|
Saint Celestine posted:I've tried MSE, AVG, Spybot, Adaware, and TDSSKiller to try to get rid of whatevers infecting my browsers, but whatever I find and delete, it keeps coming back. I've used ComboFix in a situation like that before and it's gotten rid of a few of those popups that were seemingly impossible to remove. http://www.bleepingcomputer.com/combofix/how-to-use-combofix
|
# ? Dec 8, 2012 06:45 |
|
|
# ? Jun 7, 2024 23:11 |
|
Have you double checked to make sure it wasn't an addon of some sort?
|
# ? Dec 8, 2012 06:50 |
|
Anyone heard of malware/a virus that redirects people to anonim.tv when trying to use a web browser? My dad's pc got hit with it and I've had no luck removing it. Of course, I haven't tried TDSS or Combofix yet, but I'm a bit scared to because his computer is ancient (I'm talking Pentium 4 ancient). Google, yahoo, clicking on links, it doesn't matter, this thing always kicks in and redirects to that website that has an ascii image. Trying to use a search engine simply results in a 403 error.
|
# ? Dec 20, 2012 05:28 |
|
Scyantific posted:...I haven't tried TDSS or Combofix yet, but I'm a bit scared to because his computer is ancient (I'm talking Pentium 4 ancient). I've used those on a few XP computers around that old (or older) recently and didn't run into issues.
|
# ? Dec 20, 2012 05:39 |
|
I figure that a thread about viruses is as good a place as any for this question. Has anybody heard of the FBI Moneypak virus? Even more so, does anybody know of a way to get rid of the drat thing?
|
# ? Dec 22, 2012 13:10 |
|
Yeah, it's the new "big" virus. What have you done already?
|
# ? Dec 22, 2012 13:39 |
|
I followed some instructions, booted in safemode, and ran a program called Rkill. I'm running a full scan with Malawarebytes. I'm still fairly confused on what exactly happened and if this will actually fix the problem.
|
# ? Dec 22, 2012 14:24 |
|
I would have done CCleaner first, just so MWB doesn't take as long. Regardless, MWB should clean most of it, Microsoft Security Essentials should be a good second, if anything lingers try combofix and TDSSkiller, if that doesn't work, back up and format the computer.
|
# ? Dec 22, 2012 14:29 |
|
Yea I was afraid the F word would come into play. Thankfully, I already have basically everything on an external HDD.
|
# ? Dec 22, 2012 14:36 |
|
HnK416 posted:Yea I was afraid the F word would come into play. Thankfully, I already have basically everything on an external HDD. I know Combo gets rid of it. As does Hitman Pro(added benefit of taking way less time than MBAM.
|
# ? Dec 22, 2012 16:02 |
|
FBI is pretty easy to get rid of, no need to resort to Combofix or format. TDSS killer won't do anything for it (but it doesn't hurt). Mbam almost always gets it unless it's a new variant. If Mbam misses it you can use Autroruns and look for the startup and disable it. Delete it once you have confirmed what it is. Edit: I was seeing FBI a good 5 times a day on otherwise clean systems, but it seems to have died off. vx15i fucked around with this message at 20:47 on Dec 22, 2012 |
# ? Dec 22, 2012 20:00 |
|
The first thing to try is to simply load into / make another user profile - if the new / other one works fine it's not a very smart variant and generic scans will clear out the executables.
|
# ? Dec 22, 2012 20:24 |
|
Maniaman posted:I really hope I don't have to deal with this: W32/Autorun.worm.aaeh Got hit with this today. McAfee hasnt been picking it up despite my dat files being up to date. So far, weve been able to keep it contained to about 3 shares. Im guessing someone has an infected usb/pc but I havent been able to track it down.
|
# ? Jan 4, 2013 21:29 |
I almost fell for this one:
|
|
# ? Jan 16, 2013 08:23 |
|
I take back what I said earlier. The FBI Moneypack virus has had a major resurgence as of late. It sometimes takes over computers in safe mode and safe mode command prompt, so now you can't even make a new user account. Also, Windows 8 makes it harder to boot into safe mode, and you can't access advanced options to do a refresh/reset. I work remotely, so I can't physically access the computers to see if there are any other workarounds.
