Recently my work and home computers were infected with one of those damn computer viruses that pose as virus scan programs. This one was actually saying it was McCafee Anti Virus 2011 and looked really legit. I’m wondering if anybody else has seen this? I don’t do much with my work PC other than work but occasional will go to PFF and CL to see what’s up. I wonder if it came from PFF? I don’t post to CL so it would be harder to get something from there where PFF I sign in and post to topics.
For those of you unaware these hijack programs will pop up a window that says “this is such and such Anti Virus Removal Tool” and “your computer is infected and it needs to run a scan”. If you fall for it and hit the “scan now” button you will actually download all sorts of crap that can really screw up your PC. Knowing that I do not have McCafee (Norton) I didn’t hit the button and ran several real anti-virus programs to get rid of it. FYI Malwarebytes is a great free program for getting rid of these things.
IP: Logged
10:25 AM
PFF
System Bot
datacop Member
Posts: 1426 From: Indianapolis, IN, USA Registered: Jan 2004
Yes PFF has viruses.....Its called fieros. They get into your wallet and really do a number. They also attack the registry is your head making you think that other car parts were made for the fiero. Only thing that can remove it is a Ferrari.
I havent goten anything from PFF, but I did get hit ones from somewhere else. It was a legit looking Windows Defender anti-virus pop-up... I used Malwarebytes to remove it...
[This message has been edited by ALJR (edited 05-22-2011).]
IP: Logged
12:16 PM
86_fiero_gt_92 Member
Posts: 452 From: toronto, ontario, canada Registered: Nov 2007
I've been duped by those twice now. The last time it said "windows web security and had a multicolor icon that I didn't spot the different shape til I had started the scan etc. I didn't realize my mistake until they asked for money. Why can't they be prosecuted for all the damage they cause? The first time it happened it took a computer expert an hour to get rid of it. He is a friend but he charges $200 an hour.
Use Malwarebytes, its free... Run the full scan and it catches and removes all the files the virus stores on your computer... Unlike some of those other scans that only find and list the viruses, then make you pay for the full version to remove them, Malwarebytes does it all for free...
IP: Logged
09:30 PM
blackrams Member
Posts: 31841 From: Hattiesburg, MS, USA Registered: Feb 2003
OK, a question for you smart guys. I used goggle to search for malwarebytes and came up with a bunch of options. Which one do I need to download and which ones are a trap?
------------------ Ron
IP: Logged
09:47 PM
wikid_one Member
Posts: 2838 From: Ocean City, MD Registered: Dec 2003
OK, a question for you smart guys. I used goggle to search for malwarebytes and came up with a bunch of options. Which one do I need to download and which ones are a trap?
For the new guys to computers, one of the big things to know is that if your computer is infected with some of the more powerful viruses out there, you may not be able to even load the antivirus/spyware program. It may fail during the installation. With that said, I have only encountered 1 attempted virus with Pennock's and that was through a link in the O/T. I reloaded the page and the attempted virus did not link again so I was able to view the web page. I think Cliff has this all figured out since I have NEVER gotten a virus from here.
For the new guys to computers, one of the big things to know is that if your computer is infected with some of the more powerful viruses out there, you may not be able to even load the antivirus/spyware program. It may fail during the installation.
True, they also give you instructions on how to bypass the virus booting up; thus allowing you to run the antivirus software. You "may" need to use another PC to obtain the information because depending on the virus, it may not allow you to even open your internet browser (like the virus I got)...
IP: Logged
12:06 AM
PFF
System Bot
Khw Member
Posts: 11139 From: South Weber, UT. U.S.A. Registered: Jun 2008
True, they also give you instructions on how to bypass the virus booting up; thus allowing you to run the antivirus software. You "may" need to use another PC to obtain the information because depending on the virus, it may not allow you to even open your internet browser (like the virus I got)...
Ctrl, alt, del end task internet. Then run a scan.
So many of them lately have it done in such a way if you hit cancel it returns you to the download and if you hit continue it returns you tot he download.
[This message has been edited by Khw (edited 05-23-2011).]
IP: Logged
01:50 AM
Genopsyde Member
Posts: 774 From: Willoughby, Ohio USA Registered: Dec 2007
Originally posted by IMSA GT: For the new guys to computers, one of the big things to know is that if your computer is infected with some of the more powerful viruses out there, you may not be able to even load the antivirus/spyware program. It may fail during the installation.
That's exactly what happened to me here at work. I didn’t have Malwarebytes already installed and this virus was trying to prevent me from installing it. Luckily I know computers and was able to deactivate the virus enough to get it installed. That’s why I was saying if you don’t have it, you should get it now. Those not good with PC programming would have been SOL and probably paying somebody to fix it.
