My daughter has been using my laptop (non cruncher) for some time now and she has acquired a virus that removed a lot of stuff from the desktop, Windows XP Pro. It is also asking for $80.00 USD and a credit card number to restore everything as it was. Of course we have not done this.

I remember hearing about this virus some time ago and it was rather insidious. I am looking a name for this virus and a way to remove it. Can anyone help?

---

Boinc....Boinc....Boinc....Boinc....

My daughter has been using my laptop (non cruncher) for some time now and she has acquired a virus that removed a lot of stuff from the desktop, Windows XP Pro. It is also asking for $80.00 USD and a credit card number to restore everything as it was. Of course we have not done this.

I remember hearing about this virus some time ago and it was rather insidious. I am looking a name for this virus and a way to remove it. Can anyone help?

The first thing you should do is file a complaint here. They may be able to help you. There are tools that can trace the origin of the virus and the scam...

Good Luck and all the Best for 2010!

If it is the same one my grandkid picked up it took 3 times to get the restore disk to work. For some reason the 3rd time may work. I bet task manager is disabled by administrator? Any thing you try try 3 times.

---

Official Abuser of Boinc Buttons...
And no good credit hound!

My daughter has been using my laptop (non cruncher) for some time now and she has acquired a virus that removed a lot of stuff from the desktop, Windows XP Pro. It is also asking for $80.00 USD and a credit card number to restore everything as it was. Of course we have not done this.

I remember hearing about this virus some time ago and it was rather insidious. I am looking a name for this virus and a way to remove it. Can anyone help?

I hate to say this, but most of these "viruses" aren't viruses at all.

They're trojans.

As in Trojan Horse.

As in "Beware of Greeks bearing gifts."

Your daughter probably installed the Trojan herself, and just doesn't remember.

The only sure way to prevent these from infesting your machine is to leave the horse outside the city.

---

One of the best FREE trojan / virus / rootkit removers out there is:

MalwareBytes

found at:

http://www.malwarebytes.com

As of posting this, the latest version is 1.42

Download it, update it, and run a full scan.

Many times the trojans etc will disable it.

To combat that, this is what I do:
When starting WinXP, as soon as the desktop begins to load, press CTL+ALT+DEL and look for some crazy process name that is starting, and hit "End Process".
That usually stop the executable from starting up and disabling the MalwareBytes.
It may take a few attempts to see the offending executable start up. Ajust the size of the Task Manager window for best viewing.
Then you can install MalwareBytes, update it, and run a full scan.
When it's done, it will display a list of things found.
Select "remove all" and there you go.

It has been the best thing I've found on the 'net and has been recommended many times.

Good luck... removing nasties can be difficult.

I use Avast on My PCs, It gets rid of Trojans, Viruses, Malware, Spyware and yes Root Kits. And It's FREE...

---

The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's

Geek@Play

My daughter has been using my laptop (non cruncher) for some time now and she has acquired a virus that removed a lot of stuff from the desktop, Windows XP Pro. It is also asking for $80.00 USD and a credit card number to restore everything as it was. Of course we have not done this.

I remember hearing about this virus some time ago and it was rather insidious. I am looking a name for this virus and a way to remove it. Can anyone help?

The Trojan was created for Extortion and Identity Theft....

It really depends on how much time you have to play with and if you really want to learn how to kill it. First back up important files to a "Network machine" with a Good Virus Scanner! See what it tries to catch. Of burn to CD (which can be checked later). The worst case is to boot into the Safe Mode with Network support and mount the network share, then use xcopy to copy the files.

As you should have all the CD's to restore the OS and Applications, then 6 hours doing that is a Safe investment of time. While doing that make your sure your Daughter does the installs (object lesson).

If you are a Glutten for punishment, you can Boot into the Safe Mode and then attempt a "System Restore" to some date a month old (or when you know you last touched the machine or when Microsoft did an Automatic restore point duing and update cycle.). From a command prompt you can use "tasklist and taskkill" to kill unwanted processes that you do not recognize.

From the Safe Mode you should be able to transfer a copy of HiJack this to the machine and run it. It should give quite a bit of information and what you can kill that is not locked in Registry.