|
# ? Jan 16, 2013 19:25 |
|
Yechezkel posted:I almost fell for this one: Clever, but the "Firefox need to update" gave it away. I'm guessing the button there downloads some malware or something?
|
# ? Jan 16, 2013 19:59 |
|
Wife's computer has a "Speedy PC Pro" pop up saying she has 269 infections yada yada. Popup notes that it's a "Microsoft Partner!" and popup came up with VOICE/SOUND announcing the infections. Is this a virus and if so what is the best removal tool?
|
# ? Jan 21, 2013 19:58 |
|
You should be able to uninstall it from add/remove programs.
|
# ? Jan 21, 2013 20:04 |
|
Saw an interesting one today. Single workstation win7 pc with a single user account and no guest account enabled. User was switched out due to another user logging in "remotely". Try to log in again and the usual "another user is logged in" message appears. Tried to take the session back but it was denied by the other user. Reboot, log in normally. Guest account shows as off in control panel but in computer management the user is definitely not disabled. As a precaution I disabled the account, set password and disallowed changing password. Coworker said he found a bunch of weird toolbars running in IE later.
|
# ? Feb 1, 2013 00:19 |
|
Trying to restore a Dell laptop that is heavily infected. When I use the built in recovery tools, I selected keep no files and it got to 100%, restarted, then blue screened over and over. I tried the tool again and this time went to keep files. It scanned the computer and came up with a bunch of files that I could keep from my documents, which leads me to believe that it never really reformatted. All hardware checks out. Is this dell recovery software a load of poo poo, or is malware getting this crazy?
|
# ? Feb 2, 2013 05:09 |
|
Rent posted:Trying to restore a Dell laptop that is heavily infected. When I use the built in recovery tools, I selected keep no files and it got to 100%, restarted, then blue screened over and over. Zero out the drive with DBaN and try again?
|
# ? Feb 2, 2013 07:54 |
|
Just reformatted reinstalled with a generic windows 7 disc, and Dell still somehow auto-installed some recovery stuff. Not sure how that worked, but cool. Partition was always there, but I guess it was just having some issues. Was able to recover after all.
|
# ? Feb 2, 2013 09:04 |
|
Yechezkel posted:I almost fell for this one: Oh gently caress. I may have clicked something like this on my work mac.
|
# ? Feb 2, 2013 11:05 |
|
Zwabu posted:Wife's computer has a "Speedy PC Pro" pop up saying she has 269 infections yada yada. Popup notes that it's a "Microsoft Partner!" and popup came up with VOICE/SOUND announcing the infections. Is this a virus and if so what is the best removal tool? I had this one on a client machine the other day. There was a MBR rootkit, so make sure you check well. But, for the speedy pc reg thing, it was just an uninstall from add/remove programs.
|
# ? Feb 3, 2013 00:53 |
|
Setting up a new PC and I'd like to do it right. Is there anything that isn't in the OP that anyone would recommend as far as setting the new PC up? What software do people recommend, or has it not changed much since the OP was last updated?
|
# ? Feb 3, 2013 09:47 |
|
Revener posted:Setting up a new PC and I'd like to do it right. Is there anything that isn't in the OP that anyone would recommend as far as setting the new PC up? What software do people recommend, or has it not changed much since the OP was last updated? just re-read it, it seems good to me. fresh install/uninstall any OEM poo poo, update drivers, let ms update do it's thing, install latest adobe and set it to patch automatically, ditto for java if needed, install MSE (it's as good as NOD - and I swore by NOD a couple years ago), put chrome/firefox on with adblock. golden, until your user is an idiot and opens "Fax From A Tracking UPS Delivery HP FaxJet ScanCenter . PDF.DOC.XLS.EXE.JPG"
|
# ? Feb 3, 2013 12:05 |
|
So, in the topic of malware prevention we just implemented ScanSafe company wide on a little over 6000 systems a while back and since that has happened our virus tickets have declined rapidly. I was averaging about 25-28 tickets a month for virus issues, ever since it went live a month ago i've gotten 3 tickets, 2 of them came in on the day we started deploying so it probably wasn't active on their machines yet and the 3rd one was for an area of the world we don't have ScanSafe in yet. I literally have not had to reach out and repair a virus issue since. If I look at the logs for it I can see it stopping stuff from loading in the browser all over the place it is really amazing. I wasn't sure how effective it would be but for something that is relatively light weight running as an agent on the local machine it keeps crap off our systems 24/7 and with better results than AV with minimal management other than checking logs/reports here and there. Not saying it replaces AV software but it is far more effective at stopping browser based drive by attacks than our AV solution.
|
# ? Feb 3, 2013 17:01 |
|
Revener posted:Setting up a new PC and I'd like to do it right. Is there anything that isn't in the OP that anyone would recommend as far as setting the new PC up? What software do people recommend, or has it not changed much since the OP was last updated? Ninite.com will speed up the process immensely.
|
# ? Feb 3, 2013 19:56 |
|
How do you clean up and lock down a personal Mac? I know how to do a Windows PC, but haven't used a Mac since the old black and white ones. I'm guessing it's something like: - Update OS to latest version (buy the update). - Run the Software Update thingy - Update Flash (download newest version) - Remove Java if she's not using it, update it if she is - Update Microsoft Office via the Help menu - Update Acrobat Reader via the Help menu - Update her browser and plugins (procedure varies depending on which one she's using, try to switch her to Chrome or Firefox) What's the recommended anti-virus for Mac, Avast? Is there a recommended tool for an offline scan - something she can burn to CD, boot from, and it will scan for viruses or malware? What am I missing?
|
# ? Feb 4, 2013 07:41 |
|
Hey, everyone. I think I got some poo poo here on my other computer (the "fun" computer, as opposed to the "work" one, thankfully). We're usually careful online here at home and haven't had any malware trouble for a long time, at least ever since we started using the MSE/Adblock/NoScript combo. But something creeped up through a bundle. We downloaded something from a site that used be a useful source of all sort of tools and stuff (a Brazilian site called Baixaki (means "Download Here". Before anyone asks what I'm doing in shady Brazilian sites, I'm Brazilian, BTW, and this used to be a very trustworthy site here), but it seems it's not the same anymore, and they've been letting all sorts of malware get bundled in with their stuff. An annoying little thing called 22apple managed to creep in from installing something else (a video converter, in fact, in case anyone want to know). It created a shortcut on the desktop (which, judging from the shortcut properties, opens Firefox, but on the 22apple.com page) and has unreturnably set all browsers' home pages to 22apple.com (an obviously shady site). As a bonus it seems to have slowed booting down as well. I have ran MSE and MalwareBytes, but they're not catching it. I also see very little information online about the drat thing. I've just found out they also seem to have installed another little bugger called Penwes, which might be responsible for the gently caress-ups as well. Help, guys? EDIT: it seems to be something new, I guess. ThreatExpert has a report (one, precisely one report) on it: http://www.threatexpert.com/report.aspx?md5=507cbfce1e80bbfa8abbc1d655c75f05 . Pretty much matches what happened here. Crimsonjewfro fucked around with this message at 09:11 on Feb 4, 2013 |
# ? Feb 4, 2013 08:59 |
|
You can try either manually removing all the things it has changed (the ThreatExpert page you linked seems to be a good source) or you can try a system restore; the latter would be the better option. It doesn't look like it's doing anything too clever that a wind-back won't fix it.
|
# ? Feb 4, 2013 15:14 |
|
Can also try giving Hitman Pro a run to see if it can detect it. It isn't free to remove stuff though if I remember correctly, but if it does find anything it should give some direction in where it is located & how it is starting for manual removal purposes.
