Ive got a virus...........and im not sick

[Marty Miller]

Hi guys,

Thought I would bring this to your attention. Yesterday was not a good day all round. One of my PCs main hard drive got the click of death, and before I could back up...............it just died. Lucky for me, I didnt keep any important files on the drive, and simply grabbed another................reinstalled windows and was good. Mean while back at the ranch , the MAC pro was runnning windows and I had Max open doing some work. When I went back to work on Max, I noticed a new icon and a message pop up saying a virus had been found. I run Avira anti virus, but it was not it giving me the report. It was a program called Security Suite. .........................and I have no idea how it got there. I do not download anything on this computer, and the only websites, I had been to were the usual suspects.

I did a search on google and found a number of recent entries about it. I began to realize this little sucker was way worse than I had had in years and years.

This thing had me up all night trying to find a solution. Basically what I found out is that you first have to boot in safe mode.................uncheck proxy server in internet options and then run a good malware program. I did this and it found 5 entries of a program called Anti Malware Doctor. So the program deleted and quarantined it all. When I rebooted....................the sucker was still there. I went through this a few times and then tried option two....................of deleting registry entries. You have to do this in safe mode, as the program does not allow you to open anything that will help you fix it..........like Task Manager..............Regedit etc. Sneaky lil farker huh. Now......only problem is that in safe mode I cannot access Run to open regedit. Im goingback to it now, so if any of you have experienced this or know of anything to help me out......................please let me know. Im gunna crack this if it lills me


UPDATE ................... problem solved

[Andrew March]

Ccleaner will run a full registry check for you and deletes any nasty or unrecognised entries.

It's free too

[SteveMoody]

Give Malwarebytes a try as well. I've used that in the past and it's been very good at picking up on these things.

[Marty Miller]

Quote:

Originally Posted by SteveMoody

Give Malwarebytes a try as well. I've used that in the past and it's been very good at picking up on these things.

Thanks guys.........................yep.................. ..Im presently using three different utilities to try and get rid of it. This one really is a nasty little farker. Look up Rogueware and you will see what i mean. It disables everything.............and try to make you buy the program. Clever indeed...................but what a waste of a day. Will keep ya upto date on the solution.

Oh yeah...................Panda Security actually has cracked one the programs and has serials available to crack it. Shame they havent done this version of '' Security Suite ''

Ohhhhhhhhhhhh I'd love to get my hands on the pricks

[Marty Miller]

Problem solved.

Here is a run down of how I got rid of it. But first a little understanding of what I went through.

This little farker made it very hard. From the google responses I read, Rogueware is bad news and very hard to get rid of. Even in safemode in windows, I was unable to see any entries in the System Registry . I found a great article on how to remove it and it seems tot of paid off. Heres what I did.

Went in to safe mode

Opened Internet Explorer..............tools.......internet options............connections.....lan settings. I then unchecked Proxy server.

Then I used a nice little application called TTS Killer from Kaspersky. That stopped all malicious processes. I then used Malware Bytes and did a complete scan.

( using Malwarebytes alone did not remove it )

Soooooooooooooooooo, after an all nighter and plenty of attempts, it seems it is gone. Im doing another scan as I wrote and hopefully it will come up empty.

Hope this helps out if any of you encounter this.

[Crook]

For the future consider a full wipe and reinstall. I seem to gather programs I dont need over time, and sometimes a full install is quicker than troubleshooting a virus, and you usually get a faster system afterwards.

If you know you'll be doing this in the future, you plan for it by keeping all the data you want to carry on in one place too, and leave the OS drive partition alone. Helps with backups in that regard.

[Marty Miller]

Quote:

Originally Posted by Crook

For the future consider a full wipe and reinstall. I seem to gather programs I dont need over time, and sometimes a full install is quicker than troubleshooting a virus, and you usually get a faster system afterwards.

If you know you'll be doing this in the future, you plan for it by keeping all the data you want to carry on in one place too, and leave the OS drive partition alone. Helps with backups in that regard.

Thanks mate, but as my mac is already partitioned with Mac os and windows.................the thought of doing it over again just didn't rate to high after having already done one reinstall that day. In any case...................I cracked the sucker. Thanks for you advice bud

[SteveMoody]

At least you've got it solved. I'm called on quite often by friends and family to try and fix these sort of problems, they can be very frustrating.

