Driver Usb

Antivir Solution Pro

Antivir Solution Pro

Every so often, I get a distress call at work thats related to computers. Okay, this week and last week are exceptions as I got these distress calls almost everyday. On the bright side, I gained more experience and expanded my knowledge pertaining to these troubleshooting activities.


SITUATION

When browsing the internet on Firefox, a pop-up started appearing in the lower righthand corner of the browser.¹ The pop-up "alert" window said:

INFILTRATION ALERT

Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan-dropper or similar.

DETAILS

Attack from: 112.95.253.139, port 13506

Attacked port: 6307

Threat: Win32/Nuqel.E

Do you want block this attack?

We dont know when this first occurred, so we cant trace it to its source. When I was alerted to this problem, something already installed itself into the computer; meaning, someone already clicked the Yes button in the "alert" window.

Beware: In the system tray, the icon for this program, Antivir Solution Pro, looked very similar to AVGs antivirus program.


PROBLEMS ENCOUNTERED

1. I first tried to stop the Antivir Solution Pro program with the Ctrl + Alt + Delete button combo, but got this message:

   Application cannot be executed. The file taskmgr.exe is infected. Do you want to activate your antivirus software now?

   If I clicked Yes, Antivir Solution Pro will open up from the system tray. If I clicked No, it goes away only to come back in less than a minute to haunt you. It is annoyingly persistent to get you to click Yes, run the scan, and try to convince you to purchase the full product to remove the "malware," which I dont think is referring to itself.
2. The program disables your normal anti-virus program (if it was already installed).
3. If you visit online antivirus-scanning sites (like Nortons free online scanner), it will tell you that it doesnt work on Firefox and you must open the site on Internet Explorer. But the kicker is, this malware disabled IE! What do you do now?

SOLUTION

There are a few things you could try (see links #1 & 2 for suggestions). But what worked for my situation was a hybrid of suggestions.²

1. Restart your computer in Safe Mode:
   • Start menu > Shut Down > Restart
   • After your computer shuts down and starts displaying text on the screen, press (and hold down on) the F8 key until the Windows Advanced Boot Options Menu appears.
   • Use the arrow keys to highlight Safe Mode and press Enter.
2. (Optional) Open the task manager (Ctrl + Alt + Delete), select the EXE file, and stop that process.³
3. Open a browser (Firefox / IE / Chrome / Safari), download and install the free Malwarebytes Anti-Malware program.
4. Open the Anti-Malware program and run a complete scan of your computer.
5. Contain all the items it finds.
6. Restart your computer in Normal Mode (a.k.a. regular mode)⁴.
7. Run the Anti-Malware program a second time and/or run your normal virus program (after updating its virus definitions).
8. Continue with your daily internet-browsing routine, minus falling for fake virus alert windows and downloading malware.

REFERENCE LINKS

1. McAfee Communities: Bankerfox.a and Wind32/Nugel.e (June 7, 2010)
2. McAfee Communities: Fighting Fake Anti-Virus Infections (April 5, 2010)
3. McAfee: FakeAlert-SpywareProtect (Updated May 27, 2010, cached http://vil.nai.com/vil/content/v_154363.htm#tab7)
4. Nortons free online scanner
5. Malwarebytes Anti-Malware program

NOTES

1. Note if its anchored within the browser window or if its a real message popping up from your system tray (located in your bottom righthand corner of your monitor).
2. Your solution may differ from mine, but this was the simplest solution I could find for Windows XP without touching the registry.
3. You may find the EXE file, but just so you know, I couldnt find it, so I moved onto the next step.
4. McAfee, which was originally installed on the infected computer, reappeared in the system tray at this point.

visit link download