Soluto and Antivir Solution Pro Virus
Update (2010-08-05)
Note that I was unable to reproduce the virus infection after installing Soluto on a different environment. I encourage you to read my next post instead of -- or in addition to -- this post.
In one of the sessions I attended last week at TechReady (an internal training conference at Microsoft), the speaker mentioned a new piece of "anti-frustration software" called Soluto which analyzes the boot time of your PC. It certainly sounded intriguing and I made a note to take a look at it when I got back home from Seattle.
This morning I installed Soluto on my Windows 7 x64 desktop at home. Everything seemed great...at first.
Soluto reported that my boot time was 1 minute 27 seconds (showing how that timeline was broken down loading various applications). It also recommended that I disable the Microsoft Office Groove client as well as Adobe Acrobat Reader (both of which seemed reasonable given that I never use Groove on this particular machine and I rarely view PDF documents). Soluto also discovered some "unrecognized" programs and prompted me for permission to connect to the PC Genome project to attempt to identity them.
Unfortunately, after a few minutes I discovered that my PC was infected with the Antivir Solution Pro virus. This is a particularly nasty virus because it disguises itself as an anti-virus program, disables other security measures, and subsequently attempts to gather personal information. For example, when I attempted to launch Microsoft Security Essentials, I received a message stating that the program was infected. The virus also set the proxy on Internet Explorer to 127.0.0.1:5643 (which redirected all HTTP requests through the virus, undoubtedly in an attempt to steal personal information).
I managed to avoid the land mines with the virus and quickly removed Soluto (which also removed Antivir Solution Pro). I was then able to start Microsoft Security Essentials, at which point it detected a Trojan horse on my computer (as shown in the screenshot below).
Figure 1: Scheduled tasks for backing up databases
I am now running a "Full scan" with Microsoft Security Essentials just to be safe.
I'm not sure how Soluto managed to infect my computer, but I can tell you that I did not surf any Web sites between the time I installed Soluto and the time I discovered the Antivir Solution Pro virus.
Beware of Soluto. I love the idea, but now I'm very wary of the actual implementation. It will be a long, long time before I attempt to install it again.
If you work for Soluto and you are reading this, note that I tried submitting a post to https://community.soluto.com, but unfortunately your site requires me to authenticate before submitting to the forums. I'm sure you can understand why I didn't feel comfortable registering any personal information with your site in light of my experience today. However, please feel free to contact me through my blog. I really would like to be able to eventually recommend Soluto to my friends, family, and customers.