Message boards :
Number crunching :
Need help for virus
Message board moderation
Author | Message |
---|---|
Geek@Play Send message Joined: 31 Jul 01 Posts: 2467 Credit: 86,146,931 RAC: 0 |
My daughter has been using my laptop (non cruncher) for some time now and she has acquired a virus that removed a lot of stuff from the desktop, Windows XP Pro. It is also asking for $80.00 USD and a credit card number to restore everything as it was. Of course we have not done this. I remember hearing about this virus some time ago and it was rather insidious. I am looking a name for this virus and a way to remove it. Can anyone help? Boinc....Boinc....Boinc....Boinc.... |
Niko Send message Joined: 14 Dec 09 Posts: 123 Credit: 70,041 RAC: 0 |
My daughter has been using my laptop (non cruncher) for some time now and she has acquired a virus that removed a lot of stuff from the desktop, Windows XP Pro. It is also asking for $80.00 USD and a credit card number to restore everything as it was. Of course we have not done this. The first thing you should do is file a complaint here. They may be able to help you. There are tools that can trace the origin of the virus and the scam... Good Luck and all the Best for 2010! |
hiamps Send message Joined: 23 May 99 Posts: 4292 Credit: 72,971,319 RAC: 0 |
If it is the same one my grandkid picked up it took 3 times to get the restore disk to work. For some reason the 3rd time may work. I bet task manager is disabled by administrator? Any thing you try try 3 times. Official Abuser of Boinc Buttons... And no good credit hound! |
1mp0£173 Send message Joined: 3 Apr 99 Posts: 8423 Credit: 356,897 RAC: 0 |
My daughter has been using my laptop (non cruncher) for some time now and she has acquired a virus that removed a lot of stuff from the desktop, Windows XP Pro. It is also asking for $80.00 USD and a credit card number to restore everything as it was. Of course we have not done this. I hate to say this, but most of these "viruses" aren't viruses at all. They're trojans. As in Trojan Horse. As in "Beware of Greeks bearing gifts." Your daughter probably installed the Trojan herself, and just doesn't remember. The only sure way to prevent these from infesting your machine is to leave the horse outside the city. |
RB Send message Joined: 7 Mar 00 Posts: 103 Credit: 1,084,436 RAC: 0 |
One of the best FREE trojan / virus / rootkit removers out there is: MalwareBytes found at: http://www.malwarebytes.com As of posting this, the latest version is 1.42 Download it, update it, and run a full scan. Many times the trojans etc will disable it. To combat that, this is what I do: When starting WinXP, as soon as the desktop begins to load, press CTL+ALT+DEL and look for some crazy process name that is starting, and hit "End Process". That usually stop the executable from starting up and disabling the MalwareBytes. It may take a few attempts to see the offending executable start up. Ajust the size of the Task Manager window for best viewing. Then you can install MalwareBytes, update it, and run a full scan. When it's done, it will display a list of things found. Select "remove all" and there you go. It has been the best thing I've found on the 'net and has been recommended many times. Good luck... removing nasties can be difficult. |
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65737 Credit: 55,293,173 RAC: 49 |
I use Avast on My PCs, It gets rid of Trojans, Viruses, Malware, Spyware and yes Root Kits. And It's FREE... The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
Pappa Send message Joined: 9 Jan 00 Posts: 2562 Credit: 12,301,681 RAC: 0 |
Geek@Play My daughter has been using my laptop (non cruncher) for some time now and she has acquired a virus that removed a lot of stuff from the desktop, Windows XP Pro. It is also asking for $80.00 USD and a credit card number to restore everything as it was. Of course we have not done this. The Trojan was created for Extortion and Identity Theft.... It really depends on how much time you have to play with and if you really want to learn how to kill it. First back up important files to a "Network machine" with a Good Virus Scanner! See what it tries to catch. Of burn to CD (which can be checked later). The worst case is to boot into the Safe Mode with Network support and mount the network share, then use xcopy to copy the files. As you should have all the CD's to restore the OS and Applications, then 6 hours doing that is a Safe investment of time. While doing that make your sure your Daughter does the installs (object lesson). If you are a Glutten for punishment, you can Boot into the Safe Mode and then attempt a "System Restore" to some date a month old (or when you know you last touched the machine or when Microsoft did an Automatic restore point duing and update cycle.). From a command prompt you can use "tasklist and taskkill" to kill unwanted processes that you do not recognize. From the Safe Mode you should be able to transfer a copy of HiJack this to the machine and run it. It should give quite a bit of information and what you can kill that is not locked in Registry. Any more it takes me less than 6 hours. Normally I go search for new pictures on the machine and if she updated her resume/documents. After that it is put in the OS CD and format... After the Format and OS intall is done install apps, put the pictures back and let her take care of the rest... The last time I had to do this was almost a year ago. She really does not want to tell me she went someplace "stupid." So a large part is make "them" responsible! So even in XP Windows Defender on a New build should have prevented what happened. When you give the machien back make user that Her account is only a "user" account... Then the Trojan should not have prevledges... Happy Holidays and Good Luck Regrads Edit: My Virus scanner of choice is Avast. It one one of the first that did 64 bit. There is also a free "home edition" that does require registration. After working with many over the decades, it is one of the few that works to stay abreast even for the free version. Please consider a Donation to the Seti Project. |
skildude Send message Joined: 4 Oct 00 Posts: 9541 Credit: 50,759,529 RAC: 60 |
knowing the name of the trojan will help you eliminate it. Spybot S&D malwarebytes and super antispyware plus using an antivirus program are always a must. YOu may be forced to use a specialized tool to remove the Trojan. I'll reiterate. Find the name of the trojan. I'll bet its in the spyware sheriff line of malware. If so it may be a bit tricky to get rid of it. Your best bet is to keep that Laptop offline while you investigate the trojan and recommended processes for its removal In a rich man's house there is no place to spit but his face. Diogenes Of Sinope |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
I use ESET NOD32 Antivirus on my computers so I will recommend Free ESET Online Scanner: " ESET Online Scanner is a user friendly, free and powerful tool which you can use to remove malware from any PC utilizing only your web browser without having to install anti-virus software. ESET Online Scanner uses the same ThreatSense® technology and signatures as ESET Smart Security / ESET NOD32 Antivirus, and is always up-to-date. IMPORTANT: Administrator privileges are required to run ESET Online Scanner " http://www.eset.com/onlinescan/ Compare Antivirus Software: http://www.eset.com/products/compare-NOD32-vs-competition.php P.S. What do you mean: "removed a lot of stuff from the desktop"? .  - ALF - "Find out what you don't do well ..... then don't do it!" :)  |
gizbar Send message Joined: 7 Jan 01 Posts: 586 Credit: 21,087,774 RAC: 0 |
I'll second the recommendation for Malwarebytes' Anti-Malware. Would just like to point out that the url is www.malwarebytes.org/mbam.php and the link is here I also use Avast, from www.avast.com and the link for that is here This is a nasty little bug going round, there seem to be quite a few versions that all do the same thing. If you do a search on the internet for Antivirus 2008, Antivirus 2009, or Antivirus 2010, or whatever it says when it pops up to ask for money, you will find a lot of references and information on there about it. I have also had to deal with it on a friend's computer. They take your money, and then they have the details of the card for further use, and the fix is normally a scam too. Not had it delete anything off the desktop though, but it does interfere with any properly running Antivirus software. Best of luck! regards, Gizbar. A proud GPU User Server Donor! |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
Geek, the form of virus is called Scareware or better yet, Ransomware. I'm sure she cannot download or install or run anything on that system, while the only page she can open in IE is that one asking for the $80.- ? If so, see http://www.geeknewscentral.com/category/virus/ (has you nickname on it ;-)) .. the actual virus/Trojan is called "Total Security 2009". The link I gave will have links to HijackThis and how to use it, in detail. |
Fred J. Verster Send message Joined: 21 Apr 04 Posts: 3252 Credit: 31,903,643 RAC: 0 |
Hi Jord, you post a bit faster as I usually do :) And ScareWare, is a good name for this type of Trojan! For 3 hosts, I still use Mc Afee (3 PC-Package) and for my XP64 I use AVAST, it was also the only one free and 64BIT! Haven't seen virusses in a long time, most of them are indeed Trojan Horses, used to gain access to your host and steal passwords and other personal information, like bank account info. Happy Christmas and a blessed 2010. |
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65737 Credit: 55,293,173 RAC: 49 |
Geek, the form of virus is called Scareware or better yet, Ransomware. I'm sure she cannot download or install or run anything on that system, while the only page she can open in IE is that one asking for the $80.- ? Are Ya sure this "software" shouldn't be called extortionware? As that's what It sounds like, I'm glad I'm protected, If It got in here even 3 firewalls wouldn't help(software, router and modem). The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
Are Ya sure this "software" shouldn't be called extortionware? Extortionware, ransomware.. same thing, different name. Your computer is held at ransom (for 80 bucks) for you to cough up or lose all your information. Even if I had a credit card, I wouldn't go put any of its details in... but there are some who will. To then find out their card's been plundered. The evolution of virii never stops. |
hiamps Send message Joined: 23 May 99 Posts: 4292 Credit: 72,971,319 RAC: 0 |
Geek, the form of virus is called Scareware or better yet, Ransomware. I'm sure she cannot download or install or run anything on that system, while the only page she can open in IE is that one asking for the $80.- ? Our laptop got it because a little popup popped up saying the computer had a virus click here to fix it and she did. The popup looks like a windows message to some. Still not sure why but doing things in 3's sometimes lets you in. This one wouldn't even take the restore disk until the 3rd try. A friend said he got into system restore on his 3rd attempt. Ours told us the administrator had shut down the task manager, we needed to pay 89.95. We keep critical files on muti machines, at worst I can lose a days work and be back in operation within a few hours. Official Abuser of Boinc Buttons... And no good credit hound! |
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65737 Credit: 55,293,173 RAC: 49 |
Geek, the form of virus is called Scareware or better yet, Ransomware. I'm sure she cannot download or install or run anything on that system, while the only page she can open in IE is that one asking for the $80.- ? Well as long as You don't pay the trojan. :D The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
kaseychief Send message Joined: 3 Dec 07 Posts: 1643 Credit: 480,503 RAC: 1 |
Go to safe mode, sys restore, select date (befor she started using pc). Runniing sys restore should eliminate virus. |
Frosted Send message Joined: 11 Jul 99 Posts: 83 Credit: 3,898,641 RAC: 0 |
kaseychief wrote: Go to safe mode, sys restore, select date (befor she started using pc). Runniing sys restore should eliminate virus. Won't work. The fastest, easiest, 100% way would be a format & clean install. The second best option is to remove the hard drive and install it as a 2nd drive on another computer that has all the tools to repair it. The third desperate option is to try to install and run the tools on the infected system. Could take hours or even days. Might not work. Some tools to try: Microsoft Malicious Software Removal Tool mrt.exe (should already be on your computer) or get it here http://www.microsoft.com/security/malwareremove/default.aspx Free, good for real tough ones - Combofix http://www.combofix.org/ Free and good - Malwarebytes' Anti-Malware http://www.malwarebytes.org/ And there's always the free Spybot-S&D http://www.safer-networking.org/en/index.html |
Reuben Gathright Send message Joined: 8 Mar 01 Posts: 213 Credit: 14,594,579 RAC: 0 |
I ran into a similar virus or blackmail just yesterday which resulted in: 1) "Your computer is infected" desktop background. 2) Internet Security 2010 was the name of the application that offered to remove the scam. I had to install the drive on another machine and use AVG 9.0 Free to remove all the trojan programs. Now, you must screenshot the list of infected applications so that you can identify them in the registry. Next visit your registry and search for each of the listed exe files that were part of the blackmail program and fix the entries to original state. Finally, I used CCleaner to clean up my registry. The result was a computer that I could use to backup my important files off of. Task manager and Internet Explorer do not work still. Ugh! Overclock with the MSI G31M3-L and Intel E8600 3.33Ghz Intel D865GLC Socket 478 Motherboard ~How To Overclock The Eee ASUS 1005HA Netbook To 1.9Ghz~ |
champ Send message Joined: 12 Mar 03 Posts: 3642 Credit: 1,489,147 RAC: 0 |
Have you received such kind of message? (Sorry it is in German language, but i think you understand, that this was a fake message). or this? No Antivirus software was able to delete that malware. Since i am using Kaspersky, i am virus free. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.