Sign in to follow this  
Followers 0

[Virus/Malware] I involved the POLICE!

51 posts in this topic

Posted

In the screenshot I didn't see where the SSN/SIC number was mentioned or blocked out, just a IP and City.

And curious minds want to know what the RCMP used to "check" the computer. Malwarebytes (pro or free version)?

More info was at the bottom, including how much needed to be paid, etc. I did not include it.

Share this post


Link to post
Share on other sites

Posted

In the screenshot I didn't see where the SSN/SIC number was mentioned or blocked out, just a IP and City.

And curious minds want to know what the RCMP used to "check" the computer. Malwarebytes (pro or free version)?

I'd like to know the name of this supposed "dos" program, considering Windows hasn't used "dos" since....forever ago.

why do you highly doubt it? I saw someone at work get the FBI scam one from a google image search, after clicking on the image it went right to that via an exploit (we think it was a java exploit)

I got hit with something similar on Houzz.com, and that is not a malware site, it's a pretty large house design site...

sounds like "drive by downloads", usually happens because a machine is not fully patched. ;)

Share this post


Link to post
Share on other sites

Posted

I'd like to know the name of this supposed "dos" program, considering Windows hasn't used "dos" since....forever ago.

sounds like "drive by downloads", usually happens because a machine is not fully patched. ;)

Command prompt.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

At least he did not fall for it

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Exactly. Every time I've seen this infection, it's never had anything to do with porn. </s> :rolleyes:

you can get this crap from infected sites that aren't porn, Houzz.com definatly isn't a porn site, and I got hit by it there..... our local newspaper got hit thanks to one of their stupid ad providers..... anyone who went to the paper site got something similar....

Share this post


Link to post
Share on other sites

Posted

Command prompt.

LOLOLOLOL!!!!!! Too funny! :rofl:

you can get this crap from infected sites that aren't porn, Houzz.com definatly isn't a porn site, and I got hit by it there..... our local newspaper got hit thanks to one of their stupid ad providers..... anyone who went to the paper site got something similar....

Yeah, a drive by download....which happens to unpatched machines. Not my first time dealing with them. PatchMyPC(dot)net. Sure does help! ;)

Share this post


Link to post
Share on other sites

Posted

I just had this happen to a co-worker on a company laptop (it's a POS, but anyways) and ended up just doing a format/clean install (was quicker/easier) all (needed) docs and such were on the server (and if they weren't, lesson learned).

And that lesson was:

1) Use a better AV,

2) Disable Java

3) Backup anything not on the server

1 person likes this

Share this post


Link to post
Share on other sites

Posted

My brother guy the exact same one, he was so panicked it was hilarious, I made fun of him good for it, I suspect he got it from

using one of those websites that let you watch TV shows for free, and using a java exploit, so I removed the trojan and Java.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

OP:

Take the time to make sure his PC is up to date, browsers updates, everything.

As for his browsers,

if he's using Firefox: Make sure to install AdBlock Plus, and NoScript.

if he's using Chrome: install Adblock, and Disconnect.

if he's using IE9/10: Install the FanBoy and EasyList adblocking TPLs. Also make sure that SmartScreen filter is running.

Should help him in the future. They'll prevent arbitrary code from running. Also make sure any and all unneeded addons are eliminated.

Also, if possible, remove him from the default administrator account. If he's going to keep calling you for help, just set yourself up as the administrator. Lol. It's what I did for my parents, and as annoying as it was for them, it worked. They couldn't run anything without my permission.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

LOLOLOLOL!!!!!! Too funny! :rofl:

Yeah, a drive by download....which happens to unpatched machines. Not my first time dealing with them. PatchMyPC(dot)net. Sure does help! ;)

unpatched machine? you mean a patch for something like Java which DIDN'T have a patch out, and is something that is actually required in a lot of business environments at the browser level?..... please tell me how it could of been more pached then the latest patches out there by Oracle and Microsoft....

1 person likes this

Share this post


Link to post
Share on other sites

Posted

I just finished removing the virus using Malwarebytes. 117 Infections in total. Oy. Machine was Windows 7 fully patched. I ran the updates 2 days ago. I will be installing Win8 this weekend. Oh, and he was using a Guest Account named Family. Not an administrator account.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

I love how everybody defends shady internet usage..."I visited GOOGLE.COM and my machine got infected, yea it could happen!"

Share this post


Link to post
Share on other sites

Posted

I just finished removing the virus using Malwarebytes. 117 Infections in total. Oy. Machine was Windows 7 fully patched. I ran the updates 2 days ago. I will be installing Win8 this weekend. Oh, and he was using a Guest Account named Family. Not an administrator account.

How the heck is arbitrary code running on a guest account?

1 person likes this

Share this post


Link to post
Share on other sites

Posted

How the heck is arbitrary code running on a guest account?

Beats me, I was surprised.

Edit: http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/800a69df-8312-4105-b70e-235500ab5421

Looks like viruses can still install on a guest account and run, but are not system wide and thus will not affect other users. This is how I was able to remove it. I ran Malwarebytes on the admin account.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Well, regardless, OP Thank you for letting us know, (least in my case I saw this as a service done by Titoist)

2 people like this

Share this post


Link to post
Share on other sites

Posted

I see the next question as: Was UAC on?

1 person likes this

Share this post


Link to post
Share on other sites

Posted

The funny thing about java is, it's never fully patched. Even the newest version of java is a threat.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Someone I work with got the FBI one, and, wait for it, she PAID IT!!!! She came to work talking about how the FBI made her pay $300 for "something" or they wouldn't unlock her computer. We could not believe how stupid that was. Obviously she or her spouse is a little guilty of something...

Share this post


Link to post
Share on other sites

Posted

Someone I work with got the FBI one, and, wait for it, she PAID IT!!!! She came to work talking about how the FBI made her pay $300 for "something" or they wouldn't unlock her computer. We could not believe how stupid that was. Obviously she or her spouse is a little guilty of something...

of being a idiot. They must've had more dollars than sense.... now they have a little less... of both.

AND that's EXACTY the people they prey on. The uninformed/non-neowinian type (we all know better...right?)

1 person likes this

Share this post


Link to post
Share on other sites

Posted

i just removed this one from a friends laptop the other day. From what i could tell, it came from putlocker and/or skype, but could have other delivery methods. the girl that i removed it for actually thought it was real at first.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

I don't see any identifying details even removed by yourself from the screen shot. How do you know details were stolen.

Sounds like a case of a parent who doesn't know enough about the Internet, trying to do something and not realising it's unsafe and giving away details.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

@Nashy I already asked that, and was given an answer.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Hello,

A fairly common scam/piece of malware, I've seen it called Win32/Reveton or simply "Moneypak." It displays fake "announcements" from various law enforcement agencies around the world. Here are a couple of articles about it:

I have heard of FBI (US), Garda (Ireland) and Metropolitan Police (UK) versions of this, but this is the first time I can recall hearing about an RCMP-specific version.

It is very likely your anti-malware/security vendor's technical support department is quite familiar with removing this, and can give additional instructions on securing the machine.

For example, one might want to check the hosts file on the computer and/or the DNS servers being used, in case they were involved in what looks like a redirection of Google's web site.

Regards,

Aryeh Goretsky

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.