+ Post New Thread
Page 2 of 8 FirstFirst 123456 ... LastLast
Results 16 to 30 of 111
General Chat Thread, Compromised Websites - Anyone else affected yet? in General; The Tech's mum had this the other night and then the following day one of the cleaners had it on ...
  1. #16
    36Degrees's Avatar
    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    1,060
    Thank Post
    165
    Thanked 153 Times in 124 Posts
    Rep Power
    52
    The Tech's mum had this the other night and then the following day one of the cleaners had it on her netbook. Just asked the Tech and he says that MalwareBytes cleanded them both but only after the program had been fully updated.

  2. #17
    Jamman960's Avatar
    Join Date
    Sep 2007
    Location
    London/Kent
    Posts
    992
    Thank Post
    186
    Thanked 197 Times in 157 Posts
    Rep Power
    47
    Just had our site managers home laptop brought in, a system restore appears to have resolved the issue so far. Going to run malware bytes get rid of any left over files.

  3. #18
    Pyroman's Avatar
    Join Date
    Sep 2007
    Posts
    1,210
    Thank Post
    434
    Thanked 140 Times in 105 Posts
    Rep Power
    73
    I used the Symantec Endpoint Recovery Tool and loaded virus definitions onto a USB stick, bonus witht he tool is it runs from a Live/Boot CD, found it straight away

  4. #19

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,240
    Thank Post
    55
    Thanked 278 Times in 186 Posts
    Rep Power
    134
    I've had it on a couple of PCs (work & home) - its quite naughty and disables Task Manager, Process Explorer, Regedit and others. What I did...

    Boot in Safe Mode (with Networking) and log in as the affected user
    In the registry - go to the Local User/....../Run & RunOnce and look for suspicious loads - its usually a <random alphanumeric name>.exe - delete it from the registry
    Search for the file on the system drive & delete it from there

    I read it can also mess with the hosts file & other internet settings - but that wasn't the case for me.

    Very annoying - especially as I have quite a lot of "protection"

  5. 2 Thanks to SpuffMonkey:

    CAM (2nd March 2011), speckytecky (2nd March 2011)

  6. #20

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,529
    Thank Post
    301
    Thanked 304 Times in 263 Posts
    Rep Power
    83
    Quote Originally Posted by SYNACK View Post
    THe version that I had walked right past Symantec Endpoint Protection (older version that may have had outdated defs) and killed taskmanager and sep itself, on XP though. ANyone had this affect WIndows 7?
    We only run W7 here and it was getting a few of our users last month

  7. #21
    mole's Avatar
    Join Date
    Mar 2007
    Location
    Teignmouth
    Posts
    406
    Thank Post
    116
    Thanked 49 Times in 45 Posts
    Rep Power
    26
    Had 2 so far, users personal laptops. If anymore come I will clean them in my own time and charge £35

  8. #22

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,136
    Thank Post
    1,913
    Thanked 1,345 Times in 743 Posts
    Blog Entries
    3
    Rep Power
    395
    I've got two PCs waiting for me at home tonight that have been dropped off this morning so some easy money coming my way.

  9. #23

    Join Date
    Dec 2008
    Location
    Cheshire
    Posts
    88
    Thank Post
    14
    Thanked 23 Times in 18 Posts
    Rep Power
    21
    We have had a few of these as well. Kaspersky's free virus removal tool Virus Removal Tools (scroll to the bottom) in conjunction with Malwarebytes seems to have done the trick.

  10. #24
    krisd32's Avatar
    Join Date
    Feb 2006
    Location
    Longridge, Preston
    Posts
    545
    Thank Post
    85
    Thanked 68 Times in 47 Posts
    Rep Power
    43
    I had this on a friends laptop the other night and malbytes and the the most upto date defintions seemed to clear it off. Then an install and sweep with mse to double check and everything was all good. This was on win 7 home premium.

  11. #25
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,190
    Thank Post
    839
    Thanked 374 Times in 290 Posts
    Blog Entries
    60
    Rep Power
    284
    Ahhh! I cleaned this off of a relative's PC the other night. Took from 7pm - 11pm including the masses of updates she had missing. Housecall, my usual go to for compromised (non-commercial) systems, will not pick this up in safe mode. Be warned! However I crippled the virus with a few registry keys and file deletions.

    The virus will display the pictured message and claim that any program you launch is infected with malware, even task manager. It then attempts to sell you Fake Antivirus.

    1) Start the PC in Safe Mode.
    2) Delete the registry keys mentioned by Spuffmonkey in Run and RunOnce. They are randomly generated.
    3) This is the hard one, there is a randomly named folder in the registry somewhere with lots of keys with more random names that even had spaces and symbols. Delete them. Unfortunately I didn't write down the location but I think it was in a Microsoft\Windows registry folder.
    4) Delete C:\Program Files\Personal Antivirus
    5) Delete the randomly named folders (same string as the folder deleted from the registry) in C:\Documents and Settings\<username>\Application Data (Again I didn't write my method down so I don't know the exact path, they amy be deeper in).
    6) Restart and you should have control of your desktop again. If the message appears it is still there.
    7) Run a full virus scan, restart and run it again.

  12. #26
    AyatollahPies's Avatar
    Join Date
    Jan 2008
    Location
    Earth
    Posts
    900
    Thank Post
    48
    Thanked 105 Times in 95 Posts
    Rep Power
    42
    It would be nice to hear what the many AV companies that read/reply on Edugeek have to say about why their products are not picking this up.

    This isn't a new type of infection.

  13. #27

    Join Date
    Apr 2006
    Posts
    389
    Thank Post
    23
    Thanked 95 Times in 61 Posts
    Rep Power
    45
    This happened to me on Sunday. The machine I was working at (and not viewing any particularly objectionable websites, I hasten to add!) suddenly opened Adobe Reader (an old version) and then started showing the warning. Immediately disconnected from the Internet . . . . .

    As Localzuk says it just hit my profile (Win7, running as standard user), and I fixed it by logging in as a different user and running a bunch of different AV applications.

  14. #28

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,066
    Thank Post
    592
    Thanked 1,039 Times in 797 Posts
    Blog Entries
    15
    Rep Power
    469
    Had this come up twice. Malwarebytes on it's own didn't do much, however running it as well as having MSSE alongside it did the trick.
    One machine had already downloaded something nastier too, which needed a lot of manual work to get rid. The biggest culprits are a randomly named folder containing 2 files in teh Appdata folder for all users and/or current user depending on security of the machine, as well as a bitmap file in the root of C. Safe mode, manual remove, job done > grab note of the filenames, search registry and remove references therein.

  15. #29
    Chris_'s Avatar
    Join Date
    Jul 2010
    Location
    UK
    Posts
    689
    Thank Post
    133
    Thanked 115 Times in 98 Posts
    Rep Power
    44
    Seen this on about 5 computers so far. A couple at school and a few on peoples home computers. Had it on both XP and Vista. Used MalwareBytes to remove it in safe mode.

  16. #30

    Join Date
    Jun 2007
    Location
    Wakefield, West Yorkshire
    Posts
    629
    Thank Post
    96
    Thanked 132 Times in 103 Posts
    Rep Power
    67
    Again, seen that on a friends and sorted it with safemode and malware bytes.

SHARE:
+ Post New Thread
Page 2 of 8 FirstFirst 123456 ... LastLast

Similar Threads

  1. Replies: 5
    Last Post: 21st October 2010, 04:20 PM
  2. Staffordshire Job evaluation - Are you affected?
    By adicken in forum Educational IT Jobs
    Replies: 81
    Last Post: 22nd January 2009, 11:01 AM
  3. Norfolk MRS Affected People
    By plexer in forum General Chat
    Replies: 21
    Last Post: 22nd October 2008, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •