Jump to content

those antivirus 2008 variants

Recommended Posts

i know there are a few varients of those con/fake antivirus, spyware programs demanding cash to remove 1500 infections the pc doesnt actually have, which superantispyware currently cannot remove.

I know VB, asp and other coding etc so i know how to make a program myself to remove these variants and i thought you might like to see my style of how i pick them up, so you might find a way to adapt yourself to superantispyware.

the main thing i found is that the antivirus 2008 always has startup items and registry items with a gobledeegook name such as rhyourehddd.exe which is hard to detect as this can randomly change.

how i found a way to detect and remove the program is to do a registry search for antivirus 2008 and in the sub keys it always has this random exe. i then use this to do a file search for this random exe's.

removing any reference to antivirus 2008 and the random exe from files and registry.

i have seen 6 variations. including the shield on the taskbar, the antivirus2008/2009 and even a even a few not called antivirus. just by registry searching the keyword. (the program name) linked it to the random file names, screensavers, backgrounds etc which re infect on reboot, helped to then remove the lot in one swoop.

my method so far has worked on the 6 variations i have found. all you need to do is make the program engine search in this manner and then the trace or definitions files update with the latest names/keywords

hope this helps your development.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...