Author Topic: VIRUS DISGUISING AS ANTI-VIRUS SOFTWARE (Read 763 times)

CALSGR8 · « **Topic Start:** February 08, 2012, 05:45:35 PM »

It is EVIL and now I have to do everything from my cell.

I got a warning from a SUPPOSED ANTI-VIRUS that I was infected. Only issue was it wasnt from McAfee my company. So I shut it down, restarted and was able to get McAfee to attack it. So far so good,BUT after getting online again, I started to get the same message. It wont let McAfee work like it did last time. I hope you all dont get infected with it.

I cant get online at all either so downloading MALWARE BYTES is not an option! I may have to call McAfee tomorrow and have them do it remotely!

imref · « **Reply #1:** February 08, 2012, 05:55:08 PM »

reason #1 why I don't use Windows.

Kevrock · « **Reply #2:** February 08, 2012, 05:55:58 PM »

Start up in safe mode with networking and try downloading Malware Bytes then.

Sometimes these programs put in proxy settings to disable your internet. Here's some directions on how to check that:

http://spywarepreventionguy.com/internet-proxy-settings/

Basically, in Internet Explorer, click Tools -> Internet Options, Connection Tab, Lan Settings, make sure Proxy Server is unchecked. There's a screenshot on the site I linked.

Terpfan76 · « **Reply #3:** February 08, 2012, 06:00:05 PM »

http://www.bleepingcomputer.com/download/anti-virus/combofix

If you can, on another computer, go to the above site and download the program, ComboFix to a thumb drive. Start your computer in safe mode and run that program. After that run your standard virus scanner. I had a similar attack some time ago and it was a real pain in the ass to get rid of. It keeps asking you to buy some virus protection or something like that. A co-worker was duped into paying for said protection and of course, he got nothing for his money.

Hope that helps.

Edit:

Check out this link-

http://www.howtogeek.com/howto/8693/how-to-remove-antivirus-live-and-other-roguefake-antivirus-malware/

GburgNatsFan · « **Reply #4:** February 08, 2012, 06:28:58 PM »

I've had that one.

Maybe the only good thing about Windows 7 is it seems less susceptible to viruses.

Quote from: CALSGR8 on February 08, 2012, 05:45:35 PM

It is EVIL and now I have to do everything from my cell.

I got a warning from a SUPPOSED ANTI-VIRUS that I was infected. Only issue was it wasnt from McAfee my company. So I shut it down, restarted and was able to get McAfee to attack it. So far so good,BUT after getting online again, I started to get the same message. It wont let McAfee work like it did last time. I hope you all dont get infected with it.

I cant get online at all either so downloading MALWARE BYTES is not an option! I may have to call McAfee tomorrow and have them do it remotely!

The Chief · « **Reply #5:** February 08, 2012, 06:38:13 PM »

Quote from: GburgNatsFan on February 08, 2012, 06:28:58 PM

I've had that one.

Maybe the only good thing about Windows 7 is it seems less susceptible to viruses.

Nah, it has tons of other good things

Most of those malwares get in through Java vulnerabilities and browser exploits anyway, so blaming Windows is a bit misinformed.

GburgNatsFan · « **Reply #6:** February 08, 2012, 06:56:25 PM »

Cue the world's greatest Windows fan.

But you're right, Windows 7 is big improvement.

Quote from: The Chief on February 08, 2012, 06:38:13 PM

Nah, it has tons of other good things

Most of those malwares get in through Java vulnerabilities and browser exploits anyway, so blaming Windows is a bit misinformed.

The Chief · « **Reply #7:** February 08, 2012, 07:01:05 PM »

Quote from: GburgNatsFan on February 08, 2012, 06:56:25 PM

Cue the world's greatest Windows fan.

But you're right, Windows 7 is big improvement.

Nah, just defending the truth from the ignorant slander of Jobs' mobs

Calsgr8, if Kev's suggestions don't help PM me and I'll see if I can't do anything.

PC · « **Reply #8:** February 08, 2012, 07:13:20 PM »

Quote from: imref on February 08, 2012, 05:55:08 PM

reason #1 why I don't use Windows.

http://www.pcworld.com/article/228633/mac_defender_malware_a_survival_guide_for_os_x_users.html

The Chief · « **Reply #9:** February 08, 2012, 07:15:06 PM »

Guys, c'mon, take it to the Mac thread... or the Windows thread... or both. Let's try to keep this thread about helping out Calsgr8.

