Jump to content


[Virus/Malware] I involved the POLICE!

  • Please log in to reply
50 replies to this topic

#46 Rippleman


    Neowinian Senior

  • Joined: 17-June 09

Posted 23 January 2013 - 05:31

i just removed this one from a friends laptop the other day. From what i could tell, it came from putlocker and/or skype, but could have other delivery methods. the girl that i removed it for actually thought it was real at first.

#47 Nashy


    Neowinian Senior

  • Joined: 05-September 04
  • Location: Brisbane, Australia
  • OS: Windows 8.1
  • Phone: Samsung Galaxy S5 - SM-G900i

Posted 23 January 2013 - 05:31

I don't see any identifying details even removed by yourself from the screen shot. How do you know details were stolen.

Sounds like a case of a parent who doesn't know enough about the Internet, trying to do something and not realising it's unsafe and giving away details.

#48 CrashGordon


    The Perfect Threesome: Lime, Salt & Tequila

  • Joined: 31-January 04
  • Location: Atlanta, GA
  • Phone: Jackson JS3 Kelly Bird IV through a Fender Rumble 150. Can ya hear me now?

Posted 23 January 2013 - 05:39

@Nashy I already asked that, and was given an answer.

#49 +goretsky


    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 12-March 04
  • Location: Southern California
  • OS: Windows 8.1 Pro (x86)
  • Phone: HTC One M8 Windows Phone

Posted 23 January 2013 - 08:27


A fairly common scam/piece of malware, I've seen it called Win32/Reveton or simply "Moneypak." It displays fake "announcements" from various law enforcement agencies around the world. Here are a couple of articles about it:I have heard of FBI (US), Garda (Ireland) and Metropolitan Police (UK) versions of this, but this is the first time I can recall hearing about an RCMP-specific version.

It is very likely your anti-malware/security vendor's technical support department is quite familiar with removing this, and can give additional instructions on securing the machine.

For example, one might want to check the hosts file on the computer and/or the DNS servers being used, in case they were involved in what looks like a redirection of Google's web site.


Aryeh Goretsky

#50 Haggis


    Neowinian Senior

  • Tech Issues Solved: 17
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Mint 17.1
  • Phone: Samsung Galaxy S5

Posted 23 January 2013 - 11:17

My Sister in laws friend has this aswell so it must be doing the rounds

there are lots of different versions of it for different Countrys


and also removal instructions


#51 vetneufuse


    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 16-February 04

Posted 23 January 2013 - 12:17

How the heck is arbitrary code running on a guest account?

because even with a guest account, if you get in through an exploit you could still potentially run admin level code if the exploit is the right type... that's the whole point of security elevation exploits...

I love how everybody defends shady internet usage..."I visited GOOGLE.COM and my machine got infected, yea it could happen!"

because, well IT CAN HAPPEN... if the host is infected... google image searches are the worst offenders.... giving false results that link back to a exploit