Running Amok

[b7spectra]

Just a public service announcement from a Lead Computer Tech at a Computer Retailer:

For those of you who don't have a quality anti-virus software on your computer, you may want to update it. There is a nasty bird going around called "bankerfox.a". This puppy loves to attach itself to emails and web pages. Who is getting affected? 100% of the computers we have worked on have either NO anti virus software or they have been using freeware from the web.

Signs and symptoms are inability to access the web with Internet Explorer. Unable to get most programs to open let alone able to open the Task Manager. This virus also gives pop-up windows stating your anti-virus is out of date or you need to purchase the anti-virus software in order to remove the infected virus. Your browser may also come active and direct it to a website called porno.com and will also put a streaming ad for Viagra up.

Trust me, this is a very nasty virus that is out there and machines that are fully infected will literally render the computer useless. You can't do a system restore, can't access USB or optical drives, nothing.

Personally, I would prefer you not have a current or quality anti-virus software on your machine as it keeps me in business!

 

[madhatter66]

Looks like some business for my computer repair company!

 

[slicerwizard]

Just a public service announcement from a Lead Computer Tech at a Computer Retailer:

So, a clueless wonder then?

There is a nasty bird going around called "bankerfox.a".

Uh, no there isn't. There's scareware that claims it has detected this fictitious virus.

or they have been using freeware from the web.

Right. Freeware like Avira is garbage, so buy some overpriced commercial crap like Symantec or McAfee from the above Computer Retailer...

Trust me, this is a very nasty virus that is out there and machines that are fully infected will literally render the computer useless. You can't do a system restore, can't access USB or optical drives, nothing.

Yeah, nothing except reboot in Safe Mode so Spyware Protect 2009 doesn't run and then either delete it manually or use one of the free (yikes!) removal programs.

 

[n5ims]

For those of you who don't have a quality anti-virus software on your computer, you may want to update it. There is a nasty bird going around called "bankerfox.a".

Trust me, this is a very nasty virus that is out there and machines that are fully infected will literally render the computer useless. You can't do a system restore, can't access USB or optical drives, nothing.

Well, some indepentent information about the virus "BankerFox.A"...

From spywarevoid.com (complete with instructions on how to remove said virus Remove BankerFox.A pop-up, BankerFox trojan removal) "BankerFox.A is not a real threat to a computer. The trojan is only reported by rogue security programs trying to make an image of badly infected system. Do not buy anti-spyware or anti-virus applications that warn you about BankerFox trojan! It’s a fraud."

Some additional info for you. If a user is setup as a "Standard User" (aka "Restricted User") the damage will only be done to that user, not the entire system. If the user is setup as an "Administrator", the entire system is damaged and all users that login after the infection will have issues. Cleanup for a standard user only requires an administrator sign in (not using "Run As" while logged in as the affected standard user though!) where they can easily clean up the damage. The files will be in the user's data area since their rights will prevent the virus from writing to the normal program area or global registry settings.

From McAfee's threat information site (also with removal instructions FakeAlert-SpywareProtect) "This description is for malware that shows false error messages, misleading spyware scan results, and uses aggressive advertising to persuade the user to purchase it. [new paragraph format removed for brevity] The characteristics of this malware with regards to the file names, fake messages dispayed, etc will differ, depending on the way in which the attacker had configured it. Hence, this is a general description."

From Symantec's threat information site (also with removal instructions SpywareProtect2009 | Symantec) "SpywareProtect2009 is a misleading application that may give exaggerated reports of threats on the computer."

I will agree that the virus is real (but called "Spyware Project 2009" from "Magic Software, Inc.", but the main threat is that it tries to scare you into giving them money to disinfect your system (which it does by doing what exactly? Uninstalling itself, of course (but leaving enough of itself around to try to get you to buy an update later).

 

[poltergeisty]

Noscript for Firefox.. FTW! Locks the door (vector) from the begin with. Can be cumbersome though. You can allow top level domains by default in the options.

I use Avira, and their web site has great tools too!

Pure genius addon >>> NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - what is it? - InformAction

 

[Astrak]

Or use MSE, it's free and it provides lightware protection better than most paid for systems.