Chief, that goes double for you

PC · « **Reply #10:** February 08, 2012, 07:16:40 PM »

Also, for any other Windows users, you should do a virus scan, before Windows starts. This is also good for checking for rootkits.

http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

Kevrock · « **Reply #11:** February 08, 2012, 07:24:29 PM »

Quote from: The Chief on February 08, 2012, 06:38:13 PM

Most of those malwares get in through Java vulnerabilities and browser exploits anyway, so blaming Windows is a bit misinformed.

This. Adobe product exploits also.

imref · « **Reply #12:** February 08, 2012, 07:52:13 PM »

Quote from: Terpfan76 on February 08, 2012, 06:00:05 PM

http://www.bleepingcomputer.com/download/anti-virus/combofix

If you can, on another computer, go to the above site and download the program, ComboFix to a thumb drive. Start your computer in safe mode and run that program. After that run your standard virus scanner. I had a similar attack some time ago and it was a real pain in the ass to get rid of. It keeps asking you to buy some virus protection or something like that. A co-worker was duped into paying for said protection and of course, he got nothing for his money.

Hope that helps.

Edit:

Check out this link-

http://www.howtogeek.com/howto/8693/how-to-remove-antivirus-live-and-other-roguefake-antivirus-malware/

my brother in law had the same thing happen to him, royal PITA to remove. Don't most of the AV vendors allow you to burn an emergency start-up CD/DVD that you can use to clean the machine up?

The Chief · « **Reply #13:** February 08, 2012, 07:54:31 PM »

In all likelihood it's just a randomly named exe in the local appdata folder of the user profile.

CALSGR8 · « **Reply #14:** February 08, 2012, 09:57:25 PM »

Quote from: Terpfan76 on February 08, 2012, 06:00:05 PM

http://www.bleepingcomputer.com/download/anti-virus/combofix

If you can, on another computer, go to the above site and download the program, ComboFix to a thumb drive. Start your computer in safe mode and run that program. After that run your standard virus scanner. I had a similar attack some time ago and it was a real pain in the ass to get rid of. It keeps asking you to buy some virus protection or something like that. A co-worker was duped into paying for said protection and of course, he got nothing for his money.

Hope that helps.

Edit:

Check out this link-

http://www.howtogeek.com/howto/8693/how-to-remove-antivirus-live-and-other-roguefake-antivirus-malware/

Hi from my cell.

Thanks I may try that. I cant even bring up my browser now. Trouble is Ill have to do this after I get home after work.

I was home today due to an infected root in my tooth. Mostly fixed until I have to go back!

I just wanted warn my pals that its out there. Yeah, I have windows 7.

CALSGR8 · « **Reply #15:** February 08, 2012, 09:59:00 PM »

Btw, how do I boot to Safe mode? I forget!

Also I unplgged from my cable modem!

Kevrock · « **Reply #16:** February 08, 2012, 10:00:13 PM »

F8 as your computer boots.

Quote

If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you'll need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.

CALSGR8 · « **Reply #17:** February 08, 2012, 10:11:02 PM »

Thanks!

saltydad · « **Reply #18:** February 15, 2012, 07:54:50 PM »

May be one called smitfraud. Follow the Safe mode advice given above, then Malwarebytes. Good Luck.

Kevrock · « **Reply #19:** February 15, 2012, 08:11:42 PM »

Update?

MarquisDeSade · « **Reply #20:** February 15, 2012, 08:12:54 PM »

She bought a Mac.

The Chief · « **Reply #21:** February 15, 2012, 08:17:45 PM »

Quote from: MarquisDeSade on February 15, 2012, 08:12:54 PM

She bought a Mac.

Quit trollin honky.

CALSGR8 · « **Reply #22:** February 15, 2012, 10:16:02 PM »

Ok, I did F8. Last known configuration or something of that ilk. Came up fine. Ran McAfee. Didn't find anything! Working so far!

No, didn't buy a Mac. Still on my Dell Studio!

Dave B · « **Reply #23:** February 15, 2012, 10:37:22 PM »

Quote from: CALSGR8 on February 15, 2012, 10:16:02 PM

Ok, I did F8. Last known configuration or something of that ilk. Came up fine. Ran McAfee. Didn't find anything! Working so far!

No, didn't buy a Mac. Still on my Dell Studio!

i think i had the same problem a year or so ago. mcafee didnt find it. get microsoft security essentials. its free. i think it found it after a couple of updates