22 posts in this topic

Posted

German federal police are warning about a computer virus that accuses victims of viewing "juvenile pornography".

It also displays an image that it claims reveals images of child sexual abuse have been viewed on a computer.

The Windows virus locks a computer and only returns control to its owner on payment of a 100 euro (

Share this post


Link to post
Share on other sites

Posted

I do not go to such sites so I am not worried.

Share this post


Link to post
Share on other sites

Posted

maybe somewhere in the source code there is an ASCII pedo bear ....

Share this post


Link to post
Share on other sites

Posted

I removed a simular virus for a neighbor last year.... all you do is safe mode + roll back... fixed
1 person likes this

Share this post


Link to post
Share on other sites

Posted

For less than that silly ransom, I could install a new hard drive. :laugh:
2 people like this

Share this post


Link to post
Share on other sites

Posted

[quote name='Hum' timestamp='1359769436' post='595495936']
For less than that silly ransom, I could install a new hard drive. :laugh:
[/quote]

I guess you have to appreciate this would terrify non-tech savvy users.
1 person likes this

Share this post


Link to post
Share on other sites

Posted

Spybot's good at getting rid of these things too
(Hasn't let me down yet, but then I have back up removers too)

Share this post


Link to post
Share on other sites

Posted

Yeah, a friend of mine got something similar last week. Took only a few minutes to clean but he was terrified. Thought his computer was full of viruses and he was going to have to pay to fix it.

Share this post


Link to post
Share on other sites

Posted

This is not anything new. It's actually extremely easy to clean out also. The problem with this attack and other variants is that there is a very high likelyhood that saved credentials are being stolen (log on and credit info from websites). If anyone needs help cleaning you can send me a PM but really there are tons of tools that will do it for you, what you should be concerned about is your information.

Share this post


Link to post
Share on other sites

Posted

yea ive also had to fix quite a few computers over the last few months with this one. It does a pretty good job at completely locking out the victim though, so I could see why it scares people, pretty much nothing works short of rebooting into safemode, from there its easy, but it for sure gives people a good scare.

Share this post


Link to post
Share on other sites

Posted

I will beware of child porn from here on out!! Thanks for the warning. That was close. Too close... :s

Share this post


Link to post
Share on other sites

Posted

[quote name='Growled' timestamp='1359774840' post='595496066']
Yeah, a friend of mine got something similar last week. Took only a few minutes to clean but he was terrified. Thought his computer was full of viruses and he was going to have to pay to fix it.
[/quote]

So how did you fix it ?

[quote name='*RedBull*' timestamp='1359875900' post='595498182']
I will beware of child porn from here on out!! Thanks for the warning. That was close. Too close... :s
[/quote]

I don't think people were visiting poRn sites at all -- but other questionable warez/pirate sites.


Here's an interesting article on ransomware:

http://blogs.technet.com/b/markrussinovich/archive/2013/01/07/3543763.aspx

Share this post


Link to post
Share on other sites

Posted

[quote name='Hum' timestamp='1359936890' post='595499540']
So how did you fix it ?
[/quote]

I started Windows in safe mode and ran rkill. I then ran spybot to make sure I got it.

Share this post


Link to post
Share on other sites

Posted

^ Is rkill part of Windows 7 Defender ... ?

I've always started the Task Manager as fast as possible, saw and stopped the bad process, then Deleted the .exe proggy.


Symantec provides a free tool, [url="http://security.symantec.com/nbrt/npe.aspx?lcid=1033"]Norton Power Eraser[/url], that seeks out and destroys ransomware and other forms of "scareware," like fake antivirus software.

Share this post


Link to post
Share on other sites

Posted

[quote name='Hum' timestamp='1359938887' post='595499588']
^ Is rkill part of Windows 7 Defender ... ?
[/quote]

No. You can find it here:

http://www.bleepingcomputer.com/download/rkill/

Share this post


Link to post
Share on other sites

Posted

I just ran the Norton Power Eraser -- nothing bad found. ;)

Share this post


Link to post
Share on other sites

Posted

[quote name='carmatic' timestamp='1359769085' post='595495916']
maybe somewhere in the source code there is an ASCII pedo bear ....
[/quote]

[img]http://farm4.static.flickr.com/3208/3285543930_a2f0e2dfdf.jpg[/img]

Share this post


Link to post
Share on other sites

Posted

[quote name='Gary7' timestamp='1359768874' post='595495912']
I do not go to [u]such sites[/u] so I am not worried.
[/quote]
[quote name='Hum' timestamp='1359936890' post='595499540']
I don't think people were visiting poRn sites at all -- but [u]other questionable warez/pirate sites.[/u]
[/quote]

This is just typical everyday virus stuff - nothing really new other than maybe the kiddie p0rn aspect of it, which is not really funny at all.


