I just got infected

tyr_13 said:
The fake anti-virus on my mother's machine disabled the task manager, AVG, Ad-aware, Spybot, and Safe Mode. That's right, I could no longer boot her old HP into safe mode. It was crazy. The harder I worked, the more locked down the machine got. I hadn't been that frustrated with a virus for long ass time. Hell, I hadn't had to fight off a virus for a long ass time. It didn't disable Malwarebytes, but Malwarebytes couldn't remove it all either. Oh, and I couldn't get the regedit to run. It would crash the computer.

Nuked it, it works fine now.

I got a netbook returned with a different version of the fake anti-virus as well. This one had also disabled the task manager, though not as completely. Still, I don't get paid to remove that crap, so it's going back to Dell for full restore.
Click to expand...

Yup that is a nasty one, if it disables safe mode, especially if you can't regedit to turn it back on. I have seen the ones that disable task manager and safe mode but not the regedit. The one I encountered with the sage mode issue required regedit to fix.

It probably would have blocked a download of Combofix as well. About all you can do is use a boot disk to recover the files.

:(
 
If you think you might come across this thing, find a USB flash drive and save the following to it:
  • RKill - a Microsoft MVP decided to make a binary version of the script Ducky mentioned. This is it.
  • CCleaner Portable - The portable version works the same as the installed one, and allows you to go into the startup items and disable pretty much anything that typically runs at startup. At reboot, you can then probably get access to Safe Mode or at least begin cleaning it out with the tools you have.
  • Antivirus:
    • ClamWin Antivirus - It's portable, and while it may not be the best AV out there it is pretty decent and useful.
    • TrendMicro HouseCall - also portable, though it may need to install itself to the host computer to clean the system.
  • Anti-malware:
    • Remove Fake Antivirus - portable app specifically designed to remove a list of those fake antivirus programs.
    • AppRemover - a non-Windows application remover that doesn't necessarily rely on uninstallers (the fake antivirus uninstaller file is a red herring).
    • Autorun Virus Protector - not necessarily a fake antivirus tool, it goes after the autorun.ini virus that's out there, which the fake AV infection may be using to keep hold.
    • F-Secure Blacklight - this one has been around for a while, and has generally gotten better each time I've seen it revised. F-Secure makes good malware-fighting tools, and it's a good addition to any flash drive arsenal.
    • SpyDLL Remover - a bit more complex than the others, this one helps to isolate and disable dll files making use of servicehost or another system process (like Explorer) to keep itself alive. I've not used it personally, so I can't speak for how well it works, but I understand what it's supposed to do and it's definitely something to keep in mind for the more pervasive malware programs.
    • TrendMicro CWShredder - again, not specifically something for the fake antivirus, this tool helps to eliminate the CoolWeb Search crapware on a system.
    • AVZ Antiviral Toolkit - this is not an antivirus, it only removes loaded parts of malware, but the dude who wrote it went on to work for Kaspersky and the utility is well-regarded.
    • Stinger - an oldie from McAfee that has had many updates to meet new malware, and again while it doesn't cover everything it's one of those very useful utilities to have on your USB drive. (you can download here)
  • For good measure, if possible before cleaning try to update the hosts file (how-to here) so that many of the different types of malware can't "phone home" as you're eliminating them.

I have a more comprehensive list of USB drive tools I'm compiling, but those are the most germane to this topic and the malware from the OP in particular.
 
GreNME said:
Beanbag, I have a somewhat academic question for you: what version of Windows are you running, and do you think you got the virus from a website or while installing something else? I have a running debate with a Windows-centric associate and I'm just curious what you think the circumstances were.
Click to expand...
Windows XP with SP3 installed, along with the latest express upgrades installed. Antivirus is Microsoft Security Essentials. I have it set to auto-update, so I assume it was current.

As I said before, I can't be sure exactly where I picked up the infection. I can only figure it came in when I was doing something out of my ordinary routine. In this case, I had followed a series of links into some shady section of the internet, and hit one of the pop-up dialog boxes asking if I wanted to leave the site, and wouldn't surrender focus. Normally, when I hit these, I Task Manager out and shut the browser, but this time I didn't want to lose the tabs that brought me to that place (research for a novel).
 
Control Panel > Java > Update > Update Now. It's probably set to update only once a month. Last week's Update 20 fixes a big hole used by driveby malware.

On my work PC, behind the corporate shield and running Microsoft Forefront, I've gotten a couple of malware infections in the last 30 days, nothing before that in 3 years. Maybe it's getting worse out there; both were from technical sites, one from DailyTech. They got a bad ad in their ad rotation. I saw the Java icon in the system tray when it installed itself, then the fun began. Forefront eventually got rid of all of them, but I think our helpdesk had to apply the very latest updates.

Last year it took all day to figure out how to clear scareware from a friend's PC (Norton fixed it). That's when I decided to hop onto the "No, I Won't Fix Your Computer" bandwagon.
 
Gilmar said:
Control Panel > Java > Update > Update Now. It's probably set to update only once a month. Last week's Update 20 fixes a big hole used by driveby malware.
Click to expand...
There is no Java in my Windows XP Control Panel. Were you referring to the Windows Control Panel, or somewhere else?

Beanbag
 
Beanbag said:
There is no Java in my Windows XP Control Panel. Were you referring to the Windows Control Panel, or somewhere else?

Beanbag
Click to expand...

He was referring to the Windows Control Panel. I found it on mine. To go to Control panel Click start / Settings / Control panel.

You need to ensure that you get one folder with many icons on it. Otherwise change your settings. If you still cannot see it then click on View / Arrange icons by / Name
 
Last edited:
My favorite AV software is ESET Smart Security, it does a fantastic job.

Also, a good way to protect your PC is with Windows SteadyState. It is a free download from Microsoft that lets you lock down your PC, great for setting up kiosk systems. You can create a slimmed down user account just for web browsing that makes it impossible for malware to install. It also turns off all unused services and features, makes everything run fast.
 
I guess Java's not installed on this machine. It shows up nowhere in the Control Panel, either in the "new" or Classic views.

Beanbag
 
Robo Sapien said:
My favorite AV software is ESET Smart Security, it does a fantastic job.

Also, a good way to protect your PC is with Windows SteadyState. It is a free download from Microsoft that lets you lock down your PC, great for setting up kiosk systems. You can create a slimmed down user account just for web browsing that makes it impossible for malware to install. It also turns off all unused services and features, makes everything run fast.
Click to expand...

Yup. but you loose all the data on the disk at restart, unless you run as an admin.
 
I got one (XP Defender, looked like it anyways) after 2 years of free sailing. Disabled so many things. Task manager disabled, The start Run… option disabled. My Zone Alarm went kapoots and all my browsers wouldn't open. I tried installing Malwarebytes but no go. I usually do the old task manager thingy to shut down firefox when I see these darn fake scans, well I tried,. ...Anyways my Zone Alarm was taking a coffee break.
Long story short I didn't want to bother with this. (and I am the one people usually call when they get infected). After the tenth gazillion pop-up....
....I just did a fresh install onto another drive.
 
Last edited:
Beanbag said:
Well, I'm no longer a virgin. One of my systems got malwared last night, the old Personal Antivirus. I suspect it made it onto my system because I had javascript enabled on my browser, and I was admittedly wandering around some of the more unsavory parts of the web.

I tried a few "obvious" solutions, like trying to shut down processes in task manager, booting in safe mode, restoring to an earlier known-good point. The little bastard did a good job of locking me out of just about every approach.

I fired up a laptop and went looking for a remedy that was understandable to an average person. Found a bunch of instructions for manually deleting a bunch of files and processes that spanned three or four pages. You'd think somebody would have a batch-mode file that would run out and do it all automatically.

