URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Forum News, Announcements and any issues you're having with the forum

Moderator: myglaren

User avatar
Xantianut
Posts: 646
Joined: 07 Aug 2012, 19:50
Location: Wolverhampton
My Cars: 2002 C5 2.0 HDi 110 SX

RIP:
1993 Xantia 1.8i LX
1989 BX16TRS
1986 BX14E x 2
x 19

URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xantianut » 19 Oct 2012, 12:30

Ay up!

There's a particularly nasty piece of Ransomware purporting to be from the Met Police e-Crime Unit going around. I got it from You Tube - watching a railway vid - how ironic is that?

It is a version of the U-Kash scam and looks very convincing. I'm no dumb bunny and am, at least, streetwise with the Net but was very nearly taken in. The only reson I didn't cough up is the only place locally that has PayPoint was shut.

Check the anti-malware software on your machines and please, be careful.
0x
C5 HDi 110 SX (Fifi 7 or Otterchops)

RIP
Citroen Xantia 1.8i LX (Fifi 6)
BX16TRS (x2) (Fifi 4 and 5)
BX19DTR (Fifi 2)
BX14E (x2) (Fifi 1 and 3)

User avatar
Xaccers
Posts: 7655
Joined: 08 Feb 2007, 00:46
Location: Milling around Milton Keynes
My Cars:
x 2

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xaccers » 19 Oct 2012, 15:02

Malwarebytes is a good bit of software.
I've found through work that most of these infect the user's profile so if they pull the plug rather than log off, we can log on, delete the local copy of their profile and their uninfected server copy will be loaded the next time they log on.
That's the handy thing about roaming profiles.
Of course if they call the service desk before me, then chances are they'll be told to log off so their clean server profile gets overwritten by the infected copy.
Does remind me, I need to pick up a copy of Symantec Internet security this week before my current one runs out (£24 for 3 licences from PC World)
0x
1.9TD+ SX Xantia Estate (Cassy) running on 100% veg
1.9TD SX Xantia Hatchback (Jenny) running on 100% veg for sale
Laguna II 2.0dCi Privilege (Monty)

DIY sphere tool

User avatar
Xantianut
Posts: 646
Joined: 07 Aug 2012, 19:50
Location: Wolverhampton
My Cars: 2002 C5 2.0 HDi 110 SX

RIP:
1993 Xantia 1.8i LX
1989 BX16TRS
1986 BX14E x 2
x 19

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xantianut » 20 Oct 2012, 18:31

Ay up!

My computer is now clean but this Trojan is a nasty one. It hides from every installed anti-virus program installed on the computer and, when the operator tries to activate a pre-existing package that it can't hide from, the virus activates itself and locks the computer.

I've downloaded SpyHunter which has cleared it. I already have IOBit Advanced System Care, Windows Defender and McAfee packages installed. It hid from the first two and locked the 'puter on activating the 3rd. None would locate it in "safe" mode, the only way I could make the box work.

There are instruction pages available but they're beyond me. Maybe someone with more tech knowledge could make then work. Anyway, even in "safe" mode SpyHunter has cleared it, enabling me to chat with my mates online again.

Has anyone missed me?
0x
C5 HDi 110 SX (Fifi 7 or Otterchops)

RIP
Citroen Xantia 1.8i LX (Fifi 6)
BX16TRS (x2) (Fifi 4 and 5)
BX19DTR (Fifi 2)
BX14E (x2) (Fifi 1 and 3)

User avatar
CitroJim
A very naughty boy
Posts: 38738
Joined: 30 Apr 2005, 23:33
Location: North Bucks
My Cars: A red Xantia Activa, a pretty blue Pug 207, a white Citroen Saxo, a Giant TCR Bike and a Giant TCR Pro Bike.
x 705

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by CitroJim » 20 Oct 2012, 18:37

I presume this bit on nastiness does not affect Linux systems?
0x
Jim

Please note I do not accept PMs...

User avatar
Xaccers
Posts: 7655
Joined: 08 Feb 2007, 00:46
Location: Milling around Milton Keynes
My Cars:
x 2

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xaccers » 20 Oct 2012, 18:59

CitroJim wrote:I presume this bit on nastiness does not affect Linux systems?


