Tricky Trojans Suck - Fresh Tendrils's Blog

Fresh Tendrils's Blog

Tricky Trojans Suck

Posted on December 15, 2008 at 07:46 PM.

(1)

I want to preface this by saying that whomever came up with the "fake antivirus package" type trojan needs to be shot in the face with a shotgun.

Anyway, this past weekend my parents ran into a problem with their computer - they couldn't get on the internet. Everything was hooked up and you could click into Firefox, but a warning page would load up and warn you about insecure internet navigation and give you two options. Option 1 would allow you to "enable protection" which directed you to defender-review.com (fake site). Option 2 would allow you to ignore the warning, but clicking that would shut-down FF. Also, every couple of minutes a window would pop-up on the desktop saying that a made-up virus had been found but couldn't be dealt with until I enabled protection. I would like to note that although there were three buttons on this window, 2 were grayed out - the only one you could click on was "enable protection" which took you to the site already mentioned.

I didn't have time to do more than simply finding out that defender-review was a fake site and a virus before work. When I got home I searched google for ways to eliminate the virus. Most of them simply directed me to download some kind of software which I did not want to do. It should be noted that McAfee, Lavasoft, or Spy Doctor did not detect this virus. I tried doing a system restore several times without success and decided to try a different technique after reading a couple blog posts. I searched through all files and folders. There was a Google folder in the Application Data that I deleted immediately. I found a blog with a list of files to delete and sure enough they were there, all with the same time-stamp. Deleting the files did the job. Pretty sweet.

This has been the second time my parents computer got a virus like this. The first time was easy to do, this time took a little bit of work since their computer couldn't access the internet.

Anyway, just a heads up to you guys.