|
Namlemez posted:Got this on a machine through some random Java applet. This was like the most nefarious one I've ever had by far: I've been dealing with this for the last 2 days, that fix thing doesn't work for me. Aaaarrrgghhh
|
# ¿ Dec 16, 2008 22:20 |
|
|
# ¿ May 21, 2024 08:29 |
|
gently caress you Rapid Antivirus 2.7. Looks like combofix took care of it pretty quick though.
Kaboobi fucked around with this message at 17:13 on Jan 2, 2009 |
# ¿ Jan 2, 2009 17:09 |
|
Maniaman posted:Had an Acer on Friday with something called Antivirus8. Malwarebytes couldn't catch/kill it, external MSE scan couldn't get rid of it, ComboFix wouldn't even run on it. I finally got fed up and formatted the thing. Just ran into this today, it ate through Malwarebytes, but Combofix nuked it in safe mode. However, it left a "Debugger" registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe that wouldn't let explorer start when you booted up the system. Removed that and it all seemed fine after that. Kaboobi fucked around with this message at 23:41 on Nov 2, 2010 |
# ¿ Nov 2, 2010 23:37 |
|
sfwarlock posted:I'm crossing swords with ThinkPoint or whatever that poo poo is called for the first time. Boot into safe mode, kill the process, run combofix, make sure it didn't crap up anything in the registry. That should take care of it, at least in the two times I ran across it.
|
# ¿ Nov 17, 2010 21:44 |
|
One of my friends got hit by something that looks like the same thing today, I told her how to get into safe mode around it and run Combofix and Malwarebytes but haven't heard back from her yet. http://www.bleepingcomputer.com/virus-removal/remove-hard-drive-diagnostic edit: Probably a PDF exploit? (4:19:51 PM) Xxxxx: I feel bad for the people who get fooled by it (4:20:49 PM) Xxxxx: I was browsing with firefox and a page abruptly told me to update java and I needed additional plug ins and poo poo (4:20:55 PM) Xxxxx: On a page with no java on it (4:21:10 PM) Me: Hm (4:21:17 PM) Xxxxx: So I just closed everything and it opened some PDF file (4:21:25 PM) Xxxxx: Which I closed before it loaded (4:21:47 PM) Me: keep your adobe reader up to date! (4:22:12 PM) Xxxxx: I minimized it and saw the hdd diagnostic icon on the desktop and it auto popped the dumb fake program front up (4:22:12 PM) Me: if you get hit with an infected popup, there's nothing you can do besides do hard reboot without clicking ANYTHING (4:22:14 PM) Xxxxx: I do!! (4:22:16 PM) Me: just mash the power button Kaboobi fucked around with this message at 22:26 on Dec 6, 2010 |
# ¿ Dec 6, 2010 22:03 |
|
Midelne posted:This is your most probable venue of infection, given that when people say they "closed" something they usually mean that they clicked the red X in the upper-right of the window. Clicking anything at all on a malicious web page - even something that looks like a big inviting red X - is a bad idea. Yep, well aware. This is a friend though who will probably start doing that in the future. Anyone at my work will never actually learn to do this, I will have combofix on a locked flash drive until the day I die.
|
# ¿ Dec 6, 2010 23:37 |
|
Pope Guilty posted:Given that the Apple users I support can't reliably tell the difference between OSX prompting them for their computer's credentials and their school credentials... It's all going to be the same password anyway.
|
# ¿ May 12, 2011 14:55 |
|
Pope Guilty posted:One of these days the malware authors are going to figure out how to infect System Restore points, and on that day we are so hosed. They've been doing this for a while, annoying as hell.
|
# ¿ May 27, 2011 06:03 |
|
Maybe I'm missing something, but why is "%u%12" on the list?
|
# ¿ Aug 29, 2011 22:30 |
|
Biowarfare posted:Looks more like it tries personsusername1 and personsusername12 or something Oh duh, of course.
|
# ¿ Sep 2, 2011 04:00 |
|
|
# ¿ May 21, 2024 08:29 |
|
mindphlux posted:in other news, I just reformatted because of that google redirect thing, and changed all my banking passwords just in case. I'm still loving pissed off that a virus won - first time I've given up in a couple years. I've run into 3 of the same google redirects at work over the last few weeks, and haven't been able to fix it without a reformat. Would happen in every browser, not just IE, and not on all links. Nothing in hosts, nothing weird in IP settings, Malwarebytes/Symantec/SuperAntiSpyware/ComboFix/TDSS/loving everything didn't pick up a thing, no weird processes I could see, nothing out of the ordinary in hijack this logs, no corrupted system files, spent a good 4 hours just loving around it with it. If anyone else runs into a redirect and figures out what's going on, let me know.
|
# ¿ Nov 27, 2012 21:28 |