1

AV360 is the New Antivirus 2009

Antivirus 360 is the newest Rogueware in high prevalence, while Virustotal AV detection results are extremely low, currently at 3/36. Our ThreatFire community is seeing and preventing far too many hits on this stuff today. It shamelessly re-uses the same AV2009 detection names, like “Spyware.IEMonster”, and presents a simliar 37 phony malware detections on a system. Avoid this Rogueware site. The distributors shamelessly rip names like PC Magazine Editor’s Choice to fabricate credibility:


You may end up with a file like “av360install_770522156496.exe” on your system, which drops av360.exe, among others.
At the very least, if you see this dialog (consistently full of bad english grammar, as in the poorly written Antivirus 2009 dialogs), kill it:

Steer clear of this stuff, here are a few new windows, presenting the same phony malware detections as AV2009 on a clean lab system:

It looks like this one altogether will take the place of Antivirus 2009 — all of the sites that usually serve that Rogueware package are down.

It presents a large phony privacy violation alert early on:


A few phony statements that they might throw in your screen once running are listed here, in a variety of languages:
Threats detected
Privacy violation alert!
Antivirus 360 has detected numerous privacy violations. Some programs may send your private data to an untrusted internet host. Click here to permanently block this activity and remove the possible threat (Recommended)
System files modification alert!
Internal conflict alert!
Antivirus 360 has detected internal software conflict. Some application endeavors to access…
Spyware activity alert!
Spyware.IEMonster is a popular spyware that attempts to steal passwords from Web browsers…
Privacy Violation alert!
Antivirus 360 detected a Privacy Violation. A program is secretly sending your private data to an…
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. Click here to block unathorised modification by removing threats (Recommended).
Gefahr! Missbrauch des Datenschutzes!
Antivirus 360 hat Missbrauch des Datenschutzes
Irgendeines Programm sendet heimlich Ihren privaten Daten in die ungesicherte Zone (empfehlt).
Gefahr!
Spyware Aktivitaten! Spyware.IEMonster Aktivitaten wurden festgestellt.
Prevention de la modification des fichiers de systeme!
Prevention de lactivite du Logiciel espion!
Internet Explorer, Mozilla Firefox, Outlook et dautres programmes, y compris des logins et des mots de passe des operations bancaires en ligne, eBay, PayPal….

This entry was posted in Online Fraud. Bookmark the permalink.

15 Responses to AV360 is the New Antivirus 2009

  1. Ryan Meray says:

    Thanks for the heads up. I’m sure I’ll see this one in the wild shortly.

    Have you run across Perfect Defender 2009 yet? When I submitted that to Virustotal on Monday, only 4/38 could detect it, and it was at least 4 days old. So sad.

  2. ThreatFire Blogger says:

    Ryan-

    Thanks for the input. We saw the post on Bill Mullins’ blog about PD2009 on the 3rd,
    http://billmullins.wordpress.com/2008/12/03/perfect-defender-2009-3-removal-solutions/
    but our user base hasn’t seen much of it.

    Kurt

  3. Bill Mullins says:

    Hey Guys,

    In the last 4 days, the Perfect Defender 2009 removal solutions article on my site, has had in excess of 11,000 reads and has been in the top 100 WordPress Posts 3 times this week; so it appears this is very active malware.

    Bill Mullins

  4. wmsar says:

    Any advice on steps needed to remove this?

    Regards

  5. Johanna says:

    Help I’ve been attacked – now the PC is blue screen crashing and actually has ‘Microsoft advises activiating av360′ on start up screen’
    how do I get rid of this?????

  6. Az says:

    Congratulations and many thanks too.Keep on!As for me-thanks be to God.And to you again.

  7. David says:

    Already had to factory restore on many of my clients computers because of this av360!

  8. Bobby says:

    To clean your system: Go to task manager and shut down Av360. Run MSCONFIG, go to Startup, and uncheck Av360. If you do not already have it installed, install Spybot Search & Destroy (http://www.safer-networking.org/en/home/index.html), let it do a full scan, it will remove Av360 stuff. Finally, when all is done, reinstall your Antivirus as AV360 most likely has shut it down and made changes to it. I was able to clean a system by doing all of this.

    By the way, the "blue screen" you see is fake, hit Alt+Tab and you can get away from it.

  9. David says:

    This one has me stifled. I cannot run SPybot, nor Malware Bytes.

    I downloaded and ran AVG8, and also ran the latest Kaspersky Rescur CD. Both found trojans and “fixed” them, but this thing will not go away.

    Current symptoms:

    Keeps adding Browser Helper Objects, blocks SPybot and Malware Bytes, prohibits me from editing registry. It was shutting off Windows Automatic updates, but that seems to have subsided after the AVG scan.

  10. White house babies says:

    Here is the solution. Get rid of your PC as fast as you can.
    Get a mac. They don’t have viruses! EVER. I finally got one and I will never go back. Rot in hell Bill Gates.

  11. eggBrain says:

    Actually, every system has its flaws. I receive a Security Newsletter via e-mail and MAC is not exempt from the virus or exploitation world.

  12. eggBrain says:

    David, sorry I didn’t read this sooner, but you more than likely have the TDSS Rootkit on your machine. People have said to rename your Antivirus executables and you should be ok. In my case, I took out my HDD, scanned it as an external drive using a backup HDD, then reinstalled the OS. It worked and my data was kept.

  13. DelVal PC says:

    Hello, I own a computer repair shop in PA and I just removed this infection. If it is bad enough to where nothing will run as far as scanners, remove the drive and scan from another PC . Perferably one that can scan for rootkits like avast. Scan the windows folder. Once avast removes the rootkit, you should be able to use whatever tools you would use to clean infections. This is a nasty little bugger so take caution. If you dont know what you are doing. Back up your data and nuke the system.

  14. Brian says:

    David…you have more than just AV360. My son had the same problem and I couldn’t install or get to anything to remove it. Finally found this solution…

    1. Go to control panel, administrative tools, computer management, click on show hidden devices under view
    2. Scroll down to non plug and play drivers, then disable ‘tdssserv.sys’

    You can then install and run Malwarebytes Anti-Malware and you should be able to clean it up.

  15. dave says:

    Had the same problem with a customers computer, He had av360 and av2009, had to run Avast to scan the rootkits, then was able to load Malwarebytes to take out the rest of this nasty bug.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>