[SOLVED] win32.Application.Adware.WinAntiVirus

[eeeboy]

This problem has a history.

Today , one of my friends , knocked me in msn , asked that he is facing some weird problem.

For some days , whenever he tries to send some one some picture or any file through messenger [both msn and ym] , he gets a message that , this file is infected thats why this file can not be transferred. Even he tried to mail that file. well , he can mail that file well , but on the other hand, who receives the mail , gets the message from the provider that , this file is potentially unsafe and infected by virus.

now , he tried to send me a file , but it worked well. Without any problem I got that file and opened that [ point to be noted , its .jpg file]. After that , I felt that my pc is a bit slow , so I just made scan with my zone alarm firewall integrated spyware. and I find that I was infected with

win32.Application.Adware.WinAntiVirus [according to zone alarm]

and deleted that.

Now , tell me , whats this trojan is ? Is the weird behavior in frnd's pc for this trojan ?

Now , I am in deep trouble.

help me !!!!


regards
eeeboy

[Will.Spencer]

win32.Application.Adware.WinAntiVirus comes from the evil fake winantivirus.com program.

It's a trojan browser plug in. :mad:

Kill it! Kill it! Kill it! :evil:

[here_2_help]

Well Well Well... You have a case of the virus 'Vundo'. Vundo is a huge spectrum and spreads itself out throughout your system32 folder and causes your PC to run very slow. Different sorts of antivirus programs will have different names for it, but the concept is the same. The virus works like this: First, you will recieve a dialog that talks about how your registry may have errors and it will cause your system to crash. If you agree to this, the system will download WinAntiVirus Pro 2006-2007. You then run the program it downloads. You are not infected just yet, but that is a critical stage. When you run the download option, it will say that the file is 40mb. This is total crap. There is about 4 mb of program and about 38 mb of harmful dlls. After this is installed, it will boot up and do a scan. It finds 0 GENUINE viruses. 0! none are real. when you go to delete the fake viruses, it asks you to buy the program to get rid of them. After you have paid, the program supposedly kills them. AGAIN FALSE. They are just taken off the screen. Until you purchase the program though, you will have problems with several symptoms. Being inquisative, I downloaded the program and disected it. Here are the specific jobs:

Dialer (used to make a collection to the virus server to download a later version of the virus files. The server is at l.mezzicodec.net)

CMD controller (This is a nifty bit of malicious code that can open up CMD and execute commands without you even knowing! Try this sneaky command that it uses: cmd /start /min it opens CMD in minimized mode.)

Adloader (This is the part of the program that contacts adfarm.mediaplex.com and loads all sorts of random ads. It can also display a screen with your name, country and ISP)

ProcessorHog (This is the part that makes your computer go snail-speed. It is horrible in the terms that resolving the issue is all the more hard. This occasionally blocks access to the internet)

Crasher (This can give you a stop screen that looks mega genuine and is always about a paging file. It is annoying as it can lead to the proper BSoD if it restarts your computer too many times.)

This virus is a pain in the neck and the way to get rid of it is either, google VundoFix and download the latest version, or wait until my new line of batch files for killing all sorts of viruses is released.

I hope this helps

[diane weaver]

need help in finding a good free antivrus program

[Lyte]

Hello Diane,

Welcome!

We have a whole section dedicated to free software on the web. Here, in the first two sticky threads you'll find several options for free anti-virus software. Everyone has their own favorite but if you have any questions let us know!

Lyte

[here_2_help]

Use AVAST! 4

[racknrail]

Quote:

Originally Posted by here_2_help

Use AVAST! 4

boy, I hope you get credit for this awesome tip.

[here_2_help]

HAHA! LOOK! lyte added avast! to his/her list of antivirus programs!!! YAY!! damn. I need more posts. MORE POSTS! I H8 vundo... oh guys, Vundo is now also called WinFixer, Sysprotect, etc. It has a real name... VIRTUMONDE! KILL IT!

[here_2_help]

OK now to get serious. This is a real hard case.

The virus now has the ability to download files of up to 50 mb and install them on your system without you knowing. It can also prevent you from accessing safe mode from the startup. The virus now has the ability to completely corrupt a forewall and write registry keys to prevent you re-installing it. It can separate an antivirus program from its service, causing it to freeze. But that is nothing compared to the effects on your hardware. It will destroy and corrupt partitions on your hard drive, kill graphics drivers (so you can't see anything) and stuffs up your network card.

There are some simple ways to get around these problems.
if you think you are inficted, you should:

Regularly check the add/remove programs dialog to make sure that no advertising programs are installed (most will have something to do with the name OuterInfo or Yazzle on Admin)

Download the latest version of SUPERantispyware to clear out tricky files

Contact Microsoft (in australia they are 13 20 58) and they will send you the 'mts' pack which has virus removal tools

Make sure your firewall is working... if it isnt, uninstall it IMMEDIATELY! and get a new one. This is because when the virus is controlling the firewall, it's connections can be made without interruption.

Run Lavasoft's Ad-Aware to clear out any files hiding in your temporary or common files folders.

Delete all system restore points and then virus scan the System Volume Information folder located in your %systemdrive% (C:/ for most people)

Download and run HiJackThis from Trend Micro inc. and scan the log for any signs of virus activity

If problems persist, re-install windows. (warning: DO NOT RE-INSTALL IF YOU ARE NOT CONFIDENT WITH YOUR ABILLITIES. IT ONLY TAKES 1 STUFF UP TO WIPE YOUR HARD DRIVE!)

the best way to go about re-installing is to boot the OS, put in the disk and choose Update.

Lets get VUNDO!

Hope that helps!

[here_2_help]

Quote:

Originally Posted by Will.Spencer

win32.Application.Adware.WinAntiVirus comes from the evil fake winantivirus.com program.

It's a trojan browser plug in. :mad:

Kill it! Kill it! Kill it! :evil:

please remember the fact that it is a harmful website. do you think that you could remove da link to it?

[Lyte]

Good idea... but then I had to take it out of your post too!

Lyte

[here_2_help]

lol soz i wasnt careful

[here_2_help]

Quote:

Originally Posted by here_2_help

OK now to get serious. This is a real hard case.

The virus sow has the ability to download files of up to 50 mb and install them on your system without you knowing. It can also prevent you from accessing safe mode from the startup. The virus now has the ability to completely corrupt a forewall and write registry keys to prevent you re-installing it. It can separate an antivirus program from its service, causing it to freeze. But that is nothing compared to the effects on your hardware. It will destroy and corrupt partitions on your hard drive, kill graphics drivers (so you can't soo anything) and stuffs up your network card.

There are some simple ways to get around these problems.
if you think you are inficted, you should:

Regularly check the add/remove programs dialog to make sure that no advertising programs are installed (most will have something to do with the name OuterInfo or Yazzle on Admin)

Download the latest version of SUPERantispyware to clear out tricky files

Contact Microsoft (in australia they are 13 20 58) and they will send you the 'mts' pack which has virus removal tools

Make sure your firewall is working... if it isnt, uninstall it IMMEDIATELY! and get a new one. This is because when the virus is controlling the firewall, it's connections can be made without interruption.

Run Lavasoft's Ad-Aware to clear out any files hiding in your temporary or common files folders.

Delete all system restore points and then virus scan the System Volume Information folder located in your %systemdrive% (C:/ for most people)

Download and run HiJackThis from Trend Micro inc. and scan the log for any signs of virus activity

If problems persist, re-install windows. (warning: DO NOT RE-INSTALL IF YOU ARE NOT CONFIDENT WITH YOUR ABILLITIES. IT ONLY TAKES 1 STUFF UP TO WIPE YOUR HARD DRIVE!)

the best way to go about re-installing is to boot the OS, put in the disk and choose Update.

Lets get VUNDO!

Hope that helps!

it's funny how I spent soo much time on this post... and no one noticed it. *sighs*. Does anyone know how many rep points it takes to get rep power?

[here_2_help]

CMON! 4 weeks! plz someone answer!

[firestorm]

rep is overrated your posts were right on the money though . Avast is awesome!

[chuckiesd]

Use HJT (Hijack This) to stop all unnecessary activity there. Uninstall all Unnecessary application that install to your computer. Check your registry.
Go to HKEY_LOCAL_MACHINE-->SOFTWARE-->MICROSOFT-->WINDOWS NT-->CURRENT VERSION-->WINLOGON .
Make sure userint = c:\Windows\system32\userinit.exe,
No other additional word added behind this sentence.
Good Luck.

[racknrail]

Quote:

Originally Posted by chuckiesd

Use HJT (Hijack This) to stop all unnecessary activity there. Uninstall all Unnecessary application that install to your computer. Check your registry.
Go to HKEY_LOCAL_MACHINE-->SOFTWARE-->MICROSOFT-->WINDOWS NT-->CURRENT VERSION-->WINLOGON .
Make sure userint = c:\Windows\system32\userinit.exe,
No other additional word added behind this sentence.
Good Luck.

It's nice that you are anxious to help, but you really should read when these threads were started. This one for example, 11-16-2006, I would think would have been resolved by now. If not, the guy really needs help.