Oh no -- major malware attack

Today I clicked on a picture and my computer went haywire – some sort of app launched and “detected” “38 instances of spyware and malware” and then asked me if i wanted to remove them. When I clicked “yes” it took me to a site where I could purchase the app in order to remove them. The site looked VERY suspicious.

Haven’t I obviously run into some shady deal that infects you with various malware in order for you to buy their product?

I couldn’t find the app in my list of programs. When I try to run Adaware to deal with this, it won’t launch – error message says it’s “infected” too. :unamused:

Any suggestions?

Google the name of the removal tool, you may get some more info… there is one of these that actually has a frereware removal tool, they just hide it in the hope you’ll buy the expensive one… the name of it escapes me right now…

Doug … hang on and don’t do anything …


the bugger’s interfering with ‘interventons’ yuo might make.

I’m gogin to try to find something … it’s made to give you a bit of leeway …


Malwarebytes is something yuo need to google, download and install and apply …

BUT, the malwayre you’ve got MIGHT try to stop that proces…

yuo do that … I’ll be back asap.


NOTE someone with more experience than me might get back to you in the meantime … ifso, run with them …


Ill be back …

:astonished:

Oh, man! :laughing:

I’m sorry, but that’s a nono!

And you should already have something stopping executable files from surprising you like that? I even think you do but the stress level made you forget? :wink:
They want to scare the sh!t out of you and look like they are the only one that can help you. But it’s not the truth … unless you like it? :wink:

First up, Doug … red this …

http://www.articlealley.com/article_774570_11.html

FOUND IT


Read this thread:
http://forums.cnet.com/7723-6132_102-392046.html

THis is the specific bit:

First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
_____________________

RKILL is a program designed to counter the malware’s attempts to stop you downloading or installing malwarebytes. Run Rkil First. Then Malwarebytes.

Part of your malware is a nasty sod which stops you from accessing popular security sites or installing popular security programs.


THIS IS THE LIMIT OF WHAT I KNOW

Doug - I’ve put the ‘warning’ so yuo know I don’t ahve that ‘skill’ which enables me to ‘walk you through individual bits’ if this process is not sufficient to solve the problem.


I will, however, stay by the computer, and kseep checking in …

If you need ME to download something for you, and put it on a ‘neutral’ serve, so YOU can then download it, ‘under the radar’ of the malware, I’ll be happy to do that.

OK

:slight_smile:

in and out of the kitchen for a bit as I get my dinner ready …

ok … got my diner. So I’m here And I’ve subscribed to this topic so it’ll ping my email.

ok

Take a big electro-magnet to your computer. It will suck that malware right off it. :mrgreen:


Glyn told me to write this.

:imp:



:frowning:



:confused:



:slight_smile:



:smiley:




:laughing:

Oh, sorry guys – I went out to dinner and was gone for a few hours

Anyway I think I got it. It was some type of “scareware” like Ulf said. It was called “System Tools” :unamused: and I found the cure on the web – had to go into Safe Mode and remove it using Adaware (the Adaware was scanning very slowly so that’s why I went to dinner).

When i got back it looked like the Adaware had removed it, but when I rebooted it came up again. So I went back to the website that had instructions for removing it where they listed “registration” codes for “activating” System Tools and all I had to do was highlight it and chose “copy” and a message came up saying “38 entries removed.” :unamused:

So I think it’s still in there, somewhere. The website showed what the registry entry should look like, should I delete it?

Yeah, I should not have hit “yes” but the window said “System Tools” and looked like a regular Windows message and yes I do feel like quite the idiot now!

Download Malawarebytes - Free version from here …

http://www.malwarebytes.org/

Run it and let it do its stuff.


IF it cannot run, then get VKILL from that link I gave you above, and run that to prevent the malware from stopping malawarebytes.


Doug … I was nearly ‘caught’ by precisely the same System tools fake message …

I just straightway phoned my antivirus company, and they remote-accessed my computer and fixed it in the way I am recommenting to you.

this is also a method recommended and described by Geoff … you know … used to post as HaXX)r on the old forum.

OK …

Ah … and yes … AVOID toushing or clicking anywhere withihn that nasty window … even the X at the top. Either rebood computer when it happens, or Call up task manager and close your browser.

On all my computers, I use Avast Antivirus http://www.avast.com/free-antivirus-download (it’s free, you just have to re-register once a year).
Spybot S&D http://www.safer-networking.org/en/home/index.html (disable TeaTimer when running music apps though, it’s performance intensive!).
And Sygate Firewall, http://www.filehippo.com/download_sygate_personal_firewall/ an older version, but extremely powerful.

These are all free.

I’ve tuned computers for years, as well as removing sticky viruses and trojans. My email is available on my profile page or website. If you are still running into problems, send me a link to the suspicious website, and any info you have gathered. I just have to visit the website, and my antivirus should go on alert, which will also give me a link to information on the avast threat site.

Also download this. http://download.cnet.com/Process-Explorer/3000-2094_4-10223605.html (Process Explorer). If you have a slow running system, it may be linked to a process, and this should at least give you some information on what that process might be. It may help in the investigation process.

I hope you get it taken care of.

Thanks!

My computer IS now running quite slow – apps take forever to open, an I can’t stream anything

If I knew who was responsible for this, I would drive to their city and shoot them. Dead.

This incident has had an affect on me

I bet it has. That’s why I stayed close.

Let’s face it. It’s a bloody Trauma.



fwiw … since it happened to me, I scoured through my rig to make dang sure there were no sensitive login details or passwords floating around on text files. Even got Roboform password safe to assure that even if buggerrs DID get stuff, it wold be encrypted beyond what’s worth their while.

+1

Also combofix for some particularly nasty stuff (I have 4 kids).

Ron

Ron … hi …

that “particularly nasty stuff (I have four kids)” gave me a sudden abs-crunch laugh-spasm. I didnt quite break my jaw on the tabletop, but my funnybone is still feeling it.

All the best
Glyn :slight_smile:



PS … eh Steve :slight_smile: … Disk Image. PLUS ONE. I’ve got them going back to 2001.

Umm…you know where you live. Please don’t shoot yourself. (Yes, you are responsible for what you do on your computer).

Spend $25 and get the full version of Malwarebytes, then nuke the site from orbit.

It’s the only way to be sure…and you won’t have to bang your head against the wall in the future…which will be ruled by dam dirty apes!

Pain!
This is the way the idiots rule the world!
The rest of us must clean up after their mindless attempts of … of what? :imp:
Been there dont that too … even if it was a long time ago.
Maybe I should check my routines again? Better safe than sorry :confused:

It’s this kind of thing that causes me to feel that there is a place for capital punishment :exclamation: