Many users report seeing an unusual antivirus pop-up notification informing them that they have a virus or spyware, and that they should download or run the suggested software in order to remove the threat. The problem we have seen is that these messages are not from their antivirus software. They are actual attacks on their computers.
These popup’s ask the users to install an antivirus program. Clicking this could infect their computer with a virus/malware/spyware, or it could install an incomplete antivirus program, prompting the end user to purchase the full version whenever the program is run. In some cases, these are not even legitimate software packages.
The most common of late and highest threat we have recently encountered is “Antivirus360” – a form of malware which is very difficult to remove. It hijacks Microsoft Internet Explorer to the extent that it becomes unusable for web browsing. If you see “Antivirus360” when opening Internet Explorer, or in the system tray on your task bar in Windows (near the clock), it means you’ve already been infected by it, and need to have it removed.
Removal requires disabling system restore in XP/Vista, and scanning in safe mode. The most effective anti-malware software for removing Antivirus360 at this time appears to be MalwareBytes. Other anti-virus/malware/spyware software packages can also work, free or full versions, but usually in tandem with one another. This is because some parts of the infection are not found by all software, and it takes more than one to thoroughly deal with the threat. One program may find a registry entry, while another may discover a file or directory.
In some cases, an infection can be so stubborn that it is much faster (and more reliable) to simply rebuild the computer from scratch!