Jump to content

System Security Virus

yotaman88210

By yotaman88210
in Dumpster

 Share

Recommended Posts

yotaman88210 Grand Master

yotaman88210

Posted
Posted

My dad clicked on some spyware bullshit and they now have a System Security virus. It seems to be a smart one... Just thought I would remind peoples to be careful what you click on... Just cuz it says anti spyware doesnt mean you should click on it or "let it scan" your computer. :nono:

Has anyone extinguished the "system security" yet? Just wondering. Thanks bye

Link to comment
Share on other sites
Casper Grand Master

Casper

Posted
Posted
search and destroy!

lurker.gifgunner.gif

*on a more serious note--remember to run the program in safe mode, i could be wrong though. i just know most of my anti-spyware programs are better off running in safe mode.

Nada. SpyBot runs fine booted regularly. If there is spyware/adware it can't remove with Windows running, it'll ask you for permission to run when you next boot. Then, before Windows boots, SpyBot runs again removing the stubborn shitheads. Works really well.

Link to comment
Share on other sites
troyec001 Community Regular

troyec001

Posted
Posted
Nada. SpyBot runs fine booted regularly. If there is spyware/adware it can't remove with Windows running, it'll ask you for permission to run when you next boot. Then, before Windows boots, SpyBot runs again removing the stubborn shitheads. Works really well.

If this doesn't work the only thing you can do is pull up your processes menu and if you don't know what it is search it on google. It's time consuming but it works.

Link to comment
Share on other sites
natedogg624 Grand Master

natedogg624

Posted
Posted
Nada. SpyBot runs fine booted regularly. If there is spyware/adware it can't remove with Windows running, it'll ask you for permission to run when you next boot. Then, before Windows boots, SpyBot runs again removing the stubborn shitheads. Works really well.

ah well now i know.

Link to comment
Share on other sites
ReconRat Grand Master

ReconRat

Posted
Posted (edited)

I just took that one off a campus computer. Pretty funny stuff. 100% fake, send money prreas...

Use Malwarebytes Anti-Malware to remove, it's the only one that worked when I tried several. Spybot, symantec, and superantispyware did nothing for this one.

http://www.malwarebytes.org/mbam.php

edit: once downloaded, change the name to something else like mb.exe. Some viruses and trojans will attack this one when it's executed with it's original name.

Edited by ReconRat
Link to comment
Share on other sites
yotaman88210 Grand Master

yotaman88210

Posted
  • Author
Posted

Ok ill start with Ben's and go from there. I put the free AVG on there a year or so ago and its been great. Is the spybot something I leave on the computer forever? Or do I delete after I run it and it hopefully finds it? Thanks for the help peeeps!

Link to comment
Share on other sites
InyaAzz Grand Master

InyaAzz

Posted
Posted

You might want to download Hijack This too.

A friend got one of those from some P2P networks..it had too many hooks into the system. It disabled the firewall...disabled auto updating...I finally just had to wipe the system clean.

It may take a combination of tools. You''ll be lucky if SpyBot is all you need.

Good luck!

Link to comment
Share on other sites
ReconRat Grand Master

ReconRat

Posted
Posted (edited)
Trust Casper......the dude helped me clean up the stuff off my PC.....and I had been to EVERY porn site on the web.....:wackit:

ok but... I'm the guy that works with Casper, and I get to fix his computer also. (assuming he can't fix it himself, of course, and there are those days)

So when I say spybot didn't work, because I tried it first, then I expect that you will find out the same thing. Truthfully, I also found a couple of Vundo hits, that's something much more serious. So in best interests;

This is the standard sequence that works for most infections;

1. turn system restore off.

2. download superantispyware, spybot, malwarebyte and ccleaner.

3. install and update all three.

(rename the malwarebyte executable)

(do not use the spybot TeaTimer, the SDHelper for IE is ok)

(setup only one desktop icon, skip everything else)

(skip the extras, all the languages, skins, etc)

(make sure all scanners are set for all files, and that you scan all, except for malwarebyte which can run in quick mode ok.)

4. run the ccleaner and take all the crap out of and off of your computer. Use the defaults and do both computer/applications and the registry. Run them multiple times till they don't find anything. BACK UP THE REGISTRY WHEN IT ASKS THE FIRST TIME AND DON'T DO IT AGAIN TILL YOU'RE DONE.

5. reboot in safe mode.

6. scan with superantispyware and repair/fix everything it finds.

7. reboot into safe mode again.

7. scan with spybot and repair/fix everything it finds. (there are tricks with spybot that help)

8. reboot into safe mode again.

9. scan with malwarebyte (quick mode) and repair/fix everything it finds.

10. repeat as necessary till the infections are gone. I actually do multiple scans with each, till nothing is found with each, and then move on to the next one. But that's only necessary for tough Trojans that move around and come right back.

11. reboot into normal mode and preferably set a new restore point. If you restore, it might restore the infection. (skip restore instructions if you don't use it, I don't)

12. sometimes even this doesn't completely work, like with a serious Vundo infection. And that will require additional efforts and softwares and skill.

13. leave all three scanners (and the ccleaner) on the computer, and use them often enough. They are on-demand scanners, not full time scanners. Don't install more than one full time anti-virus program. They tend to fight one another over viruses and freeze up.

If the infected computer does any of the following:

Your virus definitions look out of date.

Your anti-virus won't update

You suspect your anti-virus program isn't really doing anything (faked)

Won't let you browse the internet

Won't let you go to websites that have anti-virus software

Won't let you install the anti-virus software

Won't let you update the anti-virus software

Reboots in the middle of the scans, making it invalid

Then it is much more serious, and you probably need help with that one.

But in most cases you can win by using another computer to find answers and software, and move them over on a thumbdrive. Including updates, done manually, or later when it's back under control.

This is for only XP on a windows machine. And this is the short version. There is a multipage set of instructions that will take days to get through, and I've had to use it often enough. Some software tools will cause more damage than the malware, if used improperly.

Polymorphic Trojans will often stealth up, change names, and hide, and will return again soon enough. Just watch for them to return and remove again.

Note: We can make a list of safe porn sites. Ha!

BTW, the free AVG works fine for a full-time anti-virus scanner. I like it.

Edited by ReconRat
Link to comment
Share on other sites
SJC1000rr Mentor

SJC1000rr

Posted
Posted

+1 for Reconrat

I got the Antivirus 2009 "virus" earlier this year. I tried using SB and it just shuts it down and does not clear off the Vundo Trojans/Blockers/etc. I will block your AV software and any internet sites like Microtrend etc. I had to get malwarebytes and it was the shizzle of cleaners. I basically did what he has already stated. Restart into "safe mode" (F8 when booting up). If you try to run it from the regular install name, it will block it..so change the name (ihatethis.exe). Install and run a full scan and clean off what you can (112 files for me). I then restarted into "safe mode, with networking". Ran Malwarebytes update and then another full scan and clear off more (69 files for me). Then into regular mode to the desktop and run another full scan.

From there, I got a few registry and file corruption issues, which I got fixed for the most part with help from a friend. These virus's can be very nasty and I have gotten several friends asking me for help also.

Link to comment
Share on other sites
ReconRat Grand Master

ReconRat

Posted
Posted
True or false, If a user account on XP is set up as limited user, instead of administrator they will be less prone to these problems? This strategy has seemed to work for our "high maintenance employees"

True, active rights are less. So the attack has less to work with.

Link to comment
Share on other sites
SWing'R Grand Master

SWing'R

Posted
Posted (edited)
My dad clicked on some spyware bullshit and they now have a System Security virus. It seems to be a smart one... Just thought I would remind peoples to be careful what you click on... Just cuz it says anti spyware doesnt mean you should click on it or "let it scan" your computer. :nono:

Has anyone extinguished the "system security" yet? Just wondering. Thanks bye

I'm betting its "Antivirus 2009". This program has been running crazy and infecting lots of people and websites.

The program hijacks websites and reroutes you to their "scanner". I've experienced it about three times last week while on Myspace.

Your just surfing away and all of sudden you click on a link and you're suddenly somewhere else with a antivirus scanner claiming its

scanning your computer and it always finds a bunch of viruses and claims the only way to remove them is to install their software,

thats the hook most people fall for.

Warn you family, especially older people that are more prone to believing these kinds of programs, this one looks very very legit,

but its not! There is a screenshot of it at this link...

http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009

Edited by SWing'R
Link to comment
Share on other sites
SWing'R Grand Master

SWing'R

Posted
Posted
I have a buddy that keeps getting viruses. He has no idea how he gets them, but I think it might be his wife or his son and the "System Security" scans that they probably do.

"Most" viruses have to be launched, clicked on, etc. It takes human interaction to initiate it. Tell the guy to quit opening email attachements :)

Link to comment
Share on other sites
ReconRat Grand Master

ReconRat

Posted
Posted (edited)

So I'm sitting here removing viruses and trojans yet again...

I have a laptop I put at risk on purpose just to learn about the viruses and trojans.

And yes, it appears to be quite whacked once again.

Easy to do when visiting various download sites, and especially Russian or Chinese variety. I use no peer to peer, that's too easy, and actually use a peer to peer blocking type firewall.

I run a cross script killer, and noticed right about the same time that it wasn't running, oops... you don't visit Russian websites without a cross script killer.

This laptop got the Vundo on Dec 31, it appears it might still be the Vundo, (just a little bit) so maybe not all of it is gone. This time it likes to open IE and show various websites, no pattern, probably just collecting click for pay.

The AVG free edition was catching most of it, I just ignored it for a while. I should have at least stopped and rebooted.

There are over one million viruses and trojans (and adware/spyware) out there now, and soon to be 1.5 million...

At any given moment, most all of the computers that are infected, are infected with only one or two of about a dozen or so. Vundo is currently one of them.

edit1: got BSOD when superantispyware tried to clean.... argh

edit2: spybot locked up on virtumonde.sci, a type of smitfraud.... argh

edit3: malwarebytes worked, Vundo removed, most of it anyway...

edit4: the IE popups was a malware known as SpeedRunner.

Edited by ReconRat
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...