Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Antivirus System Pro: Trojan Help

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Antivirus System Pro: Trojan Help

Old 11-27-09, 10:09 PM
  #1  
DVD Talk Special Edition
Thread Starter
 
Join Date: Aug 2004
Posts: 1,716
Likes: 0
Received 0 Likes on 0 Posts
Antivirus System Pro: Trojan Help

Last night, after visiting a site I have been to thousands of times (I don't recall the exact site, as Firefox had multiple sites loaded), I clicked on a standard link within the site, and Adobe Reader began loading. Nothing I had clicked on needed to load Reader, so I entered the Task Manager, and found Reader running. I ended the task, and, upon that, a virus popped up: Antivirus System Pro. It began to load numerous antivirus pop-ups, stating that my system was infected, and I needed to purchase the full version to get rid of the effects. It also succeeded in shutting down the internet (save for Firefox), and began loading Internet Explorer with numerous porn pages and the like.

Unfortunately, it also closed down every attempt I made to run an antivirus program, or any program for that fact, stating that the program was infected. After numerous restarts, I began loading a few programs quickly prior to the virus loading. I managed to kill the trojan root process via Task Manager (***sysguard.exe), and successfully loaded Spyware Doctor. It informed me of a rogue Antivirus System Pro trojan, but, seeing as I had not purchased the program, would not remove the virus.

So, I managed to load Spybot Search and Destroy, as well as Malwarebytes' Anti-Malware, and it appeared to have found the program, and got rid of it. I restarted numerous times to make sure it did not reload the virus, and seemed to be fine. I checked the Task Manager, and it did not show any version of the "sysguard" program. I also ran Malwarebytes, Spyware Doctor, and Spybot about three time apiece, and once apiece in Safe Mode, to ensure this was off my computer.

After going about my business as usual (including logging onto my bank account), I clicked on the "Gilmore Girls" IMDB page, and went to click on full cast listings (I wanted to confirm the woman I had just seen on "Monk" was one of the Chilton girls). At that point, Adobe Reader loaded once more, and I knew what had happened. I shut down reader, and once more, Antivirus System Pro loaded.

This time, I knew what to do. After canceling the process, I attempted to load Spyware Doctor, but the virus somehow disables it. I knew it would not have gotten rid of it, but I wanted to make sure it showed up again (for future reference). So, I loaded Malwarebytes Anti-Malware, and it once again found the trojan that it found last night. It removed it, and I am currrently running Spybot to make sure it is gone.

So, I have two questions:

1. I do not know the precise nature of this program. I understand it is intended to make you purchase their "program," and give them money. However, I do not know if it is a keylogger of sorts. If it is, and, I had it removed (like I believed I had), then me logging onto my bank account is fine. If I hadn't, then do I need to cancel my account as soon as possible, so as to prevent access?

2. Is anyone aware of a program that will stop this from entering my system, so I do not need to go through this process any in the future? I use Malwarebytes once or twice a week, and have Spyware Doctor. But, I am, at this point, ready to actually pay good money to make sure this never happens again.

Any ideas? I have never, not once in a decade of using computers, ever come across anything of this sort. Ever. This is the single worst thing I have seen, especially considering I was not attempting to download anything, or visiting any "nefarious" sites.

I apologize for the rather rambling post, but this has me utterly at a loss. Thank you in advance for whatever help you can provide.

EDIT: Last night, I was able to search various sites with Firefox with the trojan still on my system, in order to get advice on how precisely to remove it. Tonight, I searched "antivirus system pro" on Yahoo, in order to return to those sites once more for advice (to see if I needed to go into the registry or do a system restore), and, literally, every page I clicked on from the first page of results redirected me to some sort fake antivirus site, or something similarly related. In addition, I am able to visit any other site I want, it seems, so it appears as though they are only going after antivirus sites. It seems as though the the people responsible for this are going to extra lengths tonight to make sure that people are infected, and then unable to find out how to get rid of it. At least, that is my current, working theory.

EDIT 2: After a restart of my computer, all (apparently) seems well. The virus did not load, nor can I find any reference to "sysguard" in the Task Manager processes. As of now, I am going to continue as I normally do, without visiting any site that requires a password. If something happens, and this does occur again, I'll know it isn't gone, just hiding; at which point I will attempt a system restore to an earlier date and, should that fail, simply do a complete reinstall of the operating system.

