50 replies to this topic 1 votes

[neufuse]

obiwankenobi, on 23 January 2013 - 03:26, said:

Exactly. Every time I've seen this infection, it's never had anything to do with porn. </s>

you can get this crap from infected sites that aren't porn, Houzz.com definatly isn't a porn site, and I got hit by it there..... our local newspaper got hit thanks to one of their stupid ad providers..... anyone who went to the paper site got something similar....

[Obi-Wan Kenobi]

Titoist, on 23 January 2013 - 03:32, said:

Command prompt.

LOLOLOLOL!!!!!! Too funny!

neufuse, on 23 January 2013 - 03:32, said:

you can get this crap from infected sites that aren't porn, Houzz.com definatly isn't a porn site, and I got hit by it there..... our local newspaper got hit thanks to one of their stupid ad providers..... anyone who went to the paper site got something similar....

Yeah, a drive by download....which happens to unpatched machines. Not my first time dealing with them. PatchMyPC(dot)net. Sure does help!

[CrashGordon]

I just had this happen to a co-worker on a company laptop (it's a POS, but anyways) and ended up just doing a format/clean install (was quicker/easier) all (needed) docs and such were on the server (and if they weren't, lesson learned).

And that lesson was:
1) Use a better AV,
2) Disable Java
3) Backup anything not on the server

[JaredFrost]

My brother guy the exact same one, he was so panicked it was hilarious, I made fun of him good for it, I suspect he got it from
using one of those websites that let you watch TV shows for free, and using a java exploit, so I removed the trojan and Java.

[Dot Matrix]

OP:

Take the time to make sure his PC is up to date, browsers updates, everything.

As for his browsers,

if he's using Firefox: Make sure to install AdBlock Plus, and NoScript.
if he's using Chrome: install Adblock, and Disconnect.
if he's using IE9/10: Install the FanBoy and EasyList adblocking TPLs. Also make sure that SmartScreen filter is running.

Should help him in the future. They'll prevent arbitrary code from running. Also make sure any and all unneeded addons are eliminated.

Also, if possible, remove him from the default administrator account. If he's going to keep calling you for help, just set yourself up as the administrator. Lol. It's what I did for my parents, and as annoying as it was for them, it worked. They couldn't run anything without my permission.

[neufuse]

obiwankenobi, on 23 January 2013 - 03:34, said:

LOLOLOLOL!!!!!! Too funny!


Yeah, a drive by download....which happens to unpatched machines. Not my first time dealing with them. PatchMyPC(dot)net. Sure does help!

unpatched machine? you mean a patch for something like Java which DIDN'T have a patch out, and is something that is actually required in a lot of business environments at the browser level?..... please tell me how it could of been more pached then the latest patches out there by Oracle and Microsoft....

[Titoist]

I just finished removing the virus using Malwarebytes. 117 Infections in total. Oy. Machine was Windows 7 fully patched. I ran the updates 2 days ago. I will be installing Win8 this weekend. Oh, and he was using a Guest Account named Family. Not an administrator account.

[jkrupa128]

I love how everybody defends shady internet usage..."I visited GOOGLE.COM and my machine got infected, yea it could happen!"

[Dot Matrix]

Titoist, on 23 January 2013 - 03:41, said:

I just finished removing the virus using Malwarebytes. 117 Infections in total. Oy. Machine was Windows 7 fully patched. I ran the updates 2 days ago. I will be installing Win8 this weekend. Oh, and he was using a Guest Account named Family. Not an administrator account.

How the heck is arbitrary code running on a guest account?

[Titoist]

Dot Matrix, on 23 January 2013 - 03:47, said:

How the heck is arbitrary code running on a guest account?

Beats me, I was surprised.

Edit: http://social.msdn.m...0e-235500ab5421

Looks like viruses can still install on a guest account and run, but are not system wide and thus will not affect other users. This is how I was able to remove it. I ran Malwarebytes on the admin account.

[Dushmany]

Well, regardless, OP Thank you for letting us know, (least in my case I saw this as a service done by Titoist)

[CrashGordon]

I see the next question as: Was UAC on?

[warwagon]

The funny thing about java is, it's never fully patched. Even the newest version of java is a threat.

[+jeston]

Someone I work with got the FBI one, and, wait for it, she PAID IT!!!! She came to work talking about how the FBI made her pay $300 for "something" or they wouldn't unlock her computer. We could not believe how stupid that was. Obviously she or her spouse is a little guilty of something...

[CrashGordon]

jeston, on 23 January 2013 - 05:17, said:

Someone I work with got the FBI one, and, wait for it, she PAID IT!!!! She came to work talking about how the FBI made her pay $300 for "something" or they wouldn't unlock her computer. We could not believe how stupid that was. Obviously she or her spouse is a little guilty of something...

of being a idiot. They must've had more dollars than sense.... now they have a little less... of both.

AND that's EXACTY the people they prey on. The uninformed/non-neowinian type (we all know better...right?)