Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 786
  • Last Modified:

antivirus 2009 spyware and firewall solution

The spyware "Antivirus 2009" sometimes gets installed on computers in our network.  We are running a Symantec antivirus product on every station and also are behind a firewall.  Is there something that I can do to block at the firewall level or on each desktop?  I imagine that I can purchase Malwarebytes or something and have it running as a service on each machine but that's a good sized investment.  

Second, does anyone know exactly how users are getting hit with this spyware?  I imagine something to do with hotmail and yahoo mail or something like that, as a few of the users involved are not techie enough to go to warez sites or places like that.

  • 4
1 Solution
what kind of firewall are you using
sonicwall has antivirus / antispyware functions built in.
youthworksAuthor Commented:
I am using a SonicWall but do not use their builtin antispyware functions.  As an NPO, we get great discounts on enterprise antispyware/antivirus solutions from Symantec.  If anyone knew what IP Antivirus 2009 was coming from, or IPs, or something like that, maybe that could help.  No one seems to be writing enough about stopping it, only removal of it.
youthworksAuthor Commented:
Okay, I've run across some information.

Two sites that I've not plugged into my firewall as sites to block are antivirus-scanner.com and prosecurity-audit.com.  Apparently these are only 2 of the places it may go to try and download A9installer_880293.exe and install it.

I also ran across this information at http://answers.yahoo.com/question/index?qid=20081116130823AAiwrmF.

The reason people get it is they allow "3rd Party Cookies" and 'Active 'X', which in this case displays some type of icon, or pop-up warning, which in reality is a 'Click-jacking' whereby the real action you perform is hidden behind the visible display; so when you tick (click) anything, the malware installs itself.

Unlike typical pop-up advertising (stopped with available blockers) 3rd party cookies are entirely different critters.
Turn off "3rd Party Cookies", and always leave them off.

INTERNET EXPLORER: Tools> Internet Options> Privacy> Advanced: here check 'Override automatic....'; 'Allow session cookies'; 'Allow 1st party cookies'; & 'Block 3rd Party Cookies'.

FIREFOX: Tools> Options> Privacy: here UN-CHECK 'Accept 3rd Party cookies'

OPERA, et al: not sure, check under 'options' for this.

Because architecture of the Internet (notably 'Flash' scripting), vulnerabilities are readily exploited in Internet Explorer, & it is now urgent that you use
Firefox with current 'NoScript' add-on, which will prevent "Click-jacking'.
NoScript: https://addons.mozilla.org/en-US/firefox...
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

youthworksAuthor Commented:
any other sites or thoughts?
youthworksAuthor Commented:
found some more sites to block:
    * syshomepage.com
    * allinone-scanner.com
    * powerfullantivirusscan.com
    * securityfullscan.com
    * premium-pc-scan.com
    * viruslivescan.com
    * antivirus-premiumscan.com
    * antivirus-scan-online.com
    * save-my-pc-now.com
    * protection-overview.com
    * freeonlinescanner9.com
    * vassariumbig.com
    * securedownloadcenter.com
I have battled this problem for a few months, and the root of the problem exists because this malware exploits, the logged on user rights. If the user is local admin the Pc is vunerable to infection.

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now