AntiSpyware Soft is a nasty skank of a virus...

My mom's laptop was infected by this bugger. She's not very computer literate and was fooled by the fake virus scan once it popped up on her screen. So she ran the 'scan' and it infected the entire computer. It was a mess. For starters, you can't load any program. If you try, it says the program can't load because it's infected. No internet, no anti-virus programs, no nothing. Then it will tell you to run a fake scan on the computer and after running it (which is oddly quick for a scan of the entire hard drive), it'll take you to a website that asks you to purchase their virus software to delete what has infected your computer.

But like I said, nothing can run. Even task manager shut down seconds after bringing it up.

I eventually downloaded a program on my computer, burned it onto a disc and loaded it there in safe mode on her laptop and eventually got rid of it. But yeesh, that thing was nasty.

So be on the lookout. If you see any program named AntiSpyware Soft, DO NOT DOWNLOAD OR RUN. It'll overrun your computer with the equivalent of PC herpes.

looks like a activeX thing

It happened this morning while she was reading the paper online. Told me a scan popped up, she ran it and that happened. But from what I've read, it's possible to run without you doing anything.

The reason I say it is for VISTA is because that's what I've tried it on (two different flavors of the same virus). The "Vista" part is the fix.reg file. We had an XP machine get hit also, but AntiMalware took care of it on its own.

You should first try just running AntiMalware. If it doesn't let it run, then you'll need the fix.reg file. I'm sure there's a version for XP, but I haven't tried it to check it out. If she's running XP, check out this page: http://filext.com/faq/broken_exe_association.php

If you can't run AntiMalware, it is because the virus has reassigned the action to be taken for that file and in some flavors of the virus it does it for pretty much any .EXE file. The fix.reg file corrects the appropriate associations so you can run AntiMalware. See http://www.myantispyware.com/2010/01/28/how-to-remove-vista-antispyware-2010-vista-antivirus-2010-vista-guardian/ for more details.

I obviously can't guarantee that this will work, but it did work on the two Vista boxes that I had to repair. The virus keeps evolving and I'm pretty sure it has split into multiple development paths by various groups of social deviants who deserve to be hung by their thumbs naked, soaked in honey, and subjected to millions of honey-loving stinging ants. Your mileage may vary.

On a DIFFERENT machine, do the following:

1. Download the free version of AntiMalware from MalwareBytes.org and put it on a thumb drive.
2. Create a text file on the thumb drive and copy/paste the following exactly:

Windows Registry Editor Version 5.00

<-HKEY_CURRENT_USER\Software\Classes\.exe>
<-HKEY_CURRENT_USER\Software\Classes\secfile>
<-HKEY_CLASSES_ROOT\secfile>
<-HKEY_CLASSES_ROOT\.exe\shell\open\command>


@="\"%1\" %*"


@="exefile"
"Content Type"="application/x-msdownload"

3. Save the file and then rename it to "fix.reg" - DO NOT double-click on this except on the infected machine!

4. Remove the thumb drive.

5. Boot the infected machine in "safe mode with network" or whatever is closest. If you don't know how, restart the machine and right after you see the BIOS message on the black screen, hit F8 about every second until it produces the boot options menu. If you get to the graphic Windows startup screen, you didn't catch it - try again.

6. Open a Windows Explorer. You should be able to do that. If not, all hope may be lost. Insert the thumb drive and try running AntiMalware. If it doesn't let you, you've got the REALLY nasty flavor of the virus. In that case, and only in that case, double click on fix.reg. If it doesn't reboot the machine on its own, do it yourself. The changes won't go into effect until the next boot. I didn't have to boot into safe mode after that, but it won't hurt. THEN you should be able to run AntiMalware.

7. Select the "Quick Scan" option and also have it check for a new signature file (which is why you need network support when you boot into safe mode). It will take a little while to do its magic but it will come up with a window with a list of infected files and registry keys. They should all be selected, but make sure they are and then hit whatever button says "fix" or at least means that. I forget exactly what it is called but it is obvious.

8. When AntiMalware is done, reboot the machine. The machine should boot normally now.

Note: The free version is a "run when you need it" program. They have a more advanced version for $25 or $30 that runs constantly to trap stuff like this.

On Edit:

Your mom WON'T know how or where she got it. As far as I know, all flavors of this virus lurk quietly for a random period of time, erase the browser history from the site they arrived via as well as entries on both sides of the event, and then pounce out and abuse you. They all want you to do one thing: give over credit card information. Some flavors don't change their behavior after that and I've read that others will completely disable the machine after they have been satiated by your credit card info.