| The Hobbybox | 31 May 2011 5:08 a.m. PST |
I managed to get hit last night by this piece of  ! Accidently clicked a link and it automatically downloaded to my machine and started scanning. Have found that it's a spam anti-virus package that basically blocks functions on your machine until you pay them to activate the software. Luckily, I managed to get the laptop into 'Safe' mode and did a system restore to a few days back. What I was wondering was if anyone else had encountered this thing and whether they'd had any other effects from it (e.g. comprised email, bank stuff or anything). I'm not too worried, and am changing all my passwords, but figure knowledge is power in this case. Any help gratefully received. Thanks, Iain |
Ed Mohrmann  | 31 May 2011 5:25 a.m. PST |
Yes, my daughter got it a year ago on her laptop.
Unfortunately, she didn't stop the download in time
and I had to take her machine to professionals to
get it removed. Yesterday, my laptop was hit (malware embedded in e-mail)
but I hit the power-off switch in time to stop the
whole download. Powered-up after 10 minutes, and found
that the antivirus program I used had quarantined the
malware, and a search revealed no damage/traces. The e-mail was from a Yahoo group which I moderate. I
put the user's e-dress on full moderation and sent him
an e-mail, since he may have become a spambot w/o
knowing it. Sure enough, another malware-laden e-mail from the same
source this morning… |
| alien BLOODY HELL surfer | 31 May 2011 7:26 a.m. PST |
there's a lot of similar ones going around. if you have a second log in with admin rights on your pc you can get round it/rid of it by installing malwarebytes (http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button)
which should find and remove it even if your AV doesn't. Problem is if you have one account as some of them stop you running anything and a re-build is the only safe bet (a restore sometimes brings back an infected file and starts it all off again!). rule of thumb, have 2 or more accounts on your computer, each with admin rights, don't use one, and ideally also create a non-admin rights account to log on for web browsing. |
| Ran The Cid | 31 May 2011 7:48 a.m. PST |
I've used malwarebytes to remove a similar infections. The last time it happened, I had to download the file on a separate PC, then load it to the infected PC via USB stick. Nothing else seems to be able to clean up this malware. |
| Tommy20 | 31 May 2011 8:16 a.m. PST |
Agree with the combination of safe mode & malwarebytres. It's worked for me. |
| The Hobbybox | 31 May 2011 8:46 a.m. PST |
Thanks guys. I'll look into the Malwarebytes things. Tonight's jobs are:
1) Remove McAffee before my subscription expires.
2) Load Norton
3) Full scan of the PC JOY!!! |
| alien BLOODY HELL surfer | 31 May 2011 8:55 a.m. PST |
DONT LOAD NORTON FOR THE LOVE OF GOD. It's almost as bad as a virus itself (or AOL) – any version of Norton I've seen in use on a PC slows it down massively and sometimes causes other hassles, update your McAffee subscription, much better product.
I use free AVG and spybot search and destroy and they seem to do ok, but then again, I do my other internet surfing on a mac just to be sure…. ;-p |
| SECURITY MINISTER CRITTER | 31 May 2011 11:29 a.m. PST |
I got that one last year too. It was a nightmare. |
John Leahy  | 31 May 2011 2:01 p.m. PST |
I just got it last weekend. I did the system restore in SAFE mode too. It disables you using Malwarebytes while it's happening. A different version hit my sons computer a 2nd time a few days before that. Malwarebytes DOES kill most everything. I use AVG Free too. Thanks, John |
 Parzival | 31 May 2011 2:12 p.m. PST |
Gaaa… I could never put up with that kind of nightmare. I haven't had to clean a virus out of any system I own since the late '80s. (Did have to purge some adware from my wife's old Windows machine a few years ago, but that's it.) Sometimes it's good to be running a more obscure, six-year-old OS. I don't have all the latest bells and whistles, but then nobody targets me either. |
| Space Monkey | 31 May 2011 2:24 p.m. PST |
I also picked up a Protector scam… Safe Mode + Malwarebyetes worked for me. Probably one of the less annoying critters I've picked up over the years. |
| napthyme | 31 May 2011 6:33 p.m. PST |
Since I started Using Avast AV and Google Chrome I have not had any of those problems. Google Chrome will catch and hold those before they launch and give you the option to delete them. |
| average joe | 31 May 2011 9:16 p.m. PST |
Another vote for the Avast!/Chrome combo. I have put food on the table these last few months by removing the Virus Protector scamware from about two computers a week. |
| Doug em4miniatures | 01 Jun 2011 2:58 a.m. PST |
It's a pity we don't have a "sticky" facility on TMP – this is a very useful topic. Doug |
| Doug em4miniatures | 01 Jun 2011 3:00 a.m. PST |
By the way, one of my daughters got hit with one of these yesterday. She didn't download the software and is able to do a system restore. Is that likely to solve it? Doug |
| The Hobbybox | 01 Jun 2011 3:58 a.m. PST |
Doug, If she's done the restore, then it's most likely fixed it. It probably got caught by her anti-virus before it did anything bad. I'm fairly certain that my problem was due to a couple of the features on my McAffee having been turned off automatically as part of refusal to resubscribe automatically. I've since renabled those features. |
| alien BLOODY HELL surfer | 01 Jun 2011 4:21 a.m. PST |
A system restore doesn't necessarily clean it, these things sit in the user profile and often are still there after a restore. It's always in your best interests to clean your system, restore or not. |
