Spread the Word! Malware Prevents Anti-Virus Updates!: zeifer

zeifer

Spread the Word! Malware Prevents Anti-Virus Updates!

Mar 17, 2010 12:13

Image via Wikipedia
Actually, this malware/virus not only prevents your anti-virus software from updating, it also prevents you from going to the site of any anti-virus.

Tuesday, March 16th - A good buddy of mine got himself setup with a slightly used computer that was better than his original by a marginal degree. He set his system up and went to go about updating his anti-virus software (Avast! by Alwil) and discovered that the option to update was greyed out. Curious about this little problem, he tried to go to the website of Avast to see if there was any information that could be gleaned from them. Much to his surprise and dismay, the site acted as if it were offline.

Trying not to be foiled by a simple computer, my buddy waited until he could catch up with me on our VoIP option (we're geeks, what do you expect) and we started going through an, unofficial, checklist of sorts. Stuff like, "can you access this site?" on down to things that might influence the browsing of certain sites as well as the prevention of anti-virus updates. Now, we found many different possible answers, none of them any more or less valid than the last. It was suggested to use "Malwarebytes", "ComboFix" or even "SpywareBlaster" to root out the problem. I forget which tool he used last to identify the files I'm about to expose to the readers of my journal, but I can tell you that I'll save you the hassle of looking for that tool.

Solution:

The solution is simple. If your anti-virus or anti-spyware software of choice cannot connect to their home resource for those vital updates and you can't even browse to the sites listed below, don't lose hope.... yet.

Try browsing:

http://www.avast.com
http://www.symantic.com
http://www.mcafee.com

If you can't get to those sites and your anti-virus refuses to update, or disallows you to update, I should say. Try running a file search in your C:\WINDOWS\system32 folder for a file called "qoquite.dll" and a possible secondary file in one of your system restore points called RP1 the path might look like the following:

C:\System Volume Information\_restore{86BBE2D3-F7DA-4D48-AE2B-654450056AAC}\RP1

If you do, indeed, locate these two files, eradicate them from your HD (You may need to perform a system reboot in order to get this to work properly). However you manage to erase these two files, be sure to try browsing those sites again to make sure the files are indeed gone. Why did we take that file out of the system restore point? Oh, that's the other trick used by this sneaky little bastage, this little file hides out in your system restore points as a means of disallowing you from rolling back to a prior working configuration. When you try to perform a rollback, most of the steps will work just fine until you come to some point near the end and the restoration just hangs. This could lead to even more problems down the road. So, after disinfecting your machine, I'd recommend a backup of the most recent restore point on a medium that you keep off of the computer. For instance, if you still keep such a device around, you could back up a system restore point on a ZIP Disk or, more commonly available, a thumb/flash drive.

For your referencing information, here's those filenames in lower and upper case so you can see what they are.

QOQUITE.DLL
RP1
qoquite.dll
rp1

Preliminary searches for the cause of blocked anti-virus sites and definition updates proved to be fruitless, so this news is here for you, my friends before anybody else on the web so far. Feel thrilled? I hope so!Related articles by Zemanta

Mário Martins: Avast FREE ANTIVIRUS 5.0.377 (encontrei.wordpress.com)
Facebook offers users free anti-virus software (timesunion.com)
6 reviews of Avast (rateitall.com)
Avast - the world's most popular free antivirus - version 5.0 now available for download (downloadsquad.com)