Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Antivirus 2009 Hijacks The Google Web Site


  • Please log in to reply
34 replies to this topic

#16 taytomyname

taytomyname

  •  Avatar image
  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 19 November 2008 - 10:58 AM

I only joined this forum to thank you for your help.
I have sucessfully deleted the antivirus2009 , thanks to you.Posted Image

Gur a maith agat Grinler.

Edited by taytomyname, 19 November 2008 - 11:00 AM.


BC AdBot (Login to Remove)

 


#17 FULLMOON_1

FULLMOON_1

  •  Avatar image
  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 29 November 2008 - 12:21 AM

umm.. Of Course! i'm going to say! THankkks! it's works 1000%. :thumbsup:

hey, i just want to poin out..that i just get this windows:

Posted Image
check! it out! :inlove:

then i get :cool: cuz it was't in the INSTRUCTIONS!


anyway, :flowers: :trumpet:



#18 JCtitan

JCtitan

  •  Avatar image
  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 01 December 2008 - 01:42 PM

I just got this rogue. trojan yesterday. I tried to come here but it blocked my access to this site. I was however able to get to download.com and get Stopzilla and malwarebytes.

It wouldnt let me run malwarebytes, so I ran stopzilla and it seemed to work right away. After running stopzilla I was able to run malwarebytes.

This is a tough one, because it blocks most sites with any information on how to get rid of the virus. I got lucky by reading enough in an off topic forum to get rid of it.

I contacted trendmicro and the engineer told me this week there has been a huge number of these types of infections. May be a good idea to print out fix instructions and stick it in a drawer somewhere just to have. I have only one computer so it was pretty frustrating hunting down links while being redirected from every "proven" forum.


Just thought I would share with you all. Good luck!

edited to say: I was on a site about movie clips, something about the hbo series true blood as I remember it. The box came up saying i had a virus, and I have seen plenty of these things and have always hit X and they go away. I hit X and it launched. The Trend Micro guy told me clicking any part of the box will launch it. So for now I would just close my browser if I see anything similar to this.

Edited by JCtitan, 01 December 2008 - 01:46 PM.


#19 foxdark

foxdark

  •  Avatar image
  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 24 December 2008 - 03:08 AM

hi

here is a different take on it

if you google search "pg equine rescue" and click on the link you get the antivirus 2009 site.
i have tried it on a few different computers and same thing but i can go there direct from through other sites.

i ran malware programs and it was not the computers infected it is google it's self that seems to be infected.

i only figured it out when the owners of the computers told me they just used googles auto complete searches to get to the site.

i tried a google search on a clean computer and bingo.

i suppose they are using googles spiders to clone sites

great site keep up the great work

#20 galaxydefender

galaxydefender

  •  Avatar image
  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Virginia
  • Local time:11:53 PM

Posted 26 December 2008 - 01:11 AM

hi

here is a different take on it

if you google search "pg equine rescue" and click on the link you get the antivirus 2009 site.
i have tried it on a few different computers and same thing but i can go there direct from through other sites.

i ran malware programs and it was not the computers infected it is google it's self that seems to be infected.

i only figured it out when the owners of the computers told me they just used googles auto complete searches to get to the site.

i tried a google search on a clean computer and bingo.

i suppose they are using googles spiders to clone sites

great site keep up the great work

Thanks to this forum, on Christmas Eve my brother helped me vanquish the trojans from that rogue antivirus 2009/2008/360 et al. I think Goggle has a problem, or it seems to have a problem. So Malware Bytes has been installed on my PC. It took care of the problem completely. I agree, Goggle is the problem. Every other site with Goggle ads seem to have problems of some kind.
TANSTAAFL

#21 cms_45

cms_45

  •  Avatar image
  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 07 January 2009 - 08:39 AM

Great article Grinler! One question, how is this contracted and how can I educate an end user on how to avoid contracting this?

Many thanks,
CMS

#22 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  •  Avatar image
  • Admin
  • 45,110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:53 PM

Posted 07 January 2009 - 09:56 AM

This infection has so many attack vectors that there is no one way they may have gotten it.

Here are some of the attack vectors:
  • Braviax Trojan had, or is, installing it.
  • Fake online video codecs
  • Hacked web servers displaying pop-ups
  • Spam advertising it
  • Major sites advertising it via rogue advertisers.


#23 xXAlphaXx

xXAlphaXx

  •  Avatar image
  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carlona
  • Local time:11:53 PM

Posted 09 January 2009 - 10:56 AM

Well, thats something you need to keep a clsoe eye on. I've never checked (For obvious reasons) but I hear goggle is a huge infecting site. Thats something you have to keep an eye on.
If I am helping you and I do not respond within 24 hours, please send me a PM. :)

#24 sugarpuss

sugarpuss

  •  Avatar image
  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 11 January 2009 - 08:49 PM

you have to be careful getting music off limewire alot of the songs are infected with this virus.

#25 jdamit

jdamit

  •  Avatar image
  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 14 January 2009 - 05:31 PM

Thank you for your help.

I have run the malware program and removed the rouge file. I do not beleive Antivirus was installed but the google page still displays the Antivirus 2009 link. What is the best way to remove this?

Thank you again,

#26 boopme

boopme

    To Insanity and Beyond


  •  Avatar image
  • Helper Emeritus
  • 85,296 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 PM

Posted 18 January 2009 - 10:50 PM

Hi jdamit As this is not the malware removal section you need to open a Topic in the Am I Infected forum in the Security section. You will get help there.

Edited by boopme, 18 January 2009 - 10:51 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#27 roaky

roaky

  •  Avatar image
  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 22 January 2009 - 01:45 AM

This solution did not work for me. Scans, removes, restarts, and everything is the same. Also "install this program and then use it" seems like an odd guide to removing a specific malware.

#28 wanny

wanny

  •  Avatar image
  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 22 January 2009 - 06:48 AM

Hi there,

I am a little confused. I appear to - about every other search on google - get shown websites that clearly do not match the search results, often with supposed antivirus websites instead of news.bbc.co.uk which it should say, for example. This seems to be my only symptom and when I go to the google homepage there is no big 'google tips' notification and I have not noticed any other things different with my pc apart from this occasional google search issue. Reading a few reports about this antivirus thing, including your own which most others seem to reference, I'm not entirely sure whether the problem must be with my computer or with google itself.

I have the latest mcaffee software. Should I be concerned?

Thanks for any help you could offer.

#29 boopme

boopme

    To Insanity and Beyond


  •  Avatar image
  • Helper Emeritus
  • 85,296 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 PM

Posted 22 January 2009 - 10:14 AM

Hello wanny,please refer to post #26

EDIT: roaky you should also post there.

Edited by boopme, 22 January 2009 - 10:16 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#30 janie1635

janie1635

  •  Avatar image
  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 22 January 2009 - 05:25 PM

This solution did not work for me. Scans, removes, restarts, and everything is the same. Also "install this program and then use it" seems like an odd guide to removing a specific malware.


I followed the instruction 2 days ago, and did not work. Did the virus change ?




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users