Internet Explorer Users beware of Antivirus Action highjacker malware

Partners:

• Vets for Victory
• Military Appreciation Day
• Army Paratrooper
• Patriot Guard Riders

 

[BuoyJumper]

Some of you know I have been MIA for a few days dealing with one of the most frustrating malware programs I have ever seen.  First of all I do not know anything about anything when it comes to the technical side of a computer operating system.  I don't know how to start my computer in "safe mode" or how to delete registration entries caused by a virus or anything remotely like that.  I am a home PC user and that's it.

My primary browser is Internet Explorer 8.  A few days ago I was doing some research and I was using my back-up browser Firefox because it is less vulnerable to attacks than INEX8.  I came across a photo of a video player in Google images and clicked on it.  All of a sudden Internet Explorer opened with a message that appeared as if it was coming from Microsoft which said "your computer is under attack" and then this thing that looks like a scanner pops up on the screen. If that pops up on your monitor and you haven't taken some precautionary measures you are in for days of frustration if you stop reading here.    

 

Antivirus Action is a clone of AntivirusIS fraud and it is as annoying as its predecessor. Continual popups prompting you to purchase Antivirus Action and opening pages to unwanted websites opened by this rogue malware.  Antivirus Action does not take any action against viruses on your computer because Antivirus Action itself is a computer infection.

Antivirus Action is disguised to look like a security tool but don’t let its appearance misguide you. The fraud spreads with help of other malware. It may also be installed automatically using system’s exploits while browsing the web.

Antivirus Action is able to mimic functions of a virus remover. It imitates computer scan and security warnings.  The scan reports and the fake infection alerts are meant to push people into paying for using the fraudulent program. Avoid the trap and remove Antivirus Action as soon as possible.  Here's more on this really nasty malware.

The REALLY BAD PART about this malware is that it will not allow you to open or use any executable file (exe).  So your antivirus programs such as SpyDoctor, AVG, Spybot, etc. are rendered inoperable.  Trying to open Add or Remove Programs, System Restore or Window's Task Manager won't work as they are executable files.  Trust me folks for a novice such as myself NOTHING WORKS.

PRECAUTIONARY MEASURES:

If you use Internet Explorer, the first thing you need to do before you risk getting infected with this crap malware WHICH IS EVERYWHERE .. is have a back-up browser such as Firefox 3.6.10 on your machine.  Having Firefox on my machine saved my bacon.  Without it I would have been calling some geek squad for a hundred bucks or so to come fix it.  You can download it HERE.

The next thing I would suggest is downloading Malwarebytes FREE Edition.  You can't do it after you get this malware infection.  This seems to be the program most recommend for getting this malware completely off your computer.  One suggestion I saw which makes sense is when you download Malwarebytes is this.  

Since this Antivirus Action malware targets executable (exe.) files when you download MBAM, rename the file when you save it to your computer. That way even if you get the rogue malware infection since Antivirus Action won't recognize the file name you may be able to open up Malwarebytes to get rid of it. HERE is more on renaming Malwarebytes when you download it.      

Here's what I had to do to get rid of this malware.  After two days of battling pop-ups and from this malware activating Internet Explorer and opening  websites for Viagra and porn and reading hundreds of posts on forums I finally came across a post that gave a computer dummy like me what I needed.  A web address where Microsoft could fix the problem for me and get the rogue malware out of my browser.

1.  I typed in www.microsoft.com/security_essentials.  I filled out their online form and explained in detail what my problem was to get a case number.  I explained that this rogue highjacker Antivirus Action was embedded in my Internet Explorer browser and it had rendered all antivirus programs and executable files inoperable.  I explained that I was on the net using firefox as my back-up browser.  I was also given this toll free number to call (which I did not need as Microsoft cleared the malware before I could get past waiting for a tech to come on the phone).  That number is 1-800-642-7676.

2.  Once the Antivirus Action malware logo disappeared from my start-up menu toolbar at the lower right of my monitor, I then knew that I could open my antivirus programs and scan for any remnants of this malware.  I then went and downloaded and renamed Malwarebytes so that should I ever get infected again I just might be able to open this legit anti virus program and get rid of the rogue malware.  

[BuoyJumper]

It should be noted that when you click on the link above

Code:

http://www.microsoft.com/security_essentials/

you have the opportunity to download Microsoft Security Essentials.  However Antivirus Action will not let you do that and even if you were able to download it you would still not be able to execute the program.

After the Microsoft Security page loads, click on "Help and Support" and then after the page loads click on "Submit a Support Case". After the page loads then click on "Submit a support case online" and click on the appropriate link to fill out the support case form detailing the problem you're having.  When that is done you will be assigned a case number and phone number to Microsoft Security.

[Synovio]

Ya - I caught this CC (Computer-Clap) a few days ago an' the same damn thing happened..All I was doin' was lookin' at the WWW.Big'uns.tits web site an' BAM! I got the clap..

So thanks fer the info my noble friend - an' have a nice Turkey Day!