Rogue “MS Antivirus” Attacks: Last night I started getting persistent, aggressive pop-ups from “MS Antivirus” about supposed large-scale infection. If all looked very official and MS-sanctioned … but something made me suspect that it might be an elaborate spyware scam. No matter what I do on the computer … the pop-ups return each 1-2 minutes. For example: = = = = = “WARNING! Virus/Attack Detected. Possible action has been detected from remote host. Antivirus engine has detected possible harmful actions from remote computer on the network. Blaster/Sasser.variant worm behavior detected. You have to register copy to get full protection feature set and an ability to defeat incoming threats. To begin online registration, please click “Activate now” button now.” [etc, etc, etc]. = = = = = I could do nothing to defeat this loop. I did more than one cold power down but … on re-booting … it started in again. This morning I checked Google under “MS Antivirus” and the second entry: “MS Antivirus 2008 Removal Instruction” seemed to confirm this. The website is: - www.removal-instructions.com/remove MSAntivirus2008.html Another Google listing is: - www.2spyware.com which even has a supporting forum. And there are undoubtedly others … Recently I foolishly let my “e-trust EZ Armor” protection program expire. I believe it was affiliated with Zone Alarm that I had used for a number of years. What happened was I recently moved into the East Norriton area of southeastern PA where I subscribed to Comcast.net and their triple-package of Digital Cable … High-Speed Internet … Digital Voice service. Now I understood that this comprehensive service also included anti-virus/spy-ware/firewall protection. D-U-H! Seems I was very wrong here and now I’m paying the price. ***Have any other Comcast customers had this experience?*** My hopeful course of action is: 1. Somehow get rid of the rogue and corrupt “MS Antivirus” altogether … permanently. 2. Choose and install safe and reliable anti-virus/anti-spyware/firewall protection. With so many options, packages … and other scams? … out there … who can one trust? Suggestions … courses of action welcomed. Thanks. P.S. – my normal computer operations continue … except I have to stop and close the two related MS Antivirus pop-ups every minute or so!

Please download SmitFraudFix from this link: SmitfraudFix Then extract the contents to your desktop. !!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!! Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd" Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky and other antivirus programs) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Thanks for replying ... What I did was do a System Restore to a week previous to this attack ... and I haven't had a recurrence since.