Welcome to 3T! Please take the time to register and join in on the friendly,knowledgeable watch talk.Please note that not all registrations will receive an immediate activation e-mail.Those who do not receive an immediate notification will be activated manually within 48hrs. by an admin. without an e-mail activation url sent to you,you may then sign in using your username and password,if you feel there is a problem please e-mail us at timetechtalk@hotmail.com and include your name and username and we activate your account.Thank You! |
Moderated by: 3T | Page: 1 2 |
|
Virus got my computer | Rate Topic |
Author | Post |
---|
Posted: Mon Feb 1st, 2010 01:06 am |
|
1st Post |
murphy j 3T WIS
|
As the title says, a scareware virus has shut down my computer. I want to give everyone a heads up about it as it looks like a legit anti-virus ad. It's called 'Internet Security 2010'. If you become infected with this virus or fall for the sales pitch that comes with it, you can compromise your log in information for any site you sign into. It showed up when I tried to log in to my photobucket account and when I tried to close out the screen it popped up in, it locked me out of the photobucket site and I couldn't make it go away. My wife is a bit of a computer geek and she searched around on her computer and found a removal method, but it didn't work. I'm now locked out of my computer as it now won't let me log in. I'm doing all my online stuff from my Iphone right now. I want everyone to be aware of this as it now looks like I'm going to have to buy a new computer and hope that a tech can retrieve all my photos off of my hard drive. I hope none of you encounter this virus in any of it's four known copys. And before anyone asks, my anti-virus software (AVG) detected it, but couldn't remove it. Last edited on Mon Feb 1st, 2010 01:09 am by murphy j |
||||||||||||||
|
Posted: Mon Feb 1st, 2010 01:39 am |
|
2nd Post |
scottran 3T WIS
|
Thanks for the heads up. Hope you can get that resolved and at least get your pics back.
|
|||||||||||||
|
Posted: Mon Feb 1st, 2010 07:38 am |
|
3rd Post |
Paxman 3T WIS
|
I've come across this a lot as of late. I was able to do an MS Config and stop it from starting up after the reboot. Then I was able to remove it. It surely looks like a legitimate security warning and tool but it isn't... Good luck Murph.
|
||||||||||||||
|
Posted: Mon Feb 1st, 2010 09:00 am |
|
4th Post |
elemental 3T WIS
|
boot into safemode (tapping f8 during boot) download malwarebytes (mbam for short) and run it in safemode. it should take care of it.
|
|||||||||||||
|
Posted: Mon Feb 1st, 2010 09:41 am |
|
5th Post |
Paxman 3T WIS
|
Wonder where this junk came from? I've had a lot of home users who've fallen for the bait...:(
|
||||||||||||||
|
Posted: Mon Feb 1st, 2010 10:42 am |
|
6th Post |
elemental 3T WIS
|
Paxman wrote: Wonder where this junk came from? I've had a lot of home users who've fallen for the bait...:( its been coming and going for the last several months. most of the time on unpatched computers. it even got into several of the computers at work.
|
|||||||||||||
|
Posted: Mon Feb 1st, 2010 11:58 am |
|
7th Post |
Tony Duronio 3T WIS
|
crashed both of my computers the past week:X
|
||||||||||||||
|
Posted: Mon Feb 1st, 2010 12:20 pm |
|
8th Post |
KenC Admin
|
It's a very common thing lately...it usually corrupts an AVG exe file so that you cannot get rid of it. What I do is immedialy go into control panel "add/remove programs". There is usually a tool bar or something associated with the program that can be deleted...do so. Then go immediately into start/all programs/accessories/system tolls and do a system restore for at least several days back. If it won't let you into system restore, reboot your computer into "safe mode" . Arrow down to start in safe mode with system recovery"...this will usually get rid of it. Failing that, it usually takes a reinstall of your operating system. While AVG used to be the best on the market, AVIRA is now the best free Virus control and I buy Webroot SpySweeper from newegg.com (3 license for $34 including 2 day shipping). The is alao some very good freware out there to perform a mirror image of your computer so that if you do have to "reload" you can do it from this backup with out having to totally reinstall your OS, updates, drivers, files, ect the hardway. They are available at EASEUS.com, and, occasionally, Paragon gives away free versions of its software for a few days. Their programs are very good and reliable. The free versions are very close to the pay versions and do about all most people need. Right now they are giving free versions of their Partition Manager and of their Backup & Recovery software. You can download them here http://www.paragon-software.com/free/ When you install they will ask for your name and email and then send you the code and serial number to install it. The Backup program even lets you make a bootable CD so you can restore a backup even if the computer won't boot Windows. Get them while they are free.
