|
|
Two or three months ago I got a call from an elderly friend of my wife. Her husband's PC was playing up and they were getting calls from friends who'd received odd emails.
I popped over and it looked to be virus ridden. XP Home system, couldn't load anything, kept being told the program was infected and the system wouldn't allow it to be run. In the end I brought it back and rebuilt it from the recovery partition. All OK.
Two weeks ago I got a call saying it had 'gone again'. Popped over and had a look. The wallpaper had been changed to various bits of text about being infected with viruses, malware, etc.Couldn't run applications, e.g. MalwareBytes, being told the file was infected. Messages appear to be coming from something, I think, was called, Tool Kit. As I hadn't the time then to sort it I suggested he switch off and leave it and I'll get back to him.
I rang him this afternoon to arrange to sort it out. He told me that he'd left it for a week or so then last week decided to switch it on. Lo and behold it was working just fine, no strange wallpaper, no strange messages, email working fine.
It appears to have fixed itself. He did ask me if I had sorted it 'from my end', clearly I hadn't.
I've no idea what was wrong with it two weeks ago then given that a week or so later it 'fixed itself'
Any thoughts?
Tony
|
|
|
Any thoughts?
I think your friend needs training in IT security and/or more security software (preferably set by you to restrict his Internet usage).
Where on earth is he browsing to get all that? Or is he the type to open every dodgy e-mail?
I doubt any virus 'fixes itself'. Disappears into the hard drive perhaps.
~~~~~~~~~~
© Camieabz 2002-2011 - All rights and lefts reserved.
report this link
|
|
|
I rang him this afternoon to arrange to sort it out. He told me that he'd left it for a week or so then last week decided to switch it on. Lo and behold it was working just fine, no strange wallpaper, no strange messages, email working fine.
Any thoughts? They went somewhere else to fix it, you've lost a customer.
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
|
Windows update fixed it.
The server the virus was communicating with has gone.
He had someone else fix it.
|
|
|
I'd installed all the normal AV & security stuff, MSE & Zone Alarm, also MalwareBytes, SuperAntispyware. If the opportunity arises I'll try to look in the history and the cache to see if there's any 'odd' ones around. To the best of my knowledge and after discussing it with him the only sites that some might seem odd are those relating to his passion for railways both full size and model.
I agree that viruses don't fix themselves, unless of course in some way it only activates on certain days and de-activates afterwards pending another activation. Not heard of any like that though.
Tony
|
|
|
No one else involved. And he's not a customer, if you define a customer as someone who pays for goods or services, as I refuse any payment.
Tony
|
|
|
No one else has fixed it - not that I'd be unduly worried if they had. Good point about the server, though he uses dial up broadband so when I looked he wasn't actually connected to the internet.
To be honest I expect to get another call in the future about it having come back - ah well.
Tony
|
|
|
|
Urgh, why do people put so much faith in MSE? It score abysmally in tests, it takes up 100meg of ram even on small systems, and in never manages to update itself properly.
|
|
|
It's been running on my PCs for 12 months or more with no problems, the occasional alert which it's dealt with, and consistently reliable updating. A quick check shows it to be taking around 80Meg of memory, but so what.
Tony
|
|
|
I'd try 'hijackthis' and see if the log file throws up anything interesting.
~~~~~~~~~~
© Camieabz 2002-2011 - All rights and lefts reserved.
report this link |
|
|
|
Yep, me too - 4 machines, all running Windows 7 and MSE and I've not had any issues at all. And being as the minimum RAM is 2GB on said boxes, 80-100Mb is not particularly heavy (about as much as a normal Firefox session)..
|
|
|
Could be System Tool 2011.
|
|
|
That's it! The desktop shown on this page is exactly what I saw on both occasions, and the rest of it fits in.
I'd installed the free version of MalwareBytes so I wonder if somehow it auto-cleaned it...maybe not. Anyway I've printed the MalwareBytes forum page out so if it re-occurs I'll know a bit more. Might even put the MB install file on a CD (and a few other useful utilities) to be able to get it onto the infected PC.
Tony
|
|
|
|
It's fairly clear that the system has been compromised, even though you no longer see signs of it. Systems don't fix themselves, and few anti-malware products are so good that they can return a system to pristine condition without user intervention. Malware, on the other hand, can be very good at hiding itself.
I would be extremely suspicious of this system and work on the basis that, although it is now not evident, it is compromised. Who knows what key-loggers, remote-control applications, or Spam factories could be hidden on it. It should either be thoroughly cleaned or, better IMO, wiped and the OS re-installed.
|
|
|
Quite agree. But the PC is only used for 'social' activities, nothing financial or the like, I'll wait for him to get back to me with a problem. And then, once again, I'll have to reinstall the OS when I have the time, which is distinctly short these days. I'm wondering whether he's on Facebook or similar as one report I saw suggested it may be coming via a rogue app.
Anyway they're on holiday for two weeks so nothing will happen for a while.
Tony
|
|
|
I got infected by it over the weekend after visiting the london stock exchange web site. There is some news about it on the BBC
|
|
|
|
Can you provide a link?
|
|
|
Can you provide a link?
sorry carnt of my phone, but if you click on a news story, its in the box on the right which says most popular. Britons caught out by bad web ads
|
|
|
|
|
|
|
Cheers. This comes as a criminal investigation is launched into how hackers were able to compromise the computers used by ad firm Unanimis, which places adverts on several popular UK sites in addition to the LSE, including Autotrader and the Vue cinema chain. That's why I use Firefox and Ad Block Plus 
|
|
|
Cheers. This comes as a criminal investigation is launched into how hackers were able to compromise the computers used by ad firm Unanimis, which places adverts on several popular UK sites in addition to the LSE, including Autotrader and the Vue cinema chain. That's why I use Firefox and Ad Block Plus
so was I
|
|
|
so was I How come you got infected?
|
|
|
so was I How come you got infected?
you tell me, I aint got a clue. I thought my system was secure
|
|
|
|
I also use Ghostery and Flashblock. Oh, and I didn't visit the Stock Exchange site. Maybe that's it.
|
|
|
Sometimes AdBlock is not enough. I run Ghostery, which not only blocks advertisements but also tracking cookies and the like. Free from their site or from the Firefox add-ons site. Alternatively, install NoScript in addition to AdBlock.
|
|
|
It's here on the BBC web site. The blue WARNING screen image shown part way down is what I saw on my neighbours PC both 2 weeks ago and in early January.
Tony
|
|
|
There's also a thread popped up in Freechat by Ancient Mariner regarding Linkedin issues.
~~~~~~~~~~
© Camieabz 2002-2011 - All rights and lefts reserved.
report this link |
|
|
Aye, I saw that, clearly this one seems to be a current problem around the web.
Tony
|
|
|
How did you disinfect your PC?
Tony
|
|
|
Did a system restore, which worked while i saved all my stuff. Then reformatted and loaded Linux mint instead of windows 7. Been meaning to put mint on and this gave me the push.
|
|
|
Sometimes AdBlock is not enough. I run Ghostery, which not only blocks advertisements but also tracking cookies and the like. Free from their site or from the Firefox add-ons site. Alternatively, install NoScript in addition to AdBlock.
Thanks, have now installed Ghostery
|
|
|
Ah, so you rebuilt your system rather than cleaning it.
Tony
|
|
|
Ah, so you rebuilt your system rather than cleaning it.
Yes, I totally agree with what AEP says, once compromised you don't know what other little nasties are lurking.
I'm hoping Linux will give me more protection in the future. Need to do a bit of research to learn it better though, only played with it in the past but thinking of putting it on all my families computers and laptops.
|
|
|
so was I How come you got infected?
you tell me, I aint got a clue. I thought my system was secure
It probably was secure, but it isn't secure from user actions. At the end of the day (btw this is not aimed at you directly) if you browse a website, fall for a fake warning message, then when the prompt comes up to download a file, you click "Run", or you Save to a location and then execute that file.... then essentially you have allowed the malware or whatever it is to infect your system. Presumably (I wouldn't know as I've never done it, and when I question users about it they tell lies) a UAC prompt comes up too to give you a final chance. It does not just magically install itself from merely visiting a page... not 99.9% of the time anyway.
______________
Zen 8000 Active
|
|
|
It probably was secure, but it isn't secure from user actions. At the end of the day (btw this is not aimed at you directly) if you browse a website, fall for a fake warning message, then when the prompt comes up to download a file, you click "Run", or you Save to a location and then execute that file.... then essentially you have allowed the malware or whatever it is to infect your system. Presumably (I wouldn't know as I've never done it, and when I question users about it they tell lies) a UAC prompt comes up too to give you a final chance. It does not just magically install itself from merely visiting a page... not 99.9% of the time anyway.
Call me a liar if you want, but i did not click any prompts (no prompts occured) to install anything
|
|
|
Urgh, why do people put so much faith in MSE? It score abysmally in tests, it takes up 100meg of ram even on small systems, and in never manages to update itself properly.
A mate of mine says using MSE is like getting Bin Ladan to guard the Whitehouse.
Adrian
Desktop machine now powered by windows 7 pro 64bit , laptop by ubuntu
On ADSL24 using C&W network.
|
|
|
|
Is he American?
|
|
|
Ah, so you rebuilt your system rather than cleaning it.
cleaning isnt really viable if trojaned.
incidently the free version of malwarebytes anti malware is no automation, is a manual scan only.
|
|
|
Is he American?
No he's from Saudi Arabia
|
|
|
Is he American?
No he's from Saudi Arabia
Same thing
|
Pages in this thread: 
Print Thread
cheshire_man
