I am looking very closely at a Windows 7 32-bit computer which has been infected with what I believe is a new type of virus/malware which I shall call "deep Vosteran".
This is NOT the covert vosteran.com browser intercept virus, it is an overt takeover attempt of the PC's Internet Browser by replacing it with a compromised version of Google Chrome. I have never seen anything like this one.
At the time of writing the malwaretips.com solution for vosteran.com is totally irrelevant, so please don't post it.
The user originally clicked on a sucker "Adobe Flash Player Update" on a normally legitimate site. In the space of two minutes this has installed the following packages visible from "Programs and Features":
Vosteran (a compromised version of Google Chrome)
WSE_Vosteran (a known rogue browser plug-in)
Storm Watch (a known rogue browser plug-in)
Arcade Giant (no idea what this is !)
On the same day, I see installed - albeit a few minutes after the main infection:
Google Toolbar for I.E. (known security leak)
There is no "Google Chrome" listed in "Programs and Features" and Google Chrome was not previously installed. I suspect that the user was suckered into installing the "Google Toolbar" by Google.
What is unusual is that "Vosteran" (a compromised version of Google Chrome) appears in the W7 Start Menu and pinned to the Taskbar AND starts when the PC starts (via the "run" Registry Key"). When the user uses the ready-loaded browser, it is infested with POP-UPS which mostly warn of ficticious virus infections an suggest the user purchases remedial software. Obvious fraud.
This is an awesome virus/malware infection. Parallel research reveals that "Uninstall" from "Programs and Features" is pointless.
I have saved a list of every file created that day to a text file and homed in on the infection point - perversely by using the "History" from the compromised and renamed "Google Chrome".
@PA Bear. Please, please stay off this thread.
Anybody know how to get rid of this short of a cold build? User has data backups.