+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 32
Internet Related/Filtering/Firewall Thread, Anyone seen this malware recently in Technical; ...
  1. #1
    reggiep's Avatar
    Join Date
    Apr 2008
    Location
    In the vast area of space and time
    Posts
    1,550
    Thank Post
    518
    Thanked 56 Times in 50 Posts
    Rep Power
    30

    Anyone seen this malware recently

    This malware tells the user “Warning! Your’re in danger! Your computer is infected with spyware!” including the spelling mistake.

    I know of three computers in the last three days that have had this.

    The London stock exchange website has been helping to spread it...
    London Stock Exchange Served Malware | eWEEK Europe UK

    Now I restored one computer but am having a go at removing it with spybot and malwarebytes but so far no success.

    Anyone?

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,517
    Thank Post
    526
    Thanked 2,641 Times in 2,045 Posts
    Blog Entries
    24
    Rep Power
    923
    Yup, seen that twice so far - it seems only to attack the profile, rather than anything more, so creating a new profile sorted it out with both cases I've seen.

  3. #3

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,087
    Thank Post
    210
    Thanked 432 Times in 312 Posts
    Rep Power
    145
    Not seen that one, but had several other ones recently that seem to have installed themselves onto locked down machines somehow, despite having up-to-date spyware/virus scanners on the machines as well. Quite scary how easily this type of software is able to get onto PC's these days.

  4. #4
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    112
    Yes it has been all over here. Looks like it is caused by infected adverts on websites. I would make sure your JRE is at the latest version and scan with Kaspersky Removal Tool and Malware Bytes. You can also use Autoruns to remove the <random>.exe in the profile if it is not picked up by the scan (best done in Safe Mode).

    Kaspersky Lab UK :: Antivirus technical support home
    Malwarebytes
    Autoruns for Windows

  5. Thanks to somabc from:

    reggiep (1st March 2011)

  6. #5

    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,195
    Thank Post
    321
    Thanked 314 Times in 219 Posts
    Rep Power
    125
    Yeah ive seen that and on my machine too.. the way to get rid is to restart machine in Safe mode with networking... Download and update malware bytes and run malware bytes. It should find 3 files. Once the scan is complete, restart machine.. You should be fine. After that, install AVG... AVG detected it on my main machine and stopped it from running.

    I have found that if your machine is running mcafee too, mcafee doesnt see the virus as a threat.

    Hope this helps

  7. #6
    Scruff's Avatar
    Join Date
    May 2007
    Location
    Lincs
    Posts
    137
    Thank Post
    16
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    3 laptops manually disinfected over the last 2 days, slightly boring now

  8. #7
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    112
    I find the Kaspersky Removal Tool works well as it is easily downloaded and uninstalled after use and has good detection rates. If you run that before Malwarebytes it works 99% of the time.

    Kaspersky Virus Removal Tool Download

  9. #8
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    112
    You could also try rolling out a sandboxed browser such as Secure Browser - Dell KACE™

  10. #9

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,517
    Thank Post
    526
    Thanked 2,641 Times in 2,045 Posts
    Blog Entries
    24
    Rep Power
    923
    Quote Originally Posted by timbo343 View Post
    Yeah ive seen that and on my machine too.. the way to get rid is to restart machine in Safe mode with networking... Download and update malware bytes and run malware bytes. It should find 3 files. Once the scan is complete, restart machine.. You should be fine. After that, install AVG... AVG detected it on my main machine and stopped it from running.

    I have found that if your machine is running mcafee too, mcafee doesnt see the virus as a threat.

    Hope this helps
    I suspect this isn't the case with everyone - AVG had absolutely no luck finding it on one of the machines I fixed for someone the other day. Spybot S&D didn't either.

  11. #10

    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,195
    Thank Post
    321
    Thanked 314 Times in 219 Posts
    Rep Power
    125
    Quote Originally Posted by localzuk View Post
    I suspect this isn't the case with everyone - AVG had absolutely no luck finding it on one of the machines I fixed for someone the other day. Spybot S&D didn't either.
    This is the one which turns the background blue with red writing isnt it?

  12. #11
    AyatollahPies's Avatar
    Join Date
    Jan 2008
    Location
    Earth
    Posts
    900
    Thank Post
    48
    Thanked 105 Times in 95 Posts
    Rep Power
    43
    Sophos is not very good at detecting it.

    I have the fun task of removing fakeAV from the G/fs laptop this evening. What fun.

  13. #12

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,517
    Thank Post
    526
    Thanked 2,641 Times in 2,045 Posts
    Blog Entries
    24
    Rep Power
    923
    Quote Originally Posted by timbo343 View Post
    This is the one which turns the background blue with red writing isnt it?
    Wasn't blue for me, it was a grey pattern with red writing. Like most malware, there are probably multiple versions.

  14. #13
    cromertech's Avatar
    Join Date
    Dec 2007
    Location
    Cromer by the coast
    Posts
    731
    Thank Post
    177
    Thanked 109 Times in 97 Posts
    Rep Power
    55
    Had one of these this morning. Was easily removed with malwarebytes. The most annoying part was having to kill the {random.exe} process remotely. Always a different file name so no script is able to locate it.

  15. #14
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    112
    Can we not have something where when a <random>.exe file is created in a profile it gets deleted or an alert sent!?

  16. #15

    SYSMAN_MK's Avatar
    Join Date
    Sep 2005
    Posts
    4,012
    Thank Post
    490
    Thanked 1,345 Times in 731 Posts
    Rep Power
    429
    Quote Originally Posted by AyatollahPies View Post
    Sophos is not very good at detecting it.
    Agreed. 7 laptops so far this week. Best one was the one that replaces explorer.exe with a modified version!

    On a side note I have noticed increase of fake AV sites, especially when using google image search.



SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Any ones who's purchased laptops recently......
    By projector1 in forum Hardware
    Replies: 5
    Last Post: 15th May 2010, 10:38 PM
  2. ANyone bought GHDs online recently
    By SimpleSi in forum General Chat
    Replies: 9
    Last Post: 15th December 2009, 11:17 AM
  3. Whos bought a new notebook recently
    By cookie_monster in forum General Chat
    Replies: 10
    Last Post: 30th September 2008, 10:53 PM
  4. Recently commented threads
    By spc-rocket in forum Comments and Suggestions
    Replies: 3
    Last Post: 3rd March 2008, 01:26 PM
  5. Replies: 12
    Last Post: 10th November 2006, 12:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •