MSAS Found/deleted spyware but it is still here!

[HELP!]

I have this "Antivirus Gold" thing that overtook my
desktop and MSAS found it and said it was deleted, yet
this continues to ruin my day. Also my browser has been
overtaken by this blue search page. Everytime I go to a
new web page, it automaticaly takes me back to this
search page "my home page" or "About: blank" I cant check
my Yahoo mail, go to Ebay, and 90% of other sites. Please
help!

 

[Tom Emmelot]

HELP! schreef:

I have this "Antivirus Gold" thing that overtook my
desktop and MSAS found it and said it was deleted, yet
this continues to ruin my day. Also my browser has been
overtaken by this blue search page. Everytime I go to a
new web page, it automaticaly takes me back to this
search page "my home page" or "About: blank" I cant check
my Yahoo mail, go to Ebay, and 90% of other sites. Please
help!

Try this:

http://www.primehostreviews.com/remove-about-blank.htm

Good luck >*< TOM >*<

 

[AndyManchesta]

This isnt easy to remove,theres a few different
variants ,some can be stopped just by removing the entry
from add/remove screen others will change your registry
to display the annoying desktop background and may seem
to uninstall but will come back when you reboot, there
are also some reports of this appearing by means of a
dodgy codec install. This codec apparently originates
from a number of 'adult' sites, so any users should think
twice before indulging in some Bridget the Midget
action

I think the site ez-finder is a front for Antivirus gold
and other malware files but i cannot get the site to show
all the contents,the sites either not working correctly
or my protection is blocking the site.I did find
SecurityiGuard on there which is sometimes linked to
Antivirus gold but I still cannot be sure where the
Antivirus Gold download is located.


you might be best downloading Hijack this to see how bad
it is but heres afew links you might find usefull:



http://securityresponse.symantec.com/avcenter/venc/data/ad
ware.topantispyware.html


http://www.bleepingcomputer.com/forums/How_to_remove_Antiv
irus_Gold_or_AVGold-t22397.html




AV Gold solved Hijack Logs
--------------------------

http://forum.tweakxp.com/forum/Topic165668-29-1.aspx?
DisplayMode=1&#bm165668


http://forums.designtechnica.com/showthread.php?
threadid=8473


http://forums.spywareinfo.com/index.php?showtopic=49849


http://www.techsupportforum.com/printthread.php?t=55743





Good Luck

Andy

 

[Engel]

Rogue/Suspect Anti-Spyware Products

Note on XoftSpy: XoftSpy was listed on this page because
of concerns with false positives (1, 2, 3, 4),
questionable license terms, and the use of aggressive,
deceptive advertising (1, 2), including exploitation of
the name "spybot" by affiliates. Earlier versions of
XoftSpy were also Ad-aware knockoffs. (There was clone of
XoftSpy named SpyBurn, but that application is no longer
available.)
Over the past few months, XoftSpy has taken aggressive
steps to reign in its affiliates (who were primarily
responsible for the unsavory advertising), revised its
license text, and released a new version of XoftSpy
(version 4.0) that addresses our concerns with false
positves. Given these changes we can no longer regard
XoftSpy as "rogue/suspect" anti-spyware.

(Note: other domains associated with XoftSpy include:
adware-destroyer.com, adware-elimination.com,
adwarekillers.com, adware-real-free-scan.com, adwares.net,
anti-adware.net, antispywares.com, deletespyware.net,
nomorespyware.net, removespyware.net, softspy.net,
softwho.com, spywarebest.com, spyware-detection.net,
spywareprof.com, spywarepurge.com, spywarerem.com,
spywareremoval.net) [A: 6-26-04 / U: 12-7-04]

 

[Monitor]

Good reading

Wednesday, June 01, 2005
The Antivirus Virus...
....allow me to elaborate. There's something floating round
out there at the moment, and it takes the form of an
Antivirus scanner that (wait for it)...infects you with a
handful of viruses, then demands payment so you can remove
them!

Antivirus Gold (not to be confused with Norton Antivirus
Gold, though I wouldn't run that either) is currently
spreading like a bad rash across desktop PCs with the
promise of extra safety and the reality of grown men
weeping.

A number of vaguley sneaky ploys are used to gain user
trust (the Antivirus Gold .exe is named AVG.exe - sound
familiar and reassuring?) and there are also one or two
reports of this thing appearing by means of a dodgy codec
install. This codec apparently originates from a number of
porn sites, so think twice before indulging in some
Bridget the Midget action.

http://www.ez-finder.com - ah, bless. Its a widdle biddy
search engine....except, its not. It simply serves as a
front for the infective files which can be obtained from
that particular URL. End up with Antivirus Gold on your
PC, and immediately upon install the damn thing runs
automatically and throws "Danger, Will Robinson" splash
screens all over the place:

These are totally fictionalised false positives here, as
this was a totally clean build of XP that hadn't even been
online. Worse still, the "quick" scan seemed to take about
the same length of time as the "thorough" one. Hmm.

Regardless of what you click, everything takes you to
a "BUY ME NOW!" button - and if you don't, presumably your
PC is doomed to a life of, er, one fake registry entry and
a pair of cookies. The horror.

However - that's not the whole story.

There seem to be a number of different installs for this
thing, and depending on how your luck is doing, you may
get the above (relatively harmless) version or one of the
more nastier ones. The ones with the aforementioned
Trojans, for example - or the one with the hijacked
desktop wallpaper (screaming, yes, you've guessed it, "buy
me now"). I would assume the ultimate payload comes from
the "Codec", though I'll have to get my hands on it to
confirm.

As for the above version, it thankfully goes (with a bit
of effort) from the Add / Remove programs panel, though it
does force open one final webpage on its way out (because
let's face it, if you thought a program was bad enough to
uninstall, the first thing you want to see after removing
it is a webpage imploring you to buy it, right?) Other
versions will allow you to uninstall, only to reappear
upon reboot. Eek.

For now, I'd advise to stick to the tried and tested AV
Scanners. At this rate, Eric L. Howes is going to have to
create a whole new rogue list...