Today I got a nasty rogue program (Internet Security 2010). I did some searching for a patch and so far I have removed the fake anti-virus scam using Malwarebytes, Ccleaner and by manually deleting any remaining files I could find, doing a system restore, cleaning and deleting all cookies, trackers, histories, etc,etc,etc… updating my anti-virus and running it. Seems to be good.
Except I cannot remove the ”warning” desktop theme that still shows in the tab.
Now, when I tried downloading malwarebytes to my newer laptop which I have protected with Vipre, the anti-virus blocked the dowload indicating a known trojan in the download. It reffered to this trojan by name as part of malwarebytes.
Anyone with more knowledge have any explanation? Thank you!
I forgot to mention the virus attacked my desktop computer which does not have vipre. So when I tried to download malwarebytes to my laptop like I had done in my desktop to see what happens, it was blocked by Vipre.
I downloaded straight from CNET. That’s where I used a USB flash drive to save malwarebytes to patch my desktop. It is probably a false positive that is true.
So far I must say though I’m very happy with VIPRE. My laptop has been untouched.
I’m pretty sure I killed the restore points and the protocols before doing the system restore.
I’m not running VIPRE on the desktop, just AVG Free…. hahaha. It didn’t catch it apparently. I’ve had this desktop for 7 years original XP and I’ve never caught this kind of malware. First time.
Related software:
- Desktop disappears,pop ups appear all due to a trojan in vista, please help!!?
- Antivirus/Antispyware question?
- Do u know Vipre antivirus? is it good?
- I have a Trojan.DNSChanger.Gen virus on my computer, how the hell do I get rid of it?! HELP PLEASE [see more]?
- is there a website to download free anti-virus software after your computer has been infected with the virus?
{ 4 comments… read them below or add one }
Assuming that you are actually downloading MBAM from Malwarebytes’ website, it can sometimes cause other antivirus programs to fire false positives because it contains sample code from the viruses it detects. Legitimate security programs detect one another all the time.
As for residual effects of the rogue, Bleepingcomputer has a pretty good list of registry entries that it screws up. Take a look and see if MBAM missed something:
http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010
You might have to manually remove a file or a registry entry. However, it concerns me that you ran a system restore, as frequently they are one of the first things modern malware infects. Truly, the initial response should be to delete the system restore points, as they are likely to reinfect your computer. You are running Vipre on this computer as well? Have you run a full system scan after running MBAM and removing the infection and restoring? You could also try the repair function on your Windows CD.
It is a false positive unless the installation file is from another source that is not trusted. Vipre has been certified by only West Coast labs. Only. Compared to something like Avast which has VB100, Advanced+ from AV Comparatives, Checkmark from West coast labs, and more. Unless you do some serious poking around (find the theme files) the Warning theme may stay there for quite a while. Is it not possible to override it with another theme?
Unless your Malwarebytes is fake, it seems that Vipre has an agenda against Malwarebytes. If your Malwarebytes came from http://www.malwarebytes.org/mbam.php I would scrap Vipre and look for an anti-virus application that isn’t playing childish pranks on their competition.
Like you, I ran a desktop with XP for 7 years with AVG, without getting malware until the end, just before the hardware failed. Malware has gotten a lot more aggressive in the past year or so.
All kinds of anti-virus, anti-spyware, and anti-malware have the potential to detect malicious or infected files that the others have quarantined, if you have more than one installed. However, they should not be giving False Positives on other legitimate applications, themselves.
Your anti virus detected the ”malware” spellings in name.
Ignore malwarebytes or add it to the exception list.
ect try installing in safemode or changing binaryname from mbam.exe to xxxxx.exe
-close av first & then install? :S