Yes and no. I have Norton 360 at home and this still got onto my machine. That Malware software is what you need in addition to a good antivirus. Can't have too much protection.
Originally posted by DLCLK87GT: That's exactly what happened to me here at work. I didn’t have Malwarebytes already installed and this virus was trying to prevent me from installing it. Luckily I know computers and was able to deactivate the virus enough to get it installed. That’s why I was saying if you don’t have it, you should get it now. Those not good with PC programming would have been SOL and probably paying somebody to fix it.
It has absolutely nothing to do with programming.
It is so degrading to associate simple things like "installing a random app" and "killing running programs at random in task manager" as programming. It's an insult to anyone who actually does write software for a living.
IP: Logged
12:46 PM
elusivedotone Member
Posts: 231 From: Capital City, MI Registered: Feb 2011
Thought I would shed some light onto this. As my norton's subscription went out a weeks back, and I accidentally got specifically the MS Removal Tool "Rogue Anti-Spyware" which will block your systems spyware/virus/trojan ect protection programs. Also I had System Tools 2011 which looks familar to AGV if I remember correctly. I'm usually good about not getting rogue anti-spyware, but somehow I got it or my roommate got it on my computer as I have gone almost 15 years without any serious virus'/trojans/spyware.
the main thing to do so when you reboot from safe mode it doesnt manifest itself back into your system, is to follow the directions and make sure you delete the associated registry paths associated to them while in safe mode before you reboot in normal mode. Also you could also try a system restore from a previous state first to see if that works but most likely it wont.
For those these days that arnt super computer savvy I would recommend buying the full version of Malware Btyes for the realtime protection. My other recommendations in my opinion that I use are also SUPERantispyware, Registry Mechanic, and either BitDefender Antivirus or Kapersky Antivirus. Just my 2 cents.
IP: Logged
04:09 PM
aaronkoch Member
Posts: 1643 From: Spokane, WA Registered: Aug 2003
Preface to below: Install and run Linux if you can. If you want to run windows, read on:
As an IT manager, I have 4 humble suggestions for the masses, and if you've got windows 7 already, they're free.
Suggestion 1) Run windows 7, make sure it's up to date. The 64 bit version of Windows 7 is safer. Setup automatic updates to run daily. Install updates, restart, repeat until no more updates available. Make sure your firewall is enabled. (Firewall is on by default)
Suggestion 2) Create 1 administrator account on your machine, and name it something goofy / funny, like "master" or "god". Give it a long password. Then, create other "user" accounts that AREN'T administrators for you to use on a daily basis. Then, you can't accidentally break windows or install crapware without windows 7 prompting you for the admin password. PAY ATTENTION: make DAMN sure you know why windows is asking you for that password before typing it in when using your machine. If you don't know, hit cancel. This only works if a) you NEVER log on as the administrator account, and b) you only type in that admin password for known items ("I'm installing Office, and it asks me for my password to install office.")
suggestion 3) Download and run microsoft security essentials. If you're running some other malware / AV software, uninstall it first. I don't care if you paid $50 for it. MSE's good, works well, won't slow your machine down, and it's free (and updates along with windows).
Suggestion 4) Download Google Chrome, or Firefox (I prefer Chrome), and run only that. 99% of the web crapware out there is Active-X based, which only affects internet explorer. If you're one of those people who insists on using Internet explorer, or need to for a certain site/app, then download IE9 (actually, it would have been installed if you followed suggestion 1) and "Use recommended settings" on first run.
If you follow all 4 of the above suggestions, that will prevent 99.999999999% of all possible attacks while surfing the web.
Some other tidbits: - You never "need to download a plugin" to view normal web content (the only exception to this is flash for internet explorer, but get it from adobe directly). - You will not be prompted for your windows admin account password unless you are trying to make a global windows change, or install software that affects all users or the windows installation. - File sharing sites, downloading music / video, torrent sites are ALL inherently dangerous. There is no safe way to get something for free that isn't free for everybody. This is true for all facets of life. - All of the fake AntiVirus thingies I've seen to date only work on Internet Explorer. If you DO happen to get that first pop-up, before you click ANYTHING yank the power cord out of the PC. Yes, this is slightly dangerous for any open files, but far less dangerous that clicking anything on that popup (including the little 'x' to close the window).
Do these 4 things. Every IT person that supports your machine will thank you. You can rebuild a relationship with IT people in your lives without them cringing every time you call them.
As an IT manager, I have 4 humble suggestions for the masses, and if you've got windows 7 already, they're free.
