AntiVirus 2010. My wife got it last night and it's running rampant through the Schools this morning.

Along with about 80% of Utahns ages 25-75 who have a computer. KSL.com is a Utah favorite.

Anyways, I was able to remove it with Malwarebytes.
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Also try Trojan Remover:
http://www.simplysup.com/tremover/download.html

Or ComboFix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Good luck.... that's the same virus I had and is discussed here:

http://www.bogley.com/forum/viewtopic.php?p=199812#199812

I never could get Malwarebytes to run on the infected computer (the virus attacks Malwarebytes).

I finally was able to get Spybot to run and that cleaned up the computer enough that Malwarebytes would run and finish the job.

:popcorn:

Here is some great info on removing the Security Essentials virus. It's the info I used.

http://www.bleepingcomputer.com/virus-removal/remove-security-essentials-2010

Also.... download this program (rkill) to your desktop and run it first::

rkill.com Download Link
http://download.bleepingcomputer.com/grinler/rkill.com

Running the rkill program ends the processes that belong to Security Essentials 2010 so that it does not interfere with the cleaning procedure. Basicly rkill allows you to regain some control back over your computer so you can start to clean up the mess.

good luck.

How does one actually get this virus from KSL.com? I visit the site often (several times today, in fact) and haven't noticed anything untoward.

Udink-
I work in IT and I wonder the same thing. I have never received a virus from a site like KSL.

I'm sure they've got the problem solved on KSL's end by now.

The virus was being pushed out, just by visiting KSL.com, starting last night around 8:00 pm.

A very convincing (to internet noobs) message comes up prompting the install or scan to remove the fake threats.

http://www.2-spyware.com/images/data_images/antivirus2010.jpg











TO REMOVE THIS, Malwarebytes WITH THE HELP OF fixexe.reg : download it here (http://www.google.com/url?sa=t&source=web&ct=res&cd=1&ved=0CAYQFjAA&url=http%3A%2F%2Fdownload.bleepingcomputer.com%2Fr eg%2FFixExe.reg&ei=ireGS-WXG5TANYHZxbIM&mk=0&mb=1&usg=AFQjCNG8qDoGb0Uhd870dpzO8OYKrLVPEA)

Make sure the threat (antivirus 2010) is running. Then run fixexe.reg. This will allow you to then run Malwarebytes and do a full scan.

Otherwise, anytime you try to run an exe, "av.exe" stops it from running.

Whats a virus? :ne_nau:

KSL has acknowledged the problem and suggests a solution (Malwarebytes and Spybot S & D) for those infected: http://www.ksl.com/?sid=9810554&nid=165

I used to run SpyBot a lot for about a year but I've become unimpressed for some reason lately. It's set to always run in the background. I like Malwarebytes just as the manual scanner.

But I guess certain people need that constant protection running all the time. :ne_nau:

On the other hand, as soon as I'm comfortable that KSL's safe again, I'll post an ad that I'll remove this virus. :haha:

I never could get Malwarebytes to run on the infected computer (the virus attacks Malwarebytes).

:popcorn:

Antivirus 2010 actually changes your windows registry to not be able to run any .exe files, so it prevents you from executing any applications. There is a registry fix which re-enables executable, then you can run Malwarebytes which cleans the virus.

The link you provided has a link to both files

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

I never could get Malwarebytes to run on the infected computer (the virus attacks Malwarebytes).

:popcorn:

Antivirus 2010 actually changes your windows registry to not be able to run any .exe files, so it prevents you from executing any applications. There is a registry fix which re-enables executable, then you can run Malwarebytes which cleans the virus.

I've got that fixexe.reg file here:




TO REMOVE THIS, Malwarebytes WITH THE HELP OF fixexe.reg : download it here (http://www.google.com/url?sa=t&source=web&ct=res&cd=1&ved=0CAYQFjAA&url=http%3A%2F%2Fdownload.bleepingcomputer.com%2Fr eg%2FFixExe.reg&ei=ireGS-WXG5TANYHZxbIM&mk=0&mb=1&usg=AFQjCNG8qDoGb0Uhd870dpzO8OYKrLVPEA)

Make sure the threat (antivirus 2010) is running. Then run fixexe.reg. This will allow you to then run Malwarebytes and do a full scan.

Otherwise, anytime you try to run an exe, "av.exe" stops it from running.

Sorry Justin, didn't see your post :2thumbs:

Sorry Justin, didn't see your post :2thumbs:

Like I didn't see your email this morning. :haha:

*Alex emails the whole district about the virus, ksl blocked, all that stuff. I didn't check my email and I IM Alex in a panic telling him of a "possible virus on KSL.com". He replies "Nah, couldn't be."

honestly....

Does anyone know if the problem been corrected with KSL yet?

oops.... Sorry.....didn't read through the whole thread. :ne_nau: Looks like the problem has been fixed.

Well I visited ksl.com last night and again this am.
No virus.

But I'm on a MAC!

Well I visited ksl.com last night and again this am.
No virus.

But I'm on a MAC!

Machines were not infected but just opening KSL.com they were infected but clicking on a misleading pop-up form a third party advertiser. Removal with malware bytes is extremely simple, so simple in fact even a mac user could do it. Also.... as more people buy mac's more viruses will be written for them. Macs are hardly invulnerable they just a smaller market.

I agree with Summit (like usual).

I have visited KSL a ton this week, but I have ad blockers on my computer, so it couldn't even begin to be an issue for me.

Well I visited ksl.com last night and again this am.
No virus.

But I'm on a MAC!

Machines were not infected but just opening KSL.com they were infected but clicking on a misleading pop-up form a third party advertiser. Removal with malware bytes is extremely simple, so simple in fact even a mac user could do it. Also.... as more people buy mac's more viruses will be written for them. Macs are hardly invulnerable they just a smaller market.

I've been hearing this since I bought my first mac. Thats was in 1984.
Never had a virus on any Mac, not ever.

I have ad blockers on my computer, so it couldn't even begin to be an issue for me.

:lol8:

You guys just keep thinking you are safe and you will get nailed sooner or later..... if you have ever been rick-rolled you have already been hit.... its just that a rick-roll is a harmless joke..... the rick roll could just as easily been hiding a nasty virus....

This KSL virus tricks you in a way similiar to a rick-roll. It tricks you into clicking on a button that opens your computer to the virus....

There are two types of computer users in the world.... those that have been hit by a nasty virus.... and those that are going to be hit by a nasty computer virus....

:popcorn:

I'll stick with the computer tht doesn't get a new virus every third tick of the clock.

Well I visited ksl.com last night and again this am.
No virus.

But I'm on a MAC!

Machines were not infected but just opening KSL.com they were infected but clicking on a misleading pop-up form a third party advertiser. Removal with malware bytes is extremely simple, so simple in fact even a mac user could do it. Also.... as more people buy mac's more viruses will be written for them. Macs are hardly invulnerable they just a smaller market.

I've been hearing this since I bought my first mac. Thats was in 1984.
Never had a virus on any Mac, not ever.

There is plenty of malware out there for macs .. how do you know your not infected now? Just because your not getting a blue screen or errors does not mean someones not tracking everything your doing....
Macs are pretty cool and I would not mine adding one to my little family of PC's but I can build machines from the ground up for half the price... I would rather spend my money on other toys.


I'll stick with the computer tht doesn't get a new virus every third tick of the clock.

:roll:

Little snitch tells me about every connection the Mac tries to make.
It makes no connections to anywhere that I don't specificially allow it to make.

Little snitch tells me about every connection the Mac tries to make.
It makes no connections to anywhere that I don't specificially allow it to make.

yeah I think most of us have firewalls....

haha, firewalls don't work that way.

Enjoy your PC.

haha, firewalls don't work that way.

Enjoy your PC.

dont they?
all three of them are doing just fine :haha:

[Sarcasm Voice]If only everyone could operate like Apple [Sarcasm voice off]

http://www.engadget.com/2010/02/27/apple-supplier-audit-reveals-sub-minimum-wage-pay-and-records-of/

You would think at least if they are getting the labor that cheap that their products would be priced a little more competitively???

http://www.guardian.co.uk/technology/2009/oct/19/apple-sales-profits-mac-iphone

Awesome link Richard... Apple makes money.
I had seriously considered purchasing the Iphone until I test drove some phones with the Android OS, its clearly superior .

I just format and reinstall everything :ne_nau: