Virus Warning

• January 2, 2009

Last week I read this on Jerry Pournelle’s computer user blog. (In the letters section.)

XP Antivirus 2008/2009, the nastiest piece of spyware I’ve seen in a long time. I’m starting to get several infections of it a week at work — and these include computers with up-to-date antivirus where people don’t have admin rights.
If you hit an infected web page, it will warn you of having thousands of viruses and insist you download the software to scan for it. The software “scans” and tells you that you need to buy their cleaner. They then have your credit card number and you still have the virus. The New York Times estimated that they make about $5 million a year through these tactics.
I’ve seen these warnings on thin clients (which are so locked down no virus could be on them), and they wouldn’t go away until you restarted. I’ve seen it turn off automatic updates and hide from antivirus software. I’ve seen it put icons on your desktop even if you don’t actually download the software (click on them and you will). It puts rootkits on your computer.
Nasty stuff. The best cleaner is Malwarebytes from http://malwarebytes.org. So far, that’s always cleaned it up.
The obvious advice: If you hit a web site that warns you that you have viruses, don’t download anything from there. Get out of there and scan your system with something you have reason to trust. I don’t know anything about Malwarebytes.org

I would have to say that this was certainly timely because today I had an experience just like this. I started by noticing the warning that my Windows firewall was turned off. I turned it back on. Next the Windows automatic updates were off. Then the crap hit the fan and I had multiple Firefox and Internet Explorer windows opening up on my. Firefox blocked at least one site from opening as it was a known “attack site.” I have no idea how I got this as I use that computer for working at home and blogging. I haven’t been on any gaming sites nor looking at things I shouldn’t be looking at.
I never did click the install button on any of these pop up windows.
Jeez, what to do now. The first thing I did was turn off the radio on the computer.
My anti virus scanner was crashing the system. I could run Spybot, but I couldn’t update it. It would find and fix some scary viruses but they would come right back. It wouldn’t let me go to the AVG anti-virus site.
So I went back and looked up this recommended anti malware software that was recommended to Jerry. I saw that it was available as a free download from Download.com and I know that’s a reputable site so I downloaded it. It seems to have cleared it up.
Right now I’m running every bit of anti virus scanner I can on all of the computers I have at home. One thing I noticed on the infected computer was that Spybot found that the Windows Security Center was disabled. That process is still going so I hope that turns it back on. (I was able to update Spybot by the way.)
Anyway this has been an interesting afternoon and evening. I hope this information helps you if you run into the same problem. I’d recommend you share this information with everyone you can so that they are at least aware of the problem before it happens to them.

Tags: Technology

http://Array Liberty

Wow, Dino! It’s so nice to read a real person conversation with you here. I bet when you’re not mad and ranting at conservatives that you are a really nice person and a good friend to your friends. You’ll probably blow this off and make a sarcastic remark, but I mean it. It’s nice to get a glimpse of the real person behind the mask of the Dino persona. I’m going to go run some diagnostic scans and see if my ‘puter is OK. Thanks for all the input here everyone.
http://www.wunderkraut.com/ WunderKraut

Wookiebush,

That’s a great idea. The only issue being that Malwarebytes updates through the internet on already installed software. If there was a way to download the update (like a patch) then I could see it working.

As it stands, i’ve got nothing left to lose. So I’m putting Malwarebytes on a CD and will try to install and run while under Safe Mode.

This this is just pure evil. People who code viruses have a very special extra hot place in hell.

If this doesn’t work, I’m just going buy a new HD and be done with it.
HG

Downloaded and ran mbam. No hits. Guess my AV and Windows Defender are doing thier job.
twoplanker

Dino said:
“malwarebytes rings a bell”

Ha ha! Male wear bites? That’s too funny, Dino! Did you say that intentionaly?

Anyway, Malwarebytes, or Mbam for short, rules. It ran circles around Adaware and Spybot on the parents’ computer.
http://www.wunderkraut.com/ WunderKraut

I found where you can find the updates as an executible file: http://www.gt500.org/malwarebytes/database.jsp

Yeah, the HD is at least 3 years old. Probably not a bad time to replace it. I do have all my important data, so why not. But I’m bound and determined to fix the darn thing first…
http://tatertotsforthemasses.blogspot.com/ Houston

I got drug through ti at home when my son hit a gaming site. Windows XP SP 3, IE7 (yeah, I know, I am using Safari myself right now, but my wife and kids have trouble understanding the concept of a different browser).