Nah Linux users just have their computers turned into zombies as part of spam bot nets.

Past experience has shown me not to trust McAffee
0x
1.9TD+ SX Xantia Estate (Cassy) running on 100% veg
1.9TD SX Xantia Hatchback (Jenny) running on 100% veg for sale
Laguna II 2.0dCi Privilege (Monty)

DIY sphere tool

User avatar
CitroJim
A very naughty boy
Posts: 38738
Joined: 30 Apr 2005, 23:33
Location: North Bucks
My Cars: A red Xantia Activa, a pretty blue Pug 207, a white Citroen Saxo, a Giant TCR Bike and a Giant TCR Pro Bike.
x 705

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by CitroJim » 20 Oct 2012, 19:14

Xac wrote:Nah Linux users just have their computers turned into zombies as part of spam bot nets.


Really? How?
0x
Jim

Please note I do not accept PMs...

User avatar
myglaren
Forum Admin Team
Posts: 13542
Joined: 02 Mar 2008, 14:30
Location: Washington
My Cars: 2003 C5 2.0 HDi 110 SX 220,022
x 195

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by myglaren » 20 Oct 2012, 19:41

Xantianut wrote:Ay up!

My computer is now clean but this Trojan is a nasty one. It hides from every installed anti-virus program installed on the computer and, when the operator tries to activate a pre-existing package that it can't hide from, the virus activates itself and locks the computer.

I've downloaded SpyHunter which has cleared it. I already have IOBit Advanced System Care, Windows Defender and McAfee packages installed. It hid from the first two and locked the 'puter on activating the 3rd. None would locate it in "safe" mode, the only way I could make the box work.

There are instruction pages available but they're beyond me. Maybe someone with more tech knowledge could make then work. Anyway, even in "safe" mode SpyHunter has cleared it, enabling me to chat with my mates online again.

Has anyone missed me?


I would recommend Microsoft Security Essentials over Windows Defender. As Xac says, I wouldn't trust MacAfee (or any Norton product).
Odd that MacAfee is a Microsoft product now.

Sandboxie received some high praise a while back but to be honest I could never be bothered with it.

Which video was it, I might go there and see what it does to my computer as I'm going to install the next Ubuntu in ten days or so.

(Using Ubuntu 12.04 currently)
0x
________________________________
Steve

Jackie Evancho

Northern_Mike
x 48

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Northern_Mike » 20 Oct 2012, 21:55

Xantianut wrote:Ay up!

There's a particularly nasty piece of Ransomware purporting to be from the Met Police e-Crime Unit going around. I got it from You Tube - watching a railway vid - how ironic is that?

It is a version of the U-Kash scam and looks very convincing. I'm no dumb bunny and am, at least, streetwise with the Net but was very nearly taken in. The only reson I didn't cough up is the only place locally that has PayPoint was shut.

Check the anti-malware software on your machines and please, be careful.


Two people I know have been hit by this annoyance this week.

Malwarebytes gets rid of it. On one (XP) there was a bit of fiddling to get it to boot into Safe Mode with networking, changing a reg key to allow it to open IE and connect to the web to download Malwarebytes. Once scanned and removed, the PC was fine.

On the other, a Windows 7 machine (my sister-in-law in Alabama!), I logged on remotely using Logmein, but used my own user profile I'd set up yonks ago, as it was unaffected rather than her profile. I updated and scanned with Malwarebytes, it found the nasty little thing, removed it, and all is well again.
0x

Northern_Mike
x 48

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Northern_Mike » 20 Oct 2012, 22:03

Rattiva_Mike wrote:
Xantianut wrote:Ay up!

There's a particularly nasty piece of Ransomware purporting to be from the Met Police e-Crime Unit going around. I got it from You Tube - watching a railway vid - how ironic is that?

It is a version of the U-Kash scam and looks very convincing. I'm no dumb bunny and am, at least, streetwise with the Net but was very nearly taken in. The only reson I didn't cough up is the only place locally that has PayPoint was shut.

Check the anti-malware software on your machines and please, be careful.


