July 30, 2008
‘Antivirus’ Bug Hits Rio Theater Web Site
By Caleb Chapman, Kerrville Daily Times, Texas
Jul. 30--Trying to find the latest times for the local showing of "The Dark Knight" may prove troublesome for your PC.
Several local residents have been infected with a virus deceptively named "Antivirus 2008" or "Antivirus 2009," and for some, the problem began when trying to log on to the Rio Entertainment Inc. Web site.
Rio consists of five movie theaters, included the Rio 10 Cinemas in Kerrville.
"It looks like the virus is coming from our Web hosting service," said Syd Hall, Web master for Rio Entertainment. "We have been infected three times in the past 10 days."
Hall said he shut down the site Tuesday until the problem can be resolved with the host.
He said he is unsure how long the site will be unavailable, but he is working on an alternative site to put in its place.
The Times found that logging directly on to www.rioenter tainment.com produced normal results. However, doing a Google search for Rio Entertainment and clicking on the link gets the ball rolling for the virus.
After clicking on the link, a legitimate-looking dialogue box appeared on the screen saying, "Your computer is running slower than normal, maybe it is infected with viruses, Adware or Spyware. Win Antivir 2008 will perform a quick and completely FREE scan of your system for malicious software. Download Win Antivir for FREE now!"
Even by clicking "cancel," a Web page is displayed that performs a fake scan and its results. An installer pop-up window also appears asking the user to allow the program to repair the infected files.
According to Melvut "Turk" Otcu, owner of Gazelle Computers in Kerrville, users should be safe by simply ignoring the requests and closing the browser.
"Thanks to new improvements in Internet Explorer, these add-ons don't install automatically anymore," Otcu said. "But if you agree to repair and install the 'setup.cab,' then you are really infected."
The lesson: Always think twice before agreeing to download something to your computer -- even it looks authentic.
"This shows that even clean machines can become infected by just going to a regular site that they always go to," Otcu said. "The only way to be protected is knowing how to surf online safely."
Antivirus 2008 makes deceptive claims of system vulnerabilities to entice users to purchase the full version of the software by interfering with normal computer use.
Local resident Rosemary McMurphy first informed the Times of the virus last week.
"It invades your computer and stops you from doing anything," she said.
Once the virus invades a computer, it gives the user the option of purchasing and downloading the full version of the fake program.
The kicker is that once the program is downloaded, it cannot be removed through normal program deletion methods.
"You can't remove it," Otcu said. "You have to run your computer in safe mode and install another antivirus software or uninstaller that may be able to delete the infected files."
To see more of the Kerrville Daily Times or to subscribe to the newspaper, go to http://www.dailytimes.com/.
Copyright (c) 2008, Kerrville Daily Times, Texas
Distributed by McClatchy-Tribune Information Services.
For reprints, email [email protected], call 800-374-7985 or 847-635-6550, send a fax to 847-635-6968, or write to The Permissions Group Inc., 1247 Milwaukee Ave., Suite 303, Glenview, IL 60025, USA.