Endpoint Protection

 View Only

  • 1.  Malware: VirusRemover2009

    Posted Apr 21, 2009 02:40 PM
    Hi,

    I got an alert that a client got a VirusRemover2009 (misleading application). I checked the browsing history and there is a 30 minute gap between the time of infection and the last website visited. Is there a way for that specific malware to activate without opening the web browser and accessing some link?

    I've also experieced this while browing my Facebook account at home. Another browser tab appeared and shows a "Windows Explorer" page of "My Computer" showing that it is scanning my "local drive" and found some threats. I let it run for a while just to see what happens on my Linux.


  • 2.  RE: Malware: VirusRemover2009

    Posted Apr 21, 2009 02:57 PM
    The time stamps could be misleading you. 

    It is possible that this infection did not come from an Internet site, but could have come from an e.mail or a package that was downloaded and eventually opened.  Possibly days before.

    Especially considering that this particular "malware" opens webpages if memory serves.  Thus the time stamps could be off.


  • 3.  RE: Malware: VirusRemover2009

    Posted Apr 21, 2009 07:42 PM
    So now, it's not only a misleading application - it's also a trojan. :(
    I wish there's some way of detecting the source. I'm also thinking that there could be a hidden script on the last website visited and all you have to do is rollover that area.


  • 4.  RE: Malware: VirusRemover2009

    Posted Apr 22, 2009 06:46 AM
    I agree with Jason1222.


  • 5.  RE: Malware: VirusRemover2009

    Posted Apr 22, 2009 07:02 AM

    Yes I also agree with Jason1222.


  • 6.  RE: Malware: VirusRemover2009

    Posted Apr 22, 2009 11:41 PM
    Instead of agreeing (or disagreeing), could you please clarify WHY you agree with his or her statement?
    It makes me think that you're just putting up posts to get your points up.



  • 7.  RE: Malware: VirusRemover2009

    Posted Apr 23, 2009 04:41 PM
    What they do is install themselves in the registery and download the file into the temp folder.  When you restart they are loaded.  it is a big hassle.

    If you click a site the your drive starts humming and you see one pop up, turn it off.  it won't always work but it helps if they worm can't finishing the install


  • 8.  RE: Malware: VirusRemover2009

    Posted Apr 23, 2009 06:47 PM
    hi mon, I believe virus remover is an application, I think this misleading application is accidentally installed.

    As with your case at home, this are just pop-ups and its only a gif or animation.


  • 9.  RE: Malware: VirusRemover2009

    Posted Apr 23, 2009 10:16 PM
    Thanks, guys. When I checked the same pop-ups at home. It does try to install itself. Clicking on it to cancel just opens up more prompts to install. It ruined my Firefox, the title bar was gone which I solved by deleting a file that stores the last setting of the application.