My son's PC is infected with Defender-Review.com. A pop-up appears when he tries to use Internet Explorer which warns him that he is infected by Trojan.Zlob.G and redirects him to Defender-Review.com which recommends he purchase Personal Defender 2009. It has an authentic looking Windows Security Centre logo but I know it's a fake because Windows firewall is not activated (because I use Norton IS 2007).
Running a full scan does not detect it. There are numerous hits on Google on how to remove it, from paying for Spy Doctor to "free" Perfect Uninstaller 4.1, and remove-malware.net..... but who can I trust?
I am surprised Norton has no apparent solution to this..... does anybody have any experience with this?
The browser has been hijacked. I would recommend calling Symantec Tech Support for the removal. The technician will remote into your computer and do the fix for you. It will cost - but unless you’re skilled with using tools like fraudfix.exe and the like, it’s well worth the money. We had the same problem with one of our household computers - the root cause being teenage boy with a computer, no adult supervision, and way too much time on his hands. One can well imagine where his journeys took him, and it turned out he got scammed into clicking on something to download a codec in order to view a video (rhymes with wornography). I figure this is where it loaded into the system. The trojan is a nasty little bugger - and was above my confidence in trying to resolve it, hence I called for tech support. Kelly
Vineeth wrote: Check the document Trojan.Zlob.G from Symantec Security response for the removal instructions.
He is almost surely not infected with that, it is a fake alert. It is what these programs do: they try to extort money using scare tactics and fake alerts.
This is why Firefox is so much safer then IE. It can block fake ads and other various things. AntiVirus 2008,2009 attacks IE but is very easily blocked by Firefox.
My session with Symantec cost about $70. Once I got a technician on the phone it took about 10-15 minutes for him to remote into the computer and resolve the issue. He ran several tools on my computer. If you decide to go this route, make sure you write down the case number - in case your phone gets disconnected, or should you have to call back if you continue to have problems.
I realize there are a lot of free tools out there. Your post doesn't mention your level of expertise or confidence. I consider myself a modest user; I'm capable of doing a lot of self-help but there's a limit to my comfort zone.
Thanks ‘Quads’, I will try this over the weekend, when I have the time. My son can still use the internet by logging on (to Windows) using another id on his PC.
Hi Kelly, I am an old mainframe developer, where all this sort of thing is handled by a Systems Programmer, leaving us developers to get on with creating applications for customers... so my level of confidence is low to moderate, depending on the time I have and the repercussions of failure!
My son's PC is infected with Defender-Review.com. A pop-up appears when he tries to use Internet Explorer which warns him that he is infected by Trojan.Zlob.G and redirects him to Defender-Review.com which recommends he purchase Personal Defender 2009. It has an authentic looking Windows Security Centre logo but I know it's a fake because Windows firewall is not activated (because I use Norton IS 2007).
Running a full scan does not detect it. There are numerous hits on Google on how to remove it, from paying for Spy Doctor to "free" Perfect Uninstaller 4.1, and remove-malware.net..... but who can I trust?
I am surprised Norton has no apparent solution to this..... does anybody have any experience with this?
snug wrote: Thanks 'Quads', I will try this over the weekend, when I have the time. My son can still use the internet by logging on (to Windows) using another id on his PC.
Please answer this question: Did you ever run a full system scan from the point when it was obvious that you were infected; you noticed the issues as listed?
And I will look into it; or in other words execute it.
Looking at the program downloaded from the website, it seems to be legit. Seems like the company has some malicious practices though and some AVs consider it to be malware.
Message Edited by Tech0utsider on 12-08-2008 06:33 PM
And as for Perfect Defender, it seems to be legit, just by the looks. No advertisments or pop-ups or suspicious activity yet. It even has a functional firewall ....
The only suspicious thing is that it does not register itself in the Windows Security Center.
I will leave my VPC on to see what Perfect Defender does when it thinks it idle ^.-
Message Edited by Tech0utsider on 12-08-2008 07:26 PM
I think the phenomenon Snug is talking about is a browser hijack that directs the user to a spoofed website, informs the user it has a Trojan, and keeps looping back to the fraud site. It solicits credit card info and, in essence, takes the credit card info and runs (there isn’t any software delivery, and the hijack doesn’t go away). There’s been one instance of it in my household.Media forensics is what I do (kind of like autopsies on computers), so I’ve also seen it several times on seized computers during media examination/exploitation.
I submitted the installer of this rogue 'antivirus' critter manually, through NIS 2009 manual quarantine and removal on Monday, little less than 48 hours ago.
Today it is detected and removed immediatelly after download. Now that is an acceptable response time.