• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Virus/ trojan posing as security software

Bikewer

Penultimate Amazing
Bikewer
Joined
Sep 12, 2003
Messages
13,242
Location
St. Louis, Mo.
The department's in-car laptops are supposedly reserved for "official" business, but it's no secret that they get considerable surfing use...
Some officers are reasonably computer-savvy and some are not.

The other day, I tried to fire up the one in a car I seldom use and found that it had been trojaned-up by one of those things that show up while you're browsing as "windows security" telling you that you have 3 million viruses and 28 trojans and you must click NOW to get rid of them.
Unfortunately, someone did...
The result was a complete takeover including disabling the installed anti-virus software.

These seem to be increasingly common; I just accessed Google Images and one of these screens popped up.
 
yeah, they're so easy for people to click on to shut them down - I've had to clean up one or two of my friend's PCs that have fallen victim to those things.
 
Yup they suck and can come up for a wide variety of reasons.

They seem to be disabling task manger or safe mode more now, than last year.

But they also are tending to hide in AppData folders

So often Al lUsers/Aplication Data

or Username/Local Settings/Application Data

some are hidden, some are not.
 
The last time I got one was simply browsing and clicked nothing. I figured it was something I'd downloaded earlier so decided to deal with it later and went to another computer to finish watching the video (watching tv show on a youtube style site) and that computer got infected too. Perhaps I'm misremembering and I did something stupid twice but AFAIK this is possible and relatively common.
 
elgarak said:
In particular for me. When this thing starts 'scanning' my C: drive ... while I am on Mac OS X...
Click to expand...

Yeah that has happened to me.

Joey McGee said:
The last time I got one was simply browsing and clicked nothing. I figured it was something I'd downloaded earlier so decided to deal with it later and went to another computer to finish watching the video (watching tv show on a youtube style site) and that computer got infected too. Perhaps I'm misremembering and I did something stupid twice but AFAIK this is possible and relatively common.
Click to expand...

Are you running Windows XP? My opinion is that is is very insecure compared to Vista/7. Most users run in admin mode which means that programs can do whatever they want to including entirely **** up the system. In Vista/7 you have to manually confirm that a program should have access to the system, limited the amount of damage it can do. This might be annoying to some people but it makes for a more secure system.
 
dtugg said:
Are you running Windows XP? My opinion is that is is very insecure compared to Vista/7. Most users run in admin mode which means that programs can do whatever they want to including entirely **** up the system. In Vista/7 you have to manually confirm that a program should have access to the system, limited the amount of damage it can do. This might be annoying to some people but it makes for a more secure system.
Click to expand...
One was on XP the other Vista, AFAIK with that security setting intact, so I don't know. All that happened was Avast's alarms went off and said I was under attack and then it was corrupted.

AFAIK it's still possible to get around that Vista feature but someone else will have to elaborate.
 
In removing these things, I've had good luck lately with booting to safe mode, performing a system restore to a point before the infection happened, then running Malwarebytes to complete the cleanup. If this doesn't work, you should consult a professional.
 
Virus/trojan posing as security software


Have you tried arresting it for impersonating an officer?
 
I use rkill to shutoff all the malware processes, and MalwareBytes Anti-Malware to remove it. In general, I use Microsoft Security Essentials and Spybot Search & Destroy (with TeaTimer). This prevents 99.9% of what most people get. In fact, I've only had it happen once over the course of many years, and had it eliminated and everything restored in under 20 minutes. Always keep your systems patched (I have Win 7), always keep your anti-malware and AV programs updated.

Also, while you can get the malware just about anywhere that has ad rotation, the vast majority occurs on porn and warez sites, so don't look at those or dodgy porn sites! ;)
 
blegh, had this nasty little thing last week, rendered my laptop unusable for several days, untill I finally found a solution. The virus had even managed to disable exe's in safe mode, so couldnt run malware bytes through there. Through the Admin profile was no good, as I couldnt update malware bytes to a point, where it would be of any use. Long story short (er), punched in a code into the malware, which stopped it from atleast causing pop ups, then got a registry fix, which enabled me to run and update malware bytes. Problem solved. System Restore didnt seem to work either btw as It would let me click on any previous restore points. Was quite proud of my self, as I'm fairly clueless with these kinds of things and was expecting to have to pay some computer geek to get rid of it.
 
philkensebben said:
I'm fairly clueless with these kinds of things and was expecting to have to pay some computer geek to get rid of it.
Click to expand...

It's worth mentioning that no one should ever have to do this. There are enough forums such as Bleeping Computer where people will troubleshoot it with you for free. You just have to provide as much info and logs as you can, wait for someone to respond and do what they tell you, it's a great system, God bless 'em
 
dtugg said:
I don't know how people fall for these things. It is very obvious.
Click to expand...

Well to most people their computer is a mystery, and so social engineering is very effective. I tell staff at both my schools to not respond to anything that does not say "ForeFront" on it, after three years they are getting a little better, some just never listen.

Some students and some staff will just click on anything.
 
Driftwood said:
I use rkill to shutoff all the malware processes, and MalwareBytes Anti-Malware to remove it. In general, I use Microsoft Security Essentials and Spybot Search & Destroy (with TeaTimer). This prevents 99.9% of what most people get. In fact, I've only had it happen once over the course of many years, and had it eliminated and everything restored in under 20 minutes. Always keep your systems patched (I have Win 7), always keep your anti-malware and AV programs updated.

Also, while you can get the malware just about anywhere that has ad rotation, the vast majority occurs on porn and warez sites, so don't look at those or dodgy porn sites! ;)
Click to expand...

More recently people have been inserting stuff into Google images, and then there are hoardes of other trojans: screen savers, coupon programs, toolbars.
 
dtugg said:
I don't know how people fall for these things. It is very obvious.
Click to expand...

They're not after you -- they're after the retiree who doesn't have a clue. If they can hit millions, all they need is 1 of 100 to be fooled and still turn a nice profit.
 
dtugg said:
I don't know how people fall for these things. It is very obvious.
Click to expand...
On Friday I was infected by a variant of the "Windows Repair" trojan. No clicking necessary. It trashed my system immediately, without even the ability to reboot in safe mode. The author was not out for money (by tricking me into buying something), he was simply out for destruction.

It took an expert and me about five hours to get my system back.

~~ Paul
 
Last edited:
When you refer to the "department's" in-car laptops, do you mean a police department or some other governmental agency? If it's that easy to capture an official computer, we should all be a little worried. Is there an IT department that can restrict the access that ordinary users have, meaning no dumb downloads?
 
Last edited:
Yes, it is a police department. These are the "toughbook" laptops that are essentially universal in police work.
Connected to the net via Sprint modem to access DOR, records checks, and various other sensitive materials.
I pointed out various security flaws when we got these, and the university's IT guys did go to heroic efforts to make the thing only able to access the "official" sites.
Like removing most of the functionality from the desktop, re-purposing the various internet icons to lead directly to the law-enforcement sites, and so forth.

Utterly useless, of course. Once one is connected to the law-enforcement portal, one is connected to the internet. All you need to do is pull down one of the imbedded-in-Windows access icons and you're off.
Or, if you're slightly more sophisticated, use a thumb drive with a browser installed.
I pointed this out to the chief as well, but nothing further has been done.
As a result, bored officers working 10-hour midnight shifts over the normally-dull Summer are predisposed to surf...
I maintained a better approach would have been to accept that the guys will use the computer and dole out some decent training on how to do so safely.....
No action as yet.
 
You must log in or register to reply here.

Back
Top Bottom