[Virus/Malware] I involved the POLICE!


Recommended Posts

In the screenshot I didn't see where the SSN/SIC number was mentioned or blocked out, just a IP and City.

And curious minds want to know what the RCMP used to "check" the computer. Malwarebytes (pro or free version)?

More info was at the bottom, including how much needed to be paid, etc. I did not include it.

Link to comment
Share on other sites

In the screenshot I didn't see where the SSN/SIC number was mentioned or blocked out, just a IP and City.

And curious minds want to know what the RCMP used to "check" the computer. Malwarebytes (pro or free version)?

I'd like to know the name of this supposed "dos" program, considering Windows hasn't used "dos" since....forever ago.

why do you highly doubt it? I saw someone at work get the FBI scam one from a google image search, after clicking on the image it went right to that via an exploit (we think it was a java exploit)

I got hit with something similar on Houzz.com, and that is not a malware site, it's a pretty large house design site...

sounds like "drive by downloads", usually happens because a machine is not fully patched. ;)

Link to comment
Share on other sites

I'd like to know the name of this supposed "dos" program, considering Windows hasn't used "dos" since....forever ago.

sounds like "drive by downloads", usually happens because a machine is not fully patched. ;)

Command prompt.

Link to comment
Share on other sites

Exactly. Every time I've seen this infection, it's never had anything to do with porn. </s> :rolleyes:

you can get this crap from infected sites that aren't porn, Houzz.com definatly isn't a porn site, and I got hit by it there..... our local newspaper got hit thanks to one of their stupid ad providers..... anyone who went to the paper site got something similar....

Link to comment
Share on other sites

Command prompt.

LOLOLOLOL!!!!!! Too funny! :rofl:

you can get this crap from infected sites that aren't porn, Houzz.com definatly isn't a porn site, and I got hit by it there..... our local newspaper got hit thanks to one of their stupid ad providers..... anyone who went to the paper site got something similar....

Yeah, a drive by download....which happens to unpatched machines. Not my first time dealing with them. PatchMyPC(dot)net. Sure does help! ;)

Link to comment
Share on other sites

I just had this happen to a co-worker on a company laptop (it's a POS, but anyways) and ended up just doing a format/clean install (was quicker/easier) all (needed) docs and such were on the server (and if they weren't, lesson learned).

And that lesson was:

1) Use a better AV,

2) Disable Java

3) Backup anything not on the server

Link to comment
Share on other sites

My brother guy the exact same one, he was so panicked it was hilarious, I made fun of him good for it, I suspect he got it from

using one of those websites that let you watch TV shows for free, and using a java exploit, so I removed the trojan and Java.

Link to comment
Share on other sites

OP:

Take the time to make sure his PC is up to date, browsers updates, everything.

As for his browsers,

if he's using Firefox: Make sure to install AdBlock Plus, and NoScript.

if he's using Chrome: install Adblock, and Disconnect.

if he's using IE9/10: Install the FanBoy and EasyList adblocking TPLs. Also make sure that SmartScreen filter is running.

Should help him in the future. They'll prevent arbitrary code from running. Also make sure any and all unneeded addons are eliminated.

Also, if possible, remove him from the default administrator account. If he's going to keep calling you for help, just set yourself up as the administrator. Lol. It's what I did for my parents, and as annoying as it was for them, it worked. They couldn't run anything without my permission.

Link to comment
Share on other sites

LOLOLOLOL!!!!!! Too funny! :rofl:

Yeah, a drive by download....which happens to unpatched machines. Not my first time dealing with them. PatchMyPC(dot)net. Sure does help! ;)

unpatched machine? you mean a patch for something like Java which DIDN'T have a patch out, and is something that is actually required in a lot of business environments at the browser level?..... please tell me how it could of been more pached then the latest patches out there by Oracle and Microsoft....

Link to comment
Share on other sites

I just finished removing the virus using Malwarebytes. 117 Infections in total. Oy. Machine was Windows 7 fully patched. I ran the updates 2 days ago. I will be installing Win8 this weekend. Oh, and he was using a Guest Account named Family. Not an administrator account.

Link to comment
Share on other sites

I just finished removing the virus using Malwarebytes. 117 Infections in total. Oy. Machine was Windows 7 fully patched. I ran the updates 2 days ago. I will be installing Win8 this weekend. Oh, and he was using a Guest Account named Family. Not an administrator account.

How the heck is arbitrary code running on a guest account?

Link to comment
Share on other sites

How the heck is arbitrary code running on a guest account?

Beats me, I was surprised.

Edit: http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/800a69df-8312-4105-b70e-235500ab5421

Looks like viruses can still install on a guest account and run, but are not system wide and thus will not affect other users. This is how I was able to remove it. I ran Malwarebytes on the admin account.

Link to comment
Share on other sites

Someone I work with got the FBI one, and, wait for it, she PAID IT!!!! She came to work talking about how the FBI made her pay $300 for "something" or they wouldn't unlock her computer. We could not believe how stupid that was. Obviously she or her spouse is a little guilty of something...

Link to comment
Share on other sites

Someone I work with got the FBI one, and, wait for it, she PAID IT!!!! She came to work talking about how the FBI made her pay $300 for "something" or they wouldn't unlock her computer. We could not believe how stupid that was. Obviously she or her spouse is a little guilty of something...

of being a idiot. They must've had more dollars than sense.... now they have a little less... of both.

AND that's EXACTY the people they prey on. The uninformed/non-neowinian type (we all know better...right?)

Link to comment
Share on other sites

i just removed this one from a friends laptop the other day. From what i could tell, it came from putlocker and/or skype, but could have other delivery methods. the girl that i removed it for actually thought it was real at first.

Link to comment
Share on other sites

I don't see any identifying details even removed by yourself from the screen shot. How do you know details were stolen.

Sounds like a case of a parent who doesn't know enough about the Internet, trying to do something and not realising it's unsafe and giving away details.

Link to comment
Share on other sites

Hello,

A fairly common scam/piece of malware, I've seen it called Win32/Reveton or simply "Moneypak." It displays fake "announcements" from various law enforcement agencies around the world. Here are a couple of articles about it:

I have heard of FBI (US), Garda (Ireland) and Metropolitan Police (UK) versions of this, but this is the first time I can recall hearing about an RCMP-specific version.

It is very likely your anti-malware/security vendor's technical support department is quite familiar with removing this, and can give additional instructions on securing the machine.

For example, one might want to check the hosts file on the computer and/or the DNS servers being used, in case they were involved in what looks like a redirection of Google's web site.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

My Sister in laws friend has this aswell so it must be doing the rounds

there are lots of different versions of it for different Countrys

https://www.botnets....dex.php/Reveton

and also removal instructions

http://www.f-secure.com/v-descs/trojan_w32_reveton.shtml

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.