First virus in about a decade

Hang out, sip some ice tea, and shoot the breeze with TR regulars.

Moderators: emkubed, Captain Ned

First virus in about a decade

Postposted on Wed Dec 14, 2011 10:20 pm

What the hell. My wife caught a virus, it makes "windows 7 antivirus" pop up like crazy. I haven't seen a virus for real in a long time. I'm sure I've had them, but I haven't actually seen such an annoying one in a while.

It's probably her computer illiterate family sending all sorts of warnings (with links) about computer viruses.
SpotTheCat
Gerbilus Supremus
 
Posts: 12262
Joined: Wed Jan 29, 2003 12:47 am
Location: a regular hole

Re: First virus in about a decade

Postposted on Wed Dec 14, 2011 11:01 pm

It's quite possible they visited a legit site with an infected ad server. Happens to my users a lot.

Make sure Java, Flash, Acrobat, and Quicktime are all up to date if they're installed; IIRC the biggest infection vectors are those four more or less in order.
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3223
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: First virus in about a decade

Postposted on Wed Dec 14, 2011 11:06 pm

Huh, good point. Those are the most annoying things to update, too.
SpotTheCat
Gerbilus Supremus
 
Posts: 12262
Joined: Wed Jan 29, 2003 12:47 am
Location: a regular hole

Re: First virus in about a decade

Postposted on Wed Dec 14, 2011 11:38 pm

Try MBAM on it.
JustAnEngineer
Gerbil God
Gold subscriber
 
 
Posts: 15543
Joined: Sat Jan 26, 2002 7:00 pm
Location: The Heart of Dixie

Re: First virus in about a decade

Postposted on Thu Dec 15, 2011 12:43 am

I just tackled this bastard today at work. The instructions and tools on this page worked really well.


Side note: I actually sat and watched my own personal pc succumb to a very similar virus/malware. It caused a system tray popup message that warned of a failing hard drive. When I clicked the "X" to close the popup, all hell broke loose. Turns out the virus came from an infected ad server on the page of a Facebook flash game I was playing. So it is not necessarily computer illiterates doing stupid things to welcome viruses onto their systems (yes, I know that playing flash games on Facebook may qualify as a stupid thing lol).
JJCDAD
Gerbil Jedi
 
Posts: 1867
Joined: Fri Sep 17, 2004 3:11 pm
Location: Is this heaven? No, it's Iowa.

Re: First virus in about a decade

Postposted on Thu Dec 15, 2011 12:59 am

SpotTheCat wrote:What the hell. My wife caught a virus, it makes "windows 7 antivirus" pop up like crazy. I haven't seen a virus for real in a long time. I'm sure I've had them, but I haven't actually seen such an annoying one in a while.

It's probably her computer illiterate family sending all sorts of warnings (with links) about computer viruses.


Just curious if there's any anti-virus on her computer?

Also, what settings do you have for UAC?
MadManOriginal
Graphmaster Gerbil
 
Posts: 1457
Joined: Wed Jan 30, 2002 7:00 pm
Location: In my head...

Re: First virus in about a decade

Postposted on Thu Dec 15, 2011 1:37 am

Two things. First, UAC should be at the maximum level. It's not at all annoying unless you're setting up a new Windows installation. Second, your day to day user account shouldn't have Administrator access. Limited User+Maxxed UAC means your Windows 7 box doesn't get malware-smacked in any significant way.

To be specific, there's some malware that pops up a fake "anti-virus scanner" and auto-kills Task Manager and you can mostly keep it from starting via msconfig and then remove when it's not running. I forget the name of it, so you in your thing and you'll find it.
evilpaul
Gerbil
 
Posts: 15
Joined: Mon Jan 11, 2010 6:59 pm

Re: First virus in about a decade

Postposted on Thu Dec 15, 2011 5:27 am

This form of malware is known as smutware. It is basically a phishing scam that depends on users who pay the writers for fake anti-virus software (which is really a backdoor trojan) and use the financial information to commit identify theft. The fake anti-virus generates nothing but false positives to make it look like that your entire system has been compromise. In reality, it is the program itself that is the infection. It likes to duplicate itself within your Users and temp directories using random strings like "$G35787" and "DGMDTG@".

My first action is to completely isolate the infect system from the network/internet and do anti-malware updates via sneakernet. Obtain the aforementioned updates from a clean system. Do the anti-malware scans and then search for traces of the malware in the registery/HDD and remove it manually. If this all fails, you have little choice but to nuke everything from orbit. ;)
Ivy Bridge i5-3570K@4.0Ghz, Gigabyte Z77X-UD3H, 2x4GiB of PC-12800, EVGA 660Ti, Corsair CX-600 and Fractal Refined R4 (W). Kentsfield Q6600@3Ghz, HD 4850 2x2GiB PC2-6400, Gigabyte EP45-DS4P, OCZ Modstream 700W, and PC-7B.
Krogoth
Maximum Gerbil
Silver subscriber
 
 
Posts: 4466
Joined: Tue Apr 15, 2003 3:20 pm
Location: somewhere on Core Prime

Re: First virus in about a decade

Postposted on Thu Dec 15, 2011 10:03 am

One of my biggest praises of WIndows 7 is that most of this type of malware has been forced to become simple user-level annoyance apps, which makes it extremely easy to remove by simply logging in as a different user with admin access, and picking apart the infected user's user directory while the malware is inactive.

Much, much better than the days of Windows XP letting everything into the system with either an admin account, or a privilege-escalation attack, then having to clean it out of a hundred different possible hiding places.
Desktop: FX-8350 | 32 GB | XFX Radeon 6950 | Windows 7 x64
Laptop: i7 740QM | 12 GB | Mobility Radeon 5850 | Windows 8.1.1.1.1 x64
SuperSpy
Gerbil Jedi
Gold subscriber
 
 
Posts: 1605
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: First virus in about a decade

Postposted on Thu Dec 15, 2011 10:52 am

Krogoth wrote:This form of malware is known as smutware.


PeregrineFalcon is not impressed with Krogoth's incorrect terminology. Scamware or scareware.

Smutware would be porn pop-ups. ;)
PeregrineFalcon
Gerbil
 
Posts: 14
Joined: Mon Oct 03, 2011 8:54 am

Re: First virus in about a decade

Postposted on Thu Dec 15, 2011 7:43 pm

The culprit is many things. Mostly, I've assumed she has the same computer decision making skills as I do.
1. I always update my software.
2. I never even open emails from my relatives. It's 99% chain/spam anyways. (I also don't listen to voice mail, who wouldn't just text if I don't pick up?)
3. I avoid ad-plagued websites like... well... the plague.
4. Other habits I have that pretty much eliminate problems.
5. I do virus scans about quarterly, I don't like running real-time software because they make everything so slow and interrupt so many common actions.

I found a guide to uninstall the virus, it seems to have worked. I'll run a gauntlet of AV software suites to make sure.

Changes to her policy
1. I will enforce her use of google docs for her work. She works from home (she is a writer!) and I've been insisting that google docs will provide safer storage for her work for months. Nothing I can do will be as robust and safe as the cloud.
2. I have made a separate work account for her in windows. If something asks for the admin password she will not have it!
3. I will either find a way to safely update all of the weaker software (Java etc.) automatically, or will make a point of checking it often.
4. I will (reluctantly) have avast or AVG (or another?) running constantly "in the background." I hate them, they slow everything down and befuddle you with constant questions that you eventually just ignore. Does anybody have a better idea?

Is there anything else I need to do or something I should do differently? I'm not a corporate IT policy guy, but I feel like I need one considering the mission-critical nature of this computer.
SpotTheCat
Gerbilus Supremus
 
Posts: 12262
Joined: Wed Jan 29, 2003 12:47 am
Location: a regular hole

Re: First virus in about a decade

Postposted on Thu Dec 15, 2011 8:14 pm

3. I will either find a way to safely update all of the weaker software (Java etc.) automatically, or will make a point of checking it often.

I would recommend Secunia PSI. It scans all installed applications and checks them against Secunia's vulnerability database. It will notify you if any of your software has known vulnerabilities and if there are patches for it. It will also automatically patch weak links like Flash, Adobe Reader and Quicktime (I think). It's another thing to run in the background, but a newish computer should be able to handle it without slowing down too much. It does a start-up scan and then mostly stays out of the way.
4. I will (reluctantly) have avast or AVG (or another?) running constantly "in the background." I hate them, they slow everything down and befuddle you with constant questions that you eventually just ignore. Does anybody have a better idea?

