Amazon Assistant Popup Virus
I had a client contact me at dinner time yesterday in near hysterics. The desktop of her Windows 7 computer had been overtaken by white screen popups that covered everything and she was working on some very high priority projects and a tight deadline.
I managed to remote into her computer and look at it.
The culprit identified itself as “Amazon Assistant” and a legitimate looking Amazon icon was pinned to the taskbar and associated with an open application. Large white windows were repeatedly popping up and covering all other applications. Closing one only spawned another in a few seconds.
This is not a virus. It is not technically malware. It is a HIJACKER. It takes over your desktop like so many other hijackers that want you to dial a toll-free number for “Microsoft”, “Windows”, “Dell” or some other “brand” support – all of which are bogus.
Looking through the Uninstall Programs list I found Amazon Assistant had been installed January 16 (3 weeks ago). It could not be uninstalled.
Locating the directory for aa.hta (almost never a legit file extension to find on a PC) proved to be in Program Files(x86)/Amazon/Amazon Assistant
The files in this directory are:
There is no way to delete them in normal mode. (not really a surprise. You cannot delete files that are running in memory or locked)
This file is a HIJACKER. AVG identifies it as IDP.Generic
The ONLY way to remove it is to:
- Reboot in SAFE MODE
- Go to Program Files(x86)/Amazon/ and delete the entire Amazon Assistant directory.
- If you’re comfortable editing the registry and have done it thousands of times like I have, run regedit and search for “Amazon”. Delete every ROOT key pertaining to Amazon Assistant.
- <reboot> in normal mode.
- Go to Control Panel and Programs – Uninstall Amazon Assistant.
- Update AVG (now Avast) and configure it to correctly:
- scan ALL FILES
- Scan for potentially unwanted programs
- Scan archives
- Basically check off every single option for a Deep Scan
- and run a full scan (now Deep Scan).
In searching the web for aa.hta I found 3 questions and responses on the AVG help forums. All the responses were useless. Unfortunately this is typical and goes right along with my experience selling AVG since about 2006 or so. AVG has always made a great product, but their support is absolutely the worst in the industry. They know this. I have spoken to them about it numerous times.
I am personally responsible for selling, installing and configuring over 4,000 AVG products since about 2006. I know what I am doing and have written several blogs on properly configuring both Norton and AVG products for optimal protection. I have removed hundreds of thousands (may actually be millions by now) malware infections over the years.
It would be refreshing to see some actually helpful support from AVG for once.
I have to say I absolutely HATE the new AVG / Avast interface. It is very unfriendly, difficult to configure and it CHANGES SETTINGS THAT I HAVE INTENTIONALLY CONFIGURED FOR OPTIMAL PROTECTION.
I hate it.
Did I say I hate it?
Yes I HATE it.
Are you listening?
You took the best malware protection on the market and you made it significantly LESS effective.
What a monumentally STUPID and arrogant thing to do.