Antivirus 2009 Virus warning

[Russ Smith]

Whatever you do make sure you do NOT get this. What a pain in the neck. Apparently Microsoft's new malicious software removal tool has already removed over 400K copies of it since 2009 started.

Near as I can tell I was closing a dialog box after a virus scan and instead of hitting finish I clicked the X in the right hand corner(brain fart) and shut off my antivirus. Went away and when I came back I had a popup that AV 2009 had detected a virus and I needed to go to their site to download a fix. I was smart enough to suspect the popup was not from Symantec, so I cancelled it but it still tried to launch so I turned off the power.

3 hours later I think I finally got rid of it but it's slowed my system down I think it damaged or removed some windows files and I may have to reinstall XP.

It's very insidious it blocks all antivirus sites, and if you google how to remove it, and then click on the link, it redirects your browser to another site so you can't read the fix links. Major pain I finally found a program called Malware something or other that found like 6 trojan horses on my system and a ton of spyware that it yanked. Like I said I think I accidentally disabled my antivirus but now when I go to the site I was on when I got infected, my IE crashes off and on, I think that site is infected and my antivirus in blocking it hangs IE?

 

[Chaz]

These programs are insidious and get worse all the time.

Once they get a foot in the door watchout.

Step 1. unplug from the internet and use another computer to download removal tools.

 

[Russ Smith]

These programs are insidious and get worse all the time.

Once they get a foot in the door watchout.

Step 1. unplug from the internet and use another computer to download removal tools.

Yep my girlfriend has called twice this morning. Gets messages that files have been damaged or deleted probably by a virus, run a scan. NAV doesn't find any more virus neither does Malware so I think the virus is gone, but damaged windows files so I'll have to reinstall XP.

She also says it keeps opening the my files folder on the computer but I think that may be NAV when it scans the computer?

I'm googling more on the virus now at work, we got infected here too. Apparently Microsoft thinks millions might be infected and not know it because
of holiday shutdowns so today is the day people are finding out they have it.

 

[Chaz]

Yep my girlfriend has called twice this morning. Gets messages that files have been damaged or deleted probably by a virus, run a scan. NAV doesn't find any more virus neither does Malware so I think the virus is gone, but damaged windows files so I'll have to reinstall XP.

She also says it keeps opening the my files folder on the computer but I think that may be NAV when it scans the computer?

I'm googling more on the virus now at work, we got infected here too. Apparently Microsoft thinks millions might be infected and not know it because
of holiday shutdowns so today is the day people are finding out they have it.

There is a bad registry hack in the couple I had called "image File Execution Options". Basically it redirects a call for a legitimate file to their hacked file. That is the real danger because you think it is gone but it isn't. Or once the hacked file is removed the computer doesn't work because it is still looking for the hacked file.

http://www.avertlabs.com/research/blog/index.php/2008/12/09/image-file-execution-options/

 

[JS22]

Below is an outline of how I secure my system, and what I recommend others do for theirs:

1. Format, install XP. (Or Vista.)

2. Turn automatic updates on. Make sure Windows firewall is on. (More on this below.)

3. Download AVG Free, or purchase NOD32 for a more advanced / lightweight scanner. I absolutely hate bloated "suites" such as Norton or Mcafee. They usually cause more harm than good.

4. Download Firefox. You will need to download the plugins as well @ https://addons.mozilla.org/en-US/firefox/browse/type:7

5. Download the Noscript add-on for Firefox from http://noscript.net/getit. This blocks all Javascript / other potentially harmful scripts UNLESS you allow the website first.

6. Download Spybot Search and Destroy and use it in addition to your virus scanner.

7. Make sure your router security and wireless settings are solid. (WPA2 is recommended.) I also block my SSID, which makes my wireless network essentially unviewable.

8. Obviously, do not download software from sources you don't trust. And if you do, run a quick scan of whatever you download before you open it.

9. Check out https://www.grc.com/x/ne.dll?bh0bkyd2. You'll learn a lot about the security of your system. Pretty basic stuff, but it's helpful.

[Opinion]

A lot of people feel like they NEED a bloated firewall program like Zone Alarm, or whatever is integrated into Mcafee or Norton. I disagree. Your router acts as a firewall, and you have Windows firewall enabled anyways.

Now, these only block incoming traffic. Outgoing traffic will be allowed. (Programs like Zonealarm will warn you of outgoing attempts. And trust me, they will be frequent and very annoying.)

But what's the first thing a hacker is going to do once they're in your system? Disable your firewall, or enable whatever they're doing to have outgoing access. So in my opinion software firewalls are completely useless. They're artificial security, basically. They make you "feel" secure.

[/Opinion]

It is also recommended to run as a limited user. Especially for kids or teens. Limited users can do most every task - but the admin account will be the only account that can install software, make system changes, etc. This keeps hackers at bay, as they have the same restricted rights of the limited user should you somehow obtain a virus.

Welcome to the wonderful world of Windows security.

 

[Brian in Mesa]

Running Malwarebytes or SuperAntiSpyware in safe mode sometimes cleans off stuff that doesn't appear in regular mode scans. Also - CCleaner can sometimes clean up the registry issues.

 

[outoftheashes]

I am on my way to my fathers house right after work to do battle with this thing. There is a lot of well documented procedures out there specific to this trojan virus. Hopefully something works. Ill post link to whatever works when i get it done

 

[Russ Smith]

Just to update in case it helps someone, what a pain in the ass(pardon the language).

Got home, System was hung it had rebooted and hung at the welcome screen. 3 tries to get it to reboot, I'd get to where I could launch task manager but it would show no programs running(NAV included it wouldn't start up).

I finally got it to fully boot up. I had to purchase something called Spyware doctor(29.99 for one year recommended by my IT guy at work). I ran a scan with NAV, found nothing. Scan with Malware found 28 things 4 high priority! Spyware doctor found 14 more items 3 I think were serious risks. I had disabled restore at some point yesterday but when enabled it again I guess all the files the first tool had missed just restored and then downloaded the same virus again.

I've been at it for 90 minutes but I think(crossing fingers big time) I finally have it gone.

NAV is completely useless against this I know for a FACT that it was on when it got reinfected, my girlfriend told me so on the phone when I was walking her through how to do a scan. The irony is while downloading and installing and updated Spyware Doctor, I kept getting warnings from NAV about unauthorized downloads, yep it was smart enough to warn me about downloading another program to do what NAV is supposed to do, but it didn't ever notice the virus! I've run 10 scans with NAV in the last 2 days, it hasn't once found this virus, I can't even find a fix on Symantecs site for it.

Anyhow my system is speed is RADICALLY improved now from yesterday so it sure acts like it's fixed.

Another thing this virus does is disable your task manager, you hit control alt delete but the box never comes up, stops you from manually killing files that are part of the virus I guess.

So I highly recommend malwarebytes anti malware, and PC tools spywaredoctor, both are available on download.com, I didn't pay for malware I did pay for spywaredoctor.

What a pain in the butt.

 

[JS22]

I personally would be totally paranoid if I had something like that infect my PC. I would instantly just wipe the drive for peace-of-mind.

 

[Linderbee]

Apparently this horrid virus makes you post in triplicate, too!



Just teasin' you, Russ!

 

[Russ Smith]

Apparently this horrid virus makes you post in triplicate, too!



Just teasin' you, Russ!

Did it? that's one impact I wasn't aware of I only see one post here but anything is possible this was a really bad virus. Hosed us at work yesterday too someone in finance got it ove shutdown, it infected an engineering test computer that wasn't supposed to be online but was and had a disabled antivirus and some weird random IP address deal that made it hard for our IT guy to track down. He eventually had to lock the system off the network and wait for the owner of it to come and tell him their system was down.

 

[dreamcastrocks]

I format my hard drive every 6 months or so regardless. It's time for Linder's computer to do the same.

 

[Russ Smith]

I personally would be totally paranoid if I had something like that infect my PC. I would instantly just wipe the drive for peace-of-mind.

I'm actually more concerned with what my virus may have UPLOADED to other places than anything. I don't think offhand I have anything on there that could be a problem but who knows if it's able to do things like steal passwords from online banking sessions, credit card numbers etc?

Your suggestion is probably a good one though. How much of a format are we talking about I've never actually wiped a drive except 15 years ago or so when I had to do a "low level format." Is it possible to just wipe XP off and then reinstall or is that not enough?

 

[JS22]

I'm actually more concerned with what my virus may have UPLOADED to other places than anything. I don't think offhand I have anything on there that could be a problem but who knows if it's able to do things like steal passwords from online banking sessions, credit card numbers etc?

Your suggestion is probably a good one though. How much of a format are we talking about I've never actually wiped a drive except 15 years ago or so when I had to do a "low level format." Is it possible to just wipe XP off and then reinstall or is that not enough?

Formatting can be a pain in the butt. Just make sure you backup whatever you need, then do a standard format using your XP disc. That's all you need to do. If anything is lingering a format will definitely eliminate it. (You'll be asked if you'd like to install Windows on a partition that already contains Windows. Just keep saying yes until you reach the format option.)

