Warning to B&Bers - Virus posing as PC security software

[Ru4scuba?]

Gents,

(Sorry...should have posted this in the Barber Shop...)

I'm sure quite a few of you on here have already had this experience or know this yourselves, but I'll post it for those that do not know about it.

If you happen across a site called Antivirus System Pro or something similar...cease and desist immediately!

Further, immediately run an Anti-virus system software on your PC and look for Malware.

I was trying to find a service manual yesterday for an old stereo receiver yesterday and when I went to the free manuals site, my PC was infected with this bug. It took hours yesterday and a new Malware software to find and disinfect my PC.

Basically, it poses as a PC cleaning software...you immediately start getting warnings of bugs on your PC and it locks you out of every program because it says the program you are trying to access is affected. You can't even get into your browser because every time you do, it sends you to their website (it changes your browser's settings).

What a pain in the rear!

Just thought I'd advise ya'll...if you ever run across that site run away...and the bigger lesson here...very little on the internet is FREE!

[michiganlover]

I work as a Network Administrator, and run across these kind of programs constantly. Another variant of it, is "Antivirus 2009". The program does fully take over your computer, making even your internet browser useless. It then offers to have you to buy the software, you certainly wouldn't want to give your credit card information to these crooks!!

Fortunately, the infection is easily removed by all major anti-spyware/ anti-malware programs.

A quick scan with Malware Bytes will detect, and remove it.

[bandit82ta]

I'm in the IT field as well there are some great freebie programs out there to help protect and remove some viruses. Some just make you reload the PC as they ingrain themselves everywhere.

Anti-virus
- AVG

Spyware and scripts blocking/removal/detection
-ad-aware
-spywareblaster
-spybot search & destroy

Alternate browsers -IE is ok but not the best since lotta openings for issues
- firefox (my personal fav)
- opera
- chrome

are a few I use but as with shaving ymmv.

Also, please keep your operating system up to date with updates/patches. This is a line of defense overlooked far too often.

[Ru4scuba?]

All good tips and thank you for the freeware website suggestions! Spybot is one I've used for years...forgot to install it on this PC and look what happened!

[Mink]

Thanks for the help. This popped up on my laptop last evening during the McAfee scan. When I restarted, it was still there so I just shut it down and left it. I'm surprised McAfee couldn't handle it.

[MAK]

thanks

[bandit82ta]

Quote:

Originally Posted by Mink

Thanks for the help. This popped up on my laptop last evening during the McAfee scan. When I restarted, it was still there so I just shut it down and left it. I'm surprised McAfee couldn't handle it.

Just a FYI for those that do not know. Antivirus and spyware detection and removal softwares are ALWAYS playing the catch up game. The new problem hits and then they create algorithms to find and then remove after infections and sample info is collected or sent to them.

I just imagine the software or other things we could have developed if we put some of the brilliant minds making this malware to good use.

[Ru4scuba?]

Quote:

Originally Posted by bandit82ta

Just a FYI for those that do not know. Antivirus and spyware detection and removal softwares are ALWAYS playing the catch up game. The new problem hits and then they create algorithms to find and then remove after infections and sample info is collected or sent to them.

I just imagine the software or other things we could have developed if we put some of the brilliant minds making this malware to good use.

You know...its funny you say that.

At one point last night, prior to being on the phone with Cox to work through a re-boot and re-connect with Internet Explorer, the tech (a Tier 2 who spoke as if she knew what she was talking about) said "you've got to realize this is a war...the good guys and bad guys are always trying to get a leg up. So, in this case, @$$hole hackers created a pretty malicious bug...now Norton, McAfee etc have to catch up."

Being in the military, you hear about cyberwarfare all the time...but she really got me thinking and I agree with her!

[bandit82ta]

Cyber-warfare is definitely real and we are likely behind the curve.....

[Ru4scuba?]

Quote:

Originally Posted by bandit82ta

Cyber-warfare is definitely real and we are likely behind the curve.....

I agree with you...except unfortunately for your use of the term "likely"

[bandit82ta]

Quote:

Originally Posted by Ru4scuba?

I agree with you...except unfortunately for your use of the term "likely"

I can't specifically recall any numbers/sources but I do believe the Chinese are leaps ahead as I'm sure there are others besting us sadly it has take'n too long to realize these threats and political climates tend to downplay this.

Sure a terrorist could use a dirty bomb and mess up a city...or use cyber means to disrupt a larger scale. It's sad and I hope we have better security then I think but heck... 2 people crashed a party and met Obama.... too big a machine and the spokes get lost....

[Mycon]

Whenever I encounter that annoying page, I always hit CTRL ALT DEL and close my browser by force. That often prevents it from uploading anything. Just make sure to NEVER click on anything it brings up because that triggers the upload.

There is a major danger with this sort of Malware, as the first 2 times I encountered it I wound up with the Vundo trojan which installs the Virtumonde Suite. This thing is almost impossible to get rid of even with Malwarebytes, Spybot S&D, McAffee AV, Clamware AV, AVG, and ESET Nod32 AV. The only program capable of getting rid of it has the potential to seriously damage your OS install.

To the OP: Get Malwarebytes (since it's free) and run a scan. If it finds Vundo, then you are in trouble

[SiBurning]

I got hit with this one bad, although I didn't get fooled by installing the fake spyware program--it installed from a web page. After installing a real antivirus and spyware removal tool, and having it tell me things were fine, daemon-tools (of all things and which I haven't even used in years) warned that it couldn't start because a kernel debugger was running. Can you say rootkit?

It's a long time ago and not for very long that I worked on an antivirus product--just the program, not the white-hat stuff--so I got used to keeping live virii on my machine, and rarely run scans since it's safer to just know what not to do than to rely on a program. It's always a catch-up game, and one buggy piece of software can get a rootkit installed that will run rings around any AV program. I've been wondering when I'd get infected. Microsoft's active-everything-behind-your-back is a very dangerous game that all the vendors are playing today. My printer even connects to the internet behind my back and runs services. which means it runs an operating system that can get infected and maybe take over my home network. It's a sick world.

So I took the opportunity to back up all my PCs and reinstall the OSes from scratch, and even cleaned up and rewired everything. Tie-wraps are great to keep things neat when you have 5 computers. Almost as good as duct tape, but less mess when you pull it off. Maybe I'll just throw the printer in the garbage and get a dumb one that actually does what I want, not what HP wants.

[Ru4scuba?]

Quote:

Originally Posted by SiBurning

I got hit with this one bad, although I didn't get fooled by installing the fake spyware program--it installed from a web page. After installing a real antivirus and spyware removal tool, and having it tell me things were fine, daemon-tools (of all things and which I haven't even used in years) warned that it couldn't start because a kernel debugger was running. Can you say rootkit?

It's a long time ago and not for very long that I worked on an antivirus product--just the program, not the white-hat stuff--so I got used to keeping live virii on my machine, and rarely run scans since it's safer to just know what not to do than to rely on a program. It's always a catch-up game, and one buggy piece of software can get a rootkit installed that will run rings around any AV program. I've been wondering when I'd get infected. Microsoft's active-everything-behind-your-back is a very dangerous game that all the vendors are playing today. My printer even connects to the internet behind my back and runs services. which means it runs an operating system that can get infected and maybe take over my home network. It's a sick world.

So I took the opportunity to back up all my PCs and reinstall the OSes from scratch, and even cleaned up and rewired everything. Tie-wraps are great to keep things neat when you have 5 computers. Almost as good as duct tape, but less mess when you pull it off. Maybe I'll just throw the printer in the garbage and get a dumb one that actually does what I want, not what HP wants.

Thats a great point. Better, smarter technology isn't always a good thing if you're not the one driving the system...

I once had a buddy who had like four computers going at once...with a couple devoted solely to security (firewalls etc). I always used to think of him as a computer geek, but now I see why he did it!

[bandit82ta]

There uac could be a good thing if it was ran right...hence why you should never run as administrator only as a user on your computers.

Spybot search and destroy has an option that gives a msg when things try to write to the reg or change some files and you must confirm this. I don't use IE for more then a few specific pages I need since its got as many holes as swiss. It just allows too many things and is such a nice target. I rather use firefox, and use a script blocking add on which blocks java from running on pages unless you allow or temp allow on pages. Its another layer but as with security could get annoying but it's worth it in my eyes.

[Ru4scuba?]

You know...alot of my friends use firefox...may have to switch!

[Mink]

Here's an update on my laptop with the virus/malware...whatever it is. The thing is toast. I downloaded the malwarebytes program and then disconnected from the network. I ran McAfee offline and it still didn't pick up anything - even while this thing was going wild during the scan. The popup windows from the virus can't be moved or minimized, and it keeps adding new windows - eventually porn on IE. I can't get the malwarebytes to run because the virus kicks in and starts up 30 or more IE and Firefox sessions - not just tabs. So, I guess all I can do is just reinstall the OS. What a freaking mess.