Suggestion 1) Run windows 7, make sure it's up to date. The 64 bit version of Windows 7 is safer. Setup automatic updates to run daily. Install updates, restart, repeat until no more updates available. Make sure your firewall is enabled. (Firewall is on by default)
Suggestion 2) Create 1 administrator account on your machine, and name it something goofy / funny, like "master" or "god". Give it a long password. Then, create other "user" accounts that AREN'T administrators for you to use on a daily basis. Then, you can't accidentally break windows or install crapware without windows 7 prompting you for the admin password. PAY ATTENTION: make DAMN sure you know why windows is asking you for that password before typing it in when using your machine. If you don't know, hit cancel. This only works if a) you NEVER log on as the administrator account, and b) you only type in that admin password for known items ("I'm installing Office, and it asks me for my password to install office.")
suggestion 3) Download and run microsoft security essentials. If you're running some other malware / AV software, uninstall it first. I don't care if you paid $50 for it. MSE's good, works well, won't slow your machine down, and it's free (and updates along with windows).
Suggestion 4) Download Google Chrome, or Firefox (I prefer Chrome), and run only that. 99% of the web crapware out there is Active-X based, which only affects internet explorer. If you're one of those people who insists on using Internet explorer, or need to for a certain site/app, then download IE9 (actually, it would have been installed if you followed suggestion 1) and "Use recommended settings" on first run.
If you follow all 4 of the above suggestions, that will prevent 99.999999999% of all possible attacks while surfing the web.
Some other tidbits: - You never "need to download a plugin" to view normal web content (the only exception to this is flash for internet explorer, but get it from adobe directly). - You will not be prompted for your windows admin account password unless you are trying to make a global windows change, or install software that affects all users or the windows installation.
Do these 4 things. Every IT person that supports your machine will thank you. You can rebuild a relationship with IT people in your lives without them cringing every time you call them.
Great advice. Only thing with me was for some reason my MSE did not catch the MS Removal Tool rogue antivirus for some reason? Any idea's why? But again great advice. Also a note of caution if a "Scanner" of any type loads within any Browser and starts to "scan" and say you have such and such virus. Dont download whatever they want you to download to "fix" it.
IP: Logged
04:20 PM
aaronkoch Member
Posts: 1643 From: Spokane, WA Registered: Aug 2003
Great advice. Only thing with me was for some reason my MSE did not catch the MS Removal Tool rogue antivirus for some reason? Any idea's why? But again great advice. Also a note of caution if a "Scanner" of any type loads within any Browser and starts to "scan" and say you have such and such virus. Dont download whatever they want you to download to "fix" it.
It doesn't catch it, because it presents as a normal download and run program. If you have UAC on by default (windows 7 or vista), it pops up asking you if you're sure you want to run it.
MSE will NOT protect you from wanting to run unknown .exe files, nothing will. Your due diligence is knowing what's running before hitting allow.
The whole reason I suggest running as a non-admin is to slow you down and make you sure of what you're installing BEFORE typing in an admin password. With the fake / rogue AV's, the FIRST thing they do is kill all processes having to do with MSE, norton, mcafee, avg, etc., which it has the authority to do, since you hit "Yes" when it asked you to run it.
IP: Logged
04:28 PM
PFF
System Bot
elusivedotone Member
Posts: 231 From: Capital City, MI Registered: Feb 2011
It doesn't catch it, because it presents as a normal download and run program. If you have UAC on by default (windows 7 or vista), it pops up asking you if you're sure you want to run it.
MSE will NOT protect you from wanting to run unknown .exe files, nothing will. Your due diligence is knowing what's running before hitting allow.
The whole reason I suggest running as a non-admin is to slow you down and make you sure of what you're installing BEFORE typing in an admin password. With the fake / rogue AV's, the FIRST thing they do is kill all processes having to do with MSE, norton, mcafee, avg, etc., which it has the authority to do, since you hit "Yes" when it asked you to run it.
That would be it... haha I turned UAC off. Im guessing it was my roommate who got it on my computer trying to look at **** =/
IP: Logged
04:30 PM
aaronkoch Member
Posts: 1643 From: Spokane, WA Registered: Aug 2003
With UAC off, browsing even "safe" sites in internet explorer is like sleeping around in the slums of Tijuana unprotected. You're lucky you made it that long.
IP: Logged
04:36 PM
elusivedotone Member
Posts: 231 From: Capital City, MI Registered: Feb 2011
With UAC off, browsing even "safe" sites in internet explorer is like sleeping around in the slums of Tijuana unprotected. You're lucky you made it that long.
