I’ve been monitoring my traffic a fair amount over the past few weeks since I first published XP Antivirus 2008 and Antivirus 2009 are evil!. It looks like things were starting to taper off a little but has jumped up this week and in checking my Google Analytics Traffic Sources, I see that I am getting a bunch of hits from Google for the term ‘avxp2008′. Surprisingly, there were only 5 hits for that term, this site being one of them due to the mention in a comment from krisi on July 12th.

One of the search results had a vague mention of a web address of avxp2008.com. So I fired up Firefox and took a visit. While not quite as slick as the other site (see Antivirus 2009 and microsoft.browserprotectioncenter.com), they are definitely doing everything they can to try to lull you into their confidence and click on one of their download links. With most sites, you expect some kind of intermediate page once you click a download link where they will either provide some additional details or instructions or gather some information from you. Not here. They try right off the bat to get you to download a .exe file (AntivirusXP2008Installer.exe) in the hopes that you will click the Run button and install it.

If you are already infected, you should take a look at Removing Antivirus 2009 - Round 3 for how I was able to remove it from my Dad’s computer. In the next day or so I hope to post a quick article on how to avoid getting infected in the first place.

If anyone has any other advice or suggestions, please leave a comment for others to benefit from.

Share This

If you have been infected with the Antivirus 2009 spyware/malware, I’m sure that you have noticed that all of the links point to microsoft.browserprotectioncenter.com. Hopefully you haven’t visited the site and/or purchased their spamware/spyware/malware solution. So for the curious out there, here are some screen shots of what you would find on their site.

A couple of things to note:

• All of the thumbnail/small images below are linked to the original images on my Flickr account. They DO NOT link to the original page. So you can click the images to view the full-size image on Flickr without fear.
• They obviously spent a fair amount of money on making a site that is easy on the eyes and very inviting. I’ve seen plenty of legitimate businesses with hideous sites.
• If you go to microsoft.browserprotectioncenter.com with Firefox, you get redirected to the Internet Explorer 7 download page. I guess they really want you to run IE so that they can take advantage of the less secure browser.
• While I feel that I am providing a bit of a public service by publishing all of this information, the sad fact is that they could very easily set this whole scam up again at a different site/address/URL.

Here is what lives at browserprotectioncenter.com:

Here are a couple of the fake screens warning you that you have been infected:

Finally, here are several different versions of their sales pitch screen:

I’m curious: Has anyone actually gone through and purchased the XP Antivirus 2008 product from them? Did you actually get a product that you install and run on your computer? Was their anything suspicious about the transaction?

For those more savvy than the rest of us: Isn’t there a way to report offending sites like this and have them taken down?

Share This

According to the StyleCop post, there are three things to consider when deciding the placement of the using directive:

There are subtle differences between placing using directive within a namespace element, rather than outside of the namespace, including:

1. Placing using-alias directives within a namespace eliminates compiler confusion between conflicting types.

2. Placement of using directives can affect how and when the .Net Framework will load referenced assemblies.

3. When multiple namespaces are defined within a single file, placing using directives within the namespace elements scopes references and aliases.

According to Scott:

However, the second rule in the post said:

"However, placing the using statements [Ed. Note: They mean "directives"] within a namespace element allows the framework to lazy load the referenced assemblies at runtime. In some cases, if the referencing code is not actually executed, the framework can avoid having to load one or more of the referenced assemblies completely. This follows general best practice rule about lazy loading for performance."

This stopped me in my tracks. This rocks the very bedrock that my knowledge of the CLR stands on. I’m like, NO WAY, and then I oscillated back and forth between denial and acceptance. Then, I settled on denial. I don’t buy it. A using directive is for aliasing and is a kind of syntactic sugar. Ultimately the IL is the same. Assembly loading won’t be affected as the assembly manifest doesn’t change.

I have always put my using directive outside the namespace declarations. That was the way everyone did and to me it looked better. Every now and then I would see a code sample that placed the using directive inside the namespace declaration and it always made me wonder why you would do that.

Going to the MSDN Library, we find the following for the using Directive:

The using directive has two uses:

• Create an alias for a namespace (a using alias).
• Permit the use of types in a namespace, such that, you do not have to qualify the use of a type in that namespace (a using directive).

Granted, this page appears to only concern itself with how the directive is used, but you would think that if there were any possibility that position would affect the loading of classes that it would be called out in the Remarks section.

Scott was right to question the statement. He created quick test that seems to bear out the fact that position of the using directive does not affect the loading characteristics of the code. In addition, several people in the comments performed similar tests, including checking the generated IL code and came up with the same conclusion. He is waiting for some official feedback from someone on the compiler team.

So now I know that the only real reason to put the directive inside the namespace is to avoid conflicts, which I haven’t had so far.

Side note: Did you know that there is a difference between the using Directive and the using Statement? I never really paid attention or made the association that they were the same word but differentiated by context.

Share This

During this whole ordeal with my Dad’s Antivirus 2009 issues, a question that came up a couple of times that I didn’t have an answer to was "How come I need an anti-virus application and an anti-spyware application?" I’m vaguely aware of the history of each and how they evolved separately but I though that a quick refresher on each was in order.

Here are some definitions culled from Wikipedia:

Computer Virus:

A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. The term "virus" is also commonly used, albeit erroneously, to refer to many different types of malware and adware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Meanwhile viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with computer worms and Trojan horses. A worm can spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a file that appears harmless. Worms and Trojans may cause harm to either a computer system’s hosted data, functional performance, or networking throughput, when executed. In general, a worm does not actually harm either the system’s hardware or software, while at least in theory, a Trojan’s payload may be capable of almost any type of harm if executed. Some can’t be seen when the program is not running, but as soon as the infected code is run, the Trojan horse kicks in. That is why it is so hard for people to find viruses and other malware themselves and why they have to use spyware programs and registry processors.

Spyware:

Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user’s interaction with the computer, without the user’s informed consent.

While the term spyware suggests software that secretly monitors the user’s behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. Spyware can even change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.

Interestingly enough, there is a brief blurb on the spyware page that addresses the basic question of why anti-virus and anti-spyware are often separate applications:

In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security best practices for Microsoft Windows desktop computers. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user’s computer.

However, there does seem to be a trend where each industry is now bleeding over in to the other. For instance:

• The paid version of AVG, which was originally an anti-virus application, now has anti-spyware capabilities.
• Ad-Aware 2008 Pro now has ‘Anti-Spyware + Anti-Virus in One Seamless Application‘.

So now you know the difference between a computer virus and spyware.

Share This

Despite my best efforts in XP Antivirus 2008 and Antivirus 2009 are evil! and XP Antivirus 2008 and Antivirus 2009 - Round 2 it appears that there might still be some residual infection on my Dad’s computer:

Last evening preparatory to shut down, that blue screen we saw last week-end popped up with the standard msg about having to shut down.  But this time, instead of going through the motion of shutting down and restarting, the system froze.  Finally pulled the plug and brought the system up in the admin account and started SpyBot.  It produced zero hits.

My latest round of advice is to try the following:

1. Update your virus scanner and both Ad-Aware and Spybot definitions.
2. Reboot your computer. Press the F8 Key right as windows is starting. Choose to boot into "Safe Mode."
3. In "Safe Mode", run a full scan with your virus scanner and both Ad-Aware and Spybot. Delete any malicious files that they find.
4. Reboot the computer normally.

Safe Mode only loads the minimum programs your computer needs to run. That should keep the malware programs from running in the background and reinstalling themselves while you remove them. If that still doesn’t work, you will have to search online for a way to get rid of that specific malware program. You could also try some of the other programs listed below.

That advice is from Magoo’s Guide to Eliminating Spyware (specifically the Tricky Malware section). It is a little dated (from 2005) but a lot of the principles about getting rid of spyware and securing your computer are still valid. In our case, while we had gone into Safe Mode in the past, it was only to delete the directory called out in another set of directions. But if you think about it, running your virus scanner and spyware scanners in Safe Mode is probably a good idea.

At the time I didn’t realize that we were on the cutting edge about writing about Antivirus 2009 but it seems like it was just taking off last weekend. A quick Google search for ‘antivirus 2009‘ is coming up with a lot more legitimate resources about this particular issue than there were last weekend (such as CA’s Antivirus 2009 entry) as well as a lot of other informal posts like mine.

How is everyone else doing? If anyone else has any other advice, let us know. I know there are references to some other spyware apps that will solve the problem but I guess my mindset is that Spybot and Ad-Aware will get the new definitions shortly (if they haven’t already) to address this specific threat.

Share This