URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Forum News, Announcements and any issues you're having with the forum

Moderator: myglaren

Post Reply
User avatar
Xantianut
Posts: 836
Joined: 07 Aug 2012, 19:50
Location: Wolverhampton
My Cars: 2002 C5 2.0 HDi 110 SX

RIP:
1993 Xantia 1.8i LX
1989 BX16TRS
1986 BX14E x 2
x 103
Contact:

URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xantianut »

Ay up!

There's a particularly nasty piece of Ransomware purporting to be from the Met Police e-Crime Unit going around. I got it from You Tube - watching a railway vid - how ironic is that?

It is a version of the U-Kash scam and looks very convincing. I'm no dumb bunny and am, at least, streetwise with the Net but was very nearly taken in. The only reson I didn't cough up is the only place locally that has PayPoint was shut.

Check the anti-malware software on your machines and please, be careful.
C5 HDi 110 SX (Fifi 7 or Otterchops)

RIP
Citroen Xantia 1.8i LX (Fifi 6)
BX16TRS (x2) (Fifi 4 and 5)
BX19DTR (Fifi 2)
BX14E (x2) (Fifi 1 and 3)
User avatar
Xaccers
Posts: 7654
Joined: 07 Feb 2007, 23:46
Location: Milling around Milton Keynes
My Cars:
x 184

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xaccers »

Malwarebytes is a good bit of software.
I've found through work that most of these infect the user's profile so if they pull the plug rather than log off, we can log on, delete the local copy of their profile and their uninfected server copy will be loaded the next time they log on.
That's the handy thing about roaming profiles.
Of course if they call the service desk before me, then chances are they'll be told to log off so their clean server profile gets overwritten by the infected copy.
Does remind me, I need to pick up a copy of Symantec Internet security this week before my current one runs out (£24 for 3 licences from PC World)
1.9TD+ SX Xantia Estate (Cassy) running on 100% veg
1.9TD SX Xantia Hatchback (Jenny) running on 100% veg for sale
Laguna II 2.0dCi Privilege (Monty)

DIY sphere tool
User avatar
Xantianut
Posts: 836
Joined: 07 Aug 2012, 19:50
Location: Wolverhampton
My Cars: 2002 C5 2.0 HDi 110 SX

RIP:
1993 Xantia 1.8i LX
1989 BX16TRS
1986 BX14E x 2
x 103
Contact:

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xantianut »

Ay up!

My computer is now clean but this Trojan is a nasty one. It hides from every installed anti-virus program installed on the computer and, when the operator tries to activate a pre-existing package that it can't hide from, the virus activates itself and locks the computer.

I've downloaded SpyHunter which has cleared it. I already have IOBit Advanced System Care, Windows Defender and McAfee packages installed. It hid from the first two and locked the 'puter on activating the 3rd. None would locate it in "safe" mode, the only way I could make the box work.

There are instruction pages available but they're beyond me. Maybe someone with more tech knowledge could make then work. Anyway, even in "safe" mode SpyHunter has cleared it, enabling me to chat with my mates online again.

Has anyone missed me?
C5 HDi 110 SX (Fifi 7 or Otterchops)

RIP
Citroen Xantia 1.8i LX (Fifi 6)
BX16TRS (x2) (Fifi 4 and 5)
BX19DTR (Fifi 2)
BX14E (x2) (Fifi 1 and 3)
User avatar
CitroJim
A very naughty boy
Posts: 49531
Joined: 30 Apr 2005, 23:33
Location: Paggers
My Cars: Bluebell the AX, Polly the C3 Picasso, Pix the Nissan Pixo, Propel the duathlon bike, TCR Pro the road bike and Fuji the TT bike...
x 6160
Contact:

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by CitroJim »

I presume this bit on nastiness does not affect Linux systems?
Jim

Runner, cyclist, time triallist, duathlete, Citroen AX fan and the CCC Citroenian 'From A to Z' Columnist...
User avatar
Xaccers
Posts: 7654
Joined: 07 Feb 2007, 23:46
Location: Milling around Milton Keynes
My Cars:
x 184

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xaccers »

CitroJim wrote:I presume this bit on nastiness does not affect Linux systems?
Nah Linux users just have their computers turned into zombies as part of spam bot nets.