|
# ? Feb 4, 2013 15:58 |
|
Khablam posted:You can try either manually removing all the things it has changed (the ThreatExpert page you linked seems to be a good source) or you can try a system restore; the latter would be the better option. Hex Darkstar posted:Can also try giving Hitman Pro a run to see if it can detect it. It isn't free to remove stuff though if I remember correctly, but if it does find anything it should give some direction in where it is located & how it is starting for manual removal purposes. Thanks, guys! Hitman Pro doesn't seem to be working (we downloaded the installer from the SurfRight page, but buttons and everything in the installation screen are completely blank. That's kinda serious, isn't it?), and I'm too much of a pussy to try removing things manually (I'm sure it didn't do everything exactly like the ThreatExpert report, and the regedit scares me shitless). I'm trying the system restore right now. <s>Edit: a partial success, it seems. Firefox now starts normally, but Chrome still opens on the drat 22apple page.</s> Seems all right now. Firefox is clean, and Chrome only had it as its home page at first, but we manually reset it to something else and it didn't change it back to 22apple.com as it would do before system restore. Gonna probe a little to see if it's really gone, but it seems so. Crimsonjewfro fucked around with this message at 17:12 on Feb 4, 2013 |
# ? Feb 4, 2013 17:01 |
|
When I try to view this photo: http://i1358.photobucket.com/albums/q770/DanWestfall/Roubo/IMG_20130111_144804_551_zps857f5e12.jpg Avast goes off telling me it's url: mal. I googled trying to find out if it's a false positive but nothing. Anyone else have trouble with the link?
|
# ? Feb 7, 2013 23:23 |
|
wormil posted:When I try to view this photo: It just opened up to a harmless looking photo for me.
|
# ? Feb 8, 2013 04:21 |
|
Zogo posted:It just opened up to a harmless looking photo for me. YOU NOW HAVE ROOTKIT.KINJECT ALSO AIDS
|
# ? Feb 8, 2013 05:22 |
|
I've been fixing a lot of computers with the FBI Moneypak Ransomware Virus. Luckily, it's pretty easy to remove. MBAM and plenty of others detect it. Also, have you guys had to deal with that Ransomware that is completely in russian? It fucks with the MBR and it took me a while to fix it.
|
# ? Feb 9, 2013 01:31 |
|
I think I ran into its Canadian counter part yesterday afternoon it was a U KASH ransomware that installed SST.C's bootkit. Nothing works on it in terms of dedicated anti-malware tools that i've seen MBAM kills the ransomware but doesn't detect the MBR infection it even stops TDSSKiller & aswMBR from starting as well. I did however have luck with a program I found while googling around, it is a tool called MBRFixyou can run inside windows in case you're doing remote support. I tried it on an XP machine yesterday and it was able to fix/purge the infected MBR and allow me to run TDSSKiller to make sure nothing else was lurking in the background. I'm not sure how dependable it is but this was a last resort thing for me so use it at your own risk if you decide to try it.
|
# ? Feb 9, 2013 17:38 |
|
Hex Darkstar posted:I think I ran into its Canadian counter part yesterday afternoon it was a U KASH ransomware that installed SST.C's bootkit. Nothing works on it in terms of dedicated anti-malware tools that i've seen MBAM kills the ransomware but doesn't detect the MBR infection it even stops TDSSKiller & aswMBR from starting as well. I did however have luck with a program I found while googling around, it is a tool called MBRFixyou can run inside windows in case you're doing remote support. I tried it on an XP machine yesterday and it was able to fix/purge the infected MBR and allow me to run TDSSKiller to make sure nothing else was lurking in the background. I'm not sure how dependable it is but this was a last resort thing for me so use it at your own risk if you decide to try it. That sounds like it was fun to remove :P Also, I don't believe I've heard of MBRFix, I will check it out sometime.
|
# ? Feb 9, 2013 21:00 |
|
|
# ? Jun 7, 2024 23:11 |
|
The joys of supporting remote users that insist on having admin privileges on their machine . Thankfully once they all get refreshed to Windows 7 that will be a thing of the past. Only users like developers will be granted admin rights and only local to their machine not on their active directory profile. We support both US & CA users the US side has been setup with Win 7 like described above and it has saved us from a lot of the really nasty infections that need admin access to mess with the MBR/install rootkits. The worst we get is ransomware blanking out the screen and that can be easily dealt with by logging in another profile other than the infected one.
|
# ? Feb 9, 2013 21:29 |