locked
RE: Vista Antivirus 2008: Warning RRS feed

  • Question

  •  

    Ok I am having a problem with Microsoft Live one Care, when I came in to work this box popped up that I have never seen before that says

     

    Vista Antivirus 2008: Warning possible harmful action has been detected from remote host.

     

    Vista Antivirus 2008 has detected possible harmful actions  from remote computer on the network. Blaster/Sasser.variant worm behavior detected. You have to register your copy to get full protection feature set and an ability to defeat upcoming threats. To begin online registration, please click " Activate Now" button below.

     

    one button says Activate now! Block this attack          other says Continue unprotected disabled protection.

     

    When I first got to work it listed all the supposed viruses that I had on my computer. I closed it out and clicked continue uprotected and ran a full systems scan through microsoft one live care and it came back with one virus and cleaned it and its good. 

     

    That same pop up, pops up every 5 mintues. I tried to go to add and remove programs to try to remove it and it doesn't even list it there. So I clicked activate now and it shows and error page saying that I am not connected to the internet.

     

    I have windows xp not vista. However in my one care circle I have my two work computers on xp and my bosses home computer has vista. I'm not sure what happened or what I should do!!!!

     

    PLEASE HELP!!!!!         Thanks

     

     

    Monday, June 23, 2008 6:23 PM

Answers

All replies

  • Hello, Kim. Sorry that you were hit with this annoying malware. I moved your post to the virus and spyware topic, where you will see a very long thread about this threat and manual steps to remove it. However, since you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.

     

    -steve
    Monday, June 23, 2008 6:55 PM
    Moderator
  • Hello Steve, please give me a link to manual steps to remove Vista Antivirus 2008. I am facing the same problem as Kim

     

    Thanks in advance,

    Yogi

    Monday, July 7, 2008 11:17 PM
  • http://www.enigmasoftware.com/support/vistaantivirus2008-removal/

     

    Steve, I found out on google search about mentods to remove Vista Antivirus 2008. Is the above link and company valid or real to boast anything like this?

     

    The above link shows manual removal process. Let me know if it looks good to you.

     

    Thanks,

    Yogi

    Monday, July 7, 2008 11:36 PM
  • Steve: This is what the above link shows, please verify and let me know asap. I appreciate your help before running this procedure shown below

     

    Vista Antivirus 2008 Manual Removal Instructions

    Use Caution! Please read the instructions below carefully. Manual removal of Vista Antivirus 2008 is a delicate procedure. Proceed at your own risk. We advise you to backup your system before you manually remove Vista Antivirus 2008.

    Monday, July 7, 2008 11:44 PM
  • I suggest using the removal instructions here - http://www.bleepingcomputer.com/malware-removal/remove-vista-antivirus-2008

    I trust the source and there is less of a chance that a mistake will damage your operating system.

    Tuesday, July 8, 2008 1:28 AM
    Moderator
  •  yogi2008 wrote:
    http://www.enigmasoftware.com/support/vistaantivirus2008-removal/

     

    Steve, I found out on google search about mentods to remove Vista Antivirus 2008. Is the above link and company valid or real to boast anything like this?

     

    The above link shows manual removal process. Let me know if it looks good to you.

     

    Thanks,

    Yogi

    My recommendation, if you have been infected by this insidious junk, is to contact OneCare support:

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.

     

    I'm not a malware removal expert, so can't comment on procedures you've located on the Internet - though they may well work as this junk (Vista Antivirus and XP Antivirus 2008) is pretty widespread.

    -steve

    Tuesday, July 8, 2008 4:26 PM
    Moderator
  • I am having the same problem. In addition to the above, I no longer have  Programs or a log-off on my start menu.

     

    It's as if my whole C drive was removed - thankfully I found it, 

     

    I can't get rid of this "vista antivirus 2008" pop-up.I also can't figure out how to put my start-up menu back in place. Going to system restore I can't restore to a previous date.

     

    Additional help?