Past experience has shown me not to trust McAffee
1.9TD+ SX Xantia Estate (Cassy) running on 100% veg
1.9TD SX Xantia Hatchback (Jenny) running on 100% veg for sale
Laguna II 2.0dCi Privilege (Monty)

DIY sphere tool
User avatar
CitroJim
A very naughty boy
Posts: 49531
Joined: 30 Apr 2005, 23:33
Location: Paggers
My Cars: Bluebell the AX, Polly the C3 Picasso, Pix the Nissan Pixo, Propel the duathlon bike, TCR Pro the road bike and Fuji the TT bike...
x 6160
Contact:

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by CitroJim »

Xac wrote: Nah Linux users just have their computers turned into zombies as part of spam bot nets.
Really? How?
Jim

Runner, cyclist, time triallist, duathlete, Citroen AX fan and the CCC Citroenian 'From A to Z' Columnist...
User avatar
myglaren
Forum Admin Team
Posts: 25366
Joined: 02 Mar 2008, 13:30
Location: Washington
My Cars: Mazda 6
Ooops.
Previously:
2009 Honda Civic :(
C5, C5, Xantia, BX, GS, Visa.
R4, R11TXE, R14, R30TX
x 4888

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by myglaren »

Xantianut wrote:Ay up!

My computer is now clean but this Trojan is a nasty one. It hides from every installed anti-virus program installed on the computer and, when the operator tries to activate a pre-existing package that it can't hide from, the virus activates itself and locks the computer.

I've downloaded SpyHunter which has cleared it. I already have IOBit Advanced System Care, Windows Defender and McAfee packages installed. It hid from the first two and locked the 'puter on activating the 3rd. None would locate it in "safe" mode, the only way I could make the box work.

There are instruction pages available but they're beyond me. Maybe someone with more tech knowledge could make then work. Anyway, even in "safe" mode SpyHunter has cleared it, enabling me to chat with my mates online again.

Has anyone missed me?
I would recommend Microsoft Security Essentials over Windows Defender. As Xac says, I wouldn't trust MacAfee (or any Norton product).
Odd that MacAfee is a Microsoft product now.

Sandboxie received some high praise a while back but to be honest I could never be bothered with it.

Which video was it, I might go there and see what it does to my computer as I'm going to install the next Ubuntu in ten days or so.

(Using Ubuntu 12.04 currently)
Northern_Mike

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Northern_Mike »

Xantianut wrote:Ay up!

There's a particularly nasty piece of Ransomware purporting to be from the Met Police e-Crime Unit going around. I got it from You Tube - watching a railway vid - how ironic is that?

It is a version of the U-Kash scam and looks very convincing. I'm no dumb bunny and am, at least, streetwise with the Net but was very nearly taken in. The only reson I didn't cough up is the only place locally that has PayPoint was shut.

Check the anti-malware software on your machines and please, be careful.
Two people I know have been hit by this annoyance this week.

Malwarebytes gets rid of it. On one (XP) there was a bit of fiddling to get it to boot into Safe Mode with networking, changing a reg key to allow it to open IE and connect to the web to download Malwarebytes. Once scanned and removed, the PC was fine.

On the other, a Windows 7 machine (my sister-in-law in Alabama!), I logged on remotely using Logmein, but used my own user profile I'd set up yonks ago, as it was unaffected rather than her profile. I updated and scanned with Malwarebytes, it found the nasty little thing, removed it, and all is well again.
Northern_Mike

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Northern_Mike »

Rattiva_Mike wrote:
Xantianut wrote:Ay up!

There's a particularly nasty piece of Ransomware purporting to be from the Met Police e-Crime Unit going around. I got it from You Tube - watching a railway vid - how ironic is that?

It is a version of the U-Kash scam and looks very convincing. I'm no dumb bunny and am, at least, streetwise with the Net but was very nearly taken in. The only reson I didn't cough up is the only place locally that has PayPoint was shut.