[deg3D]

Ooooo, nasty bit o' business there, bud, glad ya got it squashed. To this day I don't get why lil' egg-head weasels want to spend their time in their parent's basements trying to ruin other peep's days.

I'm sure the anti-virus companies have a hand in covertly releasing viruses all the time too though, to keep themselves in business.

deg

[BillS]

One of the greatest weapons I have for getting rid of these things is Linux on a USB stick. Boot from the stick and start digging into your system drive. Linux doesn't care what windows flags as hidded, no services are started, nothing. But you are still up and running the computer to do what you have to do.

[deg3D]

Quote:

Originally Posted by BillS

One of the greatest weapons I have for getting rid of these things is Linux on a USB stick. Boot from the stick and start digging into your system drive. Linux doesn't care what windows flags as hidded, no services are started, nothing. But you are still up and running the computer to do what you have to do.

Oooo, good thinkin'/tip, Bill, thanks!

deg

[Marty Miller]

Quote:

Originally Posted by SteveMoody

At least you've got it solved. I'm called on quite often by friends and family to try and fix these sort of problems, they can be very frustrating.

So where were you last night buddy Cheers Steve

Quote:

Originally Posted by deg3D

Ooooo, nasty bit o' business there, bud, glad ya got it squashed. To this day I don't get why lil' egg-head weasels want to spend their time in their parent's basements trying to ruin other peep's days.

I'm sure the anti-virus companies have a hand in covertly releasing viruses all the time too though, to keep themselves in business.deg

Im waitiing for the new action thriller.......................set in the not to distant future...................a band of ex mercenaries are hired by the general public to go in search of virus creating Hackers.

Staring.............. Marty Miller as Ironfist Freddy Fixup

Douglas Graves as Dirty Deg Destructo

Bill S as Professor Branson Bugatti

and special guest star Steve Buscemi as The Worm

Quote:

Originally Posted by BillS

One of the greatest weapons I have for getting rid of these things is Linux on a USB stick. Boot from the stick and start digging into your system drive. Linux doesn't care what windows flags as hidded, no services are started, nothing. But you are still up and running the computer to do what you have to do.

Now I know what I want for Xmas........................kudos to you Bill.

[deg3D]

Ahahahaha.

What the heck, The Expendables was just out. It was 'bout what I expected, fun, but it didn't have: The Worm.

deg

[BillS]

Quote:

Originally Posted by deg3D

Oooo, good thinkin'/tip, Bill, thanks!

deg

Its a snap to set up with ubuntu. There is a util that you download. Launch it, point it at the .iso distro that you download and to the USB. It whirrs and bangs for a bit and its done. The only catch is that some older machines won't boot from a USB, then just throw in the live CD and do it that way.

Quote:

Bill S as Professor Branson Bugatti

LMAO!!!!!!!!

[Madkoifish]

I had this got infected wit it via an image search in google. The image I was linked to was the virus. Way I got rid of it was to boot into the os as a different user. And wipe any crap that did not belong. Took 20min. Apps like spybot will recognize this thing and wipe it. Issue is feeling safe afterwords. I ended up not trusting the install any longer and wiped it.

I got this because of not updating FF of all things.

[Nail]

That's why I hardly use windows for web browsing. Ubuntu works great and it's free....
But if windows is what you use, you could give Kaspersky Internet Security a try..

EDIT: Also you coud try Trinity Rescue Kit

[Kataar]

Rogue Antivirus started to get really bad in 2008 and has only gotten worse since then. MalwareBytes was the best I used at work to get rid of it, but it's more than possible that several 'in the wild' have found ways around that as well... Never-the-less, if at any time you see a pop-up saying a virus has been detected, click here to scan your PC, and it's not your AV giving the warning...you've been infected with at least the first part of the virus already. Mostly they are drive-by infections, even visiting legitimate sites can infect your PC.

Also, BillS's suggestion about Linux on a thumb stick or external HDD, excellent suggestion.

Seriously, for all fellow IT folks out there, the news and industry specialists aren't kidding: IT Security is going to be the fastest growing field in the coming years, and really already is becoming it. I plan on one of my next certifications to be in IT Security for that reason, to make myself more marketable.

~Jon