Trojan Virus - FakeSpypro - Need help

Revilo

Ok so I (rather stupidly) downloaded a questionable torrent, now im paying the price.

My laptop has some kind of virus, its coming up as 'Trojan FakeSpypro'.
Whenever I try to launch an anti virus program, or do a windows defender scan, it closes the window.
How am I meant to get rid of this thing? I cant even ctrl+alt+delete and close programs because it closes the task manager!

Can anyone help me?

By the way, i've got windows 7 and im on a sony viao if that makes any difference.

Herkimer

Read the first post of this thread. Particularly, the "I'm infected, what do I do" bit.

Revilo

problem solved.
by me.

Nibble

How did this virus get on your computer without being detected by your AV program in the first place? Did you assume it was a false positive and allow it?

krush

Nibble wrote: »

How did this virus get on your computer without being detected by your AV program in the first place? Did you assume it was a false positive and allow it?

It happens, and it can install itself whether you're local admin or restricted user. Aside from having cleaned it from nearly every machine in my house, I'm constantly getting calls to get rid of these fake AV trojans. Most of them are simple and can be blown away in about 5 minutes, but there's one that I've run across that required a "nuke from orbit" approach.

Metallikat

krush wrote: »

Nibble wrote: »

How did this virus get on your computer without being detected by your AV program in the first place? Did you assume it was a false positive and allow it?

It happens, and it can install itself whether you're local admin or restricted user. Aside from having cleaned it from nearly every machine in my house, I'm constantly getting calls to get rid of these fake AV trojans. Most of them are simple and can be blown away in about 5 minutes, but there's one that I've run across that required a "nuke from orbit" approach.

Had to do that with my brother's PC a few months back. Damn virus blocked any virus removal programs, locked the system up when you tried to visit anti-virus sites, etc. Eventually I just had to reformat the damn thing and be done with it.

TetraNitroCubane

Nibble wrote: »

How did this virus get on your computer without being detected by your AV program in the first place? Did you assume it was a false positive and allow it?

Even the best AV software is pretty bad at blocking these fake or "rogue" AV packages. The guys who write these crappy scareware virus packs are churning out new variants by the hour, which means they know how to stay ahead of the curve compared to definition based AV software.

Combine that with javascript, iframe, flash and PDF exploits as a means of distribution, and you've got yourself a nasty little package - Some of which can install and take root without so much as needing an 'OK' from the user. For extra bastard points, they hide these things in advertisements, flash banners and the like - Usually hosted on legitimate webpages that would be considered 'safe surfing' locations.

krush

TetraNitroCubane wrote: »

Nibble wrote: »

How did this virus get on your computer without being detected by your AV program in the first place? Did you assume it was a false positive and allow it?

Even the best AV software is pretty bad at blocking these fake or "rogue" AV packages. The guys who write these crappy scareware virus packs are churning out new variants by the hour, which means they know how to stay ahead of the curve compared to definition based AV software.

Combine that with javascript, iframe, flash and PDF exploits as a means of distribution, and you've got yourself a nasty little package - Some of which can install and take root without so much as needing an 'OK' from the user. For extra bastard points, they hide these things in advertisements, flash banners and the like - Usually hosted on legitimate webpages that would be considered 'safe surfing' locations.

I have yet to see one that installed with a prompt from the user. Usually, it just drops itself right on the machine and starts executing.

TetraNitroCubane

krush wrote: »

TetraNitroCubane wrote: »

Nibble wrote: »

How did this virus get on your computer without being detected by your AV program in the first place? Did you assume it was a false positive and allow it?

Even the best AV software is pretty bad at blocking these fake or "rogue" AV packages. The guys who write these crappy scareware virus packs are churning out new variants by the hour, which means they know how to stay ahead of the curve compared to definition based AV software.

Combine that with javascript, iframe, flash and PDF exploits as a means of distribution, and you've got yourself a nasty little package - Some of which can install and take root without so much as needing an 'OK' from the user. For extra bastard points, they hide these things in advertisements, flash banners and the like - Usually hosted on legitimate webpages that would be considered 'safe surfing' locations.

I have yet to see one that installed with a prompt from the user. Usually, it just drops itself right on the machine and starts executing.

Indeed. This is exactly why the Aurora attack was so viciously nasty, and why Adobe is a gigantic pile of morons for leaving that risk open for practically a whole month. It's also exactly why Google got hacked around the turn of the year. Some fakealerts are just cleverly disguised javascript packages that dress up the 'OK' prompt to look like the red 'X' in the corner of your browser, but the remote code execution exploits are becoming a more prevalent vector.

Patching your applications, or else using a good sandboxing solution, is highly recommended. [size=-2]As is uninstalling Adobe Acrobat or Adobe Reader[/size].

krush

TetraNitroCubane wrote: »

krush wrote: »

TetraNitroCubane wrote: »

Nibble wrote: »

How did this virus get on your computer without being detected by your AV program in the first place? Did you assume it was a false positive and allow it?

Even the best AV software is pretty bad at blocking these fake or "rogue" AV packages. The guys who write these crappy scareware virus packs are churning out new variants by the hour, which means they know how to stay ahead of the curve compared to definition based AV software.

Combine that with javascript, iframe, flash and PDF exploits as a means of distribution, and you've got yourself a nasty little package - Some of which can install and take root without so much as needing an 'OK' from the user. For extra bastard points, they hide these things in advertisements, flash banners and the like - Usually hosted on legitimate webpages that would be considered 'safe surfing' locations.

I have yet to see one that installed with a prompt from the user. Usually, it just drops itself right on the machine and starts executing.

Indeed. This is exactly why the Aurora attack was so viciously nasty, and why Adobe is a gigantic pile of morons for leaving that risk open for practically a whole month. It's also exactly why Google got hacked around the turn of the year. Some fakealerts are just cleverly disguised javascript packages that dress up the 'OK' prompt to look like the red 'X' in the corner of your browser, but the remote code execution exploits are becoming a more prevalent vector.

Patching your applications, or else using a good sandboxing solution, is highly recommended. [size=-2]As is uninstalling Adobe Acrobat or Adobe Reader[/size].

Sandboxing with VMWare WS was my solution for browsing "sketchy" sites. I have a WinXP VM that get's absolutely riddled with trojans and whatnot, but they're getting sneakier though: There's trojans in the wild that can detect whether or not they're running in a virtualized environment (or other sandbox environment) and will not execute.

http://www.broadbandreports.com/forum/r22677694-Trojan-checks-for-SandBoxIE-presence