Announcement

Collapse
No announcement yet.

Very nasty PC infection

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by How Brown View Post
    Mag:

    Not sure if this is true or not...but I've heard that viruses can be transmitted through emails simply by reading the email...and not opening any attachments which accompany them.

    Izzit so ?

    It certainly used to be true. Dunno how common it is now--usually emails are scanned at the server level these days so infected mails don't make it to your account. I suppose it would depend on what mail client you use these days.
    "The Men who were not the Man who was not Jack the Ripper!"

    Comment


    • #17
      We got a frantic call from one of my bff's tonight.

      She'd been reading a few emails, one from a mac
      user, the other from a windows pc and as she left
      the email program, she got a pop up telling her she
      had 29 "issues" and for a mere $99 they'd fix it
      for her. She hadn't even fired up IE yet. It had a
      very official sounding name like "MS Windows 7
      Security and Firewall Center" but it's just an
      updated and more sophisticated version of
      the old AV2009, which is a real hard disc killer.

      She told him her Macafee had been disabled which
      surprised him as he'd built this machine for her and
      since AV2009 had killed the hard drive in my laptop
      and disabled my Macafee two years ago, he'd stop
      using it and started using MS Security Essentials.
      The one feature I like about MS SE is, if you do
      a google search, it will sometimes say "this site
      will harm your computer" within the search results.
      Pretty handy.

      Comment


      • #18
        What version of windows were you using? In other words was it the new windows 7? Or just xp.

        Comment


        • #19
          Hi
          My OS is Windows XP SP3

          The only legacy I haven't found a general fix for is that when I go to All Programs listing via the Start button, all are showing as empty. All the shortcuts have been deleted and I am having to recreate them all manually.
          A pain but minor compared to the other damage inflicted.
          To endorse what Tim said, I am very careful about what sites I visit and always run firewall and AV and all incoming e-mail are supposedly vetted for malicious content by BT Yahoo.

          Comment


          • #20
            It seems to be a very recent incarnation of a previously known virus:
            This summary (from howtoremoveit.com) sums up exactly what I experienced:
            "
            Windows XP Recovery Description

            Windows XP Recovery, reported today, is the latest spreading infection out there. Popular infection gets the most popular category on Howtoremoveit, fake security program. Left alone, this infection can possibly cause even further problems to your system. Windows XP Recovery can install and infect a computer without any permission from the end user.
            Windows XP Recovery Symptoms


            Once the infection is installed, the application immediately starts a fake scan of the machine. A number of fabricated security alerts and error messages are also launched by Windows XP Recovery. This fake scan produces a false results screen, attempting to entice the user to buy the program. Please get in touch with your credit card company if you bought it.
            Windows XP Recovery Distribution

            With so many possibilities, it is tough to say how Windows XP Recovery got installed on your computer. Camouflaged as a legit window’s screen, a not real scanner webpage is commonly the way this infection gets onto machines. Sometimes the infection will look like a legit Flash update or video codec. Once run, the payload is actually Windows XP Recovery. If left on the computer, the damage caused by Windows XP Recovery can worsen and accelerate, so speedy removal is important."

            Comment


            • #21
              Please be warned that there are versions of this infection in circulation for Windows Vista and Winsows 7
              Please see:
              http://www.pc1news.com/news/1932/windows7recovery.html

              Comment


              • #22
                Dear Chris:

                Thanks for sharing this latest update.

                By the way, Tim's advice on using Firefox Mozilla might actually be the smartest (of the very few smart) things he's ever suggested. I can't believe how quickly Mozilla operates. Its definitely better than IE...and is really simple to install.
                To Join JTR Forums :
                Contact Howard@jtrforums.com

                Comment


                • #23
                  System Restore Disabled - but a workaround.

                  I picked up this infection, or a version of it (Vista Internet Security), twice recently. These infections claim to be virus detection alerts and offer to clear your computer if you purchase their software but of course there is no software and the entire thing is a malicious scam rendering your computer useless.

                  As to removal, the following may be of interest: Suggested removal techniques are on the Web but they are complex and involve Registry changes. I tried System Restore but got messages saying the System Restore .exe file could not be found. On the offchance I tried rebooting and logging in on my wife's profile and thankfully found it to be uninfected. I accessed System Restore from this second profile and restored to an earlier time. On reboot my own profile was back to normal.

                  I mention this in case anyone with an infected computer has a second profile available and wants to try. It worked for me.
                  Last edited by Perfect Virgo; May 20, 2011, 10:05 AM. Reason: sp

                  Comment


                  • #24
                    It was interesting to learn where my infection came from. Of course, Howard always says that.

                    At my work, a large international engineering company, some doofus of a network admin used his admin status to bypass the network safety features so he could access and download files from a site that was otherwise forbidden. The infection came in with his download and infected the corporate intranet. Several dozen computers, mine included, were infected simply from being on the corporate intranet, where to/from activity is constant.

                    I got off light, but it took about 6 hours to clear the problem. Dunno about the network admin; I suspect he didn't fare as well.

                    Flash drives are so cheap these days that one should consider loading one with malwarebytes and other similar programs, to have ready in time of need.

                    Comment


                    • #25
                      some doofus of a network admin used his admin status to bypass the network safety features so he could access and download files from a site that was otherwise forbidden.- T.Mosley

                      Lucky you didn't get canned for the goof Tim. Wise up.

                      Perfect Virgo...thanks for sharing the advice and sorry to hear of your troubles...these recent attacks on members of the Forums make those irritating penis enlargement ads ( like I need to get bigger ! Ha ! ) and Nigerian money scams seem like a walk in the woods.

                      Again, for those considering swishing, er, switching...to a new anti-virus...Trend Titanium is very good.
                      To Join JTR Forums :
                      Contact Howard@jtrforums.com

                      Comment

                      Working...
                      X