Nasty computer intruder today

SourBrandy


Joined: 24/07/2010
Posts: 84

Message Posted:
08/08/2010 19:18

Nasty thing happened today to me and my computer. I'd Googled a subject and then went to one of the suggested sites then suddenly, up came this official notice looking like a Windows security message saying my computer was infect by some 42 Trojans and worms and that I should click to remove them. Thinking this was legit, I did and then was directed to do this and that, which all still looked official, only to find that something then embedded itself in my computer and that I had to spend $50 at least to fix it. I refused this and then it refused to let me do anything.



The computer then went to a blue screen and I thought Oh no not again, but I started it again in Safe Mode, did a system restore and all is now well. Having also now done a disc clean up etc. Needless to say, my computer had none of these 42 worms or trojans on it.



I have full anti-virus protection and I can only assume this is some scam to make people buy their product.



Beware and don't trust anything.

Groucho



Joined: 26/04/2008
Posts: 7993

Message Posted:
08/08/2010 20:04

"Beware and don't trust anything"



That's going to be bit difficult, because it means we can't trust this site.... are you still logged in?

deecyprus4


Joined: 27/07/2008
Posts: 3452

Message Posted:
08/08/2010 20:30

Doing a system restore has not removed anything...its just hidden somewhere else.

tracer


Joined: 02/06/2010
Posts: 442

Message Posted:
08/08/2010 20:51

http://www.kaspersky.com/virusscanner

catalkoykid


Joined: 15/02/2009
Posts: 1190

Message Posted:
08/08/2010 20:55

The Myth

The myth is that System Restore is “a rolling safety net is always kept under the user, enabling the user to recover from recent undesirable changes.” (Microsoft, 2001). This was the basis that Microsoft and other companies used when the feature was first introduced. One change listed is the infection of the system by viruses or other malware.



The Reality

In reality, System Restore can create copies of the infected files. And some viruses may be capable of infecting the restore volume as well as the actual system files. When a person cleans their computer using an anti-virus, then uses System Restore, they may inadvertently re-infect the computer. Or if they use System Restore as a means of removal, either the restore will fail (if the anti-virus cleans the virus out during the restore process) or the restore will replace the file with an infected version.

catalkoykid


Joined: 15/02/2009
Posts: 1190

Message Posted:
08/08/2010 20:56

What to Do

Most sites that deal with virus or malware removal will tell you that the first step is to shut down System Restore completely. This deletes all restore points that have been saved up to this point. Then, they have you go through the removal process for the specific virus/malware that you’re infected with. This could include running a scanner, a cleaning tool, or manually removing the virus. Finally, they will have you re-enable System Restore.



Final Thoughts

System Restore is a good safety net, and Microsoft was smart in implementing this feature. However for virus removal, there are much better options to use. And because of the nature of System Restore, it is not an effective option for virus removal. It’s nature is to copy files without making sure they are clean, and not allowing anti-virus programs to clean them inside of the restore volume. You’re much better off with having an effective anti-virus solution installed, and disabling System Restore during the vi

deecyprus4


Joined: 27/07/2008
Posts: 3452

Message Posted:
08/08/2010 21:06

The only remedy is to remove the virus totally, hope you sort it out.

spider


Joined: 03/01/2009
Posts: 5527

Message Posted:
08/08/2010 21:42

Oh my God thats me a gona if anything happens to mine..right bugged :(





Spider,X

catalkoykid


Joined: 15/02/2009
Posts: 1190

Message Posted:
08/08/2010 21:54

no your all right spider ill do yours lol

cyprusairsoft



Joined: 22/06/2009
Posts: 2066

Message Posted:
08/08/2010 23:25

spider keep off the porn sites and then youll be ok lol

spider


Joined: 03/01/2009
Posts: 5527

Message Posted:
08/08/2010 23:43

Ok will do it all worries me if i ever get one that i will be all lost and alone in there,in all that cyberspace dont like the thought of it..





Spider.X

Lilli



Joined: 21/07/2008
Posts: 13081

Message Posted:
08/08/2010 23:44

oh i have been having trouble to get onto my emails today, keeps diverting me to different pages. oh thanaks will check it out now x

Wireless


Joined: 10/08/2008
Posts: 157

Message Posted:
09/08/2010 00:40

to message 1 - what happens is when you are on some web sites a very common way of loading viruses to your computer is to put up a message saying that your computer is infected and you should click here to remove them. The message you are looking at there is actually the warning message from the operating system telling you that this software wants to install and do you trust it to install. however the message has been intercepted and changed to the one you are looking at. You reply Yes which is actually giving your the program authority to run and infect your computer.



these are the worst type to remove as it has had the opportunity to install everywhere and you are better off wiping the disk and reinstalling the O/S

Wireless


Joined: 10/08/2008
Posts: 157

Message Posted:
09/08/2010 00:40

the answer is when getting such messages - reboot - this web site or any other

RedSnapper


Joined: 12/08/2008
Posts: 540

Message Posted:
09/08/2010 01:15

I had exactly the same, blue screen, couldnt access e-mails,popups all the time and egg timer up all the time.

