OT-Nasty Little Trojan Out There

[Kansas Ed]

Warning to all youalls...

It's called Antivirus System Pro, and it's planted mostly into movie files, and pdf files out there. It wasn't picked up from here, probably facebook is where she got it. There is a lot out there on it, but this appears to be a new version.

I've put at least 12 hours into this so far. Windows was recently updated, she was running a full blown version of McAfee, and it didn't get it. I removed McAfee, and ran AVG, AVG didn't see it either. Norton/Symantec didn't have a removal tool, and the Windows Malicious Software Removal Tool didn't see it. So I tried SpyBot which didn't see it. This sucker had me pulling my hair out. Spyware Doctor saw it, but wanted money to remove it. Finally found this little Malwarebytes program and it cleaned it.

http://download.cnet.com/Malwarebytes-A ... =mncol;pop

Trouble is that it locks you out of a lot of your system tasks. You can't get into the Add/Remove Programs, Task Mgr, or many other things. And as for removing it manually, I tried early and none of the files which are published on the internet that were supposed to be in there were there. Best I can tell, this is a new variation on an old theme.

Information is on it here: But you will need to concentrate on the system processes part and ignore the files to delete, cause they've changed them.

http://www.spywareremove.com/removeAnti ... emPro.html

You will have to stop the process though before you can repair it....and to do that you have to be darned quick with your mouse, cause it gives you about half a second to activate your Task Mgr and click on it, before it shuts it down. Once the Task Mgr is in the active window though you can proceed as normal. So polish up your quick draw...

I know this has gotten long, but I've never seen one as bad as this, and I've cleaned several viruses and trojans through the years.

Ed

[Rimfire McNutjob]

I had that same one about 6 weeks ago. It went right past Microsoft's Forefront AV. I also found that MalwareBytes was the only program that would remove it. Nasty bugger.

[Buffboy]

My father found that one a few weeks ago, blew right past Systemic corporate, +1 on the Malwarebytes that was the only way I got it out of his. Had to make a trip home 35miles to download it and back up there but it was worth it. That one is a bugger.

[Old Ironsights]

I don't use "Task Manager".

I use a bit of freeware from Microsoft called "Process Explorer". Much more robust/informative. I leave it running in the background from Boot on.

[madman4570]

When you have Acronis no worries,if the system even blinks funny its whitewash time.(15 mins)done!

[Grizz]

I use linux. what's "windows" ?

[Grizz]

I use linux. what's "windows" ?

I put taskmanager in the startup folder of my xp boxes, it's there from bootup. I run process explorer when I need it for diagnostics but haven't run it in the background the way I do taskman.

Thanks for all the info on eliminating this one, my wife's xp box gets in trouble occasionally and I appreciate the info on dealing with this junk.

Grizz