Yes, just use Microsoft Security Essentials. It's free, fairly light and non-intrusive.

Also, I would recommend installing Opera as the default browser. You can disable JS and plug-ins by default and then only enable them for individual websites via custom website settings. (I'm sure you can do this with other alternative browsers as well, but I'm only familiar with Opera.) This will stop compromised ad servers from infecting your machine (unless you enable JS and plug-ins for the ad servers, that is).
Palek
Gerbil
Gold subscriber
 
 
Posts: 34
Joined: Thu Oct 28, 2004 4:26 am

Re: First virus in about a decade

Postposted on Thu Dec 15, 2011 8:32 pm

SpotTheCat wrote:1. I will enforce her use of google docs for her work. She works from home (she is a writer!) and I've been insisting that google docs will provide safer storage for her work for months. Nothing I can do will be as robust and safe as the cloud.


What if Docs lacks a feature she uses often enough for its omission to be annoying? It's a bit light on features compared to Word. John Scalzi (sf writer) tried writing a book in Docs on his Cr-48 for a time early this year and gave up because it didn't do what he wanted.
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3223
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: First virus in about a decade

Postposted on Thu Dec 15, 2011 10:02 pm

A few very minor suggestions--

AVG Free just got a very positive review from Maximum PC and it does NOT pop up with annoying messages much--I am using it on two machines.

Consider ZoneAlarm Free Firewall as an addition.

Have her do WEEKLY scans.

Use Ninite--free or paid service at $10/year--to update a group of apps at once, including QuickTime, Adobe Flash, etc. Highly recommended. For the free version you run the downloaded file periodically and it updates all the apps. The paid service scans and does it daily. http://ninite.com/

Have her use the Chrome browser since it is sandboxed. Alternatively, buy her Sandboxie--http://www.sandboxie.com/--and set it up so her browser (and other programs if desired) are automatically sandboxed.
Win 8.1 Pro 64-bit-Intel i7 965-Noctua NH-C12P-ASUS P6T Deluxe-Patriot Viper Xtreme 24GB DDR3 1600-SanDisk 240GB SSD-2 WD Velociraptors 300GB-WD RE3 1TB -Radeon 6970-ASUS Xonar Essence -LG GBW-H20L Blu-ray-Thermaltake W0133RU 1200W-CoolerMaster CM 832
Neutronbeam
Gerbil XP
Silver subscriber
 
 
Posts: 355
Joined: Mon Mar 20, 2006 10:07 am
Location: Atlanta, Georgia USA

Re: First virus in about a decade

Postposted on Thu Dec 15, 2011 11:03 pm

SpotTheCat wrote:The culprit is many things. Mostly, I've assumed she has the same computer decision making skills as I
1. I will enforce her use of google docs for her work. She works from home (she is a writer!) and I've been insisting that google docs will provide safer storage for her work for months. Nothing I can do will be as robust and safe as the cloud.


I love Google Docs but I recently lost a diary I'd been keeping on there for ages. Moral of the story: It seems easier to nuke a document in the cloud than it does locally.
Ubuntu 12.04 AMD64: E8200 // P35 // HD 4850 // 4GB
OS X 10.8.x: iMac12,2, MacBook 5,2
pedro
Gerbil First Class
 
Posts: 176
Joined: Fri May 11, 2007 6:13 am

Re: First virus in about a decade

Postposted on Fri Dec 16, 2011 9:07 am

axeman wrote:I'm not sure what support Google gives for Docs if you aren't paying for the service, but doubtless it could be recovered from a backup somewhere.


Your naivete is cute. Google doesn't provide /any/ support, basically, so if you want a backup that's your lookout.
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3223
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: First virus in about a decade

Postposted on Fri Dec 16, 2011 9:35 am

axeman wrote:...
3) why the hate towards a FREE service? Same people that bitch about Facebook I guess.

IMO much (though not all) of the ire directed at Facebook is deserved. It is a malware cesspool, and a major contributor to the "dumbing down" of the Internet.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37979
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: First virus in about a decade

Postposted on Fri Dec 16, 2011 9:36 am

I'm not hating on Docs, it's good for what it is, but the point is that you can't trust them to never lose your data, and you can't expect a free service to be assiduous about restoring your backup.

You want a backup, you keep your own damn backups and take responsibility for them. You might never have a problem with THE CLOUD, but then again you might and your data could disappear forever if you don't have an offline copy, same as for anything else.
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3223
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: First virus in about a decade

Postposted on Fri Dec 16, 2011 9:51 am

bthylafh wrote:You want a backup, you keep your own damn backups and take responsibility for them. You might never have a problem with THE CLOUD, but then again you might and your data could disappear forever if you don't have an offline copy, same as for anything else.

"The Cloud" is really just a euphemism for migrating back to the datacenter/mainframe/terminal model of computing (with web browsers taking the place of the terminals). Letting someone else manage your data for you means you no longer *control* your data.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37979
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: First virus in about a decade

Postposted on Fri Dec 16, 2011 11:31 am

just brew it! wrote:Letting someone else manage your data for you means you no longer *control* your data.


Very well put. I'd also note this presents more danger than just losing your data. It also represents a risk of the compromise of your data too.

The cloud should not be the goto solution without some real thought about what you can afford to lose.
"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"
Ryu Connor
Global Moderator
Gold subscriber
 
 
Posts: 3591
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA

Re: First virus in about a decade

Postposted on Fri Dec 16, 2011 11:18 pm

just brew it! wrote:
axeman wrote:...
3) why the hate towards a FREE service? Same people that bitch about Facebook I guess.

IMO much (though not all) of the ire directed at Facebook is deserved. It is a malware cesspool, and a major contributor to the "dumbing down" of the Internet.



So did you bitch about the move away from BBS and newsgroups dumbing down the internet back in the day to :lol:


My parents got hit by this same virus today. I will know more tomorrow when I go to fix the problem. Going from memory they have a fully updated version of windows 7 64 bit, running chrome, and Microsoft Security Essentials.
Hance
Darth Gerbil
Gold subscriber
 
 
Posts: 7641
Joined: Mon Sep 29, 2003 1:58 pm
Location: Grace Idaho

Re: First virus in about a decade

Postposted on Sat Dec 17, 2011 9:07 pm

FWIW, I was able to bring up task manager (I had to ctrl+alt+delete, any other route to the task manager was blocked), find the location of the process, kill the process, delete the file the process was run from, and then I used a spyware removal tool to change the registry back. I hope that's all of it!
SpotTheCat
Gerbilus Supremus
 
Posts: 12262
Joined: Wed Jan 29, 2003 12:47 am
Location: a regular hole

Re: First virus in about a decade

Postposted on Sat Dec 17, 2011 9:12 pm

SpotTheCat wrote:FWIW, I was able to bring up task manager (I had to ctrl+alt+delete, any other route to the task manager was blocked), find the location of the process, kill the process, delete the file the process was run from, and then I used a spyware removal tool to change the registry back. I hope that's all of it!

http://windows.microsoft.com/en-US/wind ... er-offline

MS has a beta version of Windows Defender (looks just like MSE) available as an offline product one can install as bootable to CD/DVD or USB. I gave it a whirl and it seems to work pretty well. You do have to run the wizard as admin, though, if you want the USB stick reformat to work (using XPSP 3 here).
Life is hard; but it's harder if you're stupid. Big Al.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 20558
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: First virus in about a decade

Postposted on Sat Dec 17, 2011 10:03 pm

My mom got hit by this. Not entirely updated version of Vista with FF. Adobe reader and java both needed updates, flash probably does too. I booted into safe mode, cleaned up registry and start-up with CCleaner, ran MBAM several times then booted into windows normally and am running AVG and MBAM scans. She was using AVGFree, just doesn't know what to click on and what not to click on apparently. It's a good thing this only happened 2 or 3 days ago as I just got home yesterday and nobody else here would've looked at it.
Lenovo W520
IBM dx340
Nokia Lumia 928
Sony a7 with far too many lenses to list or even count
lonleyppl
Gerbil XP
 
Posts: 359
Joined: Wed Jan 26, 2011 2:59 pm


Return to The Back Porch

Who is online

Users browsing this forum: morphine and 6 guests