Pop-up Spyware issues and How to Repair

Security Breach

I have been finding more and more machines are getting a pop-up that states “You are infected with ?????? viruses and ?????? spyware. Click here to download our program to remove this.” or some such wording of that nature. Whatever you do, DO NOT do this. It is a fake. It is in my opinion that this is more a form of aggressive advertising than anything malicious, however it is still an invasion of your system and as such falls under the heading of Virus.

I have seen it get past all the major Antivirus programs: Symantec's Norton, McAfee, AVG, Avast, Trend Micro, etc… However, they do on occasion pick it up after it is on the system, if they are not disabled by it first. Some spyware programs pick it up and remove it, but again not very often.

The best way to prevent it's intrusion is to hard shutdown the machine as soon as the pop-up happens. You will want to close any programs you have open first, but do not touch the pop-up. To hard shutdown, press and hold the power switch for approx. 15 seconds until the system shuts off. Yes, you've been told not to do this, and yes, it will leave temp files behind, but it is better than having your system infected. After it shuts off, you can then reboot the machine and keep your fingers crossed that the pop-up does not come back. Run your antivirus program and any antispyware programs to see if they detect anything.

If you are unlucky enough that the system is truly infected with it, then removal can become very sticky. The best I've been able to find to remove it is “Malware Bytes”, which you'll need to run from safe mode. While in safe mode you should also run “Hijackthis” and remove any reference to AV360, Antivirus 2008, etc… You might also need to go into “My Computer”, “C Drive” and into “My Programs” to remove any directories that the trojan may have created. After all that is done, you'll want to reboot into normal mode and run “Malware Bytes” again. Unless the system is too far gone, this should do the trick. If it doesn't you may end up having to format and reload everything, but let's hope it doesn't come to that.

If you care to add any other suggestions or experiences, I'd be happy to hear them.