Holy cow, just recovered from the Windows AntiVirus Pro virus!

[SLS]

Spent Saturday, Sunday and most of today dealing with this virus. This is a nasty bug that plants itself deep in the operating system of your PC If you are on the phone and working on your PC like I am, the prompts it gives to launch the virus are close enough to look like a normal Microsoft error message. Once launched, it then proceeds to give you fake virus detection/infection notices with the whole point to get you to sign up for a years subscription for virus protection! This part is just a scam to get your credit card info, which they happily take and still leave you with a nasty mess! Fortunately, after about 1 minute, I knew what I had and did not fall for it, but I am sure others have. Not sure where I picked this one up from, but it nearly disabled my entire operating system. Every time you try to destroy it, it blocks it and does not let you use that function again. It even won't let you start up in safe mode! I had two different techs have a look at it, the second one was finally able to give it the kibosh! So for the past 5 hours tonight I have bumping up security on all my PC's. The one positive is I learned about some great freeware from the second Tech to help detect & destroy malware. Do a search for malwarebytes.org, it works great. It's to be back to normal again!
Scott

[Lion]

This story is a good reason for everyone to look into getting a Mac, no viruses!!!

[TheDude]

Quote:

Originally Posted by Lion

This story is a good reason for everyone to look into getting a Mac, no viruses!!!

This specific issue was actually a trojan, and the Mac -does- have trojans.


The OP used the right tool for removal, it's free and does a good job.


FYI... there is a new one that works in a similar fashion called "Green AV".

[SLS]

Quote:

Originally Posted by Lion

This story is a good reason for everyone to look into getting a Mac, no viruses!!!

I mentioned that to my second Tech, who really knew his stuff, and his response was that Mac's are no longer immune to virus's like they were in the past. He went on to say that Mac users may be worse off because in some cases they are less protected and have a false sense of security with their OS. Just keep that in mind!
Scott

[idk01]

Hi Scott, had a week of removing this fungus from machines, seems there is a spate of drive by downloads going on :-( not to mention spam emails with links to this sort of trash.

The latest I've seen infesting machines this week is "personal Antivirus" and "pc antispyware 2010" these are quite nasty to remove.

I would recommend the following to remove and it may take a combination of them to remove fully:

SuperAntispyware - free version - http://www.superantispyware.com/
Malearebytes - http://www.malwarebytes.org/
SDFix - http://www.bleepingcomputer.com/forums/topic131299.html
Roguefix - http://www.internetinspiration.co.uk/roguefix.htm

I've had two clients today be silly enough to put credit card details in this "personalAntivirus" as it does look very similar to AVG free. beware guys, I would suggest running Firefox with the "NoScript" add-on, as this block most of these drive by download hijacks.



Dave.

[redshirt1957]

With all the problems now-a-days with computers, guess I will have to get my porn from analog sources.

[idk01]

Quote:

Originally Posted by redshirt1957

With all the problems now-a-days with computers, guess I will have to get my porn from analog sources.

My wife cracks up about the whole look at porn on the web and get a virus

[Kokyuryoku]

I got that same virus at the end of last year. It really sucks. I used the same site to clean my PC. I'm glad it worked out for you too.

[The GMT Master]

Quote:

Originally Posted by idk01

My wife cracks up about the whole look at porn on the web and get a virus

Brings a whole new level of meaning to "STI" now

[kcmo]

I feel for you Scott!

We had the same virus on our desktop about 10 days ago and many hours, much frustration, and $250 later, a tech finally fixed it!

[TheDude]

Quote:

Originally Posted by idk01

I've had two clients today be silly enough to put credit card details in this "personalAntivirus"

As we security guys have often said, "there's no patch for stupidity".



This is another great way to protect from a lot of browser attack vectors:

http://www.zonealarm.com/security/en...urity/home.htm



The link above is a quick tutorial on the dangers we're talking about, and it explains "ForceField" by ZoneLabs. ForceField stands up a virtual shim between the websites you visit and the browser + underlying OS bits. That way, any attacks you come into contact with don't compromise the PC itself.

[daveathall]

I dont like the Noscript add on, driving me daft, wont allow anything, how do I uninstall it please?

[SLS]

Quote:

Originally Posted by redshirt1957

With all the problems now-a-days with computers, guess I will have to get my porn from analog sources.

According to my tech, this is another myth, while you may pick up a virus at one of these sites, most of them want your money, and to get it, your PC has to be running! He thought I received the virus in an email attachment or possibly from a site I erroneously typed in to my browser or just clicked on during a search.
Scott

[SLS]

Quote:

Originally Posted by idk01

Hi Scott, had a week of removing this fungus from machines, seems there is a spate of drive by downloads going on :-( not to mention spam emails with links to this sort of trash.

The latest I've seen infesting machines this week is "personal Antivirus" and "pc antispyware 2010" these are quite nasty to remove.

I would recommend the following to remove and it may take a combination of them to remove fully:

SuperAntispyware - free version - http://www.superantispyware.com/
Malearebytes - http://www.malwarebytes.org/
SDFix - http://www.bleepingcomputer.com/forums/topic131299.html
Roguefix - http://www.internetinspiration.co.uk/roguefix.htm

I've had two clients today be silly enough to put credit card details in this "personalAntivirus" as it does look very similar to AVG free. beware guys, I would suggest running Firefox with the "NoScript" add-on, as this block most of these drive by download hijacks.



Dave.

Good to know, thanks! So far so good! Also, I switched over to Trend virus protection, I have been told that it offers the best protections and does not slow down your machine as much as Norton or McAfee.
Scott

[Green Sub]

Well I make a living dealing with these things and here is how I handle them

Run Malwarebytes in Safe Mode

If that doesn't take care of it along with your other real-time anti virus software here is the only way I know to kill them 99.9% of the time (trashed registries with no backups can be the death of a fix, requiring the format and reload of the OS)

Anyway, pull the hard drive that is infected and mount it on a clean system as a secondary drive. Then run AVG, Malwarebytes, and Webroot Anti Virus. As long as you have access rights to all of the infected secondary drive you should clean up the problems. If you don't have full access, learn how to take ownership of the locked areas, then run the scan. After returning the drive to the original PC, run HiJackThis to clean up "missing" files.

I make $150 including pickup and delivery for cleaning these problems up per PC.

Barry

[idk01]

Quote:

Originally Posted by Green Sub

Well I make a living dealing with these things and here is how I handle them

Run Malwarebytes in Safe Mode

If that doesn't take care of it along with your other real-time anti virus software here is the only way I know to kill them 99.9% of the time (trashed registries with no backups can be the death of a fix, requiring the format and reload of the OS)

Anyway, pull the hard drive that is infected and mount it on a clean system as a secondary drive. Then run AVG, Malwarebytes, and Webroot Anti Virus. As long as you have access rights to all of the infected secondary drive you should clean up the problems. If you don't have full access, learn how to take ownership of the locked areas, then run the scan. After returning the drive to the original PC, run HiJackThis to clean up "missing" files.

I make $150 including pickup and delivery for cleaning these problems up per PC.

Barry

I'm working on two right now Barry :-) just after 11pm, like to let these things scan overnight, I charge similar sort of coin for cleaning these out, getting way too many these days. Only have two 8 port KVM's on the workbench :-)



Dave.

[daveathall]

Quote:

Originally Posted by daveathall

I dont like the Noscript add on, driving me daft, wont allow anything, how do I uninstall it please?

Anyone please.

Edit; Sorted now thank you.

[SirLoki]

not only that but apple hardware is easy to hack now. Imagine this happening to your keyboard.

http://www.digitalsociety.org/2009/0...and-possessed/

[AIKO]

I had something similar a few years ago with our Dell, I was sooooo pissed off. The Norton we had did nothing. Called Dell cust service in India, they ended up having me (which I did not realize at the time) re-install the OS-I lost everything. I really hate Dell, the worst customer service. I have MAC and will take my chances until something happens. Beats the monthly issues I was having with my PC.

[Carolina]

Quote:

Originally Posted by idk01

Hi Scott, had a week of removing this fungus from machines, seems there is a spate of drive by downloads going on :-( not to mention spam emails with links to this sort of trash.

The latest I've seen infesting machines this week is "personal Antivirus" and "pc antispyware 2010" these are quite nasty to remove.

I would recommend the following to remove and it may take a combination of them to remove fully:

SuperAntispyware - free version - http://www.superantispyware.com/
Malearebytes - http://www.malwarebytes.org/
SDFix - http://www.bleepingcomputer.com/forums/topic131299.html
Roguefix - http://www.internetinspiration.co.uk/roguefix.htm

I've had two clients today be silly enough to put credit card details in this "personalAntivirus" as it does look very similar to AVG free. beware guys, I would suggest running Firefox with the "NoScript" add-on, as this block most of these drive by download hijacks.



Dave.

Yikes! I had that thing pop up on my machine - looks just like AVG, so I did a double take. Thankfully, I exited everything right away and ran my real antivirus stuff.

[SLS]

Quote:

Originally Posted by Carolina

Yikes! I had that thing pop up on my machine - looks just like AVG, so I did a double take. Thankfully, I exited everything right away and ran my real antivirus stuff.

download malwarebytes and have it scan your system, it found 14 other viruses that Norton missed!
Scott

[Carolina]

I have AVG, but did run Malwarebytes right after. Thanks to this forum, of course I knew this!!

[vh_bu98]

Cleaning infected computers is one of the most annoying parts of IT because it's such a time consuming process. I always prefer to copy the data over and format and reinstall the OS. The time it takes cleaning a PC is better used to start from scratch.