+ Post New Thread
Page 1 of 8 12345 ... LastLast
Results 1 to 15 of 111
General Chat Thread, Compromised Websites - Anyone else affected yet? in General; As per the BBC story: BBC News - Britons caught out by booby-trapped web ads We have two laptops with ...
  1. #1

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,136
    Thank Post
    1,913
    Thanked 1,345 Times in 743 Posts
    Blog Entries
    3
    Rep Power
    395

    Compromised Websites - Anyone else affected yet?

    As per the BBC story:

    BBC News - Britons caught out by booby-trapped web ads



    We have two laptops with this swine of an infection. All were fully patched and the latest av defs installed. So far MalwareBytes and the AV programs haven't found anything to delete in safemode.

    Anyone else tackling them atm?

  2. Thanks to tech_guy from:

    speckytecky (2nd March 2011)

  3. #2

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    we've not had those, but we've been hit by google images. if someone goes on to google images and gets the results page, click on a result which loads up the page and the image above it, a lot of these are now redirecting to the fake AV pages. We've had about 10 students get this in the past week so far and all panic.

  4. #3

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,136
    Thank Post
    1,913
    Thanked 1,345 Times in 743 Posts
    Blog Entries
    3
    Rep Power
    395
    Does anyone know of a manual removal walkthrough? Nothing we've got has picked it up on the infected machines yet. PITA

  5. #4

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,136
    Thank Post
    1,913
    Thanked 1,345 Times in 743 Posts
    Blog Entries
    3
    Rep Power
    395
    Found this which is relevant to us:

    Remove System Tool and SystemTool (Uninstall Guide)

  6. 2 Thanks to tech_guy:

    JaTayler (14th March 2011), speckytecky (2nd March 2011)

  7. #5

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,864
    Thank Post
    1,322
    Thanked 1,684 Times in 1,129 Posts
    Blog Entries
    22
    Rep Power
    511
    Not hit by that but like above the fake AV warnings are coming thick and fast :/

  8. #6
    thomass's Avatar
    Join Date
    Nov 2009
    Posts
    20
    Thank Post
    0
    Thanked 5 Times in 3 Posts
    Rep Power
    10
    I had this infection on a staff laptop the other day, followed the instructions from Bleeping Computer which worked a treat.

  9. #7

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,205
    Thank Post
    876
    Thanked 2,729 Times in 2,308 Posts
    Blog Entries
    11
    Rep Power
    782
    Had one of the teachers get this on a laptop at one of my sites. According to them they came back to their pc and it was like that.

    Can't be much help on removal though as this was the new school with XP, out of date av and everything so the solution I picked was simply to nuke it and put Windows 7 on it as it was about a week off happening anyway.
    Last edited by SYNACK; 2nd March 2011 at 10:30 AM.

  10. #8
    ticker's Avatar
    Join Date
    Mar 2006
    Location
    Waterfoot, Rossendale
    Posts
    301
    Thank Post
    56
    Thanked 20 Times in 17 Posts
    Rep Power
    21
    got one here not a school laptop but one of the teacher home laptop. we have also seen an increasing number of laptop infected with the fake av over the last few weeks.

  11. #9

    Join Date
    May 2010
    Location
    Kent
    Posts
    375
    Thank Post
    43
    Thanked 47 Times in 45 Posts
    Rep Power
    25
    We had this after 3 users visited the Easyjet website. Safe mode and Malwarebytes fixed the issue but it seems to be spreading like wildfire.

  12. #10

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,400
    Thank Post
    303
    Thanked 304 Times in 263 Posts
    Rep Power
    82
    We've had it on two PCs. After doing a full AV scan (MS Forefront Endpoint Essentials) that couldn't get rid of it we decided to just reimage.

  13. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,949
    Thank Post
    519
    Thanked 2,500 Times in 1,941 Posts
    Blog Entries
    24
    Rep Power
    840
    Seems to be various versions of it about. Some get removed by Malwarebytes but some don't. The malware only sits in the profile of the affected user - so if push comes to shove, removing that profile fixes the issue from what I've found.

    On my third infected user now. CA eTrust doesn't find it.

  14. #12

    SYSMAN_MK's Avatar
    Join Date
    Sep 2005
    Posts
    4,007
    Thank Post
    490
    Thanked 1,345 Times in 731 Posts
    Rep Power
    429
    Just cleaning the 10th laptop so far this week. Have found the quickest solution is to remove the HDD, stick it an a caddy and then run a full scan with MSE.

  15. Thanks to SYSMAN_MK from:

    SimpleSi (5th March 2011)

  16. #13

    Join Date
    Jun 2008
    Location
    leicester
    Posts
    713
    Thank Post
    74
    Thanked 171 Times in 148 Posts
    Rep Power
    53
    I had one Monday morning, same message exactly. Much trickier to remove than the normal stuff, i struggled to find it. Sophos and Malwarebytes failed to find it. Superantisypware did the trick.

  17. #14

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,052
    Thank Post
    1,424
    Thanked 2,455 Times in 1,716 Posts
    Rep Power
    717
    Thanks for the heads-up - email sent to staff - whether they will take any notice is a different matter

  18. #15

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,205
    Thank Post
    876
    Thanked 2,729 Times in 2,308 Posts
    Blog Entries
    11
    Rep Power
    782
    THe version that I had walked right past Symantec Endpoint Protection (older version that may have had outdated defs) and killed taskmanager and sep itself, on XP though. ANyone had this affect WIndows 7?

SHARE:
+ Post New Thread
Page 1 of 8 12345 ... LastLast

Similar Threads

  1. Replies: 5
    Last Post: 21st October 2010, 04:20 PM
  2. Staffordshire Job evaluation - Are you affected?
    By adicken in forum Educational IT Jobs
    Replies: 81
    Last Post: 22nd January 2009, 11:01 AM
  3. Norfolk MRS Affected People
    By plexer in forum General Chat
    Replies: 21
    Last Post: 22nd October 2008, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •