+ Post New Thread
Page 1 of 8 12345 ... LastLast
Results 1 to 15 of 111
General Chat Thread, Compromised Websites - Anyone else affected yet? in General; As per the BBC story: BBC News - Britons caught out by booby-trapped web ads We have two laptops with ...
  1. #1

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,162
    Thank Post
    1,924
    Thanked 1,358 Times in 748 Posts
    Blog Entries
    3
    Rep Power
    400

    Compromised Websites - Anyone else affected yet?

    As per the BBC story:

    BBC News - Britons caught out by booby-trapped web ads



    We have two laptops with this swine of an infection. All were fully patched and the latest av defs installed. So far MalwareBytes and the AV programs haven't found anything to delete in safemode.

    Anyone else tackling them atm?

  2. Thanks to tech_guy from:

    speckytecky (2nd March 2011)

  3. #2

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    we've not had those, but we've been hit by google images. if someone goes on to google images and gets the results page, click on a result which loads up the page and the image above it, a lot of these are now redirecting to the fake AV pages. We've had about 10 students get this in the past week so far and all panic.

  4. #3

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,162
    Thank Post
    1,924
    Thanked 1,358 Times in 748 Posts
    Blog Entries
    3
    Rep Power
    400
    Does anyone know of a manual removal walkthrough? Nothing we've got has picked it up on the infected machines yet. PITA

  5. #4

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,162
    Thank Post
    1,924
    Thanked 1,358 Times in 748 Posts
    Blog Entries
    3
    Rep Power
    400
    Found this which is relevant to us:

    Remove System Tool and SystemTool (Uninstall Guide)

  6. 2 Thanks to tech_guy:

    JaTayler (14th March 2011), speckytecky (2nd March 2011)

  7. #5

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    7,231
    Thank Post
    1,446
    Thanked 1,859 Times in 1,252 Posts
    Blog Entries
    22
    Rep Power
    559
    Not hit by that but like above the fake AV warnings are coming thick and fast :/

  8. #6
    thomass's Avatar
    Join Date
    Nov 2009
    Posts
    20
    Thank Post
    0
    Thanked 5 Times in 3 Posts
    Rep Power
    11
    I had this infection on a staff laptop the other day, followed the instructions from Bleeping Computer which worked a treat.

  9. #7

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Had one of the teachers get this on a laptop at one of my sites. According to them they came back to their pc and it was like that.

    Can't be much help on removal though as this was the new school with XP, out of date av and everything so the solution I picked was simply to nuke it and put Windows 7 on it as it was about a week off happening anyway.
    Last edited by SYNACK; 2nd March 2011 at 11:30 AM.

  10. #8
    ticker's Avatar
    Join Date
    Mar 2006
    Location
    Waterfoot, Rossendale
    Posts
    312
    Thank Post
    71
    Thanked 26 Times in 20 Posts
    Rep Power
    22
    got one here not a school laptop but one of the teacher home laptop. we have also seen an increasing number of laptop infected with the fake av over the last few weeks.

  11. #9

    Join Date
    May 2010
    Location
    Kent
    Posts
    375
    Thank Post
    43
    Thanked 47 Times in 45 Posts
    Rep Power
    26
    We had this after 3 users visited the Easyjet website. Safe mode and Malwarebytes fixed the issue but it seems to be spreading like wildfire.

  12. #10

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,406
    Thank Post
    307
    Thanked 307 Times in 265 Posts
    Rep Power
    83
    We've had it on two PCs. After doing a full AV scan (MS Forefront Endpoint Essentials) that couldn't get rid of it we decided to just reimage.

  13. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Seems to be various versions of it about. Some get removed by Malwarebytes but some don't. The malware only sits in the profile of the affected user - so if push comes to shove, removing that profile fixes the issue from what I've found.

    On my third infected user now. CA eTrust doesn't find it.

  14. #12

    SYSMAN_MK's Avatar
    Join Date
    Sep 2005
    Posts
    4,012
    Thank Post
    490
    Thanked 1,345 Times in 731 Posts
    Rep Power
    429
    Just cleaning the 10th laptop so far this week. Have found the quickest solution is to remove the HDD, stick it an a caddy and then run a full scan with MSE.

  15. Thanks to SYSMAN_MK from:

    SimpleSi (5th March 2011)

  16. #13

    Join Date
    Jun 2008
    Location
    leicester
    Posts
    742
    Thank Post
    78
    Thanked 188 Times in 154 Posts
    Rep Power
    57
    I had one Monday morning, same message exactly. Much trickier to remove than the normal stuff, i struggled to find it. Sophos and Malwarebytes failed to find it. Superantisypware did the trick.

  17. #14

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,521
    Thank Post
    1,532
    Thanked 2,639 Times in 1,827 Posts
    Rep Power
    814
    Thanks for the heads-up - email sent to staff - whether they will take any notice is a different matter

  18. #15

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    THe version that I had walked right past Symantec Endpoint Protection (older version that may have had outdated defs) and killed taskmanager and sep itself, on XP though. ANyone had this affect WIndows 7?



SHARE:
+ Post New Thread
Page 1 of 8 12345 ... LastLast

Similar Threads

  1. Replies: 5
    Last Post: 21st October 2010, 05:20 PM
  2. Staffordshire Job evaluation - Are you affected?
    By adicken in forum Educational IT Jobs
    Replies: 81
    Last Post: 22nd January 2009, 12:01 PM
  3. Norfolk MRS Affected People
    By plexer in forum General Chat
    Replies: 21
    Last Post: 22nd October 2008, 08:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •