Wednesday, June 23, 2010

AV Security Suite versus SpyBot Search and Destroy

I read in the news recently about how a new vulnerability was found in Windows that allowed web pages to infect computers without anyone doing anything other than going to them, regardless of web browser used or its security settings. The news article mentioned how the person who discovered it reported it to Microsoft, and when a week or so went by without a patch, published it to the world, presumably to force Microsoft into action. A few days later, this attack was spotted in the wild, infecting people's computers. This guy must be so proud.

Well, it really is as bad as all that. I did a Google Images search looking for a picture to include in Sunday's blog post, and then followed one of the links, and the resulting page loaded really slow and made my browser jerky so I closed it. This isn't entirely unusual: Flash apps can do that. But a few minutes later I was getting AV Security Suite warnings all over the place. I couldn't open any programs, even Task Manager or Explorer. I couldn't do anything without it telling me everything was installed. Very, very scary.

I was essentially limited to solving the problem using only what happened to be open at that moment. I was able to do a web search and found an article about the virus, though this article only mentioned the old methods of infection that required me to do something or use an insecure browser. That page also was pushing a pay spyware removal program (worse yet, the kind that doesn't tell you it's pay until you've installed it and wasted a half hour scanning before it'll tell you it won't fix the problem without paying). But I wasn't able to get to a copy of SpyBot to install it due to the virus blocking me, so I had to install and run the pay scanner just because it was on my screen and I was able to get to it already. It wouldn't remove the threat, but it did temporarily disable it long enough for me to download and install SpyBot.

It takes an age for the spyware programs to scan everything in the world before they're willing to try to fix anything, and the whole time, my computer's paralyzed. And this is a work computer, so it's pretty scary. But what's really scary is that I had no way to avoid this other than to stay off the Internet entirely. Just using a Google search and then going to one of the results pages was enough to get the infection. I never ran a program, I never clicked OK on anything, I never even saw a message. I only happen to know what page it was because I recognize (in hindsight) that the brief bogging-down of Firefox on that page was the virus installing itself, not some balky Flash app.

So Microsoft can burn in hell for having this vulnerability and not immediately fixing it. The guy who discovered it can burn in hell for being impatient about Microsoft fixing it and deciding to unleash it on the world, as if that would really prompt a fix faster than it would prompt people to misuse it. But most of all, the people who are using it to push scamware and malware can burn in hell twelve times over, because eleven times would be too good for them.


Anonymous said...

i got it too today, how did you fix it?

Anonymous said...

You might try SUPERAntiSpyware. It's really effective and free at

And NO, this isn't a spam post. There are some really good tools available to address AV Security Suite and many of the forums and help resources can recommend tools to remove it. I personally have had good success with SUPERAntiSpyware, so that's what I suggest to try.

Downloading, installing, and scanning with the product won't take long and may be just what you need. It's free, so there's no harm in trying it. It won't conflict with other security software you have installed.

Anonymous said...

One other thought regarding the article. Given that it was difficult to get Spybot to install, you may have difficulty installing other software too.

In that case, you can try either the SUPERAntiSpyware portable scanner or online safe scan. Both will complete a full scan but neither will require software installation. Again, they're free.

Hawthorn Thistleberry said...

I was only able to get as far as I got because I happened to have a window open to something that could get me to SpyHunter; I couldn't open any new windows or run any programs, so that would preclude "SUPERAntiSpyware" just as much as it did SpyBot.

If I hadn't had that window, I would probably have had to use safe mode to get far enough to run SpyBot (or something else), or a bootable disc.

Which spyware cleaner isn't really that important as having a way to get to it.