Menu
What's new
Find's Treasure Forums

Welcome to Find's Treasure Forums, Guests!

You are viewing this forums as a guest which limits you to read only status.

Only registered members may post stories, questions, classifieds, reply to other posts, contact other members using built in messaging and use many other features found on these forums.

Why not register and join us today? It's free! (We don't share your email addresses with anyone.) We keep email addresses of our users to protect them and others from bad people posting things they shouldn't.

Click here to register!

Need Support Help?

Cannot log in?, click here to have new password emailed to you

Changed email? Forgot to update your account with new email address? Need assistance with something else?, click here to go to Find's Support Form and fill out the form.

Back online after system trashed. Be aware of this one.

G

George-CT

New member
I got hitThursday with a scam/virus, fake AV program. If you get and email thats talking about Microsoft Security Essentials, be careful. I thought it was updates for it as thats what it indicated. I opened it and the stuff hit the fan. It then produces a screen with Internet Security 2010. Their Virus program. Sadly it has built in virus in it and the produces a screen showing you as having about 40 other virus. This I knew not to be true as I had just ran all 4 of my programs and knew I was virus free. I closed them out, but they kpet popping back up, to the point where I could not use the system. I shut it down, went out to do chores and figured I'd tackle it when I came back in.

I came back, rebooted and now I had a new log on screen, mostly blue, but with the desktop icons still there. I tired to run all my software to see if it would remove it, this was the killer, it was all disabled, renamed and no longer working at all. Now , their new screens telling you to get rid of it, would require you to fill in the form, flashing on your screen. Yeah, thats gonna happen, you just hacked me, now you want my VISA card # and $50 bucks so your program will remove what you just installed.....

Fast forward, 2 days, still there, talked to others who also had it, and ended up reformatting system to get rid of it....... I didn't want that as these 750 gig hard drives have a lot of stuff on them from way back. I kept tinkering, and after reading a few web forums at my buddies up the street knew the file names, but could not find them. Then I remembered a program I had on my other system and on CD..... I think I have mentioned this one before that it pulls up a complete profile of your system and is the best I have seen.
The link is Belarc Advisor Short download, Free and is one heck of a useful program.

Under its software listings, it showed it in there, and you can back track it to where it is. Did that in 3 spots and wala, back online and so far so good...no sign of it.......... Tell ya, I was so ticked I was thinking of scraping it all and going to Mac, just ot get away from 99 percent of this crap.

Hopefully, this will help one of you if you get it. Hope you don't, its a real pain in the neck. Don't know who wrote this one,but they sure cripple your system.

OK, back to catching up on post.............

George-CT
 
Disabled any desktop button that would aid in getting rid of it. Turns out I had a weak antivirus program
and it slipped right through. It cost me my tower hard drive but I was able to disconnect my external drive
until I got a good antivirus. Hooked it back up and cleaned it out. Saved all of my important stuff only
because I put it all on my external drive. It's a bad one though, your right. Can't remember how I got
it. Might have been an email.
 
because she is not computer literate at all it took me nearly two hours to get her fixed up! Trying to do this by phone with someone who is arguing with their kids at the same time is tough, after an hour the boy (15) was whining.....Mom! Its been an hour i need to be on the computer! :rolleyes:
Finally got her to listen.
Do a hard shutdown (power off) press power button and immediately start tapping F-8 until boot menu comes up, then choose "safe mode with networking". Go to Cnet downloads and get the free version of "Malwarebytes anti malware". update it then install and run still in safemode. After it catches and deletes the bad guy reboot to normal mode and run the program again.
Her problem was with a spanking new laptop that the kids use and i warned her when she bought it to install firefox plus the "no scripts" addon, "BetterPrivacy 1.45" addon, along with Malwarebytes paid version that works in real time, its cheap, about 30 bucks for a lifetime license for one computer. She didn't listen and within two weeks exactly what i said would happen did!
One of the kids clicked a link on Facebook that supposedly came from a friend but was a hack, and bingo! Got the fake anti virus! firefox no script or MBAM would have prevented that. She was the third person in two months that i helped to get rid of this nasty program.
To my knowledge, none of the normal anti virus programs recognize or deal with these "fake anti virus" programs, not MacAfee, not Norton, not Kapersky, not AVG, etc. So i would advise our folks here to give some thought to extra security.
Another good program is SAS (SuperAntiSpyware) . One also must be careful where you download from because many of the main anti virus sites have been faked by the malware makers so i only download these programs from Cnet or TuCows.

These virus programs and malware are evolving every day so we must be proactive.
 
You have that right. One cannot be to careful. I run Malwarebytes also, plus Spybot Search and Destroy, Spyblaster, Also have Commerical Norton Anti Virus, it saw it, but could not Delete it, could not clean it, and could not Quartine it. I also run on the same system but different hard drive Macaffee provided by my provider. Advanced System Care did work on it a little but never completely removed it. My problem was getting at it. After I ran Belarc, I found what looked like it and it allows you to go further and see where its hidden. The file name was IS2010.exe and one other one. I deleted both of them and that freed the system up. I had not been hit in a long time and felt I was in good shape, but this one is pretty good at getting by it all. I also run Security Essentials in Winidows &, it saw it also but its to late then. I can boot from either drive so was using each of them to try and get rid of it.

Norton showed a lot about it but just could not get at it. It showed it as TrojanSPM/LX and TrojanFakeAV... Keep getting a YOur Under Attacked by a remote system screen....no s--- shirley....as But it all turned out OK and figured if I can keep someone else from getting it, why not.

Frustrating. I had to leave about half way thru all this to go to a hockey game for my daughter Heidi. They had a Military night at the Civic Center for all military personal and the family for $10.00 a head and a stuffed animal to toss out on the ice at half time. They covered that entire ring in stuffed animals. Then all the military folks got to play hockey for awhile with brooms and a beach ball and shoes on. Funny as all get out. Great weekend except for that

Hope all is going well for you and Carol out there.

Take care, and thanks for the update on the fake AV on your end.

George-CT
 
i will enter them into my note book and have a little more ammo for the future!

Carol is improving again and should be healed up by Christmas :)
 
year for you and Mike and the wifes. Nice when it all finally comes together.

I had another friend at the bike club get their laptop infected with one. It just completely trashed the system. No matter what I did it would not respond and finally it produced the blue screen kiss off and then it just stopped. I've got it written down here somewhere.
What I read on the forums it was one of the really hard to impossible ones to get rid of.

I would think, that if these are hitting the big corporations and costing them down time that they would be after this outfit big time.

Geo
 
n/t
 
You must log in or register to reply here.
Top