new trick from a virus,

edscdk · 17 Apr 2011 at 20:45

fake AV software applied the hidden attribute to a users documents, I'm sure most people would spot this but if by posting this I can avoid a few heart attacks its worth while...

- having removed virus' from 1000's of machines i have never seen this before and thought it was worth letting other people know...

I know scare stories about files being deleted have popped up in the past but realistically virus' never delete anything (though we all know they could) and any dammage caused is usually by accident....

RiskyRix · 17 Apr 2011 at 20:51

thanks for the info

tres · 17 Apr 2011 at 20:53

Ah I got this - had the split second panic, as my FTP program showed empty Documents. Explorer showed them all hidden.

Little buggar!

edscdk · 17 Apr 2011 at 21:03

I always tell people their files are safe after a virus,I do it without even checking as I know (think) there is no point deleting them... this time I called the owner back and told them the files were gone before I realised too much disk space was being used for anything to have been deleted...

I made two massive IT mistakes recently after thinking my opinion was god for years... 99.999% of the time I am right but I feel like a **** for telling this guy the files were deleted when they were hidden..

wannabedamned · 17 Apr 2011 at 21:07

Thanks for the heads up.

I've had a guy knock on my door today with a new problem to me actually. His forward, backward and stop button are greyed out on his firefox! No matter what page he's on or what he's doing. I've not had chance to check up his system yet. But that's another new one to me!

-BA- · 17 Apr 2011 at 21:48

edscdk said:
I always tell people their files are safe after a virus,I do it without even checking as I know (think) there is no point deleting them... this time I called the owner back and told them the files were gone before I realised too much disk space was being used for anything to have been deleted...

I made two massive IT mistakes recently after thinking my opinion was god for years... 99.999% of the time I am right but I feel like a **** for telling this guy the files were deleted when they were hidden..

A bit of smooth talking could soon rectify the situation and have you coming up smelling of roses.

"After much work which sadly is going to cost quite a bit more, I have been able to salvage all of your work. I had to completely disassemble the hard drive and, using tweezers I was able to pick each individual byte of data off the plates and rearrange into the correct order."

Pawnless Endgame · 17 Apr 2011 at 21:49

Thanks Edscdk.

@ Wannabedamned - that's a weird one for Firefox. I did think of about:config for a mo, but that would only change the number of pages in back/forwards history. It wouldn't grey out buttons. This might be one for Hijack-This.

SexyGreyFox · 17 Apr 2011 at 22:15

My daughter had to come all the way home from Uni the other week for me to fix her problem.
She was browsing early in the morning when the old 'You have a virus click here' popup came on and she did.
The result was that it installed 'Microsoft Security Essentials' and 'Malwarebytes' and took over the machine.
Of course it installed nothing of the sort but the screens that came up would have fooled most people.

steve-h · 17 Apr 2011 at 22:18

People actually remove viruses? Back up your important files and format.

SexyGreyFox · 17 Apr 2011 at 23:17

steve-h said:
People actually remove viruses? Back up your important files and format.

I'd be formatting every 2 days then.

tntcoder · 17 Apr 2011 at 23:22

dmpoole said:
I'd be formatting every 2 days then.

How do you get that many viruses?

Going out searching for popups and running random exes :confused:

Absomalutely · 17 Apr 2011 at 23:37

tntcoder said:
How do you get that many viruses?

Going out searching for popups and running random exes

pron harvesting is not without its risks.

Theophany · 17 Apr 2011 at 23:37

-BA- said:
A bit of smooth talking could soon rectify the situation and have you coming up smelling of roses.

"After much work which sadly is going to cost quite a bit more, I have been able to salvage all of your work. I had to completely disassemble the hard drive and, using tweezers I was able to pick each individual byte of data off the plates and rearrange into the correct order."

And that's why IT guys get a bad rap, exploitation of people's ignorance. :rolleyes:

Touch wood, not had a virus (or at least one that has noticeably affected my computer or any personal information) in the past decade or so. A lot of that is probably down to using anything but IE, keeping regular check-ups with SpybotS&D and only visiting potentially dodgy sites on my Macs.

I know Macs ain't virus-proof, but if my browser downloads dodgy files in the background, what are they gonna do? OS X doesn't know wtf a .dll or .exe is!

arknor · 17 Apr 2011 at 23:50

my son had this virus the "windows disk fix" or whatever its called fake AV, he got it from some link on facebook...

just ran combofix and it removed the virus and automaticly removed the hidden atribute from everything on the HD

MikeHunt79 · 17 Apr 2011 at 23:54

I'm guessing this doesn't affect Linux boxes? If so this may be better off in the Windows section...

Applying a hidden attribute is pretty easy to do, you don't need admin rights to do this to documents...

postmanfw · 17 Apr 2011 at 23:54

Just had the same one here too on a customers.

First time i have seen it too. Kept giving messages about hard disk failure and everything in the user folder was hidden.

I dont just remove viruses anymore as its not a 100% sure fix whereas a clean install is

Plus most the pcs i see could do with a reinstall anyway.

SexyGreyFox · 17 Apr 2011 at 23:54

tntcoder said:
How do you get that many viruses?

Going out searching for popups and running random exes

Usenet

arknor · 17 Apr 2011 at 23:57

postmanfw said:
Just had the same one here too on a customers.

First time i have seen it too. Kept giving messages about hard disk failure and everything in the user folder was hidden.

I dont just remove viruses anymore as its not a 100% sure fix whereas a clean install is
Plus most the pcs i see could do with a reinstall anyway.

that is just lazy you must be utter crap at fixing computers.... same as the people who used to reinstall there os every other month because they were to lazy to learn how to maintain it.

on my old comp i had windows 2k installed foir like 2 years never had to reinstall for a virus or anything...

had xp for ages aswell , probably have this win7 installed until windows 8 , my sons laptop had dozens of virus infections over the 4 years he had it and i never had to reinstall his os either. your just lazy!

uv · 17 Apr 2011 at 23:58

dmpoole said:
Usenet

I use usenet, and haven't had a virus for EVER.

Are you searching usenet for free screensavers and emoticon packs or something?

postmanfw · 18 Apr 2011 at 00:14

arknor said:
. your just lazy!

Excuse me?!!!

If you were paying to have your pc fixed would you want the " I think its clean now and should be ok" or " Its def sorted now and will run as good as new"

Have had customers who have had a quick fix removal and run into problems months later so i see it as a sure fix rather than a patch up.

As i said most of the pcs are already running really slow due to age of os install so a reinstall makes a world of difference to their "old" pc

And its actually more work for me as i still clean the hard drive first before backing it up and installing.

Not lazy mate trust me....how many installs do you do a week?

Done three today and thats my day off

I am sure there are others that would agree with me on this?