Sonoma Wire Works - Support Forums

[scott]

I've just run a complete virus scan using McAfee and the results have come back with a trojan apparently called "FakeAlert-GreenAV" in my GearBox and PODFarm Installer.exe files.
Anyone know anything more they can share?

[cwight]

Scott, I think its a malicious little trojan that will prompt you to purchase a piece of software. seems quite new. Get rid of it.

Green Antivirus 2009
Mon, 31 Aug 2009 20:08:40 CDT - Green Antivirus 2009 is another counterfeiter anti-spyware application, fake spyware remover. Although the main goal of this parasite is the same as other rogue anti-spyware programs, but GreenAntivirus 2009 also cares about environmental protection. It claims to be the first anti-virus program which cares about the nature and donates 2$ from every sold program. Obviously this is just another way to give more credibility to this fake application. GreenAV can be downloaded from the website that promotes this rogue, or it might be installed automatically without user's permission. However, after infection Green Antivirus2009 performs fake scan and floods system with many obsessive alerts about infections and other security or privacy issues. Also it can decrease system's performance and hijack browsers. The worst is that Green Antivirus 2009 is an infection itself, but shows fake notices about infections like Spyware.IEMonster and other similar. What is more, trial version is unable to remove all those infections, so user is advertised to purchase full copy in order to have a clean system. But the best option is to eliminate Green AV from the system as soon as possible.

[fooks]

do we all have that?

[blue4u]

It's doubtful that we all have it.

[scott]

What confuses me is that the installer.exe files have been downloaded for ages and previous scans haven't shown this trojan up. I haven't installed any antivirus called, "Green ..." so it's left me scratching my head. Is it possible for the virus to attach itself to the .exe files after they were downloaded?

[Charvelguy]

hmm, well, when in doubt, get a 2nd or 3rd opinion as it may be a false positive. Try using the Kaspersky web scanner and see if it tags it. I run Malwarebytes and Trend Micros Hijack this as crosschecks also, if you don't have these tools in your arsenal - consider them, they're good freebee's.

[Muddhole]

Sound like a hijack attempt of your computer. Just ignore it, it's probably a scam to get you to quote unquote "buy" their software. When in reality, they are just blackmailing you into getting control of your PC back, but only after you install this "Green AV" which is actually the virus you'll be installing in the first place thus hijacking your machine. Then only when you send them money for an Anti Virus program that don't really exist, give you some code to release your PC back to you. Oldest scam in the book, just redone into you thinking it's legit. I'm sure after ignoring this "alert" then running a virus scan with you updated Anti-virus software will show no present viruses on your computer related to Green or what ever.

Get Avira Anti Virus personal. It's free and it stops malicious activity at the door. I had it running for months and since it doesn't come defaulted to scan your computer everday, it was only monitoring for malicous activity. That's how good it is, you can enable to scanning on the administration page and set the time you want it to scan.

[scott]

Haven't had any alerts or pop-ups to buy anything. The .exe files are infected according to McAfee but I haven't used them for months and they've been on the hard drive for ages.
Weird!!

[solone1]

If you have a shared drive/folder this can happen quite easily. This sounds like the nimda/schmid variety where it attaches to executable files (.com/.bat/.pif/.exe etc). Anyway, your McAfee is probably catching and cleansing it and it's quite doubtful all folks are getting this. The installers that were infected/attacked are probably just fine too. If you want to be double-sure - reboot pc in safe mode and re-scan all files.

We programmers call these virus creaters "darkside" programmers. I hate them. They should all be taken out side - lined up against and the wall and..

There's your 4th opinion! LOL - Good Luck.

[Charvelguy]

Its similar to the antivirus Malware- rogue program. If you fall into it, its quite nasty to get everything removed. I had a couple friends whose machines became quite the learning experience and, instead of wiping the OS and starting over, I spent many many hours trying to clean the thousands of scan alerts. Once installed.. its almost impossible to clean up 100% as it'll just keep adding more and more - overtaking your OS.

[GuitarSlinger]

Scott how are you coming on this? If your computer is acting normally then it may be a false positive. Usually rogue antivirus programs are really fast at corrupting your pc with malware that cripples your whole system up. You would know for sure.

Here is what I would do.

1. Back up important files
2. Turn off system restore, virus will be stored in there too.
3. Scan for malware and viruses using various programs. I like Superantispyware free edition, this one is good!

http://www.superantispyware.com/

When all clean turn system restore back on.

When I've gotten nasty malware just from clicking a link and from ad servers, total hijack. on those really nasty ones I needed help using combofix and hijackthis from the experts at PCPitstop. Those guys are great and know their stuff.

[scott]

Scott how are you coming on this?

Just a routine AV scan and it threw up 5 quarantined items - all Line6 .exe files. My PC seems to be acting normally which is why I'm curious to see if anyone can shed some light.

[GuitarSlinger]

You need to try another scanner like the kaspersky online one and superantispyware if you want to be sure. Where are the file locations? Sounds like nothing.

[Charvelguy]

Scott how are you coming on this? If your computer is acting normally then it may be a false positive. Usually rogue antivirus programs are really fast at corrupting your pc with malware that cripples your whole system up. You would know for sure.

Here is what I would do.

1. Back up important files
2. Turn off system restore, virus will be stored in there too.
3. Scan for malware and viruses using various programs. I like Superantispyware free edition, this one is good!

http://www.superantispyware.com/

When all clean turn system restore back on.

When I've gotten nasty malware just from clicking a link and from ad servers, total hijack. on those really nasty ones I needed help using combofix and hijackthis from the experts at PCPitstop. Those guys are great and know their stuff.

Great program Slingy, thanks for mentioning it!

[GuitarSlinger]

Thanks, I only use it for detecting stuff, but I don't use the shielding stuff that runs all the time. Very happy with Avast free antivirus, it's network shield doesnt let anything through. Everybody needs some kind of network shield these days that is running all the time.