Fake AV masquerading as Java Update

27-02-2011, 17:17

IE appears to allow automatic install. Firefox blocks it. Pop up shows the Java mug and on next boot PC Tools is installed and blocking some usage.

Its a typical program of this type easily cleaned using Rkill and Malwarebytes but still a pain in the botton

Web-Junkie · 27-02-2011, 17:27

So, how did you let yourself get infected in the first place, dodgy websites again

27-02-2011, 17:42

not me

Matty_ · 27-02-2011, 17:58

This is one of the reasons i dislike Java, it is becoming more and more of an infection vector (allthough it`s not really in this case).
Where`s your botton? Sounds like a place up north

Security Shield seems to be the one doing the rounds at the moment, one in a lovely pink

Web-Junkie · 27-02-2011, 18:31

The ones that change the explorer shell are pain too, Thinkpoint being one:

Stops you going into safe mode, doesn't stop taskmanager though

dragon · 27-02-2011, 19:33

I've had success using the Bit-defender rescue CD in the past to remove infections from a machine, It's a linux based live CD with the Bit-defender AV built in which means you're booting from a clean environment which should in theory help where a rootkit is suspected. (As you are booted from the CD instead of into the compromised OS on your hard-drive)

If it detects a usable network connection it will download the latest definitions before starting to scan the system.

http://download.bitdefender.com/resc...-rescue-cd.iso

27-02-2011, 19:37

Quote:

Originally Posted by Web-Junkie

The ones that change the explorer shell are pain too, Thinkpoint being one:

Stops you going into safe mode, doesn't stop taskmanager though

safe mode with command promt no shell launched then just run explorer.exe . only had to do it once though

Dai · 27-02-2011, 19:40

Thanks for that Dragon. I've used Avira rescue cd many times in the past which works rather well but I'll have to give the Bit-Defender version a try as well. One can never have too many good tools.

Scrubbs · 28-02-2011, 17:16

Quote:

Originally Posted by Matty_

Th
Where`s your botton? Sounds like a place up north

I think it's a place for special boys and girls
http://www.cvt.org.uk/our-communities/botton-village-north-yorkshire

Welshchris · 03-03-2011, 05:54

yep 2 of my mates got the PC Tools virus.

This has been around since about 2007 under various different names but all looks roughly the same and do roughly the same thing.

haydnwalker · 03-03-2011, 10:37

Quote:

Originally Posted by Scrubbs

I think it's a place for special boys and girls
http://www.cvt.org.uk/our-communities/botton-village-north-yorkshire

That was a bit uncalled for...they can't help how they were born

03-03-2011, 10:39

Quote:

Originally Posted by Welshchris

yep 2 of my mates got the PC Tools virus.

This has been around since about 2007 under various different names but all looks roughly the same and do roughly the same thing.

its not a virus its malware aimed at getting your credit card details for nefarious purposes

the-cable-guy · 09-03-2011, 19:09

Quote:

Originally Posted by Scrubbs

I think it's a place for special boys and girls
http://www.cvt.org.uk/our-communities/botton-village-north-yorkshire

your sick mate

Stephen · 09-03-2011, 19:22

I know the VM DHS team have been getting inundated with calls about this. Seems a lot of people fall for it.

Scrubbs · 09-03-2011, 23:09

Quote:

Originally Posted by haydnwalker

That was a bit uncalled for...they can't help how they were born

How is it uncalled for?? they are special , I didn't put any smileys or winking or any other symbols or jokes. I mentioned it because there is a place called Botton and it's a lovely place to visit and any advertising for their site can't be a bad thing.

It all depends on which way your mind works.