| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 115839 | 2011-02-06 04:09:00 | Bogus virus b...tards | linw (53) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1175536 | 2011-02-06 04:09:00 | eberry's thread below is familiar. Bro-in-law has the 'antivirus.net' variant. Over the phone I tried to help. Got him into safe mode with networking which seemed to have stopped the pop-ups. Tried IE. No-go - can't find web page. Check IP no.s. OK. Tried pinging outside. OK. Outlook Express works. Found he had Chrome installed so he ran that. Still errors. Said proxy settings problem, go into 'wrench' then do this and that. For the life of him, he couldn't find that bloody wrench!!! And I don't have Chrome installed to look. OK. Look for the Team Viewer icon. Found one after a while but it was a custom install icon leading to, you guessed it, www.teamviewer.com and the IE browser problem!!!! Gave up at this stage. These things are just too hard by phone, especially with people not au fait with the lingo. Hope eberry has better luck. |
linw (53) | ||
| 1175537 | 2011-02-06 04:23:00 | Some of these infections appear to have a hidden payload - in the form of rootkits. One I thought I had fixed was fine for 2 days, then it came right back, combofix found another few rootkits and a sh1t load more infections (different to the first lot) after rerunning the updates again two days later. Programs I ran through: Malwarebytes Superantispyware Trojan remover Spybot Combofix Nod32 Then installed MSSE. Ran Hijack this , checked each reg key/ entry :waughh: Process Explorer TDSSKiller -- (it had the TDL3) - said it was removed --Hmmmm RootKit Hook Analyzer didn't find it. ALL clean -- But it still came back. Ended up doing a complete reinstall. |
wainuitech (129) | ||
| 1175538 | 2011-02-06 04:25:00 | They won't be going away anytime soon either, people are PAYING THEM! | fred_fish (15241) | ||
| 1175539 | 2011-02-06 05:07:00 | I was wondering when someone else was going to have this problem as it seems to be the same one that I had trouble with and seems to be getting quite common now. Anyone know how this occurs as my daughter who had the problem only ever goes to reliable well known web sites and never accepted the offer to download the fake virus fix. She never clicks on email links or uses anything like facebook. It is a mystery how it got installed on her computer and would really like to know how these rootkit type infections can be avoided especially this one that redirects to strange websites. Surely you would have to click on something or are even some normally reliable websites now being compromised and hijacked. www.pressf1.co.nz It needed a computer tech and a lot of time to get it removed. |
Safari (3993) | ||
| 1175540 | 2011-02-06 05:39:00 | A lot of the time its caused by whats called a Drive By Download (en.wikipedia.org). Other causes are often some sort of file sharing programs. |
wainuitech (129) | ||
| 1175541 | 2011-02-06 05:48:00 | Programs I ran through: Malwarebytes Superantispyware Trojan remover Spybot Combofix Nod32 MSSE. Hijack this Process Explorer TDSSKiller RootKit Hook Analyzer ALL clean -- But it still came back. Ended up doing a complete reinstall. Yep. Friend mine demonstrated how easy it was to write a thing that nothing detects. Still unstable - wipe. That gets it! |
pctek (84) | ||
| 1175542 | 2011-02-06 20:19:00 | It's a real conundrum the wipe or fix decision. The trade off is really tricky. Real bugger if you end up having to do both, eh WT! Other problem is how to recoup enough to cover the long time it often takes. Bit unfair, really, as they take the risks and you wear the consequences. Of course, recovery problems will go away when everyone has a reliable imaging backup system in place!! And pigs will fly. But, with 1TB USB drives at $109 you wonder why they are not used more often by more people. OK, I already know the answer to that, hence my 'experiment' with my latest client's new machine. Leave the USB drive attached and going (they sleep fine when not being used) and schedule your imaging program. More important with this one as they have accounting progs as well as the usual stuff. @Safari - I wonder about the vector as well. My sister and bro-in-law are over 70 so don't expect they are into dodgy sites or torrent downloads! But, then, how many systems now have Chrome installed when they don't even know what it is? Not to mention Macafee scan crap etc etc. |
linw (53) | ||
| 1175543 | 2011-02-06 22:53:00 | Leave the USB drive attached and going (they sleep fine when not being used) and schedule your imaging program. That's what a friend of mine did. Windows threw a hissy the PC crashed, rebooted, all her folders on the external had become files with interesting names like: _)(>}]- etc. She recovered most but not all. And what about power surges? Blow them both up. |
pctek (84) | ||
| 1175544 | 2011-02-07 01:37:00 | Good point re power surge. Mine is OK as the PC is on a UPS. The corrupt file issue could occur during a backup, though, couldn't it so both gone then as well. But is this scheme worse than the norm which is no backups at all? Or the 'turn it on and do a backup once a week' which will be overlooked? It is a damn hard issue and the unwashed can only have the risks reduced rather than eliminated. Unless someone has a foolproof scheme which they would like to share! I did also advise that a fire or burglary would likely mean 'all gone' as well! Auto backups to the cloud sound good but bandwidth and volume limits prohibit that. Thanks for comments. |
linw (53) | ||
| 1175545 | 2011-02-07 01:43:00 | Are any of the AV / Malware organisations working on "preventative measures" to stop these sort of attacks happening ?? Pretty scary if the usual methods of protection aren't effective and is it possible for these nasties to infect a backup drive as well ?? | SP8's (9836) | ||
| 1 2 | |||||