[Austin]

Quote:

Originally Posted by Mink

Here's an update on my laptop with the virus/malware...whatever it is. The thing is toast. I downloaded the malwarebytes program and then disconnected from the network. I ran McAfee offline and it still didn't pick up anything - even while this thing was going wild during the scan. The popup windows from the virus can't be moved or minimized, and it keeps adding new windows - eventually porn on IE. I can't get the malwarebytes to run because the virus kicks in and starts up 30 or more IE and Firefox sessions - not just tabs. So, I guess all I can do is just reinstall the OS. What a freaking mess.

Boot up in safe mode and run your program. This has helped in the past. Good luck.

[Greybeard]

Quote:

Originally Posted by Mink

Here's an update on my laptop with the virus/malware...whatever it is. The thing is toast. I downloaded the malwarebytes program and then disconnected from the network. I ran McAfee offline and it still didn't pick up anything - even while this thing was going wild during the scan. The popup windows from the virus can't be moved or minimized, and it keeps adding new windows - eventually porn on IE. I can't get the malwarebytes to run because the virus kicks in and starts up 30 or more IE and Firefox sessions - not just tabs. So, I guess all I can do is just reinstall the OS. What a freaking mess.

You probably have a trojan/browser hijacker that starts up and runs itself before anything else (including your anti-virus) starts up. Malware removal tools can't always successfully remove these trojans. You can visit this site for help.

http://www.geekstogo.com/forum/Malwa...ide-t2852.html

If you want the most powerful tool, I've had success uninstalling trojans with a free program called Combofix. It's better if you have advanced computer knowledge to use it since it can make your computer unuseable if you use it in the scattergun method. However if you're contemplating formatting your drive and starting over anyway, it might be worth a try.

You will probably have to download it on another computer, copy it to a disk and and then copy it to your laptop while in safe mode.
Run it while in safe mode. It takes a while, but will usually remove trojans that other programs cannot.


- Peter

[SiBurning]

Quote:

Originally Posted by Ru4scuba?

Thats a great point. Better, smarter technology isn't always a good thing if you're not the one driving the system...

I once had a buddy who had like four computers going at once...with a couple devoted solely to security (firewalls etc). I always used to think of him as a computer geek, but now I see why he did it!

For most people, it's not a very useful point. Wish I knew what the useful points were.

Security requires knowledge, sacrifice, discipline, and a significant investment of time. These are all at odds with what people want from the internet, so we make tradeoffs for convenience and to have fun. Typically, you create a security policy that recognizes the risks and tradeoffs. Then you design a set of procedures that when followed ensure the policy is enforced.

That buddy might have the knowledge to create a policy and a set of procedures. He also needs the discipline to follow those procedures, which involve making sacrifices such as turning off javascript making the web a pretty ugly place. He also spends a lot of time building and maintain that system. I had a setup like that, including a DMZ where I did all my casual web browsing. The model breaks down when I want to shop online.

I'm at a loss to give out advice casually. As Ru4scuba points out, "Better, smarter technology isn't always a good thing if you're not the one driving the system." I know enough to drive my own system and make my own decisions, but there are other aspects to this game.

Quote:

Originally Posted by bandit82ta

Just a FYI for those that do not know. Antivirus and spyware detection and removal softwares are ALWAYS playing the catch up game. The new problem hits and then they create algorithms to find and then remove after infections and sample info is collected or sent to them.

I just imagine the software or other things we could have developed if we put some of the brilliant minds making this malware to good use.

Some of those brilliant minds are doing just that.

Most security breaches, including the ones casual computer users want to avoid, come from hacked or bogus websites. There are services that report these sites, and some browsers have features to check these services to make sure a site is safe before navigating to it. This is the same model of playing catch up, where we only know to stay away after an attack is made and some people have already been affected.

Data theft can also occur on a website or in the entity hosting the website, and there's nothing we can do about that. Most of the big thefts have been inside jobs, although not necessarily malicious. People have lost discs full of data by not following proper procedures--by not having the discipline to stick to safe procedures.

Just as significant--or perhaps more so--is the profit motive. Security has a cost and that involves tradeoffs. Not every entity out there makes the same decision you would make. How many of them publish their policy? How many of those that do publish their policy actually enforce that policy? Of those that do, how many are capable of doing it effectively? What I can say for sure is that most of the expertise is outsourced to another company with a completely different set of goals.

The entities that should know better don't always inform us properly. They have their own tying relationships and profit motives, and often choose to hide or deemphasize the shortcomings of their own products, while making mountains out of the little molehills of problems they claim to handle. This is a war for mindshare and dollars between the various services and products companies, governments, etc. The first casualty of war is truth.

It's difficult enough for people in the know. What's a casual computer user to do? Short of logging off?... I wish I knew.