Helping people with computers... one answer at a time.
Antivirus 2010 and similar are malware that tries to fool you into installing viruses or spyware, and then charges you for the promise of removal.
We're seeing a rash of Internet Antivirus 2010 and Security Center malware installations in customer computers. Do you have any information concerning where these infections are most likely coming from (email, web browsing, etc) and what are the best recommendations for catching infection attempts before they wreak havoc?
-
Hi Leo, Can you please tell me what is this "Vista Spyware 2010". It seems like an unwanted program and shows me messages every now and then claiming my system is infected and I should subscribe their software.
•
What they are is pretty easy: malware.
As these two questioners point out, there's been a rash of infections related to both of these two. In fact, it's looking like an annual event, since we seem to have seen an "antivirus 20xx" every year for the last few years.
The good news is that they're fairly easy to prevent with a little diligence on your part, and several reputable anti-malware tools will also remove them.
•
These forms of malware typically arrive due to clicking on a misleading popup window or advertisement while browsing the web.
That misleading message is using something along the lines of "a virus infection has been detected, click here to download a free removal tool". That popup is simply a web page and nothing more. It also lies: no scan was performed, and no infection was detected at all.
I'll repeat that: the popup lies - your machine is not infected. Yet.
The whole point, of course, is to fool you into clicking on the popup to download the so-called removal tool. That removal tool is just the opposite: running it is what infects your machine. (I use the example "removal tool", but in fact the popup could refer to just about anything that might entice you to click on it. The result is the same: infection.)
Prevention
Prevention is actually pretty straightforward: don't click on anything that claims to be a malware alert unless you're certain that it's from the software you have installed on your machine.
That implies, of course, that you know your anti-malware software, and learn to recognize its messages. Any anti-malware tool is going to include its name in any message that it displayed. If that name is not present, then it's very possible that the message isn't from your installed software at all, but a malicious popup.
Naturally, it's important to have anti-malware software running so that - hopefully - that software can catch the attempted infection even if you do click on the link. The problem here is that not all anti-malware software will catch all malware, and malware is constantly changing and evolving so as to avoid detection. The best defense is your own good understanding.
(Normally I'd also say to make sure that your browser is configured to block pop-up windows, but in fact most are by default, and even so there are popup technologies that are often quite difficult to block.)
Knowing You're Infected
Being infected looks a lot like the scenario that got you infected in the first place.
Typically, the malware will present you with repeated pop-ups telling you that you're infected (which by now you are). The messages will indicate that in order to remove the infection you need to purchase a specific program. Naturally, that specific program will likely not work at all, but you won't find that out until you've spent the money, or worse, handed over your credit card information.
Don't do it.
It's a simple as that. If your machine is infected, don't follow the instructions of the virus. You'll only make things worse - possibly much, much worse.
Removal
If you search the web for things like "Antivirus 2010 removal" you'll find several sites that have explicit step by step removal instructions.
However, there's a good chance that those are unnecessary. Naturally, since this is a fairly common infection, many of the major anti-malware tools are racing to keep up. In particular, MalwareBytes Anti-malware has a pretty good reputation for being able to remove these pests.
So that's the path I would take:
-
Avoid getting infected in the first place
-
Make sure your anti-malware software is up-to-date, and run complete scans - it may remove the infection.
-
Use a tool like MalwareBytes Anti-malware to attempt to remove the infection
-
Search the web for specific removal instructions and follow them carefully.
-
Finally, if all else fails, there's my prior article: How do I remove a virus?
Article C4209 - March 10, 2010
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
Gary, even the best anti-malware programs only catch about 98% of the malware. Most popular AV programs only catch 80% to 95% of the malware thrown at it.
Posted by: sirpaul1 at March 23, 2010 1:29 PMMalwarebytes is good but SuperAntiSpyware always catches a few more. Mainly ad-tracking cookies. If I run them in reverse order, Malwarebytes finds nothing.
If you have an unwanted piece of malware that's extremely hard to get rid of and won't let you run your anti-malware program, just rename the anti-malware .exe to something ridiculous like "breadandbutter.exe" Malware won't stop a program named something like that, but it will shut down well known AV programs (along with other ways to make it run - Internet, Task Manager, Run, etc.)
I finally got rid of XP antivirus 2010(for FREE!)
Posted by: steven richards at April 14, 2010 6:40 PMFirst I downloaded and updated combofix. Unlike the last 10 times, I did not accept my computer was clean, it wasn't. You need to run Malwarebytes antimalware quick scan or full scan. That will remove the network startup entry super antispyware does not catch this one.
If your internet is not working, just uncheck the proxy settings under the IE properties. restart after done.
I had the same virus on the family computer about a month ago, got rid of it after much research on my personal laptop, the problem is that now its asking for an activation code, i lost the sticker that came with the disc, and the original box with the code on the back is no longer there. the 1800 number is no help, what should i do? i dont want to get rid of it, its an awesome family computer.
Posted by: Yuli at April 26, 2010 5:57 PMAntiVirus "Suite" 2010 has evolved. I had read about this on Ask Leo and knew what not to do, but my husband came in late from work a few nights ago, tired and bleary, just wanted to read his email and the next thing I hear him yelling and screaming at the computer. I glanced over his shoulder and knew what had happened. In his tiredness he'd simply clicked the wrong button and within seconds 2010 was full blown. Several of the comments above and Leo say to download a program from the net - no way, this latest iteration simply will not let you go to the net without redirecting you to its site to buy and download its malware. We simply closed down his computer. Next AM after he'd left for work I called the company tech center and we walked a landmine route two steps forward, one step back till we could get to a point where he could take over the computer. Thank goodness they have a program in place for this horror show, but it took literally hours (multiple scan searches to detect and then to make sure everything was clear) to clean this thing off my husband's computer and restore settings. Leo, you might want to make a comment that this malware is getting more malevolent.
Posted by: AdoAnnie at November 24, 2010 5:33 AMRE: AdoAnnies' comment on malware pretending to be an antivirus program.
Posted by: Tom Campanelli at December 8, 2010 5:32 AMI had this problem a few months ago. It literally took over my machine. I got rid of it by booting up in safe mode and going back to an earlier restore point. I don't know if this always works but it did this time.