I looked at the amount of time it would take to clean everything manually (couldn't even load up any of the fixes I'd downloaded on the laptop), and decided the best thing was to take the system down to bare metal and reload everything, even the OS (Win XP). Fortunately, I had an excellent and recent backup of all my "personal" files, so it wouldn't be all that painful. The longest part was doing a full reformat of the hard drive, just to be sure there was nothing left that might cause a problem later. My solution for that was to start the format, then go to bed. Got up this morning, finished the system install, then loaded all the software I normally use.

I'm still trying to figure out how it made it onto my system, past Microsoft Security Essentials. Full scans while infected showed no problems.

Anyhow, now I've got a nice, clean machine with all the normal old accumulation of crap removed.

Beanbag
Click to expand...

m is for mac
l is for linux
winders = virii or never ending arms race


the choice is yours
 
mikeyx said:
m is for mac
Click to expand...
... which costs twice as much as a PC for the same capability, has only a fraction of the software applications available for a Windows box, and typically is a pain in the kiester to upgrade and customize.

mikeyx said:
l is for linux
Click to expand...
... whose software suites seem to be limited to browsing and simple word processing, unless you've worked with it from Day One when Torvalds posted The First Message, and have managed to master all the arcane command-line codes that seem to be necessary to install anything other than browsers and word processors.

mikeyx said:
winders = virii or never ending arms race
Click to expand...
... which still seems to be 90% of the users out there, with an application base that would make most other OS's jealous, with hardware upgrades reasonably priced and easy to install, so you get a scalpel for the task at hand, rather than an axe.

mikeyx said:
The choice is yours
Click to expand...
One infection in over THIRTY YEARS of (heavy) computer use ain't bad. It would be like refusing to leave the house because a bird crapped on your car yesterday.

Beanbag
 
Is the Mac OS X vulnerable to spyware, worms and malware? These are not true viruses right? not an executable code that attaches itself to a program or file. I want a Mac for my music stuff.
I don't have many problems with my OS system, Microsoft. Just 2 in the past three years. (lucky)
Though I have a system I torture, create problems, try to trouble shoot and fix. Great fun :)
 
JcR said:
Is the Mac OS X vulnerable to spyware, worms and malware? These are not true viruses right? not an executable code that attaches itself to a program or file. I want a Mac for my music stuff.
I don't have many problems with my OS system, Microsoft. Just 2 in the past three years. (lucky)
Though I have a system I torture, create problems, try to trouble shoot and fix. Great fun :)
Click to expand...

Hi, there are all sorts of execultable code in malware and especially worms.

But again the issue is money, there is not as large a profit in stealing credit cards numbers from MACs.
 
Dancing David said:
Hi, there are all sorts of execultable code in malware and especially worms.

But again the issue is money, there is not as large a profit in stealing credit cards numbers from MACs.
Click to expand...

I know there is executable codes used. When I said "not an executable code that needs to attach itself to another program or file" (Not that they don't have code) I was referring to non-virus malware that do not need to do this to function.
Worms (they can propagate, but are still quite different than viruses) and malware (all malicious code) were a bad example.
The point I was trying to get at was: Trojans (better) and many other spyware crap that don't need a host program or cannot replicate themselves like a true virus does.
Anyways, the Spyware I had was an annoyance and not actually damaging anything, unlike what a virus can do.
Anyways ...I don't really have a point. :)

Much less incentive to create certain malware for Macs I agree.
Is it because Macs are also much more difficult to exploit and windows is just too darn easy. Which to me is more of an incentive.
 
Well, I agree that Windows is over large but many exploits come from third party software:

Like Java this month and Flash player last month.
 
mikeyx said:
m is for mac
l is for linux
winders = virii or never ending arms race


the choice is yours
Click to expand...


And Mac Users and Linus freaks wonder why they have a rep as being such total A-Holes.
The fact that you cannot run a Lot of programs on Macs or with Linux never seems to occur to them. If you a PC Gamer, you really don't have much of a choice, since Windows Emulators for Macs seem never to work all the well.
I got hit by Antivirus 2009 last year. May the person who wrote it rot in hell.
 
You must log in or register to reply here.

Back
Top Bottom