I just got infected

[Bob Blaylock]

But I'm enjoying my new MAC in the meantime.

Stop that. You're one of us now. It's not “MAC” in all uppercase, as if it were an acronym. It's “Mac”, short for “Macintosh”. “MAC” is how we recognize clueless outsiders who have no idea what the platform is about.

 

[Roadtoad]

Stop that. You're one of us now. It's not “MAC” in all uppercase, as if it were an acronym. It's “Mac”, short for “Macintosh”. “MAC” is how we recognize clueless outsiders who have no idea what the platform is about.

(From a PC Slave...)

 

[Skeptic Ginger]

That's pretty much what Personal Antivirus is -- it tells you everything in your system is infected, and won't let you do a damned thing except buy their "fix." I just figured the easiest way to squash the little bastard was to nuke the machine and start over. Fortunately, I'd just swapped out my old machine for a new one, and had the old one re-tasked as my AV playback machine, so it was simple to go get a lot of the stuff I'd have lost otherwise in a full reinstall.

Never had this level of infection or take-over before. I've been clickjacked, had sites drop porn links all over my desktop, and had them try to sneak stuff onto my machine before, but never had to reload the OS as my only choice.

Beanbag

That sounds like the same malware that hit me.

 

[Skeptic Ginger]

Stop that. You're one of us now. It's not “MAC” in all uppercase, as if it were an acronym. It's “Mac”, short for “Macintosh”. “MAC” is how we recognize clueless outsiders who have no idea what the platform is about.

Hey, I'm a Mac newbie. Cut me some slack.

 

[Skeptic Ginger]

If you stumble upon a fake Antivirus, please report it to http://badwarebusters.org/community/submit
Other Users will get a warning if they try to enter these evil/hacked websites,
as long as they use decent Software (Firefox, among others, will do).
I have seen quite a few fake virus warnings, and i know these look very real, it's easy to get fooled.
Let's make the Internet a little bit safer.

I didn't click on anything except some page while web surfing and I have no clue which page carried the infection, or even if it was a page.

Everyone thinks you have to do something they aren't doing or would never do. I don't open any SPAM email and rarely open one that is unrecognizable just to make sure it is SPAM before deleting it. I certainly don't open attachments.

I'm pretty sure the original infection was a few days before the attack. My keyboard acted odd. I believe this particular malware sneaks in, causes a few vague problems, waits a couple days, then attacks.

 

[Ohforf]

I didn't click on anything except some page while web surfing and I have no clue which page carried the infection, or even if it was a page.

Everyone thinks you have to do something they aren't doing or would never do. I don't open any SPAM email and rarely open one that is unrecognizable just to make sure it is SPAM before deleting it. I certainly don't open attachments.

I'm pretty sure the original infection was a few days before the attack. My keyboard acted odd. I believe this particular malware sneaks in, causes a few vague problems, waits a couple days, then attacks.

Did you keep your Windows and other Important Software updated ?
The Risk of a Virus installing itself without any user interaction is very low.

 

[Beanbag]

Everything on my system is set to auto-update to maintain the latest versions (OS, antivirus). I agree with SG: things were getting "strange" long before the Personal Antivirus green shield popped up in the toolbar. I can't be sure where I picked it up, or even if it came from a web site. It could conceivably have come in through email. I've been getting an unusual amount of "foreign" emails (outside of my normal traffic) dealing with a writers' convention, coming from several outside convention booking services. It could have come through that avenue.

I almost always pre-plan on doing a complete OS reinstall once a year. All my machines have their Windows activation code listen in large labels on the front, so it's easy to pop in the OEM disk and wipe everything back to ground zero. Throw in monthly (or even more frequent) backups of data files to DVD, and it doesn't become too much trouble to get up and running again.

Beanbag

 

[RayG]

Anyone heard of or tried this?

http://www.guidingtech.com/2083/avg-rescue-cd-virus-spyware-removal/

Basically you're using a bootable CD or USB drive, though I've not had occasion to do anything that drastic on any of my systems.

RayG

 

[Rat]

I didn't click on anything except some page while web surfing and I have no clue which page carried the infection, or even if it was a page.

Everyone thinks you have to do something they aren't doing or would never do. I don't open any SPAM email and rarely open one that is unrecognizable just to make sure it is SPAM before deleting it. I certainly don't open attachments.

No, in my experience, everyone thinks that all you have to do is run Windows and you will be infected. Personally, I'd love it if you could tell me what page it was, just so I could see what happened. But sadly people only ever say that they visited 'some page'. If you are (or were) doing something I'm not doing, I really want to know what it was.

I'm pretty sure the original infection was a few days before the attack. My keyboard acted odd. I believe this particular malware sneaks in, causes a few vague problems, waits a couple days, then attacks.

Can you define 'keyboard acting odd'? Can you explain why you're sure of this?

 

[Andrew Wiggin]

I've suffered through the 'personal antivirus' thing and I'm pretty sure what it started with was a popup from a subverted website. For me, it was either the E.R. stories blog (a fun read for anyone in emergency medicine, but lately buggy and infected) or one of the 'cheezeburger network' sites. Easy enough to script a popup, then use your clicking on it, even clicking to close it, as implied permission to install a script somewhere in your machine that keeps popping it up. When I get a popup of this nature, I don't click on it anywhere. I just turn off my modem, save my work, and reboot. In the future, I avoid that site. So far, that's been mostly successful in keeping me infection free. The problem is that I'm not the only one who uses the computer, so I've had to do some pretty intensive education, and most recently set up separate administrator and user accounts, with drastically different levels of privelege. It's simply amazing to me that someone would knowingly defeat all the security protecting them for the sake of an internet game that lets you pretend to work in a menial job. (in a different vein, what the ever loving hell is up with all the games out there that make you pretend to wait tables, run errands, or till fields? I just don't get it. You have to PAY people to do that crap in RL. If I can ever figure out how to make someone's online game control a robot that actually does the work, I'll make a mint. Free labor.)

A

 

[Skeptic Ginger]

Did you keep your Windows and other Important Software updated ?

Yes. But considering the number of people reporting they too were infected with this particular malware, it's clear the sleaze balls got ahead of the game. Hopefully it isn't an indicator of things to come.

The Risk of a Virus installing itself without any user interaction is very low.

Well I went more than 20 years without a problem.

 

[Skeptic Ginger]

No, in my experience, everyone thinks that all you have to do is run Windows and you will be infected. Personally, I'd love it if you could tell me what page it was, just so I could see what happened. But sadly people only ever say that they visited 'some page'. If you are (or were) doing something I'm not doing, I really want to know what it was.

There's no way to know when people like me surf incessantly.

Can you define 'keyboard acting odd'? Can you explain why you're sure of this?

I'm not sure I remember exactly. It was subtle and I didn't think as much of it at the time as I should have. The keyboard started not responding, and while that had occurred occasionally in the past, there was something more severe about it. I remember being concerned the keyboard was failing. But the problem quit occurring and the keyboard works fine now in safe mode.

It could have been a coincidence but I suspect it wasn't.

 

[rsaavedra]

Here's the security toolkit I have installed on my WinXP machines:

- AVG antivirus (free version)
- Malwarebytes' Anti-malware (free version)
- Spybot (free)
- Comodo Firewall (free)
- Chrome instead of IE (Used to have Firefox as my main browser, but it has become too slow and buggy lately, so now using Chrome).

PS. I also use CCleaner (free) every so often, especially after installing or removing any software, to clean up the registry.

 

[Andrew Wiggin]

Here's the security toolkit I have installed on my WinXP machines:

- AVG antivirus (free version)
- Malwarebytes' Anti-malware (free version)
- Spybot (free)
- Comodo Firewall (free)
- Chrome instead of IE (Used to have Firefox as my main browser, but it has become too slow and buggy lately, so now using Chrome).