Like Dreamcast I usually do a format every 6 months or so. It's probably not really needed, but I am super paranoid and a freak that has to have everything perfectly organized. After about 6 months I start going nuts if I don't dump the clutter and start fresh.

 

[Russ Smith]

Formatting can be a pain in the butt. Just make sure you backup whatever you need, then do a standard format using your XP disc. That's all you need to do. If anything is lingering a format will definitely eliminate it. (You'll be asked if you'd like to install Windows on a partition that already contains Windows. Just keep saying yes until you reach the format option.)

Like Dreamcast I usually do a format every 6 months or so. It's probably not really needed, but I am super paranoid and a freak that has to have everything perfectly organized. After about 6 months I start going nuts if I don't dump the clutter and start fresh.

Well I guess I spoke too soon, got home last night to find my computer showing a Norton dialog box saying it had completed an auto scan, found a virus and needed to reboot to remove the virus. The computer was essentially hung I couldn't use either Malware or Spyware doctor to scan and remove the file Norton couldn't remove. So I eventually gave up and allowed it to reboot.

I'm now completely locked out, when it reboots it goes to the welcome screen and then the user icon Russ pops up. If I click on it, there's no option to login, it just says loading settings and then immediately closes to saving settings. control alt delete brings up the login screen, but there is no password, I never set one. Booting in safe mode also brings up the administrator icon but again, there is no password(my dad gave me the computer and he swears he set no password), but I can't get past that. Called my IT friend at work and he says he thinks when Norton cleaned the infected file it corrupted something in windows.

He can use a unix disk he has to allow me to copy over key files but he thinks I basically have to format and reinstall. And to top it off neither my girlfriend or I can find the disks in our apartment so unless I put them in my offsite storage in the computer boxes(going to look tonight after work) I may
have somehow lost them in our last move.

Then the kicker I get woken up this morning by loud dripping, assume it's raining, finally look out the window, no rain. Go into the bathroom and there's a large bubble in the paint in the ceiling with water dripping right over our toilet. 2nd time in a week the morons upstairs have somehow overflowed something in their bathroom(we don't know if it's shower or bathroom they never explained that the first time). So I put in an afterhours call to the landlords 24 hour helpline, which so far has not been returned(90 minutes later) and then I went upstairs to alert my neighbors to the leak. We can hear the guy walking around upstairs, I can see light in the apartment, but he won't open the door(admittedly it was 6 am).

So I decide not to be a jackass and wake up everyone around by pounding on his door so I go back downstairs just in time to watch the bubble in the ceiling paint burst(I had put a pin hole in it to drain) and rip about a 3 inch circle in the paint. The sheetrock is so saturated I could push my finger through it if I wanted to.

 

[AZZenny]

I'm not sure you have a virus, Russ. I think maybe you're cursed.


But, taking everyone's legitimate panic under advisement, I will today back up all my work-related stuff and other hard-to replace files. Promise.

 

[Russ Smith]

I'm not sure you have a virus, Russ. I think maybe you're cursed.


But, taking everyone's legitimate panic under advisement, I will today back up all my work-related stuff and other hard-to replace files. Promise.

Apparently had I brought the computer in to work on Monday my IT guy thinks he could have cleaned it using an antivirus CD he has here. He cleaned one here that day from someone who had the same virus(we think it was the same) and it appears to have solved it. He thinks it's too late for that now he'll have to copy off files, and then essentially wipe the drives and that's why I need to find all the CD's or else I won't have XP to load.

So I'm a bit mad at myself for not bringing it in earlier I don't like to ask co workers to help with personal stuff other than just ask advice but in this case not doing so probably was a big mistake.

 

[Russ Smith]

the good news is I found all my CD's so we're in the process of wiping and reinstalling XP now and I'll be reinstalling the rest of the stuff at home tonight probably.

Our IT guy had to wipe a work PC for the same reason the one that infected us earlier this week. He said it was corrupted enough he didn't trust just cleaning it with an antivirus CD so he re imaged it.

The irony is he's got this ongoing issue at work with Engineering being furious about our IT policy of blocking and quarantining zip files that are emailed in.

And it turns out that's exactly how the one infected system got infected from a zip file.

 

[Linderbee]

Did it? that's one impact I wasn't aware of I only see one post here but anything is possible this was a really bad virus. Hosed us at work yesterday too someone in finance got it ove shutdown, it infected an engineering test computer that wasn't supposed to be online but was and had a disabled antivirus and some weird random IP address deal that made it hard for our IT guy to track down. He eventually had to lock the system off the network and wait for the owner of it to come and tell him their system was down.