But these statements caught my eye - have you read cisco's report?

------
http://www.cisco.com/en/US/prod/vpndevc/2013-annual-security-report.pdf

The general belief is that sites that promote criminal activity

Share this post


Link to post
Share on other sites

Posted

[quote name='BudMan' timestamp='1360017107' post='595501518']
This is just typical everyday virus stuff - nothing really new other than maybe the kiddie p0rn aspect of it, which is not really funny at all.


But these statements caught my eye - have you read cisco's report?

------
[url="http://www.cisco.com/en/US/prod/vpndevc/2013-annual-security-report.pdf"]http://www.cisco.com...rity-report.pdf[/url]

The general belief is that sites that promote criminal activity

Share this post


Link to post
Share on other sites

Posted

Well I am not as paranoid as you when it comes to java ;) Yes it can be an exploitable point on a users machine while they browse the infection highway that is the public internet.. But their are also other exploits out there that are not java..

Your java threads come across that if your not running java your never going to get infected to me.. To be honest, I think a vast majority of infections are users just being stupid as users tend to be. Be it you have java installed or not.

Got an email from a friend while back -

[attachment=326760:exampleemail.jpg]

So in this day and age who in their right mind would follow such a link?? Did you just start using email yesterday? Have you not heard any virus related news in the last decade? I have blocked out the info -- because I don't want anyone following such a link out of pure curiosity, etc. Keep in mind the domain in question not even taking into account the rest of the url is not say youtube or other major players site where might be sending link to funny video or article of interest, etc. Then look at the rest of the url -- does that look like a normal link to you?? Really?

Is there any text to go along with said link - hey guys thought you all might find this funny or interesting, etc. Its clearly junk, even if she had sent me that on purpose I would not follow it because there is no explanation of why I should in her style of writing, etc.

So I contacted her right away, and stated either someone is sending junk using your email address, or your account has been compromised and is sending it. She said yeah quite a few of her friends had followed the link - and THEN contacted her on why she sent -- WTF??? Really Come on People!

If you have users that would click on said link, then you have 1000 more users out there that click on the flashy AD on some site that says "Click Me" you have won, or get something FREE or whatever other tricks they use to try and get your click.

I personally would never in a million years follow a AD of any sort.. Just not going to do it -- if in the off chance some Ad peaked my interested on a site.. I would look up that said something on my own and follow though with getting info I needed from my curiosity being peaked.

Do drive-by's happen - sure, is java used to exploit your machine again sure. But also just plain stupidity is to blame that has nothing to do with an exploit to the malware installed - user installed of their own free will is quite often the case. Antivirus/Security suites have a hard time with such software.. Because the user agreed to install it, etc. And yes it might of been in small print, but clearly stated that installing such software allows to access your contact list and send emails to your contacts 3000 times a day, etc. Or to popup **** on your screen that is stuff "we" think you might want, etc. Or we are going to reroute your internet traffic through our proxy/search engine so we can determine what you like and "better" serve you, etc. ;)

Now this ransomware seems very familiar to others out there just taking a different scare tactic approach to relieve idiots from their money -- hey your infected!! Click here to fix it, pay just $39.95 etc. Oh btw we hid all the items off the start bar because they were "infected" ;) We will put them back once they have been cleaned... After you pay the $39.95 -- Sorry that CC did not work, try another, Sorry that one not working either, try another, try another.. I have seen people feed in every CC they own into such nonsense.. Its like when they sit in front of computer they turn off their brain ;)

tl:dr -- ranting about users and infections and lack of common sense.

Share this post


Link to post
Share on other sites

Posted

[quote name='warwagon' timestamp='1360078383' post='595502666']
Malwarebytes also wasn't on the machine, even though the invoice said "Scanned with malwarebytes".

[i]I'm pretty sure he uninstalled it so the customers couldn't do their own scan.[/i]

*facepalm*
[/quote]

Glad I can fix my own computers. :s

Share this post


Link to post
Share on other sites

Posted

Agreed, yeah I saw that point - which I completely agree with.. Even people in IT can be clueless.. I just got side tracked with my rant and then when it finally clicked that this is getting so long that nobody is going to read it I forgot to agree with your "facepalm" ;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.