Sorry to be a bore but I've had 'av.exe' suddenly appear (along with it's pop-ups like XP Security) numerous times now whilst browsing the gallery here. Now it's happened on another machine, so I'm more sure that it is somehow linked with coolminiornot.com.
I am running the latest Firefox and Win XP, with AVG, Spybot, SpywareBlaster and Ad-Aware. Everything in that list is up to date on patches etc, but it justs gets on my PC and does it's thing with impunity. It doesn't happen most of the time, and can be resolved (with a System Restore and searching for and removing all references to av.exe and fyxkaah.dll from the registry).
As mentioned it seems to be a two part trojan, consisting of fyxkaah.dll and av.exe. It runs a Windows Security centre-esque pop-up that tries to get you to react to all the 'problems' it's found by getting your bank details etc for a full 'subscription'.
It also fiddles with the basic Windows system defaults by perverting the 'Open' command so that if you try to run any .exe file the OS runs a dialogue telling you no program is associated with that action and the program doesn't start. This can be resolved by finding the .exe for the program in question you want to run (like the Windows System Restore tool), right-clicking it and selecting 'Run' instead.
So as you can see it's a bit of a mystery how it gets in, where it's coming from (less so now it's 'come' from CMON on 2 different machines) and how it defeats security. The page address when it happens is just "http://www.coolminiornot.com/browse", although it only seems to occur when you click on an entry to bring it up in it's own tab or window; or when you set the rating from 1 to 10 to anything else.
I have looked up this virus on the internet, but can't find any definite answers to the above points, although it is known and instructions abound for it's removal, if not it's prevention.
Comments and thoughts from other users who've had this happen and from those with access to the code on the CMON server/s would be most appreciated. I already know it's happened to other people, so, what is it and why?
Long message, sorry...
Ooli
I am running the latest Firefox and Win XP, with AVG, Spybot, SpywareBlaster and Ad-Aware. Everything in that list is up to date on patches etc, but it justs gets on my PC and does it's thing with impunity. It doesn't happen most of the time, and can be resolved (with a System Restore and searching for and removing all references to av.exe and fyxkaah.dll from the registry).
As mentioned it seems to be a two part trojan, consisting of fyxkaah.dll and av.exe. It runs a Windows Security centre-esque pop-up that tries to get you to react to all the 'problems' it's found by getting your bank details etc for a full 'subscription'.
It also fiddles with the basic Windows system defaults by perverting the 'Open' command so that if you try to run any .exe file the OS runs a dialogue telling you no program is associated with that action and the program doesn't start. This can be resolved by finding the .exe for the program in question you want to run (like the Windows System Restore tool), right-clicking it and selecting 'Run' instead.
So as you can see it's a bit of a mystery how it gets in, where it's coming from (less so now it's 'come' from CMON on 2 different machines) and how it defeats security. The page address when it happens is just "http://www.coolminiornot.com/browse", although it only seems to occur when you click on an entry to bring it up in it's own tab or window; or when you set the rating from 1 to 10 to anything else.
I have looked up this virus on the internet, but can't find any definite answers to the above points, although it is known and instructions abound for it's removal, if not it's prevention.
Comments and thoughts from other users who've had this happen and from those with access to the code on the CMON server/s would be most appreciated. I already know it's happened to other people, so, what is it and why?
Long message, sorry...
Ooli