PS. I also use CCleaner (free) every so often, especially after installing or removing any software, to clean up the registry.

Yours looks a lot like mine, except that I still put up with firefox.

A

 

[Dancing David]

That's pretty much what Personal Antivirus is -- it tells you everything in your system is infected, and won't let you do a damned thing except buy their "fix." I just figured the easiest way to squash the little bastard was to nuke the machine and start over. Fortunately, I'd just swapped out my old machine for a new one, and had the old one re-tasked as my AV playback machine, so it was simple to go get a lot of the stuff I'd have lost otherwise in a full reinstall.

Never had this level of infection or take-over before. I've been clickjacked, had sites drop porn links all over my desktop, and had them try to sneak stuff onto my machine before, but never had to reload the OS as my only choice.

Beanbag

Well, the issue is that you can defintely get infected by almost any site that does not have an active security manager.

Java says the recent java expoit is no big deal but I am uninstalling it on my home machine for a while. (http://news.cnet.com/8301-27080_3-20002199-245.html?tag=mncol)

But most likely your machine got some little less obvious piece of malware that the Personal Antvirus latched onto.

Other common exploits are freeware versions of software, like DivX, if you download it from the main page, it is most likely fine, if you download it somewhere else not so fine.

So I try to download freeware only from Majorgeeks, C-net and places like that.

There are also some great flash exploits which is how most of the 'less savory' places will get you.(Hopefully Adobe got those last month)

 

[Dancing David]

Here's the security toolkit I have installed on my WinXP machines:

- AVG antivirus (free version)
- Malwarebytes' Anti-malware (free version)
- Spybot (free)
- Comodo Firewall (free)
- Chrome instead of IE (Used to have Firefox as my main browser, but it has become too slow and buggy lately, so now using Chrome).

PS. I also use CCleaner (free) every so often, especially after installing or removing any software, to clean up the registry.

Nice!

very similar to the majorgeeks:
http://forums.majorgeeks.com/showthread.php?t=44525

 

[Dancing David]

Anyone heard of or tried this?

http://www.guidingtech.com/2083/avg-rescue-cd-virus-spyware-removal/

Basically you're using a bootable CD or USB drive, though I've not had occasion to do anything that drastic on any of my systems.

RayG

Looks good but it depends, some rootkits are real nasty and require that you wipe the machine. Even combofix has a hard time with them. But that should wipe you common malware out.

 

[rsaavedra]

Nice!

very similar to the majorgeeks:
http://forums.majorgeeks.com/showthread.php?t=44525

Cool, very exhaustive list over there, didn't know of it. I did research a lot when picking the security tools, comparing rankings per category (most recommended antivirus, antispyware, firewall and so forth). Didn't add them all at once though, I first just had Firefox, AVG and Spybot, that was a number of years ago. Then added Comodo and CCleaner. Last year I added Anti-malware. And this month I made Chrome my main browser.

 

[nota]

how to beat a fake anti-virus in XP

boot to safe mode
AND as soon as the hourglass goes away
hit control alt delete as soon as you can
go to task manager and kill every thing you can
keep it up a few minutes as some will reload
if the fake av reloads start over and be quicker
you must beat the fake av loader

once the reloading stops run mal-warebites
keep an eye on task manager and kill any reload
mal-ware bites should kill the fake av

if you donot have mal-warebites download it on a uninfected computer
and burn a CD or DVD or usb loader copy and run it from that

 

[patchbunny]

I got hit with AntivirusPro2009 last year. Went right through AVG and SS&D and nothing I had would remove it. Took hours but I finally got rid of it with Malwarebytes and Stopzilla. Later in the year I was hit with it again, but Stopzilla prevented the infection. Last month AntivirusPro2010 tried to upload, but Stopzilla prevented that one, too. Loooove that program.