WARNING: NEW WIDELY UNDETECTABLE VIRUS

Post by **BaronVonRotterdam** » Tue Sep 02, 2008 4:49 pm

Hey Guys,

I just posted to notify you of a virus that is going around that is apparently called the "XP 2008 AntiVirus" This virus takes all your popular search engines (Yahoo, Google, MSN...) and turns their search results into ads. Heres an example.

1.)Google.com

2.)Search "UT2004 Patch 3369"

3.) (search result) "Download Patch 3369 here"

4.) Instead of it going right to the website when you click on that link it will go to "go.*.com (* = msn,google,yahoo) which will bring you to websites that are all advertisements for different things.

The virus also majorly slows down your internet (youtube didn't load videos) and it blocks any website that you need to use to help you. I typed "go.google.com virus" in msn search and it brought me to different downloads for good antivirus programs to fix it but the websites wouldnt load. The virus also blocked the common anti-virus major websites (Zone Alarm, AVG, HJT, Norton...). Oh, and downloads didn't work either.

I just spent all day removing this virus

The program that removed this "Malware" was "Malwarebytes Anti-Malware" If you get this virus I recommend downloading this program as it was the only thing that found and deleted the virus. During the infection I had my firewall on max and the whole 9 yards but I still got it.

Post by **Amy Infless** » Tue Sep 02, 2008 6:39 pm

"new" is relative... first announced on german av-sites 29. june 2k8....

belongs to trojan-horses and has to be downlaoded AND started (the german description...which makes me (and many av-forum-moderators) wonder why downloading it, except cause of the name and thinking its serious....)

http://www.bleepingcomputer.com/malware ... us-xp-2008

and paint is right, looks like "Malwarebytes Anti-Malware" is the most used
removal-tool for this, even suggested on av-sites ;-) (wonder why they dont implement it or why it (the virus/worm) still works with some new av-updates!)

ats

n3wb13 · Post by **n3wb13** » Tue Sep 02, 2008 10:16 pm

Blocking popups and ads wouldve helped. And if you get so far as downloading the file just dont run it.

:bored:

Anyways for further reading: The evil genius of XP Antivirus 2008

Post by **BaronVonRotterdam** » Wed Sep 03, 2008 8:36 am

I never downloaded this program. My symptoms were related to go.google.com. Anyways I'm pretty sure I got the virus from going to a website that google said upon opening "Hey this website is really bad, don't go here!" and of course determined to find a specific keygen I went anyways. Soooo moral of the story, don't be stupid (if only it was that simple). Actually, those websites google list as being malicious really are and you should steer clear.

Post by **Mobster** » Thu Sep 11, 2008 4:35 pm

I got this damn virus !
i had to get the cd from phil to reinstall windows cause i didnt see this damn post before.

IIO · Post by **IIO** » Fri Sep 26, 2008 6:54 am

Fortunately, at least this doh, is one of those problems that i have not

Ragnarok · Post by **Ragnarok** » Sat Sep 27, 2008 5:29 pm

i never read this post.. i have this damned virus..

Ragnarok · Post by **Ragnarok** » Sat Sep 27, 2008 6:24 pm

ok, got rid of it ^^ thnx PB for the link u posted.

kanabanoid · Post by **kanabanoid** » Mon Sep 29, 2008 10:24 pm

that one got my GF's laptop, had to reinstall everything only it was called vista anti-2008 : (

Salmiakkikossu · Post by **Salmiakkikossu** » Sat Dec 06, 2008 11:15 pm

I hate to thread necro but this is somewhat related.

There's a new exploit/virus going around that's poisoning DNS servers running DHCP service. Basically it will redirect any DHCP clients to some really really bad sites.

If you use DHCP to get your IP addresses on your network, I strongly recommend you switch to static IP addresses and static DNS, either your own, hosted by your ISP or OpenDNS. This will keep such a thing from happening to you.