I havnt used IE since prob 1998. I stick to chrome these days.
I've been duped by those twice now. The last time it said "windows web security and had a multicolor icon that I didn't spot the different shape til I had started the scan etc. I didn't realize my mistake until they asked for money. Why can't they be prosecuted for all the damage they cause? The first time it happened it took a computer expert an hour to get rid of it. He is a friend but he charges $200 an hour.
Because they are in Russia and China and Organized crime. Welcome to the new Mob. Extortion on the internet with the "we broke your computer, give us money to "fix" it...."
This stuff is exactly why I run a MAC and Linux.. you cant launch those programs without getting past the "this program wants to INSTALL, please type the administrator password to allow it"
Oh and the little thing that they wont run on a Mac or Linux.... and yes, I know there is a SINGLE piece of malware out there for the MAC... compared to the 98,000,000,000,000 for windows.
Also, what you said about OS X and Linux holds true with Windows 7 as well, nothing can run without express consent, and the principals of least privilege can be implemented quite easily, giving you a system just as secure.
Also, what you said about OS X and Linux holds true with Windows 7 as well, nothing can run without express consent, and the principals of least privilege can be implemented quite easily, giving you a system just as secure.
http://secunia.com/advisori...task=advisories_2011 right back at ya... except the OSX one is skewed as it goes back to 2003 while windows 7 does not go back that far but you have to add in Vista and XP into it's list to be fair. There is still a lot of XP and vista in windows 7.
Those dont magically create malware, they can be used by malware. and when compared to Windows list it's a short one. I'm still far far safer than any windows machine. Plus NONE of the OSX exploits blast past it's version of UAC without effort or warning.
As for Windows 7... not true. guy at work just got a nasty one, and he does not have admin privileges OR knows the admin password. It got right past UAC. in fact it's been that way for a while.. I remember a lot of reports from ZDnet of plenty of malware and viruses that will get right past UAC and infect a machine without admin privileges.
I've been in IT and CS over 20 years, Anything windows based I can do in my sleep... Mostly nightmares...
Safest thing to do? Disable Flash, Disable Java, Disable Javascript and never EVER run Internet Explorer, Uninstall Adobe reader. Also install adblock plus on firefox or chrome. This eliminates 99.99786% of all websurfing based threats.
And pray to god they dont find another jpeg, gif, or png rendering exploit...
[This message has been edited by timgray (edited 05-23-2011).]
IP: Logged
05:45 PM
aaronkoch Member
Posts: 1643 From: Spokane, WA Registered: Aug 2003
[ As for Windows 7... not true. guy at work just got a nasty one, and he does not have admin privileges OR knows the admin password. It got right past UAC. in fact it's been that way for a while.. I remember a lot of reports from ZDnet of plenty of malware and viruses that will get right past UAC and infect a machine without admin privileges.
I'd love to know how that was pulled off, but I've got money that says he wasn't current on patches and/or was using IE. That, or the threat was spawned from behind a firewall from a process on a machine that had domain admin access.
That link you provide about the DLL cross-swapping is pretty hard to pull off in the wild, it requires the user to have an unpatched office install, download and open a file, be using IE, etc.
I'll stand by my assertion that if you do my 4 suggestions, the average user will not ever be infected again. ESPECIALLY if they're behind a NAT (home router) or decent firewall.
Granted, OS X is good, and so is linux from a security point of view, but Windows has come a LONG way since XP/Vista, and there are almost no leftovers in 7 (especially SP1) from the previous OS's. Hell, not even Linux or OS X is free from kernel mode drivers yet..
You are right, if I download that virus or malware and set up everything it needs to run and then intentionally launch it so that I knowingly run it it can run and infect the sandbox that that wine runs in as wine has no access outside of the user directory it was allocated to have. Because it can't launch the wine environment on it's own and you need to configure that wine environment before it is even used to begin with.
so technically, yes... It takes about 12 steps to do so and about 15 minutes of effort.
I'd love to know how that was pulled off, but I've got money that says he wasn't current on patches and/or was using IE.
That's the problem most home machines FIT that description. And it is a major flaw in windows.
Luckily the early reports from the Windows 8 alpha testers is that windows 8 has NO software backwards compatibility. and this will eliminate a LOT of problems. If the software was not written for windows 7 64 with UAC then it will not run on Windows 8. They should have done this years ago. Let's hope they also remove any ability to run as administrator or admin right and you can not turn off UAC ever. If I had my way the entire Windows system directory would be also READ ONLY when the system is not in safe mode.
Originally posted by timgray: so technically, yes... It takes about 12 steps to do so and about 15 minutes of effort.
