StarDestroyer.Net BBS

I wrote:It is also blocking access to the sites of legitimate antivirus and anti-spyware providers and preventing my antivirus programs from updating.

Rogue 9 wrote:Yeah, the virus has decided that it doesn't want me to go to that page, so it won't load.

I wrote:It is also blocking access to the sites of legitimate antivirus and anti-spyware providers and preventing my antivirus programs from updating.

Solauren wrote:Can you start in Safemode?

Braedley wrote:http://www.malwarebytes.org/
I was introduced to this a few weeks ago when I started working at a computer store. It is teh awesome!!one!

Rogue 9 wrote:The only reason I haven't done that already is because of HP's fucktarded scheme of putting system backups on a drive partition rather than giving you an OS disk, so it's kind of hard to boot from CD.

Rogue 9 wrote:Until the hard drive gets corrupted.

Battlehymn Republic wrote:Whoa. I've never heard about a virus that's so canny about blocking attempts to kill it. I've always been paranoid that some day someone will write a malicious program to screw Spybot or Ad-Aware... what is this thing?

Braedley wrote:Just to let everyone know, we had 4 more cases of this smitfraud variant. In each case, the infection wasn't caught early enough, and it looks like the machines will need to be nuked. So if you do get infected with this variant, act fast and hope for the best.

The Malicious Software Removal Tool (MSRT) is a small program Microsoft pushes out to computers on Patch Tuesday to clean out a list of malware. On this month's Patch Tuesday, Microsoft added scans for a malware file that masks itself as security software, and it found plenty of copies.

Win32/FakeSecSen has gone by various names, including Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, and Ultra Antivirus 2009. Furthermore, it is skinnable, so each of these variants has a different GUI, although the basic functionality is the same: bother users with warnings of malware until they pay up.

The Microsoft Malware Protection Center recently released some data on how the removal tool performed this month: FakeSecSen was removed from 994,061 machines. That number isn't the highest Microsoft has recorded before, and the number of removals depends on which malware Microsoft adds each month and how widespread it is.

The company did note, however, that for every one thousand machines in the US scanned by MSRT during the last seven days, roughly five were infected with FakeSecSen rogues. That's quite high for just one piece of malware, but things could have been much worse, according to Microsoft:

Normally each FakeSecSen installation contains one EXE, one or two DAT files, one Control Panel applet (CPL), one desktop shortcut and sometimes one uninstaller. It is interesting that only 20 percent of these removals contain executables of FakeSecSen. This indicates either the other 80 percent had at one point been infected by FakeSecSen and the threat was then manually and partially removed, or the machines were cleaned by other AV products/tools, or FakeSecSen had failed to install, etc.

Once Microsoft gets into the game of free real-time antivirus solutions, it will be worth watching how infection rates fare, instead of just taking note of cleanup numbers each month.