TimeTechTalk.com Home

TimeTechTalk.com > Time Tech Talk > OT > Virus got my computer

Welcome to 3T! Please take the time to register and join in on the friendly,knowledgeable watch talk.Please note that not all registrations will receive an immediate activation e-mail.Those who do not receive an immediate notification will be activated manually within 48hrs. by an admin. without an e-mail activation url sent to you,you may then sign in using your username and password,if you feel there is a problem please e-mail us at timetechtalk@hotmail.com and include your name and username and we activate your account.Thank You!

 Moderated by: 3T Page:    1  2  Next Page Last Page  
New Topic Reply Printer Friendly
Virus got my computer  Rate Topic 
AuthorPost
 Posted: Mon Feb 1st, 2010 01:06 am
  PM Quote Reply
1st Post
murphy j
3T WIS


Joined: Thu Oct 11th, 2007
Location: Home Again With My Loving Family
Posts: 1613
Status: 
Offline
As the title says, a scareware virus has shut down my computer. I want to give everyone a heads up about it as it looks like a legit anti-virus ad. It's called 'Internet Security 2010'. If you become infected with this virus or fall for the sales pitch that comes with it, you can compromise your log in information for any site you sign into. It showed up when I tried to log in to my photobucket account and when I tried to close out the screen it popped up in, it locked me out of the photobucket site and I couldn't make it go away. My wife is a bit of a computer geek and she searched around on her computer and found a removal method, but it didn't work. I'm now locked out of my computer as it now won't let me log in. I'm doing all my online stuff from my Iphone right now. I want everyone to be aware of this as it now looks like I'm going to have to buy a new computer and hope that a tech can retrieve all my photos off of my hard drive. I hope none of you encounter this virus in any of it's four known copys. And before anyone asks, my anti-virus software (AVG) detected it, but couldn't remove it.

Last edited on Mon Feb 1st, 2010 01:09 am by murphy j

Back To Top PM Quote Reply  

 Posted: Mon Feb 1st, 2010 01:39 am
  PM Quote Reply
2nd Post
scottran
3T WIS


Joined: Thu Jan 24th, 2008
Location: Southwestern Pa, Pennsylvania USA
Posts: 2230
Status: 
Offline
Thanks for the heads up.  Hope you can get that resolved and at least get your pics back.

Back To Top PM Quote Reply

 Posted: Mon Feb 1st, 2010 07:38 am
  PM Quote Reply
3rd Post
Paxman
3T WIS


Joined: Sun Apr 23rd, 2006
Location: NorthEastern, Wisconsin USA
Posts: 15957
Status: 
Offline
I've come across this a lot as of late. I was able to do an MS Config and stop it from starting up after the reboot. Then I was able to remove it. It surely looks like a legitimate security warning and tool but it isn't... Good luck Murph.

Back To Top PM Quote Reply  

 Posted: Mon Feb 1st, 2010 09:00 am
  PM Quote Reply
4th Post
elemental
3T WIS
 

Joined: Mon Feb 9th, 2009
Location: Girard, Ohio USA
Posts: 590
Status: 
Offline
boot into safemode (tapping f8 during boot) download malwarebytes (mbam for short) and run it in safemode.  it should take care of it. 

Back To Top PM Quote Reply

 Posted: Mon Feb 1st, 2010 09:41 am
  PM Quote Reply
5th Post
Paxman
3T WIS


Joined: Sun Apr 23rd, 2006
Location: NorthEastern, Wisconsin USA
Posts: 15957
Status: 
Offline
Wonder where this junk came from? I've had a lot of home users who've fallen for the bait...:(

Back To Top PM Quote Reply  

 Posted: Mon Feb 1st, 2010 10:42 am
  PM Quote Reply
6th Post
elemental
3T WIS
 

Joined: Mon Feb 9th, 2009
Location: Girard, Ohio USA
Posts: 590
Status: 
Offline
Paxman wrote: Wonder where this junk came from? I've had a lot of home users who've fallen for the bait...:(
its been coming and going for the last several months.  most of the time on unpatched computers.  it even got into several of the computers at work. 

Back To Top PM Quote Reply

 Posted: Mon Feb 1st, 2010 11:58 am
  PM Quote Reply
7th Post
Tony Duronio
3T WIS


Joined: Thu Sep 29th, 2005
Location: Clinton Twp, Michigan USA
Posts: 12862
Status: 
Offline
crashed both of my computers the past week:X 

Back To Top PM Quote Reply  

 Posted: Mon Feb 1st, 2010 12:20 pm
  PM Quote Reply
8th Post
KenC
Admin


Joined: Sun Sep 4th, 2005
Location: Florida &, Arizona USA
Posts: 11288
Status: 
Offline
It's a very common thing lately...it usually corrupts an AVG exe file so that you cannot get rid of it.  What I do is immedialy go into control panel "add/remove programs".  There is usually a tool bar or something associated with the program that can be deleted...do so.  Then go immediately into start/all programs/accessories/system tolls and do a system restore for at least several days back.

If it won't let you into system restore, reboot your computer into "safe mode" .  Arrow down to start in safe mode with system recovery"...this will usually get rid of it.  Failing that, it usually takes a reinstall of your operating system.

While AVG used to be the best on the market, AVIRA is now the best free Virus control and I buy Webroot SpySweeper from newegg.com (3 license for $34 including 2 day shipping).

The is alao some very good freware out there to perform a mirror image of your computer so that if you do have to "reload" you can do it from this backup with out having to totally reinstall your OS, updates, drivers, files, ect the hardway.  They are available at EASEUS.com, and, occasionally, Paragon gives away free versions of its software for a few days. Their programs are very good and reliable. The free versions
are very close to the pay versions and do about all most people need.
Right now they are giving free versions of their Partition Manager and
of their Backup & Recovery software. You can download them here
http://www.paragon-software.com/free/

When you install they will ask for your name and email and then send
you the code and serial number to install it.

The Backup program even lets you make a bootable CD so you can restore
a backup even if the computer won't boot Windows. Get them while they
are free.

Back To Top PM Quote Reply

 Posted: Mon Feb 1st, 2010 12:34 pm
  PM Quote Reply
9th Post
murphy j
3T WIS


Joined: Thu Oct 11th, 2007
Location: Home Again With My Loving Family
Posts: 1613
Status: 
Offline
elemental wrote:
boot into safemode (tapping f8 during boot) download malwarebytes (mbam for short) and run it in safemode.  it should take care of it. 

my wife tried booting into safemode and it won't allow it.

Ken, Thanks for the info. I'll pass it on to my wife since she has an keen interest in this stuff and is more technically saavy than me.

Last edited on Mon Feb 1st, 2010 12:38 pm by murphy j

Back To Top PM Quote Reply  

 Posted: Mon Feb 1st, 2010 04:04 pm
  PM Quote Reply
10th Post
Hammerfjord
Moderator


Joined: Thu Apr 16th, 2009
Location: Arctic, Norway
Posts: 5821
Status: 
Offline
I got the last anti-virus Norton and I surf with Google Chrome who's well updated on protection they say: Never had any trouble... I hope you will recover your stuffs;)

Back To Top PM Quote Reply

 Posted: Mon Feb 1st, 2010 08:42 pm
  PM Quote Reply
11th Post
DM71
3T WIS


Joined: Sun Oct 19th, 2008
Location: Quebec Canada
Posts: 911
Status: 
Offline
Thanks for the heads up Murphy.  I'm usually quite good at killing these virus but the brains behind them are getting smarter and smarter.  I just cannot believe all the tricks they find to cause damages...I got one once that had two processes running at the same time, their name would always be different and you would go in Task Manager to shut one down, then the second one would restart it, with a new name againmistake.gif It took me three days before I found a way of trapping it and delete it.  Sometimes, there is just nothing to do, especially if you cannot even log on...If all that energy was used to do good things instead of that sh*t... some people really have too much time to kill, they should start collecting watches, this would keep them busysubtlelaugh.gif  Also, stay away from these bad sites next time Murphy!!!:D woohoo.gif You know that viruses are like vampires?  99% of them will knock to your door again and again but, if you do not invite them home, they can't get in!  We have to be careful...Good luck with your machine Murphyhand6.gif

Last edited on Mon Feb 1st, 2010 08:48 pm by DM71

Back To Top PM Quote Reply  

 Posted: Tue Feb 2nd, 2010 12:49 am
  PM Quote Reply
12th Post
OldeCrow
3T WIS


Joined: Sun Feb 26th, 2006
Location: Oregon, USA
Posts: 2897
Status: 
Offline
These are smitfraud variants, this latest one doesn't require any user interaction to infect you either, you just need to visit an infected site or see an infected add, popup, etc.

In many cases these infections combine with an older one that you may not know you have or easily get in due to back doors left over from previous infections that were not completely removed and when this happens you frequently have to remove the hd scan it externally and even then often have to do a repair load of windows xp or a fresh load of vista/w7. These are very difficult to remove properly.

I spend my days working at a computer store doing pretty much nothing but virus removal, since this latest one hit computers we have had about a five day backup with all the infected computers!

there is a pretty tried and true method for removing these non virus and even a few of the virus infections.

1. combofix in safe mode (bleeping computer is the proper download site for it)
2. hijack this (free.antivirus.com/hijackthis) to remove startup items permanently.
3. LSPFix removes network stack hyjacks if you know how to use it!
4. superantispyware and or malwarebytes (their websites are pretty easy to find with google) malwarebytes will install in safe mode so it's a bit better tool for early removal.
5. SDfix an older tool that will clean up older backdoors restore your hosts file and some other stuff. (extracts to a folder on the root drive with a runme batch file) Also run in safe mode.
6. reset registry and file permissions to defaults ( older smitfraud variants messed up user permissions desktop settings and lots of other irritating things. subacl and a reset batch file. (if you can't find these on the web I can put a zip file together with some of these tools if there is any interest PM me)
7. full virus scan in normal mode if windows will run in normal mode now.
8.  windows updates! latest updates to IE, OE, Firefox, Thunderbird or other browser/email clients I suggest Adblock addon for Firefox and Thunderbird


Of course there are a million stumbling blocks that will interrupt this list most commonly permission hijacks that prevent you from doing registry edits and resetting desktop settings...

Just my 2c from the computer guy on his day off!



 

Back To Top PM Quote Reply

Current time is 01:48 pm Page:    1  2  Next Page Last Page    
TimeTechTalk.com > Time Tech Talk > OT > Virus got my computer Top



Lead Theme By: Di @ UltraBB
UltraBB 1.17 Copyright © 2007-2012 Data 1 Systems
Page processed in 0.1533 seconds (52% database + 48% PHP). 27 queries executed.