Antispywaremaster:CAREFUL what you click, it can.....

bite you HARD!!!! I went to a totally legit website and clicked on a link they had posted- UP came a window saying basically "HAHAHAAA you've been hacked." I got the "antispywaremaster" virus- which pops up MANY windows that look legit- I knew they were not, but even clicking on them to close them reinforces the virus. I was using a very decent, free, anti virus cuz I didn't like the way McAfee slowed my puter down. By the time I tried to install my Mcafee to combat, it was impossible, so many windows were popping up, I couldn't install, the virus had disabled my ability to use task mgr or even access C in My Computer- out of total frustration I reformatted my hard drive, of course, losing everything- couldn't even back up C because I had no idea where the dastardly bastard was lurking. Great chagrin- not SUCH a loss for me, I burn most of my stuff to disks, plus I can get over on this- hard thing was, I am not wireless proficient and it took me some doing to re-establish my connections, and that did hurt- I had to go online on another computer and burn the firmware for my adapter, and then beat my head against a wall trying to re-establish to my own router, which is in someone else's apt, and they had THROWN OUT my disks.
So, lessons learned- back up, back up, do it OFTEN (yeah I know Majors, and you can bust me down to kp- I DO know better) 2) suck up the extra start up time and necessary slow down and keep your good expensive anti-virus running- for me, it was too little, too late. 3) if you are routed, make sure you know your WEP password, etc- write it down, keep it under your pillow, or your kid sister could throw out the whole box, written notes, disks etc- but I'm not bitter.... don't trust your puter info out of your sight (or site, lol) it is not important to someone else.
and as we established in earlier posts, good chocolate and Guinness can be VERY key tools in those few days when your system is little better than an expensive paper weight or cat bed...
I DID write to the site that had the bad link- a very internationally known cosmetics site- they could care- no answer, no removal of the link. Ah, alas. They lost my business, I lost my good right arm for 4 days. Not a joke in the rural area I live in where getting to another system might be really hard.
luv, private kat

 

Wow. Tough lesson learned. However, I don't think that having a paid 'expensive' antivirus app would have changed anything. When you clicked that link, and 'reinforced' the virus by clicking on whatever you clicked on, you invited it into your PC and basically said "the door is WIDE open! Come on in, sit down, get comfortable, make yourself at home!". No antivirus program is going to stop something you invite in and install. Hopefully you learned that. From your description of things, it sounds like you were at a cosmetics web site, and you clicked on a link for an antispyware program. Is that right? Didn't it seem a bit odd and out of place? An antispyware link on a cosmetics site??? Hmmm... red flag. At least you had your stuff backed up.
Safe surfing is the best prevention. All the antivirus programs and firewalls in the world won't protect you against an intentional click, paid for or not.

 

dlb! so GOOD to hear from you again! No, it was a legitimate looking link, labeled for clothing in keeping with the site. It looked like a shopping link labelled for the kind of clothes I was looking for. WHAT a pain- and when I was trying to download my MS service packs tonight SOMETHING wierd happened and my XP installation was corrupted AGAIN, and I had to go through it all again... I am tired Major... I don't expect my last hold of defense, my PC, to soooo exhaust me.... oh woe,,,,

 

If my McAfee had been in place, it probably could have at least quarantined it- my little virus program tried, but got overwhelmed, really didn't recognize it, only recognized the threat- like I said, too little, too late- Mcafee does recognize the antispyware virus, and has protection for it- it IS insidious- if anyone else encounters it I think the best thing is to reboot go immediately to safe mode and de-install Internet Explorer- it seems to use that intensively to reload. It procreates little windows until you are overwhelmed, and when you ctrl Alt Del to get to Task Mgr, you find out Tsk Mgr is disabled. My best advise, reboot immediately to Safe Mode and try to save what you can, but the best offense is to have backups cuz from my research and personal experience, you are going to have to wipe your drive- it infects fast, furiously and is notorious for hard detection.

 

This virus pops up very believeable dialog windows that look like they come from Windows itself- however, if like me, you don't trust that, and click to close or cancel them, it doesn't matter- I researched it on the Web, whether you click, close, ignore, cancel or accept- this is a FALSE window generated by the virus hacker- whatever you click reinforces and, as dlb said "invites" the virus. So, I reiterate, close immediately, go to safe mode and deinstall Internet Explorer, which the virus uses very happily- it doesn't seem able to use Mozilla, but it CAN utilize Maxthon, which "shells" Internet Explorer. Trying not to click on the windows that pop up helps, but they generate so quickly, that within 5 minutes I had 15 popup windows on my screen. You literally have no time to take defensive measures because you are overwhelmed with things popping up from hell. The site I got it from was Sacha cosmetics, a very respected trade intensive site- and I was very angry that they didn't respond to my alert to them, so for what it's worth, that's my alert and boycott of them.

 

Yeah- many new viruses and spywares are now trying to look like legitimate Windows messages which really is bad for the not-so-experienced PC user. One thing that I tell people is "Windows itself will NEVER pop up a message that says 'You have been infected. Click here to download antivirus software' and Windows will never say anything like 'Your PC seems to be running slowly and errors have been found in the registry'." If a message comes up and says "Threat detected! Click here to remove or quarantine" it will have the name of the program responsible for the message in the title bar; ALWAYS! I've worked on plenty of PCs where the owner wasn't running any virus protection, and they got one of those legit looking messages that said "You have been infected. Click here to download a virus remover". I asked why did you 'click here'? And the answer was "Windows told me to" even though he had NO antivirus/antispyware/firewall installed. So I had to explain that Windows will NEVER, EVER pop up a message like that, or anything even close to that. Well, maybe the Windows firewall will pop up a message, but they are really rare and plainly labeled as the Windows firewall. So, hopefully everyone knows and remembers that Windows will never pop up messages saying the PC is infected, and will never pop up messages saying that the PC is running slow or that the registry has errors, and Windows will especially never tell the user to 'click here to download software'. It might say something about updates being available and to click to download them, but Windows will not plug downloading any other software, ever. If the registry has errors, Windows will tell youin other ways (usually by programs crashing and not running), not by saying flat out that you have registry errors. Another quick story: a guy's PC was infected with all this rogue-ware. It turns out he clicked on one of the messages that said "your PC is running slow. Click here to download software to speed it up". The thing is, when I asked him about the PC, he said it was running great, his son (the family PC expert) had just done a full format and reload of XP so the PC was clean and running great (his exact words). So, if the PC was running nice and fast, why did he click the message that said the PC was running slow? The answer: "I thought the computer knew it was running slow and I figured it has to be right; if the computer says it's slow, it must be slow." Even though it was running great. Go figure.

(sorry for the way-too-long-story-time-post... I had to vent this stuff somehow rolleyes )

 

Hey dlb- great to hear from you as always! feel free to vent, my latest kvetch is "why is it such a PAIN to find the simplest downloads on microsoft home page......"
The real spiteful, insidious thing about this virus is how even just clicking to close the pop-up window seems to reinforce the virus, and Inet Explorer starts opening windows faster and fast, task mgr is disabled, my computer is disabled so you can't get to C, it is frantic. Nasty stuff. I still trust my Avira, and find it preferable to Mcafee, but you have to react fast if this virus hits, and I do believe that going straight to safe mode and de-installing Inet Explorer is a good place to start.

 

I never click anywhere inside a popup window, not even the x in the corner. What I will do is go down to the taskbar, right click the browser and close it. That poup window should also be gone. If not, I reboot the computer - that kills it. Of course, I get very few because I run AdMuncher.

 

Yeah the "X" can be rigged to be the same as clicking "OK"..... I use Alt+F4 when in doubt, or the task mgr to close the browser.

 

I know this is an oldish thread but given that it covers so well the scenario I wish to cover, I'll resurrect it.

So if you click in the taskbar and close from there, that works. I've known that one since an IT teacher gave us the heads up about 8 years ago.

But what about hitting the Esc button or Alt + F4 - are they free from interference through reprogramming?

 

My problem was, NONE of this worked. clicking in the taskbar had no response, Ctrl-Alt-Del doesn't work because Task Manager was disabled, you can't open Control Panel, etc. As soon as you click anywhere on the windows popping up, ie to close them, that causes them to multiply faster. I got so frustrated I ended up reformatting my hard drive

 

You never click inside a popup window. If nothing works, pull first the internet plug (phone cord or ethernet cable) and if you still can't close anything, power off the computer. A bad shut down is preferable to harboring malware. Let scan disk run when you power up. Do not connect to the internet yet. Fire up all those security programs and let them scan. Grab your beverage of choice and walk away from the computer, giving time to your security programs to do the job.