Two people I know have been hit by this annoyance this week.

Malwarebytes gets rid of it. On one (XP) there was a bit of fiddling to get it to boot into Safe Mode with networking, changing a reg key to allow it to open IE and connect to the web to download Malwarebytes. Once scanned and removed, the PC was fine.

I have used Microsoft Security Essentials, behind a simple home router - current one being a Virgin Media thing, with it's default settings ever since MSE came out. I've never had a problem with viruses or malware. McAfee and Norton amongst others simply appear to be a way of parting the frightened from their hard-earned cash - poor protection, and often cause other PC problems. They're almost as bad as the virii they are supposed to protect against.

If anyone wants any help or advice - please feel free to PM me. There's plenty of stuff to do most tasks you could ever need totally free and legally. Just yesterday I managed to get hold of some freeware disk recovery software to rescue a load of files from a hard disk with a ruined partition table that Windows (or Linux) couldn't read. Free!


On the other, a Windows 7 machine (my sister-in-law in Alabama!), I logged on remotely using Logmein, but used my own user profile I'd set up yonks ago, as it was unaffected rather than her profile. I updated and scanned with Malwarebytes, it found the nasty little thing, removed it, and all is well again.
0x

User avatar
Xaccers
Posts: 7655
Joined: 08 Feb 2007, 00:46
Location: Milling around Milton Keynes
My Cars:
x 2

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xaccers » 20 Oct 2012, 22:51

CitroJim wrote:
Xac wrote:Nah Linux users just have their computers turned into zombies as part of spam bot nets.


Really? How?


Poor security. There's been many spam bot nets involving linux, and many spam bot nets are run by hacked linux boxes.
People believe that linux is invincible so don't learn how to make it secure, where as with Windoze people believe it has more holes than swiss cheese and so learn how to secure it.
0x
1.9TD+ SX Xantia Estate (Cassy) running on 100% veg
1.9TD SX Xantia Hatchback (Jenny) running on 100% veg for sale
Laguna II 2.0dCi Privilege (Monty)

DIY sphere tool

User avatar
Xantianut
Posts: 646
Joined: 07 Aug 2012, 19:50
Location: Wolverhampton
My Cars: 2002 C5 2.0 HDi 110 SX

RIP:
1993 Xantia 1.8i LX
1989 BX16TRS
1986 BX14E x 2
x 19

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xantianut » 21 Oct 2012, 13:42

Ay up!

Thinking about it, I used the Wi-Fi in a local cafe to check emails so that's probably where I got it from. SpyHunter also found over 240 other viruses on my machine (gulp!) so how it stayed still on my lap is another question. It was positively lousy with viruses! Presumably, something in YouTube's code activated the thing.

I know not, I'm only guessing here.

Computers? I can only drive 'em, I don't know what makes 'em go!
0x
C5 HDi 110 SX (Fifi 7 or Otterchops)

RIP
Citroen Xantia 1.8i LX (Fifi 6)
BX16TRS (x2) (Fifi 4 and 5)
BX19DTR (Fifi 2)
BX14E (x2) (Fifi 1 and 3)

User avatar
Xaccers
Posts: 7655
Joined: 08 Feb 2007, 00:46
Location: Milling around Milton Keynes
My Cars:
x 2

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xaccers » 21 Oct 2012, 14:46

Most malware gets in via adverts.
The company that runs the advertising system is provided links from the advertisers to load their image and link to their site.
When you visit a website that displays adverts from that system, depending on the content of the page your on, or any tracking cookies the advertising system detects, you're presented an advert.
Now, if someone manages to hack the website that hosts the advert (probably some linux box who's admin thinks is safe just because it is running linux ;) ) and upload the malware to the advert page, when that advert happens to get picked for display the malware gets loaded on the user's PC. Now some of it lays dormant until you go to certain websites, such as Google (so it can redirect your search results).
0x
1.9TD+ SX Xantia Estate (Cassy) running on 100% veg
1.9TD SX Xantia Hatchback (Jenny) running on 100% veg for sale
Laguna II 2.0dCi Privilege (Monty)

DIY sphere tool