6 years since my last virus infection in university and finally I snagged one. It was just after I installed the latest version of Opera and I hopped on over to the site blogcatalog and bam! the next thing I knew there was a popup coming from an alien icon on my taskbar saying that my computer was infected. The weird thing is I do not remember installing any programs which uses that icon!
an alien icon on my taskbar
On closer inspection I right-clicked on the icon and suddenly this window opens up showing Antivirus System PRO scanning my PC and logging tons of viruses.
Antivirus System PRO - smells fishy...
Not long after ANOTHER window pops up saying that my PC has been infiltrated and it could be a password-stealing attack..yada yada yada and with all the bells and whistles, IP and all. It looked authentic enough to make the average Joe panic and start clicking on whatever suggestions thrown at them. I was curios at what this would lead on to so I disconnected my Internet and clicked the YES button :D
looks authentic enough to click YES
As expected, by clicking the YES button an IE window popped up with a link directed at sysguard2010.com and naturally with no Internet the page was not loaded.
an antivirus website
The funny thing about this is that even after disconnecting from the Internet these windows keep on popping up on my screen so I guessed that the malware/spyware/adware is running locally from my PC. It even managed to pull up the Windows security updates to coax me into downloading the latest security patch but who knows that this might have linked to another site filled with viruses and malware.
a mock version of the Windows Security Center?
IE kept on popping up with new links now with most of them pointing to random sites like viagra.com and porno.com. Knowing that these windows would not propagate if I keep myself offline, I went on to search for the source of malice. My first clue was in the Opera cache files so I searched for all folders named Opera and went through them looking for any newly created suspicious files.
Browsing folder after folder, I finally arrived at the Application Data folder for Opera and in it was a .bat file and a folder which I could not delete. In that folder was the file antivirussystempro.exe. My guess is the .bat file was how it installed itself onto the system registry and it kept running the file antivirussystempro.exe creating all these windows. Most probably these files were downloaded as cookies and slipped past Opera’s filters. So there it was sitting there right in my face churning out pop up windows and I couldn’t do a damn thing about it.
The next thing I tried was restarting the PC to Safe Mode. All the applications and processes should be disabled and I should be able to delete this file safely but then I forgot one thing. I did not have administrative rights to this machine…
Frustrated, I restarted the PC and before all the processes could finish loading, I pulled up the Task Manager and kept on deleting the processes sysguard.exe and antivirussystempro.exe. After a while the process seemed to stop loading in the Task Manager and I proceeded to the folder where it was contained and deleted the original file itself.
I rebooted my PC and checked the Task Manager and finally my PC was free of the annoying malware.
Talk about playing dirty, that was really a cheap and lowly way of marketing your product. Imagine the amount of bad publicity you would get from all this but then again, is it the product Antivirus System PRO that they are trying to market or do they have other intentions?
Hmm… who knows?
