Over the last couple of weeks I have been spending time dealing with nasty virus outbreaks at many customers. These nasty pieces of software present themselves as legitimate Anti Virus scanning products via a professional looking pop up designed to trick the user into clicking on them.
They always report the machine already has many virus issues and that the user should install a the advertised removal product but once the user clicks on the pop up they really do have a virus. So far I have seen several iterations and all of them get past both Symantec products and Mcafee. Once the virus is installed a user cant run their real AV product and the software adds itself to startup registry keys and slows internet access and disables the Windows Security Center and many other functions.
The best way to remove it is to boot Windows into Safe Mode and then use a virus removal product. Once that is done you should be fine.
Take note of this article from CNET on the Google China Hack and an IE hole.
I have heard from customers that they didn’t do anything other than open an email from a trusted source (via a Webmail client) and then boom. They had a virus.
Beware.
February 26, 2010 at 4:06 pm
First-Class, thanks for sharing this information. Looks great on my iPhone, but on the Blackberry Pearl’s browser your site comes out a little funky.