If ya’ll haven’t heard of this one – It is really a stinker!
Be on the lookout for: Antivirus XP 2008
It loaded itself from some link and even has the Microsoft Windows logo behind a picture of a half wall.
My IT guy calls it “extortion ware”.
As misfortune would have it, I had just downloaded an update from Microsoft, and I at first thought it was from them – not so, as I found out. I can’t say for sure, but it could have been from a “You Tube” video download as I was watching some You Tube video just prior to seeing this AV XP 2008 pop up (and I was running the Windows update in the background), but it could have come from a different source – just waiting for some “trigger”.
It loads as what appears to be a valid antivirus program and does an automatic scan for viruses, which of course it finds plenty. In my case it said I had 3,113 viruses and asked if I wanted to disinfect my system. Believing it to be a valid Microsoft antivirus program, I clicked on the “disinfect” button. It tells me that this scan is just a demo, and if I want to download the full program, just give them my credit card number and for $49.99 I can get one year of service and for $99.99 I can get three years of service. This is when I smelled fish.
I tried to uninstall it from the “uninstall.exe” in the folder it created for itself – wouldn’t do it. I then tried to remove the program using “control panel” and “add/remove” function – it couldn’t do it. I later learned (from my IT guy) if I attempt to contact the source I could possibly get an uninstaller from them – for a price.
I used my Sophos Antivirus, but it couldn’t find any viruses (my IT guy says part of this program is to infect itself into your antivirus program so that your own antivirus program won’t look for "it").
I tried to restore to an earlier configuration, but it was still there (my IT guy says it infects the restore configurations so that it appears that as if "it" has always been there - so there is no pre-infection date/time, as it “has always been there”).
I tried doing a web search for “Antivirus XP 2008”, and was directed to the same “...to download the full program just give them my credit card number and for $49.99 I can get one year of service and for $99.99 I can get three years of service” that I had seen before (my IT guy found out that any web search for it would cause this program to automatically redirect to the purchase deal).
When I finally did get to Microsoft’s web site, I found there were several fixes (all dated a month or so apart), but none of them worked (my IT guy says that as fixes appear on the Microsoft site this extortion ware is redesigned to defeat that fix; that is why there are so many fixes, all dated a month or so apart).
My IT folks have been assisting me. We’ve used Sophos, CCleaner, AdAware, in normal mode and in “safe” mode, plus we ran another antivirus (I don’t recall the name) program/cleaner through the network while in “safe” mode. It took about seven hours to run through it all.
We found it (and many other viruses, worms, malware, etc…) in many locations and deleted them all, but I’m still having a problem which (though “it” no longer appears in my system) may be linked to “it”. If my system is idle for five to ten minutes (i.e. I don’t interact with the system) I now get a blue screen saying that a “problem has been detected and Windows is being shut down to protect the system”. It then goes through what appears to be a valid shut down and restart – which is fake! If I press any key during this shut down/restart my system restores immediately to where I was. It will do this over and over again, until I click any key and actively interact with the system, and then it starts all over again if the system is idle for five minutes.
Needless to say, my IT guys now inform me that they’ll have to wipe my drive clean and rebuild. I’ll have to reinstall everything I do want – including AHII and Ventrillo.
I told my IT guy “There ought to be a law!”, he laughed and said “There is, but these guys are untouchable by US law, even if they could be located which is likely outside the US”.
GAAAAAAHHHHH! How frustrating (I’m not known for any ability to just accept frustration). The internet has so much positive possibility, and yet it does have so much possible trouble.
Take care, and be careful out there in internet land.
At your service,
Friday nights (FSO) at 11 PM Eastern 
