Saturday, December 18, 2010

Infected with a Poison! Antivirus Action


So I was fixing someone's computer who had gotten a nasty bit of malware/adware on his PC.

The malware is called Antivirus Action and it pops in the browser with the message: Internet Explorer Warning - visiting this web site may harm your computer!:

So in the browser, any website I would go to would show that webpage. All the options on it would take me this website where they would sell Antivirus Action, a fake antivirus program:

All the websites I went to said to download Malwarebytes Anti-Malware or Spybot Search and Destroy and the scan would remove the offending software. Well.. No such luck!

Solution? Finally Dennis F. at this website in the comments section said that he fixed it by downloading ComboFix, and indeed, that is the fix!

Such is the life of a voluntary PC Tech!


  1. Yikes, I got this one recently as well, during finals week no less- took 3-4 hours to get rid of. Then the next day I got another similar virus by the name of System Tool, which was even more of a headache, it even went so far as to changing my desktop background and defacing it with pathetic warnings intended to scare me into paying for a fake antivirus ( much like Antivirus Action ) .. After going through malwarebytes, superantivirus AND norton power eraser I finally obliterated it in its entirety from my system, although I needed to replace my HOST file as well, as apparently they screw with that too.

  2. I've had to remove viruses and spyware from many computers when I worked as a PC Tech. The #1 culprit? No antivirus running!

    The #1 rule is to always have an antivirus running on your PC. There's no reason not to! Microsoft gives away free antivirus! There's also AVG which is free. I'm a big Symantec Corporate Antivirus 10.x fan however. It's quite old and I've heard Norton 360 is supposed to be really good and fast. I can't say anything because I haven't tried it yet. Recently, I tried Kaspersky Antivirus 2011 and it's faster and slicker than Symantec. I might buy the Kaspersky 3 user pack for $20 from online (check The only thing with Kaspersky is it overanalyzes programs and they load slowly, at least some of them do. I might try to reduce the realtime inpection setting when I try it again.

    Besides, antivirus, I've noticed at Spybot's Search and Destroy's IMMUNIZE is also an effective tool. Please download the software, update it, and run IMMUNIZE which blocks a lot of spyware out there from getting on your PC. It also does a great job of protecting your hosts file. And when the PC does get infected, the impact won't be as severe or as buried and the recovery will be quicker. It's free.

    Once infected, I run Malwarebytes Anti-Malware. If that doesn't clear it, I scan with Spybot. If that doesn't work, I'll scan with Lavasoft Ad-Aware. If that doesn't work, I'll look for the removal utilities/tools specific to that virus/spyware. Lastly, I'll do a manual removal by going into the registry, etc. I'm too lazy to do the manual method so I save it until the end.