Last edited by invisiblegt; 11-27-09 at 11:39 PM.
Old 11-28-09, 08:32 PM
  #2  
DVD Talk Legend
 
Join Date: Oct 2001
Posts: 17,925
Received 18 Likes on 16 Posts
Re: Antivirus System Pro: Trojan Help

Did you read this?
http://forum.dvdtalk.com/tech-talk/4...-me-first.html

You also don't mention an AV program with real-time monitoring on your PC. If you truly don't have one, get one. The above article has links to some freeware ones if you don't want to pay for one. I personally use Avast! Home Edition.

As for your questions:

1) Assume The Worst. The one process you saw may be just the tip of the iceberg. It's possible (and likely) that the initial loader installed multiple malware programs on your PC. I don't know if you have to cancel your account, but at least change the password.

2) A real-time AV program will usually try and stop malware before it installs or, failing that, removing it once it installs. Also, Windows Vista and 7 have User Account Control (UAC) that, when set at its highest settings, will stop programs from installing without first asking you for permission.

Malware is getting really nasty nowadays. Even so-called "safe" browsing isn't enough to keep one from encountering malware.
Old 11-28-09, 09:14 PM
  #3  
DVD Talk Legend
 
Join Date: Apr 2002
Posts: 20,726
Likes: 0
Received 0 Likes on 0 Posts
Re: Antivirus System Pro: Trojan Help

Yeah, a good AV should catch stuff like that. Maybe give antivir or the new microsoft anti-virus essentials a try.

From my experience, the three best ways to ensure that problem does not occur again is 1) install latest windows updates, 2) use a firewall, and 3) use a hosts file to block the nasty sites (yeah, this site - ads.kleinman.com- is listed there, but it can be edited out).

I'd also update all other software like flash player, adobe acrobat, java, firefox, etc. Maybe some of them are really out of date.
Old 11-28-09, 09:32 PM
  #4  
DVD Talk Legend
 
Dr Mabuse's Avatar
 
Join Date: Jun 2007
Location: 75 clicks above the Do Lung bridge...
Posts: 18,950
Likes: 0
Received 0 Likes on 0 Posts
Re: Antivirus System Pro: Trojan Help

Buy, pay for that is, Spyware Doctor and Avira Antivir Premium. Google them.

Run them and see if they can clean this infection, they will prevent a similar situation in the future.

A format and reload is the only 100% fix, but if this can be cleaned those two will do it.

I run NoScript also which is a huge step up in security putting you in charge of scripts that will run on any page.
Old 11-28-09, 09:59 PM
  #5  
DVD Talk Special Edition
Thread Starter
 
Join Date: Aug 2004
Posts: 1,716
Likes: 0
Received 0 Likes on 0 Posts
Re: Antivirus System Pro: Trojan Help

Originally Posted by Jay G. View Post
Did you read this?
http://forum.dvdtalk.com/tech-talk/4...-me-first.html

You also don't mention an AV program with real-time monitoring on your PC. If you truly don't have one, get one. The above article has links to some freeware ones if you don't want to pay for one. I personally use Avast! Home Edition.

As for your questions:

1) Assume The Worst. The one process you saw may be just the tip of the iceberg. It's possible (and likely) that the initial loader installed multiple malware programs on your PC. I don't know if you have to cancel your account, but at least change the password.

2) A real-time AV program will usually try and stop malware before it installs or, failing that, removing it once it installs. Also, Windows Vista and 7 have User Account Control (UAC) that, when set at its highest settings, will stop programs from installing without first asking you for permission.

Malware is getting really nasty nowadays. Even so-called "safe" browsing isn't enough to keep one from encountering malware.
Truthfully, I did not read that first. After encountering this, and never having seen anything such as it prior, I suppose I panicked a bit, and overlooked a few things.

Currently, I actually have Avast Home Edition sitting on my computer, in addition to Avira Free Edition. Of course, I had not installed anything, as I was looking around to see which was best. Barn door after horses and all.

After running through Spyware Doctor (the free edition; I plan on purchasing it, as it has found everything), it did not find anything after I deleted every reference to "sysguard," including the one in the prefetch folder. Then, I ran SuperAntiSpyware and Malwarebytes, and both showed "clean" bills of health. I'm going to do a few more things to make sure it is gone, at least to the best of my knowledge. Then I plan on logging onto my account, and changing my password.

I appreciate the help put forth in this thread, and I do apologize for not first reading through the thread stuck to the top of the forum.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.