     

    Thanks

    Thursday, August 21, 2008 10:29 AM
  •  dornhead wrote:

    I am having the same problem. In addition to the above, I no longer have  Programs or a log-off on my start menu.

     

    It's as if my whole C drive was removed - thankfully I found it, 

     

    I can't get rid of this "vista antivirus 2008" pop-up.I also can't figure out how to put my start-up menu back in place. Going to system restore I can't restore to a previous date.

     

    Additional help?

     

    Thanks

    Apparently, you have not read the other replies regarding this particularly nasty malware in this thread or others within this forum.

    If  you are not using Windows Live OneCare, you are off topic for this forum. This is not a general forum for viruses, spyware, or Windows Help. For help with spyware issues, you may want to try the forums here: 

    http://aumha.net/ For help with virus removal, contact the maker of your Antivirus program.

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx for details. For international information, see your local subsidiary Support site.

     

    -steve

    Thursday, August 21, 2008 12:38 PM
    Moderator
  • I have had to deal with this particular nasty piece of malware several times here at work cleaning out workstations.  Personally I have not run across this in my own net usage so I was curious about how this affects so many computers (one user claimed he got his off a link on the MSN home page, I do not know if this is true or not).  Anyway, on another security forum someone posted a link to a site that installs this *** onto the computer.  I decided to play with XP-A 2008 on my laptop with a browser that was sandboxed (using Sandboxie) so it could not do any damage (just as another precaution I made a backup image beforehand).  I have made the following observations:

     

    a. The pop-up window that appears is one big "ACCEPT" button.  That means anywhere you click--be it "cancel" or try to close the popup by clicking on the X in the upper right corner--will install this malware.

     

    b. In Vista (I didn't try it with XP) you get two warnings and a UAC prompt before it installs thus you have 3 chances to back out of it.  The instructions state to bypass these warnings because that is the only way to infect a Vista machine--through deception.

     

    c. While OC did not see the initial infection it did warn me of a trojan--a variant of KillAV--in XP-A's uninstaller file.  So if you try to uninstall it with it's own uninstaller you will be infected with another trojan whose name pretty much descibes what it does:  it tries to terminate your antivirus process thus leaving you unprotected.

     

    The best way to deal with XP-A (or any of it's variants) is through education and common sense.  If you see this popup again the safest thing is to close the browser instead of trying to close the popup.  Since I have instructed workers here of this the rate of infections have gone considerably down.  Only the sites that legitimately scans your computers (such as WLOC's Safety Scanner, ESET's Online Scanner, etc) are to be trusted. Also take note that these sites only scan with your consent unlike these "supposed" scanners of XP-A and it's variants.  And if you are infected DO NOT use XP-A's own uninstaller.

     

    There are also reports of infection via downloading of "codecs" (which is Zlob's favorite method of infection--OC does handle these superbly).  So if you see a popup stating that you need to download a "codec" to view a file the same thing applies--kill the browser window.

     

     

    Thursday, August 21, 2008 5:46 PM
  • Excellent advice and information, Mitch. Thanks.

    -steve

     

    Thursday, August 21, 2008 8:15 PM
    Moderator
  • You're welcome Steve. Smile  I've noticed the increase of XP-Vista-Power-Whatever Antivirus 200* posts all over security related forums.  I do not know for sure if all of them infects computers in this matter but I have a pretty good feeling they do.  After dealing with them on almost a daily basis I now have fantasies of  tying up these malware writers up by their thumbs, add a couple of vultures...well, you get the picture Big Smile

     

    The sad part about this is that some people have fell for it and and paid for the *** Sad 

     

    Friday, August 22, 2008 12:47 AM
  • can you tell me what one care works well with avirus help. need more than one.

    Sunday, August 31, 2008 8:06 PM
  • Hello Lucy, you should have only one antivirus product installed on your computer. Having more than one antivirus product on a computer can cause stability and performance issues.

    Sunday, August 31, 2008 8:12 PM
    Moderator