Windows XP, Vista and 7 are vulnerable to the attacks. It is rumored, that it will affect Windows 8 which is expected to make it appearance in 2012. They’re also versions that attack Mac’s and other devices. It comes in many names with the most recent known versions being Security Monitor 2012, Home Security Solutions and Super AV.
Some older versions that are still making random appearances are AV Security 2010, 2011 and several others. Regardless of which version of the fake program, it’s an automatic silent download that initiates by opening a link or links found in popular search engines and other places. It is believed that the two most common sources to be infected by these viruses’ are by using Bing or Yahoo search engines.
We use the word silent because it happens in the background, and by the time the user realizes it, the download is completed and the infection takes over the computer disabling many common tasks such as the use of search engines, task manager, system restore, and legit anti-virus programs like Norton. As an after effect, not always noticed at the time of removal, it will also remove part of the.dll (dynamic link library) that allows Windows Update to run automatically. In several cases, starting in safe mode is also unavailable. Legit anti-virus programs are either disabled on initial download process or it recognizes the infection as a safe program and does nothing to stop the download. The viruses’ even come with a paid version for the vulnerable unsuspecting victims. The intent of this virus, as it was once described, for $39.95, we will be glad to steal your credit card information while completely disabling your computer.
The removal of the virus or viruses’ requires in-depth knowledge of the registry or a knowledgeable computer technician for proper and complete removal and repairs. It makes new entries into the registry and in some cases will change the value of said entries. It is also known to delete entries in the .dll.
It is highly recommended that you seek the help of a professional technician that can remove the virus and also make the required repairs. The use of a specially written root kill tool (batch file) is required to stop the process of the virus. The root kill tool does not remove the virus; it simply stops the process and allows the technician to start the removal process. Other tools and resources are also required. At a very minimum, it requires the access to another uninfected computer to access removal information, download tools and programs. The latest versions of the AV viruses’ will sometimes download two or more copies using different names. One will hide in the background leaving your computer infected only to immerge at a later time. It is also known that some versions will randomly change their name, further complicating the removal process.
You may be able to locate removal instructions online that are “use at your own risk.” It is advised that you pick your source carefully. Removal articles are specific instructions that pertain to a particular version of the virus. Be sure that you are using instructions that are written to remove the virus your computer is infected with. If you have multiple viruses, each virus must be addressed separately. A vital step to successful removal is “do not reboot until instructed to do so.” Doing so before instructed will restart the process and may actually cause it to duplicate itself. A final step that is not included in most removal sources is to disable the system restore feature temporarily after it has been confirmed that the infection is completely removed. This will remove all prior restored points.
-
