Either way, it is definitely a sight!
So, I’ve been hearing more and more buzz about this malware floating around on the internet like a piece of shit that won’t flush called AntiVirus 2010. I often recommend, even for tech geeks, to run some sort of AV to avoid worm related items, etc though the last few years I think that message is more or less out there. Lately, my latest kick for AV is that of MSE or Microsoft Security Essentials. I am curious to see this evening, or soon, that if this will actually prevent this software from installing as it can be a bit fucking nasty when it comes to the removal of it.
A personal favorite, Malwarebytes, seems to be completely thwarted by this floater. It will remove parts of it, but not the entire thing. I did find this great mark-up of where AV2010 goes and what it touches here. One big portion of this is the domain list that it uses to connect on(received from the above link):
My main point of curiosity on these items is whether a simple entry into the hosts file redirecting these domains to 127.0.0.1 can be used to help thwart troubleshooting this in normal mode. I will conduct a few tests as soon as I can in the next few days and see where I get with this. I am betting that it will work just fine, as those domains try to load, it will simply redirect to local host and not load anything.
A simple test of attempting to just browse to these domains will show only the last 2 resolve to anything useful, typical of malware and 1 landing page. Now this might be because of AdBlock Plus(FireFox plugin) but I did not see anything in its giant list pertaining to those domains above. So the block, if one, may be an element trying to be loaded on the page – we’ll see on later tests.
Bottom line thus far this site seems to be the best path to get this thing removed.
But wait! There’s more! So, from my initial poll of folks(Thanks Sean!(Give him money, damnit!!!)), it does look like there is a variant on this as well which is Home AntiVirus 2010. Fantastic! This now totals 9 domains used to redirect:
Plus the above 6:
Simple redirects on firewalls, ‘rogue’ DNS entries, host file redirects etc should do the trick in disallowing this from getting populated onto machines. This is under the very strong impression that those are the only domains used to get this data and these aren’t mirrored somewhere else.
I would say the easiest way to circumvent this on our parents PCs would be a hosts file entry:
This redirect can be to google.com and does not have to be to the localhost. This entry can also be made in most firewalls as mentioned above. The biggest issue of it all is our major providers of AV and Malware protection are not actually taking care of the problem by denying the software from installing. Thinking back they haven’t really been protecting machines of this. I am not sure if we can consider these products malware protection.
I will leave rants for anther post oh and more as it comes….
UPDATE 2: Looks like I’ll be getting a copy of this file to do some testing… finally!
Hey all –
I don’t recommend these things often, but as of late I’ve been more and more in support of helping each other to get where we all want to be. That being said, a friend of mine is running in a marathon for LLS(Leukemia & Lymphoma Society) and asking for donations.
Give him money!!!! Yes, that is a link to the donation page.
No really, give him money damnit! Goal is $3500… anything helps.
This morning I found a nice little command line switch that tells the IIS 7 log buffer to write to the file on disk. This is especially handy, since getting a log to write for SEO and log processing purposes can be a serious bitch if you don’t have a file written to!
Here is that command:
netsh http flush logbuffer
Other commands associated with the HTTP portion of netsh are all documented on MSDN Technet here, http://tr.im/NDmZ. Comes in pretty damn handy with IIS 7 and Windows Server 2008.