Hey people!

This more so applies to Avast users, as that's what I'm using. But I figure you all may need this at some point!

Today I was browsing the net happily when bang, up popped this screen (See attachment ANTI1)



Shortly followed by this (ANTI2)



I quickly started running around my system trying to find this fucker.

It's process is called "av.exe". You can cancel this from task manager, but anytime you go to boot anything (Anti Virus related more so) it'll just boot up again. So I started searching the net for fixes.

There are several fixes available, both manual and automated.

Basically speaking, from what I can see nearly any antiviral software will remove this fucker, but for example my avast would not boot whilst it was operational and any attempt to reboot Avast would result in this thing rebooting. Even in safe mode.

The manual fixes were to remove the registry entries that caused it to boot, but my PC would not let me. Which I don't think is anything to do with the virus, I think it's because vista's a bitch!

Anyway, Manual Fix 1: [scroll past the spyware scanner part] http://www.spywareremove.com/removeVist ... y2010.html
Automatic Fix 2: http://www.bleepingcomputer.com/virus-r ... vista-2010

Personal notes: This virus is at first, very convincing to look at. A lot of time and effort seems to have gone in to making this look as good as possible. Luckily, I'm fairly vigilant and generally speaking if something boots of it's own accord on my PC then it triggers plenty of alarm bells in my head. All of the 'links' (I.E. The ones that say turn this on, turn that off) look very official though [obviously] I have no clicked on any of them. What I mean by official, is they're not just a flat image that is actually a link. They are all properly coded and highlight when you hover over each one etc etc.

It starts throwing up mountains of those windows style pop up balloons saying X, Q and Y are all doing Z, B and A - but the fact it shows so many of them also triggers alarms. But the biggest overall give away was that it was calling up files that I recognise and know are not virii, and on top of that it scanned my 'entire system' in less than 30 seconds. Also, it made a guise mistake - It tries to appear as 'part of windows' but then on one screen is selling itself as an independent AV.

Oh, and just on the off chance you think this is a bot, advertising some other kind of software removal shit

1. Satis is a gun toting loon
2. Ox ... well, ox is Belgian I don't really need to say any more!
3. 11b (ElevenBravo) Hates me!
4. Peltz is from Estonia
5. J is a teacher
6. Pev is a whore With a pointy stick none the less!
7. Shiny appears once in a while to keep Sat in check

And sorry if I missed anyone but I think I proved my point!

lol...wow. I think I'm most entertained by the succinct list of CK users and their attributes.