+ Post New Thread
Page 2 of 8 FirstFirst 123456 ... LastLast
Results 16 to 30 of 111
General Chat Thread, Compromised Websites - Anyone else affected yet? in General; The Tech's mum had this the other night and then the following day one of the cleaners had it on ...
  1. #16
    36Degrees's Avatar
    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    1,036
    Thank Post
    161
    Thanked 147 Times in 119 Posts
    Rep Power
    50
    The Tech's mum had this the other night and then the following day one of the cleaners had it on her netbook. Just asked the Tech and he says that MalwareBytes cleanded them both but only after the program had been fully updated.

  2. #17
    Jamman960's Avatar
    Join Date
    Sep 2007
    Location
    London/Kent
    Posts
    959
    Thank Post
    173
    Thanked 191 Times in 153 Posts
    Rep Power
    45
    Just had our site managers home laptop brought in, a system restore appears to have resolved the issue so far. Going to run malware bytes get rid of any left over files.

  3. #18
    Pyroman's Avatar
    Join Date
    Sep 2007
    Posts
    1,160
    Thank Post
    413
    Thanked 130 Times in 96 Posts
    Rep Power
    70
    I used the Symantec Endpoint Recovery Tool and loaded virus definitions onto a USB stick, bonus witht he tool is it runs from a Live/Boot CD, found it straight away

  4. #19

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,192
    Thank Post
    52
    Thanked 270 Times in 178 Posts
    Rep Power
    131
    I've had it on a couple of PCs (work & home) - its quite naughty and disables Task Manager, Process Explorer, Regedit and others. What I did...

    Boot in Safe Mode (with Networking) and log in as the affected user
    In the registry - go to the Local User/....../Run & RunOnce and look for suspicious loads - its usually a <random alphanumeric name>.exe - delete it from the registry
    Search for the file on the system drive & delete it from there

    I read it can also mess with the hosts file & other internet settings - but that wasn't the case for me.

    Very annoying - especially as I have quite a lot of "protection"

  5. 2 Thanks to SpuffMonkey:

    CAM (2nd March 2011), speckytecky (2nd March 2011)

  6. #20

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,466
    Thank Post
    292
    Thanked 301 Times in 260 Posts
    Rep Power
    80
    Quote Originally Posted by SYNACK View Post
    THe version that I had walked right past Symantec Endpoint Protection (older version that may have had outdated defs) and killed taskmanager and sep itself, on XP though. ANyone had this affect WIndows 7?
    We only run W7 here and it was getting a few of our users last month

  7. #21
    mole's Avatar
    Join Date
    Mar 2007
    Location
    Teignmouth
    Posts
    359
    Thank Post
    109
    Thanked 38 Times in 37 Posts
    Rep Power
    23
    Had 2 so far, users personal laptops. If anymore come I will clean them in my own time and charge £35

  8. #22

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,106
    Thank Post
    1,901
    Thanked 1,340 Times in 739 Posts
    Blog Entries
    3
    Rep Power
    394
    I've got two PCs waiting for me at home tonight that have been dropped off this morning so some easy money coming my way.

  9. #23

    Join Date
    Dec 2008
    Location
    Cheshire
    Posts
    63
    Thank Post
    7
    Thanked 12 Times in 11 Posts
    Rep Power
    18
    We have had a few of these as well. Kaspersky's free virus removal tool Virus Removal Tools (scroll to the bottom) in conjunction with Malwarebytes seems to have done the trick.

  10. #24
    krisd32's Avatar
    Join Date
    Feb 2006
    Location
    Longridge, Preston
    Posts
    542
    Thank Post
    85
    Thanked 67 Times in 46 Posts
    Rep Power
    42
    I had this on a friends laptop the other night and malbytes and the the most upto date defintions seemed to clear it off. Then an install and sweep with mse to double check and everything was all good. This was on win 7 home premium.

  11. #25
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    3,703
    Thank Post
    755
    Thanked 296 Times in 233 Posts
    Blog Entries
    60
    Rep Power
    243
    Ahhh! I cleaned this off of a relative's PC the other night. Took from 7pm - 11pm including the masses of updates she had missing. Housecall, my usual go to for compromised (non-commercial) systems, will not pick this up in safe mode. Be warned! However I crippled the virus with a few registry keys and file deletions.

    The virus will display the pictured message and claim that any program you launch is infected with malware, even task manager. It then attempts to sell you Fake Antivirus.

    1) Start the PC in Safe Mode.
    2) Delete the registry keys mentioned by Spuffmonkey in Run and RunOnce. They are randomly generated.
    3) This is the hard one, there is a randomly named folder in the registry somewhere with lots of keys with more random names that even had spaces and symbols. Delete them. Unfortunately I didn't write down the location but I think it was in a Microsoft\Windows registry folder.
    4) Delete C:\Program Files\Personal Antivirus
    5) Delete the randomly named folders (same string as the folder deleted from the registry) in C:\Documents and Settings\<username>\Application Data (Again I didn't write my method down so I don't know the exact path, they amy be deeper in).
    6) Restart and you should have control of your desktop again. If the message appears it is still there.
    7) Run a full virus scan, restart and run it again.

  12. #26
    AyatollahPies's Avatar
    Join Date
    Jan 2008
    Location
    Earth
    Posts
    900
    Thank Post
    48
    Thanked 105 Times in 95 Posts
    Rep Power
    41
    It would be nice to hear what the many AV companies that read/reply on Edugeek have to say about why their products are not picking this up.

    This isn't a new type of infection.

  13. #27

    Join Date
    Apr 2006
    Posts
    382
    Thank Post
    23
    Thanked 95 Times in 61 Posts
    Rep Power
    44
    This happened to me on Sunday. The machine I was working at (and not viewing any particularly objectionable websites, I hasten to add!) suddenly opened Adobe Reader (an old version) and then started showing the warning. Immediately disconnected from the Internet . . . . .

    As Localzuk says it just hit my profile (Win7, running as standard user), and I fixed it by logging in as a different user and running a bunch of different AV applications.

  14. #28

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,483
    Thank Post
    527
    Thanked 875 Times in 682 Posts
    Blog Entries
    15
    Rep Power
    438
    Had this come up twice. Malwarebytes on it's own didn't do much, however running it as well as having MSSE alongside it did the trick.
    One machine had already downloaded something nastier too, which needed a lot of manual work to get rid. The biggest culprits are a randomly named folder containing 2 files in teh Appdata folder for all users and/or current user depending on security of the machine, as well as a bitmap file in the root of C. Safe mode, manual remove, job done > grab note of the filenames, search registry and remove references therein.

  15. #29
    Chris_'s Avatar
    Join Date
    Jul 2010
    Location
    UK
    Posts
    635
    Thank Post
    128
    Thanked 103 Times in 87 Posts
    Rep Power
    41
    Seen this on about 5 computers so far. A couple at school and a few on peoples home computers. Had it on both XP and Vista. Used MalwareBytes to remove it in safe mode.

  16. #30

    Join Date
    Jun 2007
    Location
    Wakefield, West Yorkshire
    Posts
    585
    Thank Post
    83
    Thanked 112 Times in 91 Posts
    Rep Power
    57
    Again, seen that on a friends and sorted it with safemode and malware bytes.

SHARE:
+ Post New Thread
Page 2 of 8 FirstFirst 123456 ... LastLast

Similar Threads

  1. Replies: 5
    Last Post: 21st October 2010, 04:20 PM
  2. Staffordshire Job evaluation - Are you affected?
    By adicken in forum Educational IT Jobs
    Replies: 81
    Last Post: 22nd January 2009, 11:01 AM
  3. Norfolk MRS Affected People
    By plexer in forum General Chat
    Replies: 21
    Last Post: 22nd October 2008, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •