Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User TLM
(legend) Wed 20-May-15 10:06:41
Print Post

Trying to help Dutch friend with malware...


[link to this post]
 
My Dutch online penpal of some 14 years now began to have problems last night that indicated she had malware on her computer.

She posted screenshots on Facebook that I researched, and found it's a fairly widely reported nasty, that falsely reports you are running out of disk space, and encourages you to press a button to repair. I do NOT know if she ever pressed the button, but hope not!

This page seems to relate (although, of course, the popups she saw were all in Dutch): http://malwaretips.com/blogs/low-disk-space-virus/

So I posted the link to that troubleshooting page on FB for her, and said: Try working through this."

I don't know if she did or not, but I have a feeling she may instead have pressed the button, as another FB friend (clearly clueless!) was urging: "But it says you're out of disk space - have you clicked to fix it yet?" Gaaaaagh!

So I'm guessing that as pressing the booby-trapped button seemed nice and simple, and my recommendation was long and complicated, she may have gone for the former...thus installing more malware.

This morning she informs me (by email from her phone) that the computer will now not connect to the internet at all.

She is on about calling her ISP. I established that her phone is using the house internet, therefore her internet isn't down - it's a problem with the computer, and not the ISP's problem.

She tells me she has run a restore (don't know if that's a standard Windows restore or something else she has installed), but it didn't fix it.

I have a paid-for code for Norton 360 that I'm not using, so I've mailed that to her, but of course she can't download or install that unless she can get back online with the computer - we don't want to try to install it on the phone! So I've explained clearly: "Do NOT do this from the phone - we need to get you back online with the computer."

So, any clues how I can talk her back online, if system restore didn't work? If she boots in Safe Mode, I think, by definition, internet access is disabled anyway, is that right?

So what can she try to get back online? I cannot send her really detailed instructions, because she has only a phone to view them on. Well - she could receive the instructions OK, or links to them, if published handily online somewhere, but really fiddly trying to read and follow them off a phone.

Not ALL the steps in the help page I linked to above require an internet connection. Should I suggest she works through Step 1, manually removing any of the programs on that blacklist?

But if she doesn't see any of them, and it's named something else, I don't think she will be able to work out which recently installed file is the suspicious one!

Sorry - it would be easier if this was for me, but it's not. I somehow need to relay simple instructions to someone who won't really understand what they're doing. frown

If I can get her back online and get Norton on there, I can probably have Norton clean it up!

The instructions don't have to be in Dutch by the way - her English is excellent (thank God for small mercies)

Tina

Edited by TLM (Wed 20-May-15 10:20:48)

Standard User caffn8me
(knowledge is power) Wed 20-May-15 18:28:59
Print Post

Re: Trying to help Dutch friend with malware...


[re: TLM] [link to this post]
 
You can download a bootable malware scanner and cleaning tool for free from ESET;

http://www.eset.com/int/support/sysrescue/

This can be saved to USB or CD/DVD and the computer boots from it.

I'd suggest this is downloaded on an unaffected coimputer.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User Apprentice
(knowledge is power) Wed 20-May-15 18:41:15
Print Post

Re: Trying to help Dutch friend with malware...


[re: TLM] [link to this post]
 
If she boots in Safe Mode, I think, by definition, internet access is disabled anyway, is that right?


Yes and No, you can get Safe Mode with Networking (same as normal Safe Mode but with internet access) with some Windows OSs.

http://windows.microsoft.com/en-gb/windows/troublesh...

http://windows.microsoft.com/en-gb/windows/troublesh...

plusnet user

Edited by Apprentice (Wed 20-May-15 18:42:35)


Register (or login) on our website and you will not see this ad.

Standard User TLM
(legend) Wed 20-May-15 19:16:15
Print Post

Re: Trying to help Dutch friend with malware...


[re: caffn8me] [link to this post]
 
And therein lies the problem! She doesn't have an unaffected computer. I do, but I'm the wrong side of the North Sea. I don't know what her chances are of finding an IT savvy friend closer to home. She's not short of friends, but judging by the quality of her Facebook responses, urging her to press the "Fix it" button, they are more likely to fall for malware than to successfully remove any!

She hasn't reappeared online all day, so I'm assuming she hasn't succeeded in re-establishing the internet connection. I'm increasingly convinced she must have hit the "Fix it" button, which has done whatever it's done, but of course I've no way of knowing what the payload was - the same clickbait can be used for anything.

The only thing that's a bit strange is that it's apparently completely disabled internet connectivity. I would have thought most trojans seek to exploit internet connectivity.
Standard User TLM
(legend) Wed 20-May-15 19:26:44
Print Post

Re: Trying to help Dutch friend with malware...


[re: Apprentice] [link to this post]
 
Haha, funnily enough, exploring further information about those options led me back to ESET - the same site linked to by caffn8me. Looks like a good resource, and not one I've used before. Whether it will be much help if the victim can't get online with her main computer, and has only a phone, I don't know.
Standard User ggremlin
(committed) Wed 20-May-15 20:53:20
Print Post

Re: Trying to help Dutch friend with malware...


[re: TLM] [link to this post]
 
I have seen this scenario before, where after using 'system restore' there is no internet access. the fault then was that the browser had been set to use a proxy server (on the same machine) and that had now been disabled.

so firstly open browser,

these instructions are for ie, but should be similar on most browsers.
select tools (or cog on top right of screen) - internet options.

now select 'connections' then 'lan settings' and ensure proxy is unchecked.

also note probably the startup page will have been changed.

edit to add.
probably worth getting a small usb stick, and writing the programs mentioned above to it, then posting it in the old fashioned pen friend way

Edited by ggremlin (Wed 20-May-15 20:55:17)

Standard User TLM
(legend) Wed 20-May-15 21:46:52
Print Post

Re: Trying to help Dutch friend with malware...


[re: ggremlin] [link to this post]
 
Right, I have seen that cited elsewhere for a similar problem - sounds promising.

I will get her to try it.

Er...try to get her to try it. wink

T.
  Print Thread

Jump to