Dell used Malwarebytes anti malware which removed the blocker and is downloaded free. I think the virus was from facebook. Also advised me to stop using internet explorer and try google chrome or mozilla. cost me 60kwid and computer is 100% better and faster now.

Ste65


Joined: 23/03/2009
Posts: 106

Message Posted:
09/08/2010 12:01

You have been infected with a rogue antivirus/Internet security.

It masquerades as a genuine product but instead it just reports false virus warnings. It is designed to scare most people into panic.

It then offers to fix the problem and suggests you pay $49 or sometimes $100 to fix the problem. They don't fix the problem but the do take your money and they do then have all your credit card info if you are daft enough to pay them. They will then debit your card more !!! So beware and don't fall for this scam.

The only way to remove this is to first of all stop the process using a utility called rkill. Once you have stopped the process you can then run malwarebytes to remove the infection. Until you stop the process you can't remove the problem. This works most of the time but if it doesn't then it's a case of backing up your data and wiping your hard drive.

Also for future reference Windows System restore is of very little use these days as a lot of the virus/malware hide there.

Ste65


Joined: 23/03/2009
Posts: 106

Message Posted:
09/08/2010 12:11

It's not an exact science removing this type of thing as there are many variants of this problem. Also I see systems that have minimal problems as a result if this infection and others which are so bad that wiping the PC is the best option. Trouble is you sometimes can't get the customers data off as even in safe mde the pc is trashed.



Then you are best to take it to a local computer dealer as they will need to get your data off by connecting your hard drive to an external source.

catalkoykid


Joined: 15/02/2009
Posts: 1190

Message Posted:
09/08/2010 14:32

If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

wings


Joined: 25/06/2010
Posts: 152

Message Posted:
09/08/2010 15:32

LOL. You lot kill me, how the... do you get in such a mess.

daffodils


Joined: 11/11/2008
Posts: 184

Message Posted:
09/08/2010 15:44

We had the same thing but it had infected our Internet Explorer so we could not download a patch or anything. the only the website we could access was this blue screen advertising an Anti Virus cure. Something had gone wrong there as well because it was not asking for payment... that bit was missing. Our own anti-virus and spyware kept telling us we were being attacked by this bankerfox A. and they were blocking it . It kept trying to get through different ports on the computer . After everything was blocked we had to do a system restore and that got rid of it (I know some of you will say only for the time being). It took us ages to sort it, how mean are some people?

tracer


Joined: 02/06/2010
Posts: 442

Message Posted:
09/08/2010 21:41

http://www.spywarevoid.com/remove-bankerfoxa-pop-up-bankerfox-trojan-removal.html

RedSnapper


Joined: 12/08/2008
Posts: 540

Message Posted:
09/08/2010 22:47

Yes they did use rkill in an attempt to root out the virus.

I phoned the dell helpline and Gupta did a screen share and i just sat there and watched it all happen remotely, quite amazin' really!

Started at 1 and finished and sorted at about 4.

Told me 9 out of 10 jobs at the moment were removing this particular virus and some people had their banks attacked too. Nasty...

eddietheell


Joined: 04/08/2010
Posts: 17

Message Posted:
10/08/2010 01:57

Install AVG free



http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html



Sounds like you need to remove your cookies. Try resetting your browser are you MAC or PC?

catalkoykid


Joined: 15/02/2009
Posts: 1190

Message Posted:
10/08/2010 05:41

avg free is about as much use, as a bow legged man trying to stop a pig in a alley lol

cyprusishome


Joined: 31/03/2007
Posts: 2381

Message Posted:
10/08/2010 07:14

Look up the word trojan on sites such as semantec, Norton's company name.



Trojan as in Trojan Horse. They sit there knocking on the door with all these bogus messages, then you invite them in. By clicking accept you effectivley allow the trojan to by pass most system securities. It then just sits there doing whatever it has been programmed to do, in most cases it will probably just play games with you. I got one - new HDD required.



AVG warns you when do web search if a site is suspect but if you hop from one site to another following links this is where you come unstuck. So if following links think THREE times before clicking on to them.

eddietheell


Joined: 04/08/2010
Posts: 17

Message Posted:
10/08/2010 12:23

Re Message 25



I cant really comment as I use a Mac for my everyday work machine so I am not directly affected. Dont get me wrong Macs can get virus, but not like PC. Mac's will tend to harbour the virus that will attach itself that is going to be sent via email or other methods.



However for all the other laptops/desktops I have in the house running Windows (5 in total) all have AVG installed on them and have been properly configured I have never been infected.



So it may be down to personal preference in that case. But for a free antivirus protection its possibly the best out there if you know what you are doing with it and keep it up to date with all new virus definitions.