Wednesday, February 10, 2010

Antivirus Soft is Malware

Sorry I have no pictures or anything especially fun or interesting today; instead I have important computer information (trojan warning and solution), and I couldn't copy and paste the screenshots. Hope this is helpful to someone, though if so I'm sorry you have the problem.

Yesterday I was uploading and editing some jewelry photos, and a notification popped up on my computer saying my computer was infected with Spyware. This note come from a program I hadn't seen before, called Antivirus Soft. When I clicked on the icon (even right click) it brought up the program which would let me scan. There was no way to remove or delete it. This note kept popping up every few minutes, and then an error message started popping up every few minutes randomly and every time I tried to open something, saying "Application cannot be executed. The file [filename].exe is infected." Then Internet Explorer started popping up with porn sites. If I clicked on "yes" or "scan now" on the antivirus warnings it just took me to the website where I could buy this "scanner" called Antivirus Soft. I scanned with SuperAntiSpyware and Avast instead, but they found nothing. Finally I looked this up (on the other computer, since I couldn't open Firefox here), and here's what I found.

What this programs does:

Antivirus Soft is a rogue anti-spyware and ransomware program from the same family as Antivirus Live. These infections are installed on to your computer through the use of malware that installs the program onto your computer without your permission or knowledge. It is also common for this rogue to be installed on your computer through the use of malicious PDF files that exploit known vulnerabilities in older versions of Adobe Reader. Once installed, Antivirus Soft will be configured to start automatically when Windows starts. Once running it will scan your computer and display numerous infections, but will state it will not remove them until you purchase the program. In reality, the infected files it detects are all fake and do not actually exist on your computer.

This program also uses aggressive techniques to protect itself from being removed by anti-malware programs. When the Antivirus Soft process is running it will close almost any running program while falsely stating that they are infected. Antivirus Soft will also change the Proxy settings in Internet Explorer so that you cannot browse to any web site other than the site for Antivirus Soft so that you can purchase the program. It does this so that you cannot browse the web to find removal guides or download software that will help you remove the infection. Using these two methods, the program essentially ransoms the normal use of your computer until you purchase the program or use the guide below to remove the infection.

Here's an example of an alert that pops up (exactly what I saw):

Antivirus Software Alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
Threat: Win32/Nuqel.E

Screenshots and instructions for getting rid of this (and the description above) are on To sum it up, you'll need to go into safe mode and scan with Malware Bytes Anti-Malware (MBAM)(free); but there are other things you'll need to know on the webpage; there's too much for me to share here. This virus was really frustrating and stressful, and I was really happy to find the website and fix the problem. It doesn't cost anything to use the bleepingcomputer solution, and it worked for me. I just wish I knew how I got this thing in the first place.

EDIT: Update 2.14.10 a couple days ago I scanned with SuperAntiSpyware (just a regular weekly scan) and it found an item of Antivirus Soft although it wasn't bothering my computer anymore. So just keep watching out and scanning if you ever get this problem, even after you fix it.

Friday, February 5, 2010

Old and New Photos

I've finally finished retaking all the photos of my earrings with my new tabletop photo studio (aka the good lightbox). Still working on cropping them and replacing the old photos in the Etsy listings. Got one of them up yesterday; here's a comparison:

Old photo with homemade lighbox, in the garage which only has poor yellowish light (couldn't find enough light elsewhere that day):

Looks ok here, I suppose, but in the listing the photo is smaller and harder to see.

New photo with better lightbox, good lighting:

(Green and Yellow Byzantine Earrings)

Sort of looks darker, but also clearer I think. I think the darkness of it comes from the gray background vs. the white, and there's sort of a shadowy-ness in the first one which isn't really a problem in the second one. So basically, I think there's still something in my photography that needs to be improved, and I need to figure out exactly what to do about it, but the new lightbox is definitely better than the old one. In fact I usually have to iron out the crease in the background cloth before I can use it, but the old one had a seam between the two pieces of poster board (the box was too big for just one), which I couldn't iron out except with the smudge tool in Photobucket.

It seems like the photos with the earrings laying down are better than the ones with them hanging:

I think maybe that's because the two lights and the camera are all pointed down directly at the earrings, and when they're hanging on the display it's kinda difficult to get both lights on them evenly.

Actually the more I look at the old photo, especially comparing it to the new one, the less I like the old one. Maybe the new one could be a little clearer, but there's something really uncomfortable about the lighting in the old one. I think it's like a doctor's office waiting room. Ew I really need to replace the rest of those photos soon. Very sorry about that. It will all be fixed quite soon.