Howdy,
I have a client who has a variation of Antispyware.com installed on one of her computers. I recreated what she did and easily was able to remove it changing settings in Kaspersky Anti-Virus for Workstations v 6.0.3.837 on a VM session. I did everything she did infecting the VM session but cannot recreate what infected her computer. GetSystemInfo.exe was not helpful.
There is a red icon in the system tray similar to Microsoft's security warning (your firewall is disabled icon, notice). When you click this icon it brings up Antispyware.com's web page. It flashes a red shield type icon by the clock and then becomes an info question mark every couple of seconds (flashing back and fourth). GetSystemInfo.exe does not show the running process I was expecting. I have run smitfradfix and combofix. I do not have the results for smitfraudfix.
Has anyone seen a variant of AntiSpwyare.com's fake antispy software that installs a red security seal by the clock?
Thanks,
Bill Konner
Full Version: AntiSpyware.com, need help removing a variation of it
Hi,
It is a typical tactic used by fraudware to scare users into buying these fraudulent products.
If you could provide us with the cfix log and an AVZ log, we will help with removal instructions.
AVZ log instructions: http://forum.kaspersky.com/index.php?showt...st&p=637026
It is a typical tactic used by fraudware to scare users into buying these fraudulent products.
If you could provide us with the cfix log and an AVZ log, we will help with removal instructions.
AVZ log instructions: http://forum.kaspersky.com/index.php?showt...st&p=637026
QUOTE(Baz^^ @ 29.06.2008 20:48) 
Hi,
It is a typical tactic used by fraudware to scare users into buying these fraudulent products.
If you could provide us with the cfix log and an AVZ log, we will help with removal instructions.
AVZ log instructions: http://forum.kaspersky.com/index.php?showt...st&p=637026
It is a typical tactic used by fraudware to scare users into buying these fraudulent products.
If you could provide us with the cfix log and an AVZ log, we will help with removal instructions.
AVZ log instructions: http://forum.kaspersky.com/index.php?showt...st&p=637026
Thanks for the reply,
This is not KIS 2009 it is KAV 6.0.3.837 for Workstations. I do not think this user is being totally honest with us on what she did. I can remove this spyware through KAV doing a scan with riskware checked in Protection.
I just do not get this. There is something on this computer we are not seeing. I have done several sysinfo's and do not see the process. I even did a HiJackThis scan and see nothing. I just do not know what is on this computer. This is so frustrating and we at corporate support in Boston have spent a lot of time on this one. I have no clue what this is.
Thanks for your response.
Bill K
That link has instructions for a standalone version of AVZ too 
...click the option for "I do not have KAV/KIS 2009 installed".
...click the option for "I do not have KAV/KIS 2009 installed".
if you can't see the process, try to download and install tuneup utilities. it has an built in task manager with an extended function. you can see what files are opened and by wath process. Also run a scan in safe mode without networking with smithfraudfix ( http://siri.geekstogo.com/SmitfraudFix.php ).
please check back with the an answer.
Regards,
Iosif
please check back with the an answer.
Regards,
Iosif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.