1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help: The "AntiVirus Soft" Virus

Discussion in 'Virus & Other Malware Removal' started by geta1984, May 1, 2010.

Thread Status:
Not open for further replies.
  1. geta1984

    geta1984 Thread Starter

    Sep 19, 2004
    So all this has happened over the course of today. I'm not too well versed with computers and software like I used to be, so please forgive my inexperience. I'm basically looking for any input you guys can give me.

    Here's what happened this morning:

    We run SAS (superantispyware) and Avira. Avira has auto updates that pop-up now and then. It also has another pop-up in bottom right of screen when to upgrade to a new version. We currently run version 8. I went to avira's website and the screens of the program look clearly different, yet only slightly, than the version we currently run.

    Early this morning a pop-up said to upgrade to version 9 for free, to stay safe, etc. Looked legit and I still think it was. I clicked it. It took me to this link (which I don't know is harmful or not so I wont use URL): http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914. It was left in my IE history tab. The file url was: http ://software-files-l.cnet.com/s/software/11/37/36/13/avira_antivir_personal_en.exe?e=1272741653&h=79ad07bd4e6a187d4201615fc511e9ef&lop=link&ptype=1901&ontid=2239&siteId=4&edId=3&spi=9a2eb0d3aba3cb8502c09d1df134eba4&pid=11373613&psid=10322935&fileName=avira_antivir_personal_en. exe

    Cnet is a respectable download website, no? But now that I think about it, isn't just cnet.com and download.com, not download.cnet.com? That's why I didn't feel any concern when downloading this morning. The weird thing was I didn't see any write-up about the program, no specific update information, etc. The file itself said it was 42Mb large, yet it only took a few minutes to download, very strange considering our download speed. We never get anything that big that fast.

    After downloading, a message appeared saying please remove previous version before proceeding with installation. I was doing some other work at the time, so I left the window open and waited to finish what i was doing before i uninstalled the old and installed the new. As I was finishing up, I was on one or few sketchy looking websites but didn't download anything (no, it wasn't porn ). So this is kinda where I'm confused. It may have been the file, or this website, or something else entirely. But as I was finishing my work, avira goes nuts and starts giving me 8-10 pop-ups of trojan warnings and hack warnings...these are legit windows I've seen before, but never this many. I can't clear them away fast enough, in fact they are coming so fast that stupid vista's "cancel or allow" pop-ups interfere with me being able to click avira's "deny access" / "move to quarantine" buttons. I disconnect the ethernet cord in case it's sending out personal info and try to ctrl alt del my way to taskmngr. Nothing works now. Every program on my pc is blocked at this point.

    I later figure out the virus I got was the "Antivirus Soft" virus, a rogue antivirus software most of you are probably familiar with. If you're not, it's a program that makes itself look like antivirus software and blocks all programs (lies to you and tells you that they are infected), blocks internet access except to sites it opens for you, specifically a website where you are asked to purchase the full version of the antivirus software. Apparently many people were suckered into this and payed the $69. It looked pretty obvious to me that it was a fake program.

    It blocked me from using Avira, but once out of my many reboots I was able to start it up before the virus loaded and I ran a scan but it didn't find anything. SAS was not blocked however, and it did pick it up on the scan. I would quarantine and remove, but after every reboot it would find it again so it didn't look like SAS was going to solve this problem.

    I used my mom's laptop to find solutions and I found a fix at bleepingcomputer.com using malwarebyte's anti-malware. It looks like its gone now. Computer is running ok, but still a bit glitchy.

    So that's where I am now but what I'm concerned about is how I got it, and whether or not I can stay away from it. I don't want to go thru this again the next time I try to update avira.

    I also have a file in my downloads folder called avira_antivir_personal_en.exe. i don't know if this is the one I downloaded today, or if its the setup .exe from the last one, or if its a real upgrade I haven't installed yet or the virus.

    Does anyone have any feedback or input they could offer? Anyone familiar with avira, specifically ppl using 8 or 9?

    Thanks guys, much appreciated.
  2. Ent

    Ent Trusted Advisor

    Apr 11, 2009
    First Name:
    Download.Cnet.com is the correct name for that site, and you are correct to say that Cnet is a very repuatable one. The only way in which that installer could contain a virus is if you had already caught something which infects other programs, and if that were the case there's no advantage in not installing it. If you're concerned about security, install the updated version right away.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/920510

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice