A personal favorite, Malwarebytes, seems to be completely thwarted by this floater. It will remove parts of it, but not the entire thing. I did find this great mark-up of where AV2010 goes and what it touches here.  One big portion of this is the domain list that it uses to connect on(received from the above link):

best-online-antivirus-scanner.info
av2010pro.com
av1-scanner.info
av1-download.info
download-antivirus2010.info
cleanyourpc-now.info

My main point of curiosity on these items is whether a simple entry into the hosts file redirecting these domains to 127.0.0.1 can be used to help thwart troubleshooting this in normal mode.  I will conduct a few tests as soon as I can in the next few days and see where I get with this.  I am betting that it will work just fine, as those domains try to load, it will simply redirect to local host and not load anything.

A simple test of attempting to just browse to these domains will show only the last 2 resolve to anything useful, typical of malware and 1 landing page.  Now this might be because of AdBlock Plus(FireFox plugin) but I did not see anything in its giant list pertaining to those domains above. So the block, if one, may be an element trying to be loaded on the page – we’ll see on later tests.

Bottom line thus far this site seems to be the best path to get this thing removed.

UPDATE:

But wait! There’s more! So, from my initial poll of folks(Thanks Sean!(Give him money, damnit!!!)), it does look like there is a variant on this as well which is Home AntiVirus 2010. Fantastic! This now totals 9 domains used to redirect:

homeantivirus2010.com
homeantivirus-2010.com
home-antivirus-2010.com

Plus the above 6:

best-online-antivirus-scanner.info
av2010pro.com
av1-scanner.info
av1-download.info
download-antivirus2010.info
cleanyourpc-now.info

Simple redirects on firewalls, ‘rogue’ DNS entries, host file redirects etc should do the trick in disallowing this from getting populated onto machines. This is under the very strong impression that those are the only domains used to get this data and these aren’t mirrored somewhere else.

I would say the easiest way to circumvent this on our parents PCs would be a hosts file entry:

Path: %WINDIR%\System32\drivers\etc\hosts

Modification:

homeantivirus2010.com    127.0.0.1
homeantivirus-2010.com    127.0.0.1
home-antivirus-2010.com    127.0.0.1
best-online-antivirus-scanner.info    127.0.0.1
av2010pro.com    127.0.0.1
av1-scanner.info    127.0.0.1
av1-download.info    127.0.0.1
download-antivirus2010.info    127.0.0.1
cleanyourpc-now.info    127.0.0.1

This redirect can be to google.com and does not have to be to the localhost. This entry can also be made in most firewalls as mentioned above. The biggest issue of it all is our major providers of AV and Malware protection are not actually taking care of the problem by denying the software from installing.  Thinking back they haven’t really been protecting machines of this. I am not sure if we can consider these products malware protection.

I will leave rants for anther post oh and more as it comes….

UPDATE 2: Looks like I’ll be getting a copy of this file to do some testing… finally!

Peace.

Here is that command:

netsh http flush logbuffer

Other commands associated with the HTTP portion of netsh are all documented on MSDN Technet here, http://tr.im/NDmZ. Comes in pretty damn handy with IIS 7 and Windows Server 2008.

Good luck.

Official Post.

I was wondering what had happened last night, as Bing is my default search on my Dell Inspiron 10v netbook.  In the middle of working on something, non-critical, the usual ‘hey, let me look that part up!’ occurred, to which I received a 500 error. For the non-tech reading this, 500 error is usually what shows up when the server can’t process the request you fired off to it. After a few twitch F5(refresh) taps, I was laughing pretty good and just used Google in the meantime.

The part that isn’t so amusing to me, is that they are missing about 15-30 minutes of outage time in the report given above, as a guess, they probably found out about this at 8:30PM Arizona time, but in all reality, errors started occurring much much sooner.

/sigh

BBC Stated, “Not all aspects of the Bing service were knocked out by the configuration change. Many reported that Bing Maps was still available.”

Wow! That’s so great! Maps was working! …. ….. ….. …..

THE MAIN REASON YOUR SITE EXISTS WAS DOWN, but hey! Bing Maps was working!

@Bing: why?  You were doing so well. From the semi-clever ‘decision engine’ campaign to everyone was making fun of you, I really saw this as a new opportunity for you to reinvent your appeal to the public in software services. Now, now everything everyone was making fun of you about is actually true, again.

… …. ….. …. …. …..

Alright, alright. Truly, most of the above is complete sarcasm. I find it amusing how quickly people love to bash the shit out of Microsoft at any chance they can get. Nevermind it being the main source of  how most get to these places. Oh wait, people bash that too. Doesn’t get old after over 10 years of doing it? I swear, I think people have just gotten used to doing it and reading it. Notice how everyone mentions Google at some point or another in their posts, but how quickly everyone forgot that it too just went down earlier this year.

Back off, give them a fucking break considering it was an hour without your precious Bing and an hour without your precious Google, respectively. Oh wait, no one complained about Google. Tenure you say? Hmmm, pretty sure Microsoft/MSN/Live/Bing has been around a metric-fuckton longer then Google. But Google does do a lot of things very right. It is a pickle.

Peace.