Any more it takes me less than 6 hours. Normally I go search for new pictures on the machine and if she updated her resume/documents. After that it is put in the OS CD and format... After the Format and OS intall is done install apps, put the pictures back and let her take care of the rest... The last time I had to do this was almost a year ago. She really does not want to tell me she went someplace "stupid." So a large part is make "them" responsible!

So even in XP Windows Defender on a New build should have prevented what happened.

When you give the machien back make user that Her account is only a "user" account... Then the Trojan should not have prevledges...

Happy Holidays and Good Luck

Regrads

Edit: My Virus scanner of choice is Avast. It one one of the first that did 64 bit. There is also a free "home edition" that does require registration. After working with many over the decades, it is one of the few that works to stay abreast even for the free version.

---

Please consider a Donation to the Seti Project.

knowing the name of the trojan will help you eliminate it. Spybot S&D malwarebytes and super antispyware plus using an antivirus program are always a must.

YOu may be forced to use a specialized tool to remove the Trojan. I'll reiterate. Find the name of the trojan.

I'll bet its in the spyware sheriff line of malware. If so it may be a bit tricky to get rid of it.

Your best bet is to keep that Laptop offline while you investigate the trojan and recommended processes for its removal

---

In a rich man's house there is no place to spit but his face.
Diogenes Of Sinope

I use ESET NOD32 Antivirus on my computers so I will recommend

Free ESET Online Scanner:
"
ESET Online Scanner is a user friendly, free and powerful tool which you can use to remove malware from any PC utilizing only your web browser without having to install anti-virus software.
ESET Online Scanner uses the same ThreatSense® technology and signatures as ESET Smart Security / ESET NOD32 Antivirus, and is always up-to-date.

IMPORTANT: Administrator privileges are required to run ESET Online Scanner
"

http://www.eset.com/onlinescan/


Compare Antivirus Software:
http://www.eset.com/products/compare-NOD32-vs-competition.php


P.S.
What do you mean: "removed a lot of stuff from the desktop"?

.

---

 


- ALF - "Find out what you don't do well ..... then don't do it!" :)
 

I'll second the recommendation for Malwarebytes' Anti-Malware. Would just like to point out that the url is www.malwarebytes.org/mbam.php and the link is here

I also use Avast, from www.avast.com and the link for that is here

This is a nasty little bug going round, there seem to be quite a few versions that all do the same thing. If you do a search on the internet for Antivirus 2008, Antivirus 2009, or Antivirus 2010, or whatever it says when it pops up to ask for money, you will find a lot of references and information on there about it. I have also had to deal with it on a friend's computer. They take your money, and then they have the details of the card for further use, and the fix is normally a scam too. Not had it delete anything off the desktop though, but it does interfere with any properly running Antivirus software.

Best of luck!

regards, Gizbar.

---

A proud GPU User Server Donor!

Geek, the form of virus is called Scareware or better yet, Ransomware. I'm sure she cannot download or install or run anything on that system, while the only page she can open in IE is that one asking for the $80.- ?

If so, see http://www.geeknewscentral.com/category/virus/ (has you nickname on it ;-)) .. the actual virus/Trojan is called "Total Security 2009".

The link I gave will have links to HijackThis and how to use it, in detail.

---

Hi Jord, you post a bit faster as I usually do :) And ScareWare, is a good name for this type of Trojan!

For 3 hosts, I still use Mc Afee (3 PC-Package) and for my XP64 I use AVAST, it was also the only one free and 64BIT!

Haven't seen virusses in a long time, most of them are indeed Trojan Horses, used to gain access to your host and steal passwords and other personal information, like bank account info.

Happy Christmas and a blessed 2010.

---

Geek, the form of virus is called Scareware or better yet, Ransomware. I'm sure she cannot download or install or run anything on that system, while the only page she can open in IE is that one asking for the $80.- ?

If so, see http://www.geeknewscentral.com/category/virus/ (has you nickname on it ;-)) .. the actual virus/Trojan is called "Total Security 2009".

The link I gave will have links to HijackThis and how to use it, in detail.

Are Ya sure this "software" shouldn't be called extortionware? As that's what It sounds like, I'm glad I'm protected, If It got in here even 3 firewalls wouldn't help(software, router and modem).

---

The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's

Are Ya sure this "software" shouldn't be called extortionware?

Extortionware, ransomware.. same thing, different name. Your computer is held at ransom (for 80 bucks) for you to cough up or lose all your information. Even if I had a credit card, I wouldn't go put any of its details in... but there are some who will. To then find out their card's been plundered.

The evolution of virii never stops.

---

Geek, the form of virus is called Scareware or better yet, Ransomware. I'm sure she cannot download or install or run anything on that system, while the only page she can open in IE is that one asking for the $80.- ?

If so, see http://www.geeknewscentral.com/category/virus/ (has you nickname on it ;-)) .. the actual virus/Trojan is called "Total Security 2009".

The link I gave will have links to HijackThis and how to use it, in detail.

Are Ya sure this "software" shouldn't be called extortionware? As that's what It sounds like, I'm glad I'm protected, If It got in here even 3 firewalls wouldn't help(software, router and modem).

Our laptop got it because a little popup popped up saying the computer had a virus click here to fix it and she did. The popup looks like a windows message to some. Still not sure why but doing things in 3's sometimes lets you in. This one wouldn't even take the restore disk until the 3rd try. A friend said he got into system restore on his 3rd attempt. Ours told us the administrator had shut down the task manager, we needed to pay 89.95. We keep critical files on muti machines, at worst I can lose a days work and be back in operation within a few hours.

---

Official Abuser of Boinc Buttons...
And no good credit hound!

Geek, the form of virus is called Scareware or better yet, Ransomware. I'm sure she cannot download or install or run anything on that system, while the only page she can open in IE is that one asking for the $80.- ?

If so, see http://www.geeknewscentral.com/category/virus/ (has you nickname on it ;-)) .. the actual virus/Trojan is called "Total Security 2009".

The link I gave will have links to HijackThis and how to use it, in detail.

Are Ya sure this "software" shouldn't be called extortionware? As that's what It sounds like, I'm glad I'm protected, If It got in here even 3 firewalls wouldn't help(software, router and modem).

Our laptop got it because a little popup popped up saying the computer had a virus click here to fix it and she did. The popup looks like a windows message to some. Still not sure why but doing things in 3's sometimes lets you in. This one wouldn't even take the restore disk until the 3rd try. A friend said he got into system restore on his 3rd attempt. Ours told us the administrator had shut down the task manager, we needed to pay 89.95. We keep critical files on muti machines, at worst I can lose a days work and be back in operation within a few hours.

Well as long as You don't pay the trojan. :D

---

The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's

Go to safe mode, sys restore, select date (befor she started using pc). Runniing sys restore should eliminate virus.

kaseychief wrote:

Go to safe mode, sys restore, select date (befor she started using pc). Runniing sys restore should eliminate virus.

Won't work.

The fastest, easiest, 100% way would be a format & clean install.
The second best option is to remove the hard drive and install it as a 2nd drive on another computer that has all the tools to repair it.
The third desperate option is to try to install and run the tools on the infected system. Could take hours or even days. Might not work.

Some tools to try:
Microsoft Malicious Software Removal Tool
mrt.exe (should already be on your computer)
or get it here http://www.microsoft.com/security/malwareremove/default.aspx

Free, good for real tough ones - Combofix
http://www.combofix.org/

Free and good - Malwarebytes' Anti-Malware
http://www.malwarebytes.org/

And there's always the free Spybot-S&D
http://www.safer-networking.org/en/index.html

---

I ran into a similar virus or blackmail just yesterday which resulted in:
1) "Your computer is infected" desktop background.
2) Internet Security 2010 was the name of the application that offered to remove the scam.

I had to install the drive on another machine and use AVG 9.0 Free to remove all the trojan programs.

Now, you must screenshot the list of infected applications so that you can identify them in the registry.

Next visit your registry and search for each of the listed exe files that were part of the blackmail program and fix the entries to original state.

Finally, I used CCleaner to clean up my registry.

The result was a computer that I could use to backup my important files off of.

Task manager and Internet Explorer do not work still.

Ugh!

---

Overclock with the MSI G31M3-L and Intel E8600 3.33Ghz
Intel D865GLC Socket 478 Motherboard
~How To Overclock The Eee ASUS 1005HA Netbook To 1.9Ghz~

Have you received such kind of message? (Sorry it is in German language, but i think you understand, that this was a fake message).



or this?




No Antivirus software was able to delete that malware. Since i am using Kaspersky, i am virus free.

---