Scary malware/virus!

Interesting.
Having seen similar situations on XP machines at work, it wasn't until this thread that I pondered if Xp is more vulnerable to this sort of infection due to lack of UAC?

Would upgrading the machines at work to run windows 7 actually add a significant defence from this type of infection? We run corporate symantec which has never stopped any infection of this type.
 
So far this infection hasn't attacked any Win 7 machines that I know of. However, as said above, to install it the user usually has to interact with something, ie click on an .exe, accept a javascript warning or something. If that's the case, of course it will run on Win 7...
 
Hikari Kisugi said:
Interesting.
Having seen similar situations on XP machines at work, it wasn't until this thread that I pondered if Xp is more vulnerable to this sort of infection due to lack of UAC?

Would upgrading the machines at work to run windows 7 actually add a significant defence from this type of infection? We run corporate symantec which has never stopped any infection of this type.
Click to expand...

The key thing is whether the users are in the administrators group or not. If they are administrators, the only difference is that Windows 7 will probably generate a UAC prompt which they will have to yes/no. The defense lies in restricting access; UAC just makes this more convenient for people who want to run as administrator. You'll see a high infection rate for XP users largely because the default account is administrator (as with most viruses)

I don't know enough about this particular virus to say whether it is UAC-aware and if it will run in a standard user account, but if it did it would be easier to remove and I'd be a lot more confident that it hadn't installed something else like a kernel mode rootkit.

This is the main reason I'm formatting the laptop I mentioned. User was protected administrator and I don't know if they clicked yes at any UAC prompt. I have to assume they did and the virus got full admin rights to the machine, so rather than take a chance it was more straightforward to backup and restore.
 
got a pain in the neck virus myself yesterday, had malware bytes and microsoft security essentials running, ended up having to format, it wouldnt let me click anything to run, hugely frustrating!
 
Safemode.

Run ComboFix.

Run Malwarebytes

Load Windows normally.

Delete all restore points.

I see these style of malware/scareware programs everyday. Usually only affects the user account running at the time of infection.
 
I also had this the other day, went in safe mode and ran malwarebytes and everything was fine after removing the virus. I think this virus was attached to a fake java update as java tried to connect to the net but my windows firewall control software came up. Soon i said no to it connecting to the net that blue screen came up.
 
I think malwarebytes have recently released an updated database that deals with it now as thats what i used. There might be a few "strains" of it however.
 
theheyes said:
Yeah, currently doing a format/reinstall because of this on a laptop (Vista). It seems to be extremely good at spreading itself.



This is pretty interesting, because MSE caught an attempted download on my computer over the weekend. I loaded a legitimate site and (stupidly) ok'd a javascript message (although they're not all that uncommon to be fair) which then tried downloading and opening an malicious pdf. It was the pdf itself MSE recognised as Win32\pdfjsc.ML which is a very recent variant and I wouldn't be surprised if it was related. I'm thinking maybe it is spreading through a third-party advertiser.

Luckily for me I don't think it affected the version of Adobe Reader I was running and the AV caught it in time anyway, although I've disabled javascript on my machine for the time being.
Click to expand...

Mine was a bit different, I recieved a PDF catalog from a known sender, had a look at it and closed it down. A few seconds later UAC asked if setup1231231.exe could access system files, to which I said no, rebooted and did a full boot time scan on all hard disks: 0 results. Updated my PDF reader and left it at that. The following day the UAC prompt came up again, clicked no.. 10 minutes later "YOUR PC HAS BEEN HAXORED!!!!11" :(
 
logix42p said:
I think malwarebytes have recently released an updated database that deals with it now as thats what i used. There might be a few "strains" of it however.
Click to expand...

This could well be the case, it was a mates laptop I removed it from last Wednesday when Mbam wasn't able to shift it. Combofix can be quite "brutal" in comparison to the main anti malware progs but it certainly showed this particular pest who was boss. :cool:
 
Success rate of 10/11 on a mixture of laptops infected with this in the last couple of days, using an updated malwarebytes from safe mode. Thoroughly irritating virus, it simply blocks execution of pretty much anything with a message that you should give them your card details.

On the 11th the virus is gone, but the copy is vista is very sluggish. I'm not sure whether it was like that before the above event or not, so it's going to be a reformat for that one.

It blew past norton, mcafee and avast on various laptops, and turned up on both xp and vista, on updated copies of windows. Fair play to the authors. One of the guys typed his card details into it (:() so I suppose time will tell how severely he's defrauded.

I'm going to look into combofix, cheers.
 
Hijack/ransom malware seems to be all the rage now.

Got hit by two similar types last week.

Program launching is mostly crippled and after attempting to kill off the files a reboot was forced, which resulted in me logging onto a second OS and telling it to **** off.

Scanned using MBAM and some other things from the second OS, also had to mess about restoring infected windows files I'd quarantined under the impression they were fakes then rescanning since quarantining them resulted in the infected OS bluescreening on startup.

Can certainly see the profit in these types of malware.
 
Strangely enough I got that very infection on my pc on Sunday while my girlfriend was shopping on ebay!

A quick message popped up saying something about a Java Update (Java 6 or something my girlfriend said) but before she had chance to click anything, it disappeared and then the problems began.

couldn't run anything like malware bytes etc etc.

So rebooted into Safe Mode, ran Malware bytes from there followed by spybot and another i can't remember the name of.

Back in to normal windows, ran them, both again. Only thing I had to do extra was to turn system restore off to get rid of a system restore file which had the infected file in.

After that all clear!
 
Out of interst, what do people install java for on windows 7 nowadays? Are there specific sites and apps which require something like it to be installed.
I have 7 since launch, purposely never installed java, thus have never updated it, or I hope been subject to issues arising from its installation.
I am unaware of internet sites that don't work for me when running ie8 in protected mode from a user account with UAC on.

What am I missing out on?
 
JonJ678 said:
It blew past norton, mcafee and avast on various laptops, and turned up on both xp and vista, on updated copies of windows. Fair play to the authors. One of the guys typed his card details into it (:() so I suppose time will tell how severely he's defrauded.
Click to expand...

Erm... call the card issuer and unless it's aleardy happened he wont be.

The common thing in all the infections I've dealt with is that the user is the weak link, clicking on the 'Your computer is infected' (or whatever it says, I've not actually seen one myself) window thus allowing the thing a foothold.
 
You must log in or register to reply here.
Back
Top Bottom