Malwarebytes cleared it up with no problems. The virus I had to battle was Vundo.h. I make sure all my PCs keep Malwarebytes on them.
Wookiebush

And Dino did mention something about a virus sometime ago. so H/T to him. Maybe more people would pay attention to him is the other 99.99999% of the time he did not spew his normal drivel.

W.
http://twitter.com/r0ckH0pp3r sayanything-3285

yes, “we” need to be careful browsing the internet, if you use Windows OS.
no one wants to have to watch for links and/or images that contain code downloading a malware payload.

use Malwarebytes, direct download from
http://malwarebytes.org/

manual instructions for removal using Malwarebytes from bleepingcomputer.com
http://www.bleepingcomputer.com/malware-removal/remove-xp-antivirus-2008-2009
dawneyr

My sister had something similar on her computer running Windows XP or Vista. I’m not sure which.

The virus masked her anti-virus software and interposed a fake anti-virus icon that looked almost like hers. A window popped up and ran what appeared to be the anti-virus software finding many supposed viruses and offering to remove them by purchasing their online update. Of course if you fall for it then the phishers/hackers have your credit card and other personal information.

The virus imposed a red and black devil-looking picture over her desktop wallpaper and played an audio clip of multiple simultaneous conversations from people with British accents.

It was really interesting. We caught it and she didn’t give out her information. We had to restore her system to an earlier restore point to access her real anti-virus software which cleaned the virus and all was fine.
Mickey

I ran the malware program and did find some bugs that my symantec didn’t.

thanks Whitsler
welder4

Mal ware bytes is not a anti virus program it is a malware program which is spyware and ad ware . Avast has automatic up dates and is free, a very good anti virus to use.

Malware bytes
super anti spyware
spybot
spyware doctor
I have four of them but you can only have one anti virus .
Avast.or your choice .
all the Malware programs have updates and most of them are automatic ,some you have to click to make them that way .
http://sayanythingblog.com/entry/america_is_back/#c397018 DINO

I had the same thing happen twice on my work computer last week and posted about it here, alerting Rob and another blog where I had been. My IT guy said it can be spread through sites without the knowledge of the site owner.

Of course, people here made fun of me and accused me of trying to scare people into not coming to the blog (???). That was not my intent.

I can’t say for sure where it came from but it was ugly.
2Hotel9

Gang! I been hitting this crap for awhile. Da Geek, our IT Pro, told me to immediately shutdown, don’t close the page, don’t X it, shut down. Then do a full security sweep when you start up. He tweeked all my security and firewalls about a year ago, have not had any trouble since. Other than ISP having problems with email.
welder4

Avast is my pick I have used it for two years with no problems , I have superspyware and malwarebytes and also have the paid version of spy ware doctor which has just been purchased by Norton so it may be biting the dust , we will see , the malwarebytes is a great program and is at a good price right now for the full version , just remember you can have more then one spyware program but only one anti virus , the anti virus will conflict each other and nothing will get done right . Stay safe, and also the web of trust is a good browser protector to have . it is free and it does a great job. Some ISP’s will provide you with virus protection for free, one that does that is Warner ,their road runner has that program . A third party fire wall is not really needed as you have the fire wall that comes with XP and Vista . one is enough . Surf safe !
http://www.sayanythingblog.com/ electnixon

I, too, received this problem.

Spybot S&D and AVG didn’t seem to get everything, but Superantispyware appears to have done so. McAfee, the default at work which had been in place all along, finally reported finding one file.

I’ll prolly try the recommended software too. It seems like they all find something different.

The symptoms are gone now.
http://sayanythingblog.com/entry/america_is_back/#c397018 DINO

When I warned people like Mickey last week they blew me off accusing me of making it up to keep people from posting here.

