Monday, November 17, 2008

Antivirus 2009 Protection Scam pro-scan-online

Antivirus 2009 Protection Scam




I was on my work machine and I received this pop up warning me about spyware. This kind of shocked me because the sites I visit at work are few and are work related. Not the type of sites that usualy have this type of advertising. Now that I think about it, I may know the site. If I am right, its a 3rd party add doing it so any site you trust could be doing it.



I run several monitors and could see a session of IE running as small as it possibly could off to the right. A place that would be off screen for most people. Once I closed the pop up message, I saw it open a full window page that did a fake scan of my system. It indicated that several errors were found and even gave the names of a few viruses. As an IT security professional, I know how to keep my system clean and knew the report that it gave me was staged and false.







Clicking anywhere within the window (like the fake red X or cancel button) started downloading a file. On older web browsers it prabably would have just ran the program, but my version of IE gave me the option. You can either save it or run it. I pray that none of you ran it. Don't even save it. Your best bet is to close IE and end your session. Then log off or reboot.

I did not get infected by it, but I can easily see how the average person would. I work in IT and have a good eye for stuff like this. I also know the average user and this prays on them. I also know several people that have gotten trapped by this. I included some screen shots from the site and a few links where people were talking about it.

The URL for me was pro-scan-online.com but with a scam like this, I expect them to have lots of different sites set up. The file name was A9installertest_77024202.exe.


Here are some other people running into this same thing:

http://forums.vnunet.com/thread.jspa?threadID=146114

http://forum.joomla.org/viewtopic.php?f=267&p=1484262

http://loscompanion.com/forums/index.php?topic=5473.0

From reading a bit, its called the A9 Installer virus. I think its more crapware than a virus, either way avoid it.

8 comments:

  1. Anonymous4:44 PM

    Can you provide the website where you got hit by this please so that we can take steps to take this advert down.

    Our sites:
    Flash Mystery, or how you get infected by *.SWF files
    http://www.bluetack.co.uk/forums/index.php?showtopic=18064&st=0

    Spyware Sucks
    http://msmvps.com/blogs/spywaresucks/default.aspx

    Cheers,
    Kimberly

    PS .. I found no other way to contact you, no need to approve the comment. Getting back in touch would be highly appreciated.

    ReplyDelete
  2. Anonymous8:02 PM

    This is what is happening to my computer, what can I do to fix it?

    ReplyDelete
  3. Here is some info I got from an admin over at http://www.bluetrack.co.uk

    Best self help guide can be found here:
    http://www.bleepingcomputer.com/malware-removal/remove-xp-antivirus-2008-2009

    More detailed guides if needed: http://www.bleepingcomputer.com/malware-removal/

    But the removal tool & procedure remains the same, it's just the name & files that change.

    The forum is very thrustworty and if any problems arise, people can ask for help because the A8/A9 is a nifty pest as it does set a couple of restrictions on the computer no regedit, no task manager ... etc) and it kills existing AV solutions.


    I hope this helps anyone that needs it

    ReplyDelete
  4. Anonymous1:17 PM

    Thank you Kevin for confirming what I thought!

    The best thing to do for others facing the same scary situation is to call the safety department at Windows ( you may end up talking to someoene in India and I am in Montreal ) but he took me trough all the steps to remove this Virus 2009( aka antivirus 2009). It is a new virus that can do extreme harm - do not run or download!!!!

    1-866-727-2338

    Suzanne

    ReplyDelete
  5. Anonymous5:21 AM

    I recently got the Antivirus 2009 scam as well. I was so frustrated because it looked legit, but it blocked me from using any internet at all. TODAY I FINALLY FIXED IT!! I hope this helps.

    Download Norton 360 from the Norton Antivirus website.

    After installing and restarting your computer, make sure you are connected to the internet.

    Go back and run the Norton 360

    Click on "PC Security" -> RUN SCANS -> Comprehensive Scans

    LIVE UPDATE WILL REMOVE THE TROJAN THAT INFECTED YOUR COMPUTER.

    IT TOOK AN HOUR, BUT WORTH IT.

    I DECIDED TO PAY IT FORWARD WITH YOU GUYS. I AM NOW GOING TO SUBSCRIBE TO NORTON 360!!

    ReplyDelete
  6. Anonymous1:56 PM

    the same thing happened to me with anti-virus pro. Of course i hit run. When I realized that I had ben scammed I downloaded malwarebytes ant-malware program to get rid of it. My bank is aware of the problem and I have issued a fraud claim to get my money refunded.
    My pc seems ok right now. I'll cross my fingers

    ReplyDelete
  7. Anonymous8:09 AM

    Hello, I am one of those naive people who fell victim to this Antivirus scam. I just wanted to let you know that you can still recover the money you paid for it. You can argue with the bank or your credit card company which may issue a charge-back since you did not receive the product you thought you are ordering. I apologize for "spamming" but I wrote about this in more detail and hope that it can be helpful to others:

    http://www.ehow.com/how_4695526_fall-victim-antivirus-antivirus-scam.html

    Good luck everybody.
    MITS

    ReplyDelete
  8. Anonymous10:42 AM

    I just got hit with this program this morning. I mistakenly clicked on the x on the top right of the pop-up window. That's when it started to download stuff to my computer. I then pulled the plug on my computer and rebooted it. The window came back on. I then went to the "help and support" section of my XP computer and tried to run "system restore" but the pop ups were blocking my view of the program. So I turned off the computer, rebooted, and before the Pro-Scan pop up would show, I immediately went to the system restore, told it to go to yesterday, and it proceeded to do so. Fortunately that worked. No more pop ups since.

    ReplyDelete