Jump to content

"New" Fake Anti-Virus "windows activity inspector"

seth1066
 Share

Recommended Posts

seth1066

seth1066

Posted
Posted

Anyone hit with this one? This incarnation calls itself, "Windows

Activity Inspector." Looks very slick and comes complete with Microsoft

logo.

Client had me out to fix it, but I'm more hardware than software. A

Google of "windows activity inspector" turned up zero hits from any

recognizable website, but plenty of ones I never heard of offering a

free scanning tool. The tool allegedly finds the threats, but doesn't

remove them with out a payment. Very slick operation, build the fake

anti-virus and have already googled to the top a bunch of sites that are

likely authored by the same people.

I guess I'm going to have to wait a few days to get a solution, since

this thing is only 48 hours old. The client wanted to just pay until I

told him his credit card will be charged in a former eastern block

country for a much larger amount and then sold.

If anyone has a solution, please post!


Sp0iLedBrAt

Sp0iLedBrAt

Posted
Posted

http://www.bleepingcomputer.com/virus-removal/remove-windows-activity-inspector

http://trojan-killer.net/windows-activity-inspector-rogue-application-how-to-delete-windows-activity-inspector-scam/

http://www.remove-virus.net/windows-activity-inspector/

Google search seems to be throwing out plenty of hits. It goes without saying I can't verify if they are true, since I haven't had/seen the infection, but most of these sites are dated 16 May 2011.

seth1066

seth1066

Posted
  • Author
Posted (edited)

http://www.bleepingcomputer.com/virus-removal/remove-windows-activity-inspector

http://trojan-killer.net/windows-activity-inspector-rogue-application-how-to-delete-windows-activity-inspector-scam/

http://www.remove-virus.net/windows-activity-inspector/

Google search seems to be throwing out plenty of hits. It goes without saying I can't verify if they are true, since I haven't had/seen the infection, but most of these sites are dated 16 May 2011.

My client got it on 16 May 2011 which leads me to the conclusion that, for now, google reflects websites created by the authors of the malware. I tried the second one that you listed, it's pay-to-fix.

It's only day 3, so none of the major anti-virus software players have anything on this, yet.

Edited by seth1066
allen2

allen2

Posted
Posted

Did you tried booting in safe mode ?

Most of those fake anti-virus exe usually are stored in the user profile, so booting into safe mode shouldn't allow them to run and there you should able to create a new account. Then you'll need to try it in normal mode. If everything is ok, all you have to do is to backup only the needed files from the old profile.

seth1066

seth1066

Posted
  • Author
Posted

Did you tried booting in safe mode ?

Most of those fake anti-virus exe usually are stored in the user profile, so booting into safe mode shouldn't allow them to run and there you should able to create a new account. Then you'll need to try it in normal mode. If everything is ok, all you have to do is to backup only the needed files from the old profile.

I did that, but I don't know what other malware may have been installed. Currently, it has blocked MSSE from being implemented from any account, which leads me to believe there is something else on there. Before I deleted the infected user account, I ran the Kaspersky Rescue disk with fresh updates, which is a CD loaded O/S that scans the hard disk. It found nothing

dougdeep

dougdeep

Posted
Posted

It sounds like a variation of the MS Antivirus Security Center malware that's been around for a while. A friend got that one earlier this month (it was calling itself MS Security Essentials) and I thought it looked very slick. It had all the right styles and logo for Windows Vista/Seven and would have been really convincing except it was on an old XP machine. On startup it would go into its routine before the desktop appeared which makes it a real pain to try and stop (CTRL-ALT-DEL will not bring up the task manager). The worst thing this one did was to set the HIDDEN file attribute on everything in the user's Documents and Settings folder – 'bout gave my friend a heart attack thinking everything had been deleted.

I used the methods described over at bleepingcomputer.com, especially the Rkill program, to stop the **** thing from running and then Malwarebyte's Anti Malware to remove it. After scans by two different antivirus programs it said it was clean but it just didn't run quite right. A week after I gave the computer back it returned so this time I backed up all the files and reformatted (and repartitioned). It's time consuming to start over but that might be the safest thing to do.

seth1066

seth1066

Posted
  • Author
Posted

It sounds like a variation of the MS Antivirus Security Center malware that's been around for a while. A friend got that one earlier this month (it was calling itself MS Security Essentials) and I thought it looked very slick. It had all the right styles and logo for Windows Vista/Seven and would have been really convincing except it was on an old XP machine. On startup it would go into its routine before the desktop appeared which makes it a real pain to try and stop (CTRL-ALT-DEL will not bring up the task manager). The worst thing this one did was to set the HIDDEN file attribute on everything in the user's Documents and Settings folder – 'bout gave my friend a heart attack thinking everything had been deleted.

I used the methods described over at bleepingcomputer.com, especially the Rkill program, to stop the **** thing from running and then Malwarebyte's Anti Malware to remove it. After scans by two different antivirus programs it said it was clean but it just didn't run quite right. A week after I gave the computer back it returned so this time I backed up all the files and reformatted (and repartitioned). It's time consuming to start over but that might be the safest thing to do.

Same thing here, locks out the normal desktop, hides the user settings, blocks task mgr. Client bought the machine second hand and didn't want me to reinstall the O/S because it came with some good software (no disks, of course). I'm going to reinstall the O/S from scratch, unless he wants his credit card data to end up in East Beserkistan the next time he buys something online.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...