Jump to content



Photo

[Virus/Malware] I involved the POLICE!


  • Please log in to reply
50 replies to this topic

#46 rippleman

rippleman

    Neowinian Senior

  • Joined: 17-June 09
  • Location: Near Calgary, Alberta
  • OS: Windows 7
  • Phone: Nexus 4

Posted 23 January 2013 - 05:31

i just removed this one from a friends laptop the other day. From what i could tell, it came from putlocker and/or skype, but could have other delivery methods. the girl that i removed it for actually thought it was real at first.


#47 Nashy

Nashy

    Neowinian Senior

  • Joined: 05-September 04
  • Location: Brisbane, Australia
  • OS: Windows 7 Ultimate
  • Phone: Nokia Lumia 925

Posted 23 January 2013 - 05:31

I don't see any identifying details even removed by yourself from the screen shot. How do you know details were stolen.

Sounds like a case of a parent who doesn't know enough about the Internet, trying to do something and not realising it's unsafe and giving away details.

#48 CrashGordon

CrashGordon

    The Perfect Threesome: Lime, Salt & Tequila

  • Joined: 31-January 04
  • Location: Atlanta, GA
  • Phone: Jackson JS3 Kelly Bird IV through a Fender Rumble 150. Can ya hear me now?

Posted 23 January 2013 - 05:39

@Nashy I already asked that, and was given an answer.

#49 +goretsky

goretsky

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 12-March 04
  • Location: Southern California

Posted 23 January 2013 - 08:27

Hello,

A fairly common scam/piece of malware, I've seen it called Win32/Reveton or simply "Moneypak." It displays fake "announcements" from various law enforcement agencies around the world. Here are a couple of articles about it:I have heard of FBI (US), Garda (Ireland) and Metropolitan Police (UK) versions of this, but this is the first time I can recall hearing about an RCMP-specific version.

It is very likely your anti-malware/security vendor's technical support department is quite familiar with removing this, and can give additional instructions on securing the machine.

For example, one might want to check the hosts file on the computer and/or the DNS servers being used, in case they were involved in what looks like a redirection of Google's web site.

Regards,

Aryeh Goretsky

#50 Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 7
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 23 January 2013 - 11:17

My Sister in laws friend has this aswell so it must be doing the rounds


there are lots of different versions of it for different Countrys

https://www.botnets....dex.php/Reveton


and also removal instructions

http://www.f-secure....2_reveton.shtml

#51 vetneufuse

neufuse

    Neowinian Senior

  • Joined: 16-February 04

Posted 23 January 2013 - 12:17

How the heck is arbitrary code running on a guest account?


because even with a guest account, if you get in through an exploit you could still potentially run admin level code if the exploit is the right type... that's the whole point of security elevation exploits...

I love how everybody defends shady internet usage..."I visited GOOGLE.COM and my machine got infected, yea it could happen!"


because, well IT CAN HAPPEN... if the host is infected... google image searches are the worst offenders.... giving false results that link back to a exploit



Click here to login or here to register to remove this ad, it's free!