Unless you're in a firm where IT has rolled it out on all the machines with the migration to Linux, to be able to run some old custom software made for Windows, that they still need to run. In which case, it's pretty easy to run stupid things. Though, there's a lot less damage to be done when running under wine, some of them can still accomplish some pretty nasty stuff.
And yes, I've seen this happen before. So don't go roll your eyes at me.
IP: Logged
07:15 PM
aaronkoch Member
Posts: 1643 From: Spokane, WA Registered: Aug 2003
Preface to below: Install and run Linux if you can. If you want to run windows, read on:
As an IT manager, I have 4 humble suggestions for the masses, and if you've got windows 7 already, they're free.
Suggestion 1) Run windows 7, make sure it's up to date. The 64 bit version of Windows 7 is safer. Setup automatic updates to run daily. Install updates, restart, repeat until no more updates available. Make sure your firewall is enabled. (Firewall is on by default)
Suggestion 2) Create 1 administrator account on your machine, and name it something goofy / funny, like "master" or "god". Give it a long password. Then, create other "user" accounts that AREN'T administrators for you to use on a daily basis. Then, you can't accidentally break windows or install crapware without windows 7 prompting you for the admin password. PAY ATTENTION: make DAMN sure you know why windows is asking you for that password before typing it in when using your machine. If you don't know, hit cancel. This only works if a) you NEVER log on as the administrator account, and b) you only type in that admin password for known items ("I'm installing Office, and it asks me for my password to install office.")
suggestion 3) Download and run microsoft security essentials. If you're running some other malware / AV software, uninstall it first. I don't care if you paid $50 for it. MSE's good, works well, won't slow your machine down, and it's free (and updates along with windows).
Suggestion 4) Download Google Chrome, or Firefox (I prefer Chrome), and run only that. 99% of the web crapware out there is Active-X based, which only affects internet explorer. If you're one of those people who insists on using Internet explorer, or need to for a certain site/app, then download IE9 (actually, it would have been installed if you followed suggestion 1) and "Use recommended settings" on first run.
If you follow all 4 of the above suggestions, that will prevent 99.999999999% of all possible attacks while surfing the web.
Some other tidbits: - You never "need to download a plugin" to view normal web content (the only exception to this is flash for internet explorer, but get it from adobe directly). - You will not be prompted for your windows admin account password unless you are trying to make a global windows change, or install software that affects all users or the windows installation. - File sharing sites, downloading music / video, torrent sites are ALL inherently dangerous. There is no safe way to get something for free that isn't free for everybody. This is true for all facets of life. - All of the fake AntiVirus thingies I've seen to date only work on Internet Explorer. If you DO happen to get that first pop-up, before you click ANYTHING yank the power cord out of the PC. Yes, this is slightly dangerous for any open files, but far less dangerous that clicking anything on that popup (including the little 'x' to close the window).
Do these 4 things. Every IT person that supports your machine will thank you. You can rebuild a relationship with IT people in your lives without them cringing every time you call them.
I recommend AdBlock for chrome, or AdBlock Plus for firefox. Will get rid of any embedded ads that appear to be antivirus/computer cleanup tools. Also makes for a nice clean experience without any distractions. Not sure if it stops the ads from loading on the page, or if it just hides it, either way, you are less likely to accidentally click somethign you didn't want.
IP: Logged
11:17 PM
May 24th, 2011
KraigG Member
Posts: 140 From: Park City, IL USA Registered: Mar 2011
I recommend AdBlock for chrome, or AdBlock Plus for firefox. Will get rid of any embedded ads that appear to be antivirus/computer cleanup tools. Also makes for a nice clean experience without any distractions. Not sure if it stops the ads from loading on the page, or if it just hides it, either way, you are less likely to accidentally click somethign you didn't want.
Yes! advertisements are a big virus and trojan horse vector. It's best to block all advertisements and gain the side effect of a faster Internet connection. Flash based ad's will make any computer grind to a halt.
Any one have problems visiting PFF? Seems I occasionally have problems visiting the PFF forum. The page will not load and I get that generic IE login failed type screen. It only happens when visiting PFF, as any other site I visit loads just fine. I also checked using one of those "is ????? website down" websites and it says it is up and active; so it has to be something funky going on w/ my computer. It only happens when visiting PFF. This usually only happens once a week or once every other week. But since I upgraded to IE9, it happens every morning now...
The only way I have been able to get in is to reset my router and then all is back to normal...
Any suggestions?
IP: Logged
10:24 AM
May 26th, 2011
aaronkoch Member
Posts: 1643 From: Spokane, WA Registered: Aug 2003