Your thread itself is on here in triplicate. Go back out to the forum & you'll see it 2 more times...these will link you to the threads:

Whatever you do make sure you do NOT get this. What a pain in the neck...

Whatever you do make sure you do NOT get this. What a pain in the neck...

 

[Linderbee]

the good news is I found all my CD's so we're in the process of wiping and reinstalling XP now and I'll be reinstalling the rest of the stuff at home tonight probably.

Our IT guy had to wipe a work PC for the same reason the one that infected us earlier this week. He said it was corrupted enough he didn't trust just cleaning it with an antivirus CD so he re imaged it.

The irony is he's got this ongoing issue at work with Engineering being furious about our IT policy of blocking and quarantining zip files that are emailed in.

And it turns out that's exactly how the one infected system got infected from a zip file.

We see that a lot at our work (blocking & quarantining zip files). We just send them with an altered extension & have them change it back to .zip after they've saved it. Of course, we're not sending anything nefarious.

 

[Southpaw]

I just went through this nightmare. Had to wipe out my old AVG anti virus and purchase and install the latest just to get an AV working. Wiped it out, but I have never encountered a mess like this one.

The sicko hackers used an imitation of the MS security pop up to hook users into the trap. Sick bastards will do anything for 3 cents a hit.

A buddy of mine got it worse. His wife repeated the trap about 50 times before she figured out it was a trap.

 

[Russ Smith]

I just went through this nightmare. Had to wipe out my old AVG anti virus and purchase and install the latest just to get an AV working. Wiped it out, but I have never encountered a mess like this one.

The sicko hackers used an imitation of the MS security pop up to hook users into the trap. Sick bastards will do anything for 3 cents a hit.

A buddy of mine got it worse. His wife repeated the trap about 50 times before she figured out it was a trap.

We had a consultant in yesterday working on a finance program and he overheard us talking about this virus. HIs company had the same problem and he explained something we had been wondering about. What finally killed my computer was that it rebooted and came to the welcome screen asking me to login with a windows password, but there was no password, I'd never set one. It turns out that was the virus too, I guess the last straw so to speak is the virus locks you out of your own computer so you really have no other options but to wipe everything out and start from scratch.

The IT guys at his company believed that the idea behind that was probably people will think I must have set a password I can't remember, and just start entering passwords that they use elsewhere to see if that was it. And the virus steals those passwords and then uploads them to do no good.

So I'm probably really lucky because I tried two passwords, russ, and admin, neither of which I use anywhere I just figured if my dad set a password it would be something like that. They didn't work, so I gave up.

Computer is running great now at home I just hope I never get one like this again.

 

[JS22]

We had a consultant in yesterday working on a finance program and he overheard us talking about this virus. HIs company had the same problem and he explained something we had been wondering about. What finally killed my computer was that it rebooted and came to the welcome screen asking me to login with a windows password, but there was no password, I'd never set one. It turns out that was the virus too, I guess the last straw so to speak is the virus locks you out of your own computer so you really have no other options but to wipe everything out and start from scratch.

The IT guys at his company believed that the idea behind that was probably people will think I must have set a password I can't remember, and just start entering passwords that they use elsewhere to see if that was it. And the virus steals those passwords and then uploads them to do no good.

So I'm probably really lucky because I tried two passwords, russ, and admin, neither of which I use anywhere I just figured if my dad set a password it would be something like that. They didn't work, so I gave up.

Computer is running great now at home I just hope I never get one like this again.

Use Firefox, download Noscript, ditch Norton for AVG (or NOD32 - the BEST paid option), and you'll be set.

 

[UncleChris]

Ok.... Throw rocks at me if you like for the old dead horse....

If you regularly back up your hard drive on another hard drive, you virtually eliminate these kinds of problems. I run (and have for years) a second hard drive in my system that is used solely and only for full-drive backup, which I do at least once a week. The worst that can happen even with a catastrophic failure is one week of lost data.

Just sayin', ya know????

 

[conraddobler]

Windows defender is the best against just the malware stuff but once you actually get a virus generally it's wipe out.

spybot and adawre are just poor imitations of Windows defender IMO.

Vista with all it's permissions annoyance really cuts down on this it gives you a 2nd chance before you alter stuff and as much grief as people give it when I converted to XP it was just as bad if not worse at first.

The worst thing about Vista is that it's a resource hog and memory leakage was a problem but it got much better after sp1, still annoying but overall in terms of virus and security it's superior to XP. Then there is the printing issue, as in drivers, as in HP why don't you bother to update drivers? Universal printer drivers supposedly fixed this but I haven't had a chance to work with it yet.

It's flat out annoying to share resources unless you understand the layers of permissions but that's just the way it goes.