Jump to content



Photo

[Virus/Malware] I involved the POLICE!


  • Please log in to reply
50 replies to this topic

#31 vetneufuse

neufuse

    Neowinian Senior

  • Joined: 16-February 04

Posted 23 January 2013 - 03:32

Exactly. Every time I've seen this infection, it's never had anything to do with porn. </s> :rolleyes:


you can get this crap from infected sites that aren't porn, Houzz.com definatly isn't a porn site, and I got hit by it there..... our local newspaper got hit thanks to one of their stupid ad providers..... anyone who went to the paper site got something similar....


#32 +Obi-Wan Kenobi

Obi-Wan Kenobi

    "You were the chosen one!"

  • Joined: 11-November 02
  • Location: West-Central Texas

Posted 23 January 2013 - 03:34

Command prompt.


LOLOLOLOL!!!!!! Too funny! :rofl:

you can get this crap from infected sites that aren't porn, Houzz.com definatly isn't a porn site, and I got hit by it there..... our local newspaper got hit thanks to one of their stupid ad providers..... anyone who went to the paper site got something similar....

Yeah, a drive by download....which happens to unpatched machines. Not my first time dealing with them. PatchMyPC(dot)net. Sure does help! ;)

#33 CrashGordon

CrashGordon

    The Perfect Threesome: Lime, Salt & Tequila

  • Joined: 31-January 04
  • Location: Atlanta, GA
  • Phone: Jackson JS3 Kelly Bird IV through a Fender Rumble 150. Can ya hear me now?

Posted 23 January 2013 - 03:34

I just had this happen to a co-worker on a company laptop (it's a POS, but anyways) and ended up just doing a format/clean install (was quicker/easier) all (needed) docs and such were on the server (and if they weren't, lesson learned).

And that lesson was:
1) Use a better AV,
2) Disable Java
3) Backup anything not on the server

#34 JaredFrost

JaredFrost

    joO 4R3 73H L337!

  • Joined: 02-May 04

Posted 23 January 2013 - 03:36

My brother guy the exact same one, he was so panicked it was hilarious, I made fun of him good for it, I suspect he got it from
using one of those websites that let you watch TV shows for free, and using a java exploit, so I removed the trojan and Java.

#35 Dot Matrix

Dot Matrix

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 23 January 2013 - 03:39

OP:

Take the time to make sure his PC is up to date, browsers updates, everything.

As for his browsers,

if he's using Firefox: Make sure to install AdBlock Plus, and NoScript.
if he's using Chrome: install Adblock, and Disconnect.
if he's using IE9/10: Install the FanBoy and EasyList adblocking TPLs. Also make sure that SmartScreen filter is running.

Should help him in the future. They'll prevent arbitrary code from running. Also make sure any and all unneeded addons are eliminated.

Also, if possible, remove him from the default administrator account. If he's going to keep calling you for help, just set yourself up as the administrator. Lol. It's what I did for my parents, and as annoying as it was for them, it worked. They couldn't run anything without my permission.

#36 vetneufuse

neufuse

    Neowinian Senior

  • Joined: 16-February 04

Posted 23 January 2013 - 03:40

LOLOLOLOL!!!!!! Too funny! :rofl:


Yeah, a drive by download....which happens to unpatched machines. Not my first time dealing with them. PatchMyPC(dot)net. Sure does help! ;)


unpatched machine? you mean a patch for something like Java which DIDN'T have a patch out, and is something that is actually required in a lot of business environments at the browser level?..... please tell me how it could of been more pached then the latest patches out there by Oracle and Microsoft....

#37 OP Titoist

Titoist

    The Socialistician

  • Joined: 15-October 06
  • Location: Banff, Alberta
  • OS: OSX, iOS 7.1
  • Phone: iPhone 5S (32GB) Space Grey

Posted 23 January 2013 - 03:41

I just finished removing the virus using Malwarebytes. 117 Infections in total. Oy. Machine was Windows 7 fully patched. I ran the updates 2 days ago. I will be installing Win8 this weekend. Oh, and he was using a Guest Account named Family. Not an administrator account.

#38 jkrupa128

jkrupa128

    I'm not as think as you drunk I am.

  • Joined: 09-February 04

Posted 23 January 2013 - 03:45

I love how everybody defends shady internet usage..."I visited GOOGLE.COM and my machine got infected, yea it could happen!"

#39 Dot Matrix

Dot Matrix

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 23 January 2013 - 03:47

I just finished removing the virus using Malwarebytes. 117 Infections in total. Oy. Machine was Windows 7 fully patched. I ran the updates 2 days ago. I will be installing Win8 this weekend. Oh, and he was using a Guest Account named Family. Not an administrator account.


How the heck is arbitrary code running on a guest account?

#40 OP Titoist

Titoist

    The Socialistician

  • Joined: 15-October 06
  • Location: Banff, Alberta
  • OS: OSX, iOS 7.1
  • Phone: iPhone 5S (32GB) Space Grey

Posted 23 January 2013 - 03:49

How the heck is arbitrary code running on a guest account?


Beats me, I was surprised.

Edit: http://social.msdn.m...0e-235500ab5421

Looks like viruses can still install on a guest account and run, but are not system wide and thus will not affect other users. This is how I was able to remove it. I ran Malwarebytes on the admin account.

#41 +Aheer.R.S.

Aheer.R.S.

    I cannot Teach Him, the Boy has no Patience!

  • Tech Issues Solved: 9
  • Joined: 15-October 10
  • Location: Wolverhampton, United Kingdom
  • OS: Windows 7 X64 Ultimate Edition
  • Phone: Sony Xperia Z1 Compact

Posted 23 January 2013 - 03:54

Well, regardless, OP Thank you for letting us know, (least in my case I saw this as a service done by Titoist)

#42 CrashGordon

CrashGordon

    The Perfect Threesome: Lime, Salt & Tequila

  • Joined: 31-January 04
  • Location: Atlanta, GA
  • Phone: Jackson JS3 Kelly Bird IV through a Fender Rumble 150. Can ya hear me now?

Posted 23 January 2013 - 03:57

I see the next question as: Was UAC on?

#43 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 23 January 2013 - 04:53

The funny thing about java is, it's never fully patched. Even the newest version of java is a threat.

#44 Jeston

Jeston

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 07-July 05
  • Location: Las Cruces, NM, US

Posted 23 January 2013 - 05:17

Someone I work with got the FBI one, and, wait for it, she PAID IT!!!! She came to work talking about how the FBI made her pay $300 for "something" or they wouldn't unlock her computer. We could not believe how stupid that was. Obviously she or her spouse is a little guilty of something...

#45 CrashGordon

CrashGordon

    The Perfect Threesome: Lime, Salt & Tequila

  • Joined: 31-January 04
  • Location: Atlanta, GA
  • Phone: Jackson JS3 Kelly Bird IV through a Fender Rumble 150. Can ya hear me now?

Posted 23 January 2013 - 05:26

Someone I work with got the FBI one, and, wait for it, she PAID IT!!!! She came to work talking about how the FBI made her pay $300 for "something" or they wouldn't unlock her computer. We could not believe how stupid that was. Obviously she or her spouse is a little guilty of something...

of being a idiot. They must've had more dollars than sense.... now they have a little less... of both.

AND that's EXACTY the people they prey on. The uninformed/non-neowinian type (we all know better...right?)



Click here to login or here to register to remove this ad, it's free!