And yes, a Mac will not get the disease. PCs are shit.
http://www.valleydeals.com/cgi-bin/board2/YaBB.pl Kevin

What browser were the infected computers using?
http://www.wunderkraut.com/ WunderKraut

My home computer went down last night due to this very thing. I was surfing on Jawa Report and the pop ups started with the fake virus scan and what not. I didnt click any buttons and tried to get out of it, but it kept getting worse and worse. I ended up unplugging from the network just to stop it from downloading more stuff.

In the end, my computer is now a drooling vegetable. It will boot up, but it hangs up or gives a nasty blue screen of death. At this point, i think I’m just going to get a new HD and be done with it. Luckily, I backed up my important files the other day. I’m worried the same thing will happen here at work.

At home I have an up to date McAffe anti-virus and firewall. It got through that. At work we run symantec. I ran the Malwarebytes software here and it looks clean. But, I cant run it on my desktop at home.

Very discouraging.

I’m just going to buy a Mac…gah!
Socks

On Firefox, get an extension called NoScript. With it installed JavaScript will not run unless you choose to allow it.
Another extension that is good to get is WOT (web of trust) It provides user ratings of different websites.
If you are short of cash a good antivirus to get is Avast! home edition, it’s free.
Also, a good firewall to get (again if you’re short of cash) is Comodo, cause Windows firewall is a piece of s**t.

Alternate browsers to IE (not including Firefox) are: Apple Safari, Opera Web Browser, and Google Chrome

So far my computer is unaffected.
Wookiebush

Yes Malwarebytes is awesome. There are a few viruses that mimic the windows security notification. they will pop up and look like they are a legit message from the OS/security manager. ie saying that your firewall is turned off, or virus scanner missing click this button to continue. what they do when you click the button is install more viruses. Also what they do is attach to the network socket and deny your anti-virus software access to the internet for updating. They also do this to mal/spyware scanners, search and destroy, adaware etc.

The only real recourse is to find an uninfected machine and download a good program with the manual updates such as malwarebytes(but there are others). Put this software on a cd/dvd/usb drive, anything that is write protected. Boot the infected machine into safe mode. install software and updates, then run and see what goodies are hiding on your machine. I have had several machines that I have had to clean like this.

Hope this helps

W.
Neiman

use Malwarebytes, direct download from
http://malwarebytes.org/

I used it today and it discovered several such items, inluding a few trojans.
http://www.valleydeals.com/cgi-bin/board2/YaBB.pl Kevin

It’s also useful to use a router with a hardware firewall, between your computer and Internet connection even if you have only one computer.
http://SayAnythingBlog.com The_Whistler_ofnd

There wouldn’t be any reason to buy a new hard drive. Reinstalling the operating system should wipe out the virus.

However IF your hard drive is a bit old it would be an excellent time to buy a new one.

I had the same concerns about getting the updates on the software. You’d think there would be a way for IT pro’s to have a ready to go CD.
http://sayanythingblog.com/entry/america_is_back/#c397018 DINO

If you had the virus you would know. It keeps opening up windows and is very frustrating.
http://SayAnythingBlog.com The_Whistler_ofnd

In my case, Firefox. However when I tried to get to AVG I was using Google Chrome thinking it might not be as infected. (of course I don’t really know how they work.)
http://SayAnythingBlog.com The_Whistler_ofnd

What did you use to clean it up Dino?
http://sayanythingblog.com/entry/america_is_back/#c397018 DINO

I’m aware of what you said Socks but my workplace is a whole nother ball game and I can’t exactly ask for a new browser “so I won’t get viruses when I’m goofing off……”
http://sayanythingblog.com/entry/america_is_back/#c397018 DINO

My IT guy cleaned it up but I sort of watched and the name iin your post, malwarebytes rings a bell. I do remember when he booted up the machine it tried to load a .dll file that he said was “malicious”.

I was using IE. Even after closing it it keeps reopening and opening ad windows. It pissed me off.

Seriously, I don’t trust surfing at work anymore. He was cool about it and said that visiting blogs and news sites is small potatoes as far as what he’s seen being done at work- porn, etc. but I don’t need the trouble.
http://SayAnythingBlog.com The_Whistler_ofnd

Oh, thanks for posting it. I must have missed it.

Busy week with Christmas and everything.

SayAnythingBlog.com

Virus Warning

Create a SAB Readerblog

Recent Comments