Phishing attempt!

DoubleCheese · 25 Sep 2009 at 16:36

I've just been called to see a colleague's PC that suddenly had tons of Trojan viruses and needed fixing. Its quite an elaborate phishing scam:
1) In the Start bar is a Windows logo and Security Center warning
2) When clicked another bigger window opens and informs you that you need to purchase protection
3) When you click about in this window you get a list of all the nasties on your PC
4) You get another window where you have to enter your Credit Card Details and pay for the subscription. BUT the credit card fails and it asks you for another card...and another....

Quite clever and elaborate.

SfnX · 25 Sep 2009 at 16:40

its not a trojan...its A SPARTAAAAA!
seems nasty, try safe mode then CCleaner for maleware. then the 1 youl have on ur pc (may be trend)

Phage · 25 Sep 2009 at 16:44

Not phishing. Scareware.
If you can find the exe there are probably a few cleaners/tools out there to get rid of it. Spybot perhaps ?
I'm surprised the AV let it in.

rctneil · 25 Sep 2009 at 17:25

Use Malwarebytes Anti Malware to remove it

Dazboots · 25 Sep 2009 at 17:44

SfnX said:
its not a trojan...its A SPARTAAAAA!
seems nasty, try safe mode then CCleaner for maleware. then the 1 youl have on ur pc (may be trend)

Yeah deffo the route i would go

Ratbag · 25 Sep 2009 at 18:49

What the misspelt and nonsensical route?

For a start CCleaner won't get rid of malware - it's just a junk file cleaner. However, Malwarebytes and/or Superantispyware should sort it out. You could also try Hitman Pro, free trial version.

fail at the internets · 25 Sep 2009 at 19:04

Sounds like a rogue not phishing.

niko · 25 Sep 2009 at 19:40

rctneil said:
Use Malwarebytes Anti Malware to remove it

+1 its great for this sort off nasty

theheyes · 25 Sep 2009 at 20:36

Format and reinstall is the best fix if you can.

rickyt · 25 Sep 2009 at 22:51

What he has on his PC is the Fake anti-virus programs that have been going around for a long time now . Some are extremely difficult to get rid of . There what's known as 'Ransomware '.they infect your Pc , then demand payment to get rid of the virus's .I've had to put PC's right after these infections and it can be quite a chalenge , some of these fakes can hide the drives ,disable task manager and slow your PC down to halt stopping your from getting your data off .
2 programs that will help you to get rid of these things ,at least they did last year was MalwareBytes and SuperAntiSpyware .Be prepared for a format though .

DoubleCheese · 26 Sep 2009 at 13:05

The first run of Malwarebytes picked up 92 infections. Second run 7 and a third is planned for after work today. Will try Superantispyware too.

Not surprisingly the malware was blocking the AV from updating and had turned off the Windows XP firewall and was hiding/disabling the Firewall notification.

theheyes · 26 Sep 2009 at 14:58

It is basically riddled. You could spend hours fighting the nasties and still not get them all. Again, if it's an option - format and reinstall.

Kennysevenfold · 26 Sep 2009 at 16:01

theheyes said:
Format and reinstall is the best fix if you can.

This.

Much quicker than messing about with it for hours.

Meatball · 26 Sep 2009 at 17:23

theheyes said:
It is basically riddled. You could spend hours fighting the nasties and still not get them all. Again, if it's an option - format and reinstall.

Wise advice. The only way to know 100% you have a clean computer is by performing a format & reinstall. The install will be light, fresh, clutter free and up-to-date. It will probably take less time in the long run and has a 100% success rate

.

rickyt · 27 Sep 2009 at 14:04

Remember , the problem with a full format is you'll lose all your data . A format really is the only solution if things get really bad and you should over a period of time prepare for such events , by that I mean ........make regular backups , just incase this sort of thing happens. Such nasty's on a Pc can make it impossible to get data off in a hurry as the pc will run slow .....if at all and sometimes freeze . So, take out the HDD and link it to another PC or laptop and transfer folders etc to a folder on the doner PC/laptop .Look into your profile and get documents ,music etc off .You can even save your favourites , just copy the star shaped folder across .Dont copy anything else or you may re-infect . Put the HDD back into your PC and re-install .By linking your HDD to another pc/laptop you not running the OS ,so not running the mal/spyware . I do this sort of thing all the time in my job and theres nothing to it . But , if you have nothing to save , then it will make it easier to format and start again .

bledd · 27 Sep 2009 at 14:39

bledd. said:
disable system restore
remove you 'av'
run ccleaner slim http://www.ccleaner.com/download/builds/downloading-slim
run nod32 trial http://www.eset.com/download/free_trial_download_int.php
run mbam http://www.malwarebytes.org/mbam-download.php
run spybot http://fileforum.betanews.com/download/Spybot-Search-Destroy/1043809773/1

still screwed?
run combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix

following this, stop going to bad sites etc

use firefox http://www.mozilla-europe.org/en/firefox/
install this addon for firefox https://addons.mozilla.org/en-US/firefox/addon/1865

when firefox opens following the restart, tick the 'Easylist' subscription

phishing is fake links in emails etc.. this is just malware