Microsoft Security Essentials Final Released

mqudsi

Mostly Harmless
Staff member
#41
I recall there being a freeware program of the same type (Windows Firewall "configurator"), but I can't really remember...

Firewalls are gimmicks, anyway. Most everyone is behind a router these days (wi-fi access point, cable-modem w/ multiple ports, work network, etc.) which all have a hardware firewall built in. Only if you don't trust other PCs *on the same internal network* would you really need to use it. It's the first thing I disable on all my PCs.
 
#42
Just got a chance to try MSE against a real virus that infected my Vista OS on my laptop.
First did a quick scan, and it found a couple of trojans pretty quick, and removed them.
I then started a full scan, as there was still crap on my computer (i.e. popups from a fake antivirus software saying I'm infected, I'm getting attacks from this port on that port, etc., and that last one even with the internet connection disabled by unplugging the modem), and it was barely a quarter done scanning six hours laters, so I canceled it, rebooted, and went into Ubuntu, which is where I'm at now. I'll give it another go tomorrow.

Funny...stupid virus on my computer was named "Vista Security Tool 2010" or some shit. The piece of crap kept getting in my way while I was doing the scan (even when in safe mode), was screwing with my browser, kept showing annoying popups saying that I was infected, and needed to run a scan, which I only tried once (before I realized it was part of the virus), and the thing claimed it found a bunch of infections, but it makes you register (which is not free). GOD, what kind of people write viruses, anyway? :frowning:
Anyway, I tried to kill the process from the task manager, which sort of worked, but the damn thing kept getting started again somehow. The process name was "ave.exe". Another thing about this particular virus is it attached itself to Microsoft Defender, to where it completely owned it, and it wouldn't let you select a different antivirus or firewall through it. It insisted on selecting "Vista Security Tool 2010" and it advised me to turn it on. God, that crap is annoying...

Probably the most annoying thing about it all was I was trying to print something off from Vista which I can't do from Ubuntu, because my printer doesn't work from there, and had to go off somewhere with the papers in hand, and I ended up having to leave without my paper, because of the crap virus that took over my computer (or Vista, anyway).

Man, what part of "Safe Mode" is actually safe, anyway, if some viruses can still run under it?
 

JustinW

Super Moderator
Staff member
#43
Under safe mode it shouldn't be running anything!?

Best go to msconfig and disable everything thats starting up. Restart in safe mode and delete that exe.
 
#44
Well, I don't think it ran immediately when I booted into safe mode. I think it only started up when I opened MSE. Just did a little research on this particular virus, and learned that it pretty much starts up when you open ANY program. Plus, there's rumors on the web that it may also install less noticable viruses in the background too, so even after I remove ave.exe, there's no guarantee that my system will actually be clean. No telling what other crap is on it...

Oh yeah. And I looked in the task manager several times throughout the process of the scan with MSE, and the CPU was up to almost 100% (often as high as 97%), so I think it was hogging a lot of the memory and processor too. Of course that was with MSE running too, though.
 
#46
Found it already thanks to your PM.
Reviewing it now, and will probably try implementing the instructions tomorrow.

Will let you know how it goes.
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#47
Good old Bleeping Computer to the rescue...again. I'm forever steering people there in my work at the McAfee forums.

One thing to note, ignore the first links you see, they're ads.
 

mqudsi

Mostly Harmless
Staff member
#48
Wow, looks like a real nasty!
 

Terry60

Knows where his towel is.
Staff member
#49
Jake, MSE does take a long time scanning (I let it full-scan every monday afternoon and it runs on into the early evening), but the "progress" indicator is not accurate. It can indicate that it's only a fraction of the way through just minutes before it ends.
Have you customized the scan ?
I have it running on W7 but it scans my 3 Windows OS partitions and the locations of my Internet cache, but avoids unnecessarily scanning my archives.
It generally takes 5-6 hours for a full scan, but that is checking W7, Vista and XP, and is scheduled when the PC is generally otherwise idle.
The particular virus you caught uses "would you like to update to the latest Adobe flash player ?" or "you need this video codec to view this content"
NEVER click on a download link in any webpage you haven't specifically visited for that purpose.
99% of the time offers to help you in randomly accessed websites are bogus attempts to scr*w you.
ALL warnings that a website has detected malware on your PC are bogus. A proper scan can't be done that quickly, they're just a ploy to get you to install a virus, masquerading as a virus-scanner.
Do you have UAC turned off ?
 
