Blackhole Virus/Win Antivirus Pro/Your System is Infected?/Micorsoft Antivirus
March 28th, 2006
Beware of the following downloads: Win Antivirus, Win AntiSpyware, Microsoft Antivirus 2008, XP Antivirus 2008 or 2009, and Vista Antivirus 2008. These are malicious codes that are embedded into websites by hacking into a website’s server. Not only are they annoying, but they also try to lure you into purchasing a product to cure your system’s viruses (viruses that may not even exist).
Once they get into your computer, often times you see “official looking” pop-ups telling you that you’re infected with a virus like the Blackworm virus or several viruses. The virus names change often so your antivirus protection will not catch them. Most times, once you click on anything in the popup window , even the X in the upper right hand corner, a trojan installs into your system and then claims that for a small fee the virus or viruses will be removed. After giving them a credit card number, you are left with the virus and they have your ID. Beware of these scams and bring your system to a professional when experiencing difficulty or before purchasing any of these products.
The only way to get out of the popup without it infecting the system is to hold down the Ctrl, Alt and Delete keys on your keyboard all at the same time. Next, click on end-task to close the windows. If this does not work for you turn the system off without clicking on the window (pull plug if you have to).
Below is an example:
You will then get another window with the download for Win Antivirus. Once downloaded, this program will tell you it has found x issues on your computer, but you need to buy the full version to resolve the issue.
The program is not a virus scanner, the program is malware. Once you are hit with the Blackhole Virus pop-up, it will keep popping up. If this happens, you need to clean out your temporary internet files and cookies. Be careful when browsing because this pop-up came from somewhere; another site you were browsing. Once this gets on your machine it is nearly impossible to get it off.
Entry Filed under: Virus/Spyware/AdWare Prevention & Removal
20 Comments Add your own
1. Melanie | June 12th, 2006 at 7:53 am
How do I get this off my computer??!! I don’t even know how it got on here to begin with!!
2. Administrator | June 14th, 2006 at 11:53 am
On machines that come into our shop we tend to format the computer to remove the virus. It can be removed manually but it is VERY time consuming and VERY technical.
3. Marisol | June 19th, 2006 at 1:52 pm
I did not see this before now and I downloaded it onto my laptop and now my laptop will not run because it keeps shutting down saying that it wants to protect itself against it getting harmed. What do I do?
4. Anny Morel | June 23rd, 2006 at 9:41 am
I have try to erease the virus from my computer an WinAntivirus PRO 2006 can’t do it. It is ignoring the virus or postpone it. How can I remove the virus from my computer with Win Antrivirus Pro 2006?
5. Administrator | June 26th, 2006 at 12:53 pm
Marisol-
The best thing you can do is reformat your computer. The program CAN be removed but the process is extremely technical and can be extremely time consuming. If you do not know how to reformat your computer, we suggest you bring the machine to a local shop and tell them you need the computer reformatted. Also try to get a backup of any important pictures, word documents, etc. that you need.
Anny-
WinAntiVirus Pro will not remove any viruses from your machine, it is not a real program but a piece of ad/spyware. They told you that you had a virus which does not exist and told you to run their program. They then tell you they found it but you have to pay for the program to remove it. This technique should be considered a crime. I would reformat the computer and get everything wiped off of it. As I mentioned above this program CAN be removed but the process is extremely technical.
6. DJean | July 1st, 2006 at 7:26 pm
THIS SOFTWARE OVER STEPPED IT’S AUTHENTICITY WHEN IT OVER RODE MY ATTEMPTS TO UPGRADE MY NORTIN ANIT VIRUS YEARLY SUBCRIPTION.
CLICKED ONTO NORTON TO UPGRATE
7. Administrator | July 8th, 2006 at 10:58 am
Symantec, the company that makes Norton A/V, has suggested that anyone having problems with updating their machines should go into the Add/Remove programs option on their Control Panel and Remove Symantec Live Update from the programs list. After this, you should go to their website and update it. The Symantec support technician we spoke to about this issue suggested this as the best solution.
Instructions on installing Live Update (from Symantec’s website)
We claim no responsibility for any damage you do to your computer during this process. If you are unsure of what you are doing, we recommend you bring the computer to a local repair shop or your hardware vendor for repairs.
8. Just a Poster | July 15th, 2006 at 5:50 pm
i keep getting pop ups to download the program but have not since i immeadiately recognized it as a virus. i currently blocked the site using lavasoft adaware’s ad-blocking feature. is there a way i can remove the shell program asking me to download the virus without formatting my computer? or would it be safe to still use my computer for personal information with the shell program blocked?
9. Fernando | July 22nd, 2006 at 5:09 pm
Thanks for the comments of this program. In this moment I was going to install this program. Thanks again a lot
!!
10. candice | August 8th, 2006 at 8:27 am
I was in the process of downloading it then I found this site and immediately ended the task. Is there anything further that I should do?
11. Dave | August 19th, 2006 at 2:19 pm
There are two good programs that I use for nasty baddies. One is the rial version of Ewido (http://www.ewido.com) and the other is CCleaner (http://www.ccleaner.com).
I usually install Ewido and update in normal mode but then run it in safe mode. It will find and fix a great many different nasty things.
CCleaner is an automatic Temp File cleaner.
There are wonderful legitimate tools out there but there are many others that are not.
Dave
12. Eddie | August 23rd, 2006 at 10:23 am
i work at a local computer store as well and were doing the same thing for now .. just format it .. untill i figure something out … email me
13. DJ | August 30th, 2006 at 12:44 pm
Can anyone help me with a solution.
I really can’t believe that this is happening again-virus, pop ups & programs freezing.
I do have Trend Micro and Adaware, but what do I do now.
14. Administrator | August 30th, 2006 at 2:50 pm
DJ -
You need to clean the machine out COMPLETELY (aka Format) if the problem is that bad. Once you format you should come back and read our article about keeping the pests out of your PC. The best way to keep the MOST harmful variants out is common sense. Don’t click on anything that you don’t think is official. If a window says to you, “You have a problem, go here and download this to fix it”, I would say it is ALWAYS a scam.
Our article on Stopping spyware before it starts can be found here:
http://effortpc.com/archives/12
15. EP | September 25th, 2006 at 10:28 am
You do not HAVE to REFORMAT. Just use Windows Restore to restore to the point BEFORE your PC got infected.
16. Administrator | September 27th, 2006 at 9:44 am
That works sometimes but we’ve seen it also not work, which is why I hesistate to offer it as a solution. Formatting will ALWAYS get rid of this problem. Yes, it also gets rid of your programs and files (if you don’t back up your files).
17. peter | September 29th, 2006 at 5:12 pm
only thing that worked for me tried every thing else was to download “virtumundobegone” i got it at http://www.bleepingcomputer.com/forums/topic18610.ht
other places do a google search if need be
follow instructions. great stuff give it a go
18. peter | September 29th, 2006 at 10:12 pm
No 19 update
correct link should be for removal of winfixer
http://www.bleepingcomputer.com/forums/topic18610.html
hope it helps
19. Aaron | August 9th, 2007 at 8:06 pm
My girlfriend just got the stupid winantivirus pro 2006 from a stupid pop up. i had no idea how to remove it till i found this site. thanks guys.
20. j davis | October 16th, 2007 at 2:14 pm
I was recently infected with this malicious program and had to go as far as having my hard drive cleaned. It seems to learn when you are trying to download tools to get rid of it. My computer froze up 6 times when I was trying to load spybot. A programmer friend of mine with many years in the business said that this is the most malicious thing he has ever seen!! There are 2 people who have been identified in the distribution of this malware, James Reno og bytehosting and billingnow, and Marc Cohen of vipfares, If the winantivirus popup appears disconnect from the internet immediately, this is your only defense! If you click the X in the dialog box the program will install itself. While infected my PC took 15 minutes to boot up and ran incredibly slow and crashed frequently. Avoid winantivirus like the plague
!!
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed