URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Forum News, Announcements and any issues you're having with the forum

Moderator: myglaren

User avatar
Xantianut
Posts: 579
Joined: Tue Aug 07, 2012 7:50 pm
Location: Wolverhampton
My Cars: 2002 C5 2.0 HDi 110 SX

RIP:
1993 Xantia 1.8i LX
1989 BX16TRS
1986 BX14E x 2
x 9
Contact:

URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Postby Xantianut » Fri Oct 19, 2012 12:30 pm

Ay up!

There's a particularly nasty piece of Ransomware purporting to be from the Met Police e-Crime Unit going around. I got it from You Tube - watching a railway vid - how ironic is that?

It is a version of the U-Kash scam and looks very convincing. I'm no dumb bunny and am, at least, streetwise with the Net but was very nearly taken in. The only reson I didn't cough up is the only place locally that has PayPoint was shut.

Check the anti-malware software on your machines and please, be careful.
0 x
C5 HDi 110 SX (Fifi 7 or Otterchops)

RIP
Citroen Xantia 1.8i LX (Fifi 6)
BX16TRS (x2) (Fifi 4 and 5)
BX19DTR (Fifi 2)
BX14E (x2) (Fifi 1 and 3)

User avatar
Xaccers
Posts: 8035
Joined: Thu Feb 08, 2007 12:46 am
Location: Milling around Milton Keynes
My Cars:
x 1

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Postby Xaccers » Fri Oct 19, 2012 3:02 pm

Malwarebytes is a good bit of software.
I've found through work that most of these infect the user's profile so if they pull the plug rather than log off, we can log on, delete the local copy of their profile and their uninfected server copy will be loaded the next time they log on.
That's the handy thing about roaming profiles.
Of course if they call the service desk before me, then chances are they'll be told to log off so their clean server profile gets overwritten by the infected copy.
Does remind me, I need to pick up a copy of Symantec Internet security this week before my current one runs out (£24 for 3 licences from PC World)
0 x
1.9TD+ SX Xantia Estate (Cassy) running on 100% veg
1.9TD SX Xantia Hatchback (Jenny) running on 100% veg for sale
Laguna II 2.0dCi Privilege (Monty)

DIY sphere tool

User avatar
Xantianut
Posts: 579
Joined: Tue Aug 07, 2012 7:50 pm
Location: Wolverhampton
My Cars: 2002 C5 2.0 HDi 110 SX

RIP:
1993 Xantia 1.8i LX
1989 BX16TRS
1986 BX14E x 2
x 9
Contact:

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Postby Xantianut » Sat Oct 20, 2012 6:31 pm

Ay up!

My computer is now clean but this Trojan is a nasty one. It hides from every installed anti-virus program installed on the computer and, when the operator tries to activate a pre-existing package that it can't hide from, the virus activates itself and locks the computer.

I've downloaded SpyHunter which has cleared it. I already have IOBit Advanced System Care, Windows Defender and McAfee packages installed. It hid from the first two and locked the 'puter on activating the 3rd. None would locate it in "safe" mode, the only way I could make the box work.

There are instruction pages available but they're beyond me. Maybe someone with more tech knowledge could make then work. Anyway, even in "safe" mode SpyHunter has cleared it, enabling me to chat with my mates online again.

Has anyone missed me?
0 x
C5 HDi 110 SX (Fifi 7 or Otterchops)

RIP
Citroen Xantia 1.8i LX (Fifi 6)
BX16TRS (x2) (Fifi 4 and 5)
BX19DTR (Fifi 2)
BX14E (x2) (Fifi 1 and 3)

User avatar
CitroJim
A very naughty boy
Posts: 35770
Joined: Sat Apr 30, 2005 11:33 pm
Location: North Bucks
My Cars: Xantia Activa, Xantia 1.9TD and a couple of bikes!
x 344
Contact:

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Postby CitroJim » Sat Oct 20, 2012 6:37 pm

I presume this bit on nastiness does not affect Linux systems?
0 x
Jim

'98 Xantia 1.9TD in Red - Gabriel...
'96 Xantia Activa in Red - My favourite toy...
'07 Pug 207 in Blue - The Deathtrap...
'16 Giant TCR Bike in Black/Lime Green - Daily rider...
'17 Giant TCR Pro Bike in Black/Blue - Fine weather only...

User avatar
Xaccers
Posts: 8035
Joined: Thu Feb 08, 2007 12:46 am
Location: Milling around Milton Keynes
My Cars:
x 1

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Postby Xaccers » Sat Oct 20, 2012 6:59 pm

CitroJim wrote:I presume this bit on nastiness does not affect Linux systems?


Nah Linux users just have their computers turned into zombies as part of spam bot nets.

Past experience has shown me not to trust McAffee
0 x
1.9TD+ SX Xantia Estate (Cassy) running on 100% veg
1.9TD SX Xantia Hatchback (Jenny) running on 100% veg for sale
Laguna II 2.0dCi Privilege (Monty)

DIY sphere tool

User avatar
CitroJim
A very naughty boy
Posts: 35770
Joined: Sat Apr 30, 2005 11:33 pm
Location: North Bucks
My Cars: Xantia Activa, Xantia 1.9TD and a couple of bikes!
x 344
Contact:

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Postby CitroJim » Sat Oct 20, 2012 7:14 pm

Xac wrote:Nah Linux users just have their computers turned into zombies as part of spam bot nets.


Really? How?
0 x
Jim

'98 Xantia 1.9TD in Red - Gabriel...
'96 Xantia Activa in Red - My favourite toy...
'07 Pug 207 in Blue - The Deathtrap...
'16 Giant TCR Bike in Black/Lime Green - Daily rider...
'17 Giant TCR Pro Bike in Black/Blue - Fine weather only...

Online
User avatar
myglaren
Forum Admin Team
Posts: 12386
Joined: Sun Mar 02, 2008 2:30 pm
Location: Katzenellen Bogen by the Sea
My Cars: 2003 C5 2.0 HDi 110 SX 213,200
x 68

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Postby myglaren » Sat Oct 20, 2012 7:41 pm

Xantianut wrote:Ay up!

My computer is now clean but this Trojan is a nasty one. It hides from every installed anti-virus program installed on the computer and, when the operator tries to activate a pre-existing package that it can't hide from, the virus activates itself and locks the computer.

I've downloaded SpyHunter which has cleared it. I already have IOBit Advanced System Care, Windows Defender and McAfee packages installed. It hid from the first two and locked the 'puter on activating the 3rd. None would locate it in "safe" mode, the only way I could make the box work.

There are instruction pages available but they're beyond me. Maybe someone with more tech knowledge could make then work. Anyway, even in "safe" mode SpyHunter has cleared it, enabling me to chat with my mates online again.

Has anyone missed me?


I would recommend Microsoft Security Essentials over Windows Defender. As Xac says, I wouldn't trust MacAfee (or any Norton product).
Odd that MacAfee is a Microsoft product now.

Sandboxie received some high praise a while back but to be honest I could never be bothered with it.

Which video was it, I might go there and see what it does to my computer as I'm going to install the next Ubuntu in ten days or so.

(Using Ubuntu 12.04 currently)
0 x
________________________________
Sent via Heliograph from the other side of the mountain

Steve

Jackie Evancho...Divine!

Northern_Mike
x 1

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Postby Northern_Mike » Sat Oct 20, 2012 9:55 pm

Xantianut wrote:Ay up!

There's a particularly nasty piece of Ransomware purporting to be from the Met Police e-Crime Unit going around. I got it from You Tube - watching a railway vid - how ironic is that?

It is a version of the U-Kash scam and looks very convincing. I'm no dumb bunny and am, at least, streetwise with the Net but was very nearly taken in. The only reson I didn't cough up is the only place locally that has PayPoint was shut.

Check the anti-malware software on your machines and please, be careful.


Two people I know have been hit by this annoyance this week.

Malwarebytes gets rid of it. On one (XP) there was a bit of fiddling to get it to boot into Safe Mode with networking, changing a reg key to allow it to open IE and connect to the web to download Malwarebytes. Once scanned and removed, the PC was fine.

On the other, a Windows 7 machine (my sister-in-law in Alabama!), I logged on remotely using Logmein, but used my own user profile I'd set up yonks ago, as it was unaffected rather than her profile. I updated and scanned with Malwarebytes, it found the nasty little thing, removed it, and all is well again.
0 x

Northern_Mike
x 1

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Postby Northern_Mike » Sat Oct 20, 2012 10:03 pm

Rattiva_Mike wrote:
Xantianut wrote:Ay up!

There's a particularly nasty piece of Ransomware purporting to be from the Met Police e-Crime Unit going around. I got it from You Tube - watching a railway vid - how ironic is that?

It is a version of the U-Kash scam and looks very convincing. I'm no dumb bunny and am, at least, streetwise with the Net but was very nearly taken in. The only reson I didn't cough up is the only place locally that has PayPoint was shut.

Check the anti-malware software on your machines and please, be careful.


Two people I know have been hit by this annoyance this week.

Malwarebytes gets rid of it. On one (XP) there was a bit of fiddling to get it to boot into Safe Mode with networking, changing a reg key to allow it to open IE and connect to the web to download Malwarebytes. Once scanned and removed, the PC was fine.

I have used Microsoft Security Essentials, behind a simple home router - current one being a Virgin Media thing, with it's default settings ever since MSE came out. I've never had a problem with viruses or malware. McAfee and Norton amongst others simply appear to be a way of parting the frightened from their hard-earned cash - poor protection, and often cause other PC problems. They're almost as bad as the virii they are supposed to protect against.

If anyone wants any help or advice - please feel free to PM me. There's plenty of stuff to do most tasks you could ever need totally free and legally. Just yesterday I managed to get hold of some freeware disk recovery software to rescue a load of files from a hard disk with a ruined partition table that Windows (or Linux) couldn't read. Free!


On the other, a Windows 7 machine (my sister-in-law in Alabama!), I logged on remotely using Logmein, but used my own user profile I'd set up yonks ago, as it was unaffected rather than her profile. I updated and scanned with Malwarebytes, it found the nasty little thing, removed it, and all is well again.
0 x

User avatar
Xaccers
Posts: 8035
Joined: Thu Feb 08, 2007 12:46 am
Location: Milling around Milton Keynes
My Cars:
x 1

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Postby Xaccers » Sat Oct 20, 2012 10:51 pm

CitroJim wrote:
Xac wrote:Nah Linux users just have their computers turned into zombies as part of spam bot nets.


Really? How?


Poor security. There's been many spam bot nets involving linux, and many spam bot nets are run by hacked linux boxes.
People believe that linux is invincible so don't learn how to make it secure, where as with Windoze people believe it has more holes than swiss cheese and so learn how to secure it.
0 x
1.9TD+ SX Xantia Estate (Cassy) running on 100% veg
1.9TD SX Xantia Hatchback (Jenny) running on 100% veg for sale
Laguna II 2.0dCi Privilege (Monty)

DIY sphere tool

User avatar
Xantianut
Posts: 579
Joined: Tue Aug 07, 2012 7:50 pm
Location: Wolverhampton
My Cars: 2002 C5 2.0 HDi 110 SX

RIP:
1993 Xantia 1.8i LX
1989 BX16TRS
1986 BX14E x 2
x 9
Contact:

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Postby Xantianut » Sun Oct 21, 2012 1:42 pm

Ay up!

Thinking about it, I used the Wi-Fi in a local cafe to check emails so that's probably where I got it from. SpyHunter also found over 240 other viruses on my machine (gulp!) so how it stayed still on my lap is another question. It was positively lousy with viruses! Presumably, something in YouTube's code activated the thing.

I know not, I'm only guessing here.

Computers? I can only drive 'em, I don't know what makes 'em go!
0 x
C5 HDi 110 SX (Fifi 7 or Otterchops)

RIP
Citroen Xantia 1.8i LX (Fifi 6)
BX16TRS (x2) (Fifi 4 and 5)
BX19DTR (Fifi 2)
BX14E (x2) (Fifi 1 and 3)

User avatar
Xaccers
Posts: 8035
Joined: Thu Feb 08, 2007 12:46 am
Location: Milling around Milton Keynes
My Cars:
x 1

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Postby Xaccers » Sun Oct 21, 2012 2:46 pm

Most malware gets in via adverts.
The company that runs the advertising system is provided links from the advertisers to load their image and link to their site.
When you visit a website that displays adverts from that system, depending on the content of the page your on, or any tracking cookies the advertising system detects, you're presented an advert.
Now, if someone manages to hack the website that hosts the advert (probably some linux box who's admin thinks is safe just because it is running linux ;) ) and upload the malware to the advert page, when that advert happens to get picked for display the malware gets loaded on the user's PC. Now some of it lays dormant until you go to certain websites, such as Google (so it can redirect your search results).
0 x
1.9TD+ SX Xantia Estate (Cassy) running on 100% veg
1.9TD SX Xantia Hatchback (Jenny) running on 100% veg for sale
Laguna II 2.0dCi Privilege (Monty)

DIY sphere tool


Return to “Forum News, Announcements and Issues”

Who is online

Users browsing this forum: No registered users and 1 guest