Last edited:
#50
No, I believe UAC is still turned on (unless the virus switched it off).
I have not customized the scan. I probably should do that.
You could be right about the progress indicator, but even after about 5-6 hours into the scan, it was still scanning the C:/ partition (my Windows Vista partition). It was taking forever for some reason, and I think it may be partly because the virus was bogging down my system, and taking up an insane amount of resources. When I finally canceled the scan, it still hadn't finished scanning the contents of my Program Files folder.
As to how this particular virus got onto my computer, yeah, I think it was the flash player ploy or something similar. And it wasn't a website that reported that my computer was infected. That would have sent a red flag up for me immediately, of course. Instead, it was a program with a GUI very similiar in look to a normal antivirus program (called "Vista Security Tool 2010"). However, the program pretty much took over my whole computer, and it did not show itself in the Task Manager "Programs" window, but it did install an icon in the taskbar, which when I attempted to right-click it to exit the program via a small menu that pops up usually with most programs, no such menu popped up for this, but instead the whole program would pop up again, and start scanning, and almost immediately would claim that it located various infections on my computer. Did a bit of research on the virus myself last night, and learned that its pretty much the way I guessed it was, i.e. if you actually did pay to register it, and then removed the alleged infections with the program, you would actually be deleting important system files (thereby screwing your computer up even more).
 
Last edited:

mqudsi

Mostly Harmless
Staff member
#51
UAC is useless. On 7, Microsoft has acknowledged that there are very simple and straightforward steps that any program can take to bypass UAC - but claim it is "by design" and that UAC isn't an antivirus solution, merely a hindrance. (According to MS, it's a "hindrance" to the virus writers, but in reality, just a hindrance for the users!)
 
#52
Ok, I went ahead and ran the scan with MalwareBytes' AntiMalware.
It found ave.exe (along with several other infections) and removed them, so hopefully I'm good now.

I attached the log file in case anyone wants to take a look at it.
 

Attachments

JustinW

Super Moderator
Staff member
#53
Like I was telling Jake I've had to remove this infection before from a freind's computer. My best advice is even it appears to be legitimate like a flash update or quicktime update or whatever you should never ever update from a window you get visiting a website. Always get the update from Adobe or Apple or whoever directly.
 

Terry60

Knows where his towel is.
Staff member
#54
Especially when the message says "you need to upgrade to flash version 10 to view this content" and you know you already are using version 10 !
 
#55
bit defender 2010

Guys BITDEFENDER SUCKS! I WROTE THE COMPANY ABOUT the problem with their new software and they have refused to write me back and the store would not give me my money back even. There is a major problem in windows XP with this bitdefender. Continuing installation of their software my impair or destablize the correct operation of your system. Their software shows to not pass Windows Logo testing in Windows XP. Good luck, this company is out of the country and they will not respond and have my 70 bucks!
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#56
If you paid by credit card or PayPal you can usually dispute the charge - defective merchandise or some similar excuse.
 

mqudsi

Mostly Harmless
Staff member
#57
You know, Peter, that's really a 2-edged sword. I've tried my hand at eCommerce before, selling software downloads and such. About once a day we'd get someone who didn't who misused or else didn't know how to use a product filing chargebacks through Visa/MasterCard.

Unfortunately, credit cards are great for dealing with physical goods where it's easy to prove the product was delivered or wasn't... but really a nightmare for digital goods. Who's to say whether its the customer or the business at fault? Obviously the CC companies wouldn't know - it's completely out of their field of expertise.

While it's OK for stuff like digital services where members pay for continued access, if you sell one-off stuff such as an MP3 or a file undeleter or whatnot, CC companies will almost always side with the consumer and then you're out a perfectly good license that you can't retrieve.... plus you have to deal with the chargeback fees.

But in some cases, the companies deserve it an then some!
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#58
I see your point.
 

mqudsi

Mostly Harmless
Staff member
#59
Lol - guess I got caught in a rant!
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#60
You're allowed...:wink: