Posts Tagged ‘Trojan’

Antivirus 2009, infecting your PC … since 2008

Monday, January 5th, 2009

This is probably one of the sneakiest Trojans I’ve seen; it masks itself as an anti-virus and then infects your PC, absolutely brilliant!

Antivirus 2009 Technical Details

  • Full name: Antivirus 2009, Antivirus2009
  • Version: 1.0
  • Type: Rogue anti-spyware
  • Origin: Russian Federation, Ukraine \ http://antivirus-2009.com, http://antivirus2009-scanner.com, http://antivirus-database.com, http://antivirus2009professional.com

I’ve seen people’s PCs infected with this Trojan since the second half of 2008 (when it was still called Antivirus 2008) and later in December when it was called Antivirus 2009, another horde of infections took place that I know of. It always amazes me how gullible some people are, I mean installing a piece of software that calls itself Antivirus 2009 while it’s still 2008.

The typical place you’ll pick up this Trojan is on “adult” sites (which will prompt you to install a codec before you can see videos of naked scammers), on sites promoting piracy through making cracks available online as well as through third-party advertisers (on reputable sites) who will advertise this Trojan as a genuine anti-virus. Also on fake youtube sites or a couple of scammers on facebook are also promoting it (mostly users pretending to be females between the ages of 20 and 25 dressed in skimpy clothes who will then add you and send you a link to their webcam which will then contain a popup or something similar trying to sell you this crap).

I wonder if stats are available as to what the ratio of infections are between male and female computer users?

First it will tell you that your PC is infected, click for a free scan, then it will install a trial-version which will install other spyware on your PC and then it will blackmail you (with frequent popups ) into paying them $50 for the full version in order to remove the “detected” spyware.

antivirus2009

antivirus2009_fakescanner

Microsoft claimed that it removed nearly 400 000 such infections in December 2008 over a period of 9 days. Such has been the success of these scams that several of the fake programs have become infamous. WinAntiSpyware, Antivirus 2008 (recently updated to 2009), Antispyware Pro XP and AntiVirus Lab 2009 are all suspect, and no doubt others will soon emulate them.

If your browser redirects you to an online security scanner by Antivirus 2009 without a prior visit to one of its websites, it’s a good sign that your browser is hijacked by the Antivirus 2009 hijacker. If you can run an Antivirus 2009 system check, you’re also infected, best to kill it before it infects your PC any further and makes it any slower.

Remove Antivirus 2009 files and dll’s

av2009.exe
Antivirus2009.exe
shlwapi.dll
wininet.dll

Unregister Antivirus 2009 registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
“Antivirus” = “%ProgramFiles%\Antivirus 2009\Antvrs.exe”
HKEY_CURRENT_USER\Software\Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus

 

When you’re done burning down the Trojan horse, install a proper anti-spyware and anti-virus to take care of the remaining rubbish installed by Antivirus 2009, a good anti-virus I’d recommend is Avast Antivirus Home Edition (it’s free, all you have to do is register it online) and get yourself a copy of Spybot Search and Destroy (also free with an optional donation if you want to donate to their organisation) or get Linux :p


Tags: , , , , , , ,
Posted in Scams, Techno Blabble, info | 4 Comments »

GMail to Outlook is Easy, Outlook to Gmail just as Easy

Saturday, January 19th, 2008

Getting your mail from GMail into Outlook is pretty straight forward, Google wrote some neat documentation on getting mail through POP (Post Office Protocol) and IMAP (Internet Message Access Protocol) into Outlook or whichever mail client you prefer to use.On the flip side, who is still using the old outdated way of accessing their mail through desktop email clients? GMail offers you a free email account with a stunning interface and the option of accessing your mail through a well developed cellphone client running on any phone supporting JAVA and the option of importing mail from other POP enabled email accounts compared to the expensive solution of downloading every single mail into Outlook and needing a Windows Phone / PDA to download mail and synchronizing it with your Outlook account.

There are two ways of getting your Outlook mail into GMail, the tricky way is setting up a local mail server using the Mercury Email Server and getting GMail to do a POP fetch through through your local email server, Ben Shoemate wrote a long blog entry on this method here. Some of the problems I experienced with this method is firewalls interfering the whole time, especially the firewall on my D-Link router. Due to my laziness, I opted for the brute force method, if anyone has done it this way before, leave a comment and share your experience.

The brute force method is simply forwarding all the mails to your GMail account, but it gets a little more complicated when a client asks you to get 1600+ / 250MB+ of email from Outlook into his GMail account!

Fortunately, somebody was determined enough to write some software to do this, all hail the Google Mail Loader!!! A simple piece of Python script interfacing through TK developed by Mark Lyon.

The procedure is simple, convert your Outlook PST file into the MBOX format, load it up with GML and get yourself a Martini while you wait. The easiest way of getting your Outlook mail into the MBOX format is simply importing all your Outlook mail into Thunderbird and moving all your mail into the default Thunderbird Inbox.

Get Thunderbird Once you have all your mail in one place, exit and look for the Inbox file, I’m using portable Thunderbird for this experiment / job, found my Inbox file in “ThunderbirdRoot\Data\profile\Mail\Local Folders\Inbox”

Fire up GML and start filling in the fields, the SMTP server settings you can change to the same settings your Outlook is using for its outgoing mail, the default SMTP server didn’t work for me, the Email File referred to is the “Inbox” file generated by Thunderbird, File Type you need to play with, the mBox Less Strict option worked well for me, the Message Type is whether you want the mail you’re sending to end up in your GMail inbox or Sent Items and the last field is the destination GMail account.

Google Mail Loader Done

The errors you’re seeing is mail blocked by AVAST Anti Virus due to Trojans and Viruses lurking in the attachments, unfortunately the power went out just before I got the chance to save the log file, could only get a screen shot before my UPS’ batteries started running low, damn Eskom and their load shedding nonsens :(

Tags: , , , , , , , , , , , , , , , ,
Posted in Techno Blabble | No Comments »

Syndication

Enter your email address

Recent Posts
Recent Comments
Tag Cloud
広告
Archives
Categories