AVG

A user updated AVG 7.5 to 8.0 yesterday, and found that it froze her PC on reboot. (After login the desktop background appeared, but no Start button or icons.)

I found the cause was a trial copy of BullGuard which had been supplied with the PC. She had never used it but had not uninstalled it, and it duly expired. AVG 7.5 seemed to be happy to live alongside it, but AVG 8.0 most definitely wasn’t (it’s never a good idea to run two anti-malware products at the same time).

Be sure to remove all other always-running anti-virus products, whether expired or not, before you install AVG 8.0.

Viral Spam

I’m seeing a lot of spam today with titles like Customs – We have received a parcel for you or Customs, please read. There was a lot yesterday about undelivered parcels from UPS.

These have a zipped attachment which is infected with a virus. Typical text of the e-mail is:

Good day,

We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form.

Kind regards,
Grover Sterling
Your Customs Service

or

Dear Sirs,

We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form.

Kind regards,
Casey Rhoades
Your Customs Service

The giveaway, as always, is that they are not addressed to you by name, and they come from unlikely e-mail addresses (typically harvested from infected computers). The two above came from Customs Service <lvsgjjo@bluegrassgroup.com> and Customs Service <cwq@blmbuilders.com> but each one will be different.

At the time of writing, these were not detected as malicious by AVG 8.0 (and nor by Symantec, Norton, McAfee, Avast, Ewido, F-Prot, Kaspersky or Panda). Just delete them.

If you have run the attachment (by double-clicking the contents of the zip file, typically) you’ll soon start getting warnings that “Your computer is infected” and inviting you to download software to clear it. The warnings are part of the infection, and the software it wants you to download will makes matters much worse. Don’t download anything, and contact someone who can help you remove the infection.

PS: I’m seeing a lot of fake airline ticket sales today (20 August). They typically start:

Hello,
Thank you for using our new service “Buy flight ticket Online” on our website.
Your account has been created:

and then go on to give login details for a website whose address is not stated (!) and say your credit card has been charged for some amount (usually about $650). A “ticket” is attached.

The usual things give it away: not addressed to a specific person; dodgy attachment (this one is called Ticket_N141-SK.zip and contains a file called Ticket_N141-SK.exe — a file ending in .exe is a program, and this one is instantly detected by AVG 8.0 as containing trojan Pakes.AFL).

Be careful not to run Ticket_N141-SK.exe, and just delete the e-mail and its attachment.

(Aug 23)  Sophos reports yet another variant, “Statement of Fees 2008/09”, whose attachment is sneakily named “Fees_2008-2009.doc______________.exe”.   They hope you’ll think it’s a Word document (.doc) not a program (.exe).   As Sophos says, “Don’t let curiosity get the better of you – don’t open the attachment if you didn’t order the package, or the tickets, or the contract, or the accommodation … or whatever else they’ll come up with next.”