Check the anti-malware software on your machines and please, be careful.
Two people I know have been hit by this annoyance this week.

Malwarebytes gets rid of it. On one (XP) there was a bit of fiddling to get it to boot into Safe Mode with networking, changing a reg key to allow it to open IE and connect to the web to download Malwarebytes. Once scanned and removed, the PC was fine.

I have used Microsoft Security Essentials, behind a simple home router - current one being a Virgin Media thing, with it's default settings ever since MSE came out. I've never had a problem with viruses or malware. McAfee and Norton amongst others simply appear to be a way of parting the frightened from their hard-earned cash - poor protection, and often cause other PC problems. They're almost as bad as the virii they are supposed to protect against.

If anyone wants any help or advice - please feel free to PM me. There's plenty of stuff to do most tasks you could ever need totally free and legally. Just yesterday I managed to get hold of some freeware disk recovery software to rescue a load of files from a hard disk with a ruined partition table that Windows (or Linux) couldn't read. Free!


On the other, a Windows 7 machine (my sister-in-law in Alabama!), I logged on remotely using Logmein, but used my own user profile I'd set up yonks ago, as it was unaffected rather than her profile. I updated and scanned with Malwarebytes, it found the nasty little thing, removed it, and all is well again.
User avatar
Xaccers
Posts: 7654
Joined: 07 Feb 2007, 23:46
Location: Milling around Milton Keynes
My Cars:
x 184

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xaccers »

CitroJim wrote:
Xac wrote: Nah Linux users just have their computers turned into zombies as part of spam bot nets.
Really? How?
Poor security. There's been many spam bot nets involving linux, and many spam bot nets are run by hacked linux boxes.
People believe that linux is invincible so don't learn how to make it secure, where as with Windoze people believe it has more holes than swiss cheese and so learn how to secure it.
1.9TD+ SX Xantia Estate (Cassy) running on 100% veg
1.9TD SX Xantia Hatchback (Jenny) running on 100% veg for sale
Laguna II 2.0dCi Privilege (Monty)

DIY sphere tool
User avatar
Xantianut
Posts: 836
Joined: 07 Aug 2012, 19:50
Location: Wolverhampton
My Cars: 2002 C5 2.0 HDi 110 SX

RIP:
1993 Xantia 1.8i LX
1989 BX16TRS
1986 BX14E x 2
x 103
Contact:

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xantianut »

Ay up!

Thinking about it, I used the Wi-Fi in a local cafe to check emails so that's probably where I got it from. SpyHunter also found over 240 other viruses on my machine (gulp!) so how it stayed still on my lap is another question. It was positively lousy with viruses! Presumably, something in YouTube's code activated the thing.

I know not, I'm only guessing here.

Computers? I can only drive 'em, I don't know what makes 'em go!
C5 HDi 110 SX (Fifi 7 or Otterchops)

RIP
Citroen Xantia 1.8i LX (Fifi 6)
BX16TRS (x2) (Fifi 4 and 5)
BX19DTR (Fifi 2)
BX14E (x2) (Fifi 1 and 3)
User avatar
Xaccers
Posts: 7654
Joined: 07 Feb 2007, 23:46
Location: Milling around Milton Keynes
My Cars:
x 184

Re: URGENT - CHECK YOUR VIRUS PROTECTION NOW!!!

Post by Xaccers »

Most malware gets in via adverts.
The company that runs the advertising system is provided links from the advertisers to load their image and link to their site.
When you visit a website that displays adverts from that system, depending on the content of the page your on, or any tracking cookies the advertising system detects, you're presented an advert.
Now, if someone manages to hack the website that hosts the advert (probably some linux box who's admin thinks is safe just because it is running linux ;) ) and upload the malware to the advert page, when that advert happens to get picked for display the malware gets loaded on the user's PC. Now some of it lays dormant until you go to certain websites, such as Google (so it can redirect your search results).
1.9TD+ SX Xantia Estate (Cassy) running on 100% veg
1.9TD SX Xantia Hatchback (Jenny) running on 100% veg for sale
Laguna II 2.0dCi Privilege (Monty)

DIY sphere tool
Post Reply