Another user complained about too many pop-up windows…
My investigation showed one every minute or less, popping-up with the same window related to signing-up for PC Antivirus 2010 software.
“It looked legit to me.”
And the pop-up screens did seem very legit – very professional – when I looked at them, too. But it was still weird. The web page did not have any controls; you could only click on it. You could not deactivate the application or Windows firewall or security control. When I started deleting weird files, they immediately were rebuilt (hh.exe, for example, would be rebuilt after deletion).
“You clicked on it, and then you did what?”
“It said I needed this particular antivirus package. So I bought the software, but it failed during the installation.”
(Oops .. they did it again…ignored my warnings…but it was just an accident!) I spent a few (4-6) fruitless hours trying to eradicate this problem, but IE8 cannot be stripped out, security manager was broken…so I got out Linux and wiped it all off, zip-copied their data files to a USB disk, reinstalled the machine and then put a newer antivirus software on the computer before scanning and giving their files back.
I still do not trust that it is clean, but this machine ain’t on my network! Will these users do it again???
Even if it looks legit…you never know. Oh yea – do not forget to call your credit card company to cancel the card you just entered into the bogus purchase screen.
Although this sounds weird, I do not run antivirus software on my Vista or XP machines. I am not a believer in them at all. When viruses or trojans appear, I look for solutions. Mostly though, I use Linux, which is not vulnerable to these Microsoft OS-based attacks. Saves me a lot of trouble.
PS: There is a Microsoft OS-based recovery of this virus, without reinstallation, posted Aug 14, mentioned here.
I prefer the reinstall option. Good luck.
From David Egan