|
|||||||||||||
|
Posted: Mon Feb 1st, 2010 12:34 pm |
|
9th Post |
murphy j 3T WIS
|
elemental wrote:boot into safemode (tapping f8 during boot) download malwarebytes (mbam for short) and run it in safemode. it should take care of it. my wife tried booting into safemode and it won't allow it. Ken, Thanks for the info. I'll pass it on to my wife since she has an keen interest in this stuff and is more technically saavy than me. Last edited on Mon Feb 1st, 2010 12:38 pm by murphy j |
||||||||||||||
|
Posted: Mon Feb 1st, 2010 04:04 pm |
|
10th Post |
Hammerfjord Moderator
|
I got the last anti-virus Norton and I surf with Google Chrome who's well updated on protection they say: Never had any trouble... I hope you will recover your stuffs;)
|
|||||||||||||
|
Posted: Mon Feb 1st, 2010 08:42 pm |
|
11th Post |
DM71 3T WIS
|
Thanks for the heads up Murphy. I'm usually quite good at killing these virus but the brains behind them are getting smarter and smarter. I just cannot believe all the tricks they find to cause damages...I got one once that had two processes running at the same time, their name would always be different and you would go in Task Manager to shut one down, then the second one would restart it, with a new name again It took me three days before I found a way of trapping it and delete it. Sometimes, there is just nothing to do, especially if you cannot even log on...If all that energy was used to do good things instead of that sh*t... some people really have too much time to kill, they should start collecting watches, this would keep them busy Also, stay away from these bad sites next time Murphy!!!:D woohoo.gif You know that viruses are like vampires? 99% of them will knock to your door again and again but, if you do not invite them home, they can't get in! We have to be careful...Good luck with your machine Murphyhand6.gif Last edited on Mon Feb 1st, 2010 08:48 pm by DM71 |
||||||||||||||
|
Posted: Tue Feb 2nd, 2010 12:49 am |
|
12th Post |
OldeCrow 3T WIS
|
These are smitfraud variants, this latest one doesn't require any user interaction to infect you either, you just need to visit an infected site or see an infected add, popup, etc. In many cases these infections combine with an older one that you may not know you have or easily get in due to back doors left over from previous infections that were not completely removed and when this happens you frequently have to remove the hd scan it externally and even then often have to do a repair load of windows xp or a fresh load of vista/w7. These are very difficult to remove properly. I spend my days working at a computer store doing pretty much nothing but virus removal, since this latest one hit computers we have had about a five day backup with all the infected computers! there is a pretty tried and true method for removing these non virus and even a few of the virus infections. 1. combofix in safe mode (bleeping computer is the proper download site for it) 2. hijack this (free.antivirus.com/hijackthis) to remove startup items permanently. 3. LSPFix removes network stack hyjacks if you know how to use it! 4. superantispyware and or malwarebytes (their websites are pretty easy to find with google) malwarebytes will install in safe mode so it's a bit better tool for early removal. 5. SDfix an older tool that will clean up older backdoors restore your hosts file and some other stuff. (extracts to a folder on the root drive with a runme batch file) Also run in safe mode. 6. reset registry and file permissions to defaults ( older smitfraud variants messed up user permissions desktop settings and lots of other irritating things. subacl and a reset batch file. (if you can't find these on the web I can put a zip file together with some of these tools if there is any interest PM me) 7. full virus scan in normal mode if windows will run in normal mode now. 8. windows updates! latest updates to IE, OE, Firefox, Thunderbird or other browser/email clients I suggest Adblock addon for Firefox and Thunderbird Of course there are a million stumbling blocks that will interrupt this list most commonly permission hijacks that prevent you from doing registry edits and resetting desktop settings... Just my 2c from the computer guy on his day off!
|
|||||||||||||
|
Current time is 04:47 pm | Page: 1 2 |
TimeTechTalk.com > Time Tech Talk > OT > Virus got my computer | Top |