Welcome..

I started my own business, ACE Computer Services (www.acecomputernj.com), in February 2007 to provide tech support & repairs at minimal cost to home & small business customers. This blog contains my thoughts, resources and steps to making everything happen. Feel free to comment and provide suggestions. Thanks for reading!

Tuesday, December 16, 2008

New Win Antivirus Variant?

I was working on an infected PC today that showed all the common signs of ad/spy/virus activity - very slow to start, problems with Internet Explorer, etc. I also saw the icon for Win Antivirus 2009 lurking in the system tray and figured that was the root cause of my problems.

In going through the usual troubleshooting steps I pulled out a trusty tool, Malwarebytes Anti-malwareonly to watch it fail to load. In both regular and safe mode I watched the hourglass appear and then nothing. The exe file showed up as a running process but the program failed to load.

I did some quick research and noticed people suggested an additional program - SuperAntiSpyWare. Same issue as before - failure to load the installer. After considering some additional options (rewrite of PC, etc.) I decided it was worth a shot to rename the installer files of both Malwarebytes and SuperAntiSpyware. Sure enough they both ran after renaming the exe files. Could this be a new variant of Win Antivirus that blocks the file names of common removal tool installer programs?

Regardless the name change got me going and scans using both products (and then Trend Micro Antivirus) detected and removed a number of infected items.

Posted by AC at 6:23:00 PM 0 comments

Subscribe to: Posts (Atom)