yotaman88210 Posted January 22, 2009 Report Share Posted January 22, 2009 My dad clicked on some spyware bullshit and they now have a System Security virus. It seems to be a smart one... Just thought I would remind peoples to be careful what you click on... Just cuz it says anti spyware doesnt mean you should click on it or "let it scan" your computer. Has anyone extinguished the "system security" yet? Just wondering. Thanks bye Quote Link to comment Share on other sites More sharing options...
flounder Posted January 22, 2009 Report Share Posted January 22, 2009 There are probably 400 "system security" virus/malware. Sorry bout your luck tell your dad to wise up. PS.. once you have 1, you tend to get a shitload more within days. (as in 100's -1000's more) Quote Link to comment Share on other sites More sharing options...
yotaman88210 Posted January 22, 2009 Author Report Share Posted January 22, 2009 Damn. I had him turn the puter off till I could try to fix it. Hopefully I can. Silly daddy Quote Link to comment Share on other sites More sharing options...
justin0469 Posted January 22, 2009 Report Share Posted January 22, 2009 I've never met anyone that downloads more BS and viruses than my mom and sister. Almost on a weekly basis I have to remote into their computer and fix it. There's been a few times it wouldn't even boot up though.... Quote Link to comment Share on other sites More sharing options...
Casper Posted January 22, 2009 Report Share Posted January 22, 2009 Download SpyBot S&D. Quote Link to comment Share on other sites More sharing options...
natedogg624 Posted January 22, 2009 Report Share Posted January 22, 2009 search and destroy!*on a more serious note--remember to run the program in safe mode, i could be wrong though. i just know most of my anti-spyware programs are better off running in safe mode. Quote Link to comment Share on other sites More sharing options...
Casper Posted January 22, 2009 Report Share Posted January 22, 2009 search and destroy!*on a more serious note--remember to run the program in safe mode, i could be wrong though. i just know most of my anti-spyware programs are better off running in safe mode.Nada. SpyBot runs fine booted regularly. If there is spyware/adware it can't remove with Windows running, it'll ask you for permission to run when you next boot. Then, before Windows boots, SpyBot runs again removing the stubborn shitheads. Works really well. Quote Link to comment Share on other sites More sharing options...
troyec001 Posted January 22, 2009 Report Share Posted January 22, 2009 Nada. SpyBot runs fine booted regularly. If there is spyware/adware it can't remove with Windows running, it'll ask you for permission to run when you next boot. Then, before Windows boots, SpyBot runs again removing the stubborn shitheads. Works really well.If this doesn't work the only thing you can do is pull up your processes menu and if you don't know what it is search it on google. It's time consuming but it works. Quote Link to comment Share on other sites More sharing options...
natedogg624 Posted January 22, 2009 Report Share Posted January 22, 2009 Nada. SpyBot runs fine booted regularly. If there is spyware/adware it can't remove with Windows running, it'll ask you for permission to run when you next boot. Then, before Windows boots, SpyBot runs again removing the stubborn shitheads. Works really well.ah well now i know. Quote Link to comment Share on other sites More sharing options...
ReconRat Posted January 22, 2009 Report Share Posted January 22, 2009 (edited) I just took that one off a campus computer. Pretty funny stuff. 100% fake, send money prreas...Use Malwarebytes Anti-Malware to remove, it's the only one that worked when I tried several. Spybot, symantec, and superantispyware did nothing for this one.http://www.malwarebytes.org/mbam.phpedit: once downloaded, change the name to something else like mb.exe. Some viruses and trojans will attack this one when it's executed with it's original name. Edited January 22, 2009 by ReconRat Quote Link to comment Share on other sites More sharing options...
redbarron77 Posted January 22, 2009 Report Share Posted January 22, 2009 Trust Casper......the dude helped me clean up the stuff off my PC.....and I had been to EVERY porn site on the web..... Quote Link to comment Share on other sites More sharing options...
yotaman88210 Posted January 22, 2009 Author Report Share Posted January 22, 2009 Ok ill start with Ben's and go from there. I put the free AVG on there a year or so ago and its been great. Is the spybot something I leave on the computer forever? Or do I delete after I run it and it hopefully finds it? Thanks for the help peeeps! Quote Link to comment Share on other sites More sharing options...
InyaAzz Posted January 23, 2009 Report Share Posted January 23, 2009 You might want to download Hijack This too.A friend got one of those from some P2P networks..it had too many hooks into the system. It disabled the firewall...disabled auto updating...I finally just had to wipe the system clean.It may take a combination of tools. You''ll be lucky if SpyBot is all you need.Good luck! Quote Link to comment Share on other sites More sharing options...
ReconRat Posted January 23, 2009 Report Share Posted January 23, 2009 (edited) Trust Casper......the dude helped me clean up the stuff off my PC.....and I had been to EVERY porn site on the web.....ok but... I'm the guy that works with Casper, and I get to fix his computer also. (assuming he can't fix it himself, of course, and there are those days)So when I say spybot didn't work, because I tried it first, then I expect that you will find out the same thing. Truthfully, I also found a couple of Vundo hits, that's something much more serious. So in best interests;This is the standard sequence that works for most infections;1. turn system restore off.2. download superantispyware, spybot, malwarebyte and ccleaner. 3. install and update all three. (rename the malwarebyte executable)(do not use the spybot TeaTimer, the SDHelper for IE is ok)(setup only one desktop icon, skip everything else)(skip the extras, all the languages, skins, etc)(make sure all scanners are set for all files, and that you scan all, except for malwarebyte which can run in quick mode ok.)4. run the ccleaner and take all the crap out of and off of your computer. Use the defaults and do both computer/applications and the registry. Run them multiple times till they don't find anything. BACK UP THE REGISTRY WHEN IT ASKS THE FIRST TIME AND DON'T DO IT AGAIN TILL YOU'RE DONE.5. reboot in safe mode.6. scan with superantispyware and repair/fix everything it finds.7. reboot into safe mode again.7. scan with spybot and repair/fix everything it finds. (there are tricks with spybot that help)8. reboot into safe mode again.9. scan with malwarebyte (quick mode) and repair/fix everything it finds.10. repeat as necessary till the infections are gone. I actually do multiple scans with each, till nothing is found with each, and then move on to the next one. But that's only necessary for tough Trojans that move around and come right back.11. reboot into normal mode and preferably set a new restore point. If you restore, it might restore the infection. (skip restore instructions if you don't use it, I don't)12. sometimes even this doesn't completely work, like with a serious Vundo infection. And that will require additional efforts and softwares and skill.13. leave all three scanners (and the ccleaner) on the computer, and use them often enough. They are on-demand scanners, not full time scanners. Don't install more than one full time anti-virus program. They tend to fight one another over viruses and freeze up.If the infected computer does any of the following:Your virus definitions look out of date.Your anti-virus won't updateYou suspect your anti-virus program isn't really doing anything (faked)Won't let you browse the internetWon't let you go to websites that have anti-virus softwareWon't let you install the anti-virus softwareWon't let you update the anti-virus softwareReboots in the middle of the scans, making it invalidThen it is much more serious, and you probably need help with that one.But in most cases you can win by using another computer to find answers and software, and move them over on a thumbdrive. Including updates, done manually, or later when it's back under control.This is for only XP on a windows machine. And this is the short version. There is a multipage set of instructions that will take days to get through, and I've had to use it often enough. Some software tools will cause more damage than the malware, if used improperly.Polymorphic Trojans will often stealth up, change names, and hide, and will return again soon enough. Just watch for them to return and remove again.Note: We can make a list of safe porn sites. Ha!BTW, the free AVG works fine for a full-time anti-virus scanner. I like it. Edited January 23, 2009 by ReconRat Quote Link to comment Share on other sites More sharing options...
max power Posted January 23, 2009 Report Share Posted January 23, 2009 Note: We can make a list of safe porn sites. Ha!Post and ahem..sticky....in the NWS section please.Please. Quote Link to comment Share on other sites More sharing options...
ReconRat Posted January 23, 2009 Report Share Posted January 23, 2009 Post and ahem..sticky....in the NWS section please.True, not here... Quote Link to comment Share on other sites More sharing options...
duc1098rdr Posted January 23, 2009 Report Share Posted January 23, 2009 True or false, If a user account on XP is set up as limited user, instead of administrator they will be less prone to these problems? This strategy has seemed to work for our "high maintenance employees" Quote Link to comment Share on other sites More sharing options...
yotaman88210 Posted January 23, 2009 Author Report Share Posted January 23, 2009 Well I think the spybot worked. It got most of the things off. I need to scan again when I get home. Too many damn files on that puter. It did indeed turn the firewall off... smart little fooker. Thanks for the nice write up!! Quote Link to comment Share on other sites More sharing options...
SJC1000rr Posted January 23, 2009 Report Share Posted January 23, 2009 +1 for ReconratI got the Antivirus 2009 "virus" earlier this year. I tried using SB and it just shuts it down and does not clear off the Vundo Trojans/Blockers/etc. I will block your AV software and any internet sites like Microtrend etc. I had to get malwarebytes and it was the shizzle of cleaners. I basically did what he has already stated. Restart into "safe mode" (F8 when booting up). If you try to run it from the regular install name, it will block it..so change the name (ihatethis.exe). Install and run a full scan and clean off what you can (112 files for me). I then restarted into "safe mode, with networking". Ran Malwarebytes update and then another full scan and clear off more (69 files for me). Then into regular mode to the desktop and run another full scan.From there, I got a few registry and file corruption issues, which I got fixed for the most part with help from a friend. These virus's can be very nasty and I have gotten several friends asking me for help also. Quote Link to comment Share on other sites More sharing options...
ReconRat Posted January 24, 2009 Report Share Posted January 24, 2009 True or false, If a user account on XP is set up as limited user, instead of administrator they will be less prone to these problems? This strategy has seemed to work for our "high maintenance employees"True, active rights are less. So the attack has less to work with. Quote Link to comment Share on other sites More sharing options...
SWing'R Posted January 24, 2009 Report Share Posted January 24, 2009 (edited) My dad clicked on some spyware bullshit and they now have a System Security virus. It seems to be a smart one... Just thought I would remind peoples to be careful what you click on... Just cuz it says anti spyware doesnt mean you should click on it or "let it scan" your computer. Has anyone extinguished the "system security" yet? Just wondering. Thanks byeI'm betting its "Antivirus 2009". This program has been running crazy and infecting lots of people and websites. The program hijacks websites and reroutes you to their "scanner". I've experienced it about three times last week while on Myspace.Your just surfing away and all of sudden you click on a link and you're suddenly somewhere else with a antivirus scanner claiming itsscanning your computer and it always finds a bunch of viruses and claims the only way to remove them is to install their software,thats the hook most people fall for.Warn you family, especially older people that are more prone to believing these kinds of programs, this one looks very very legit, but its not! There is a screenshot of it at this link...http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009 Edited January 24, 2009 by SWing'R Quote Link to comment Share on other sites More sharing options...
DangBruhY Posted January 24, 2009 Report Share Posted January 24, 2009 I have a buddy that keeps getting viruses. He has no idea how he gets them, but I think it might be his wife or his son and the "System Security" scans that they probably do. Quote Link to comment Share on other sites More sharing options...
SWing'R Posted January 25, 2009 Report Share Posted January 25, 2009 I have a buddy that keeps getting viruses. He has no idea how he gets them, but I think it might be his wife or his son and the "System Security" scans that they probably do."Most" viruses have to be launched, clicked on, etc. It takes human interaction to initiate it. Tell the guy to quit opening email attachements Quote Link to comment Share on other sites More sharing options...
cmoosego Posted January 25, 2009 Report Share Posted January 25, 2009 Trust Casper......the dude helped me clean up the stuff off my PC.....and I had been to EVERY porn site on the web.....wow you are a perv....watch out fo this guy!!! Quote Link to comment Share on other sites More sharing options...
ReconRat Posted January 25, 2009 Report Share Posted January 25, 2009 (edited) So I'm sitting here removing viruses and trojans yet again...I have a laptop I put at risk on purpose just to learn about the viruses and trojans.And yes, it appears to be quite whacked once again.Easy to do when visiting various download sites, and especially Russian or Chinese variety. I use no peer to peer, that's too easy, and actually use a peer to peer blocking type firewall.I run a cross script killer, and noticed right about the same time that it wasn't running, oops... you don't visit Russian websites without a cross script killer.This laptop got the Vundo on Dec 31, it appears it might still be the Vundo, (just a little bit) so maybe not all of it is gone. This time it likes to open IE and show various websites, no pattern, probably just collecting click for pay.The AVG free edition was catching most of it, I just ignored it for a while. I should have at least stopped and rebooted.There are over one million viruses and trojans (and adware/spyware) out there now, and soon to be 1.5 million...At any given moment, most all of the computers that are infected, are infected with only one or two of about a dozen or so. Vundo is currently one of them.edit1: got BSOD when superantispyware tried to clean.... arghedit2: spybot locked up on virtumonde.sci, a type of smitfraud.... arghedit3: malwarebytes worked, Vundo removed, most of it anyway...edit4: the IE popups was a malware known as SpeedRunner. Edited January 25, 2009 by ReconRat Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.