Scary malware/virus!

[SoundsGood]

So I'm just sat here eating chocolate buttons and reading crap on here then BAM! Infected again.

At the time of creation (19:29) I was reading a forum I've been on for years and none of the threads have any suspicious signatures or adverts. Before that was here, Facebook and ImageShack.

Any advice how I can stop this from happening again?

 

[Terrier_Jimlad]

*edit*

Just noticed you were using Avast - pretty poor detection if it's up to date lol

 

[JonJ678]

At the risk of provoking rage, I'd like to mention that to the best of my knowledge this beastie hasn't hit anything running osx or linux. Does anyone have a counter example?

I hadn't met Rkill. Cheers

 

[Dano]

Any advice how I can stop this from happening again?

Windows, Java and Adobe all up to date?

 

[SoundsGood]

Java and Adobe are, Windows was a bit behind so updated that now and I'll see how it goes..

 

[esK`]

Well hearing where it on XP if I see it on a clients machine I know where it'll be hiding! Thanks

 

[Jim.Ow]

I work in a small PC shop, we've had a lot of these in .. 10 to 15 a day. I don't know if it's been mentioned but normally a Malware Bytes scan in Safe Mode will get rid of it (try to disable system restore) If this doesn't work go back into Safe Mode and depending on the OS either go to the App Data folder or Program Data and it will be in there and just delete the EXE.

 

[Scream]

I am sick to death of this malware. As soon as you clean a machine, the bloody thing comes back. AV software seems to be doing sod all.

These days the best product to use is malwarebytes and purchase it so you can have the resident shield working in the background.

 

[thecremeegg]

Someone at work has just given me her pc with this on....malwarebytes didnt work for me

 

[wilko49]

What do i do now? I can clean the virus again, but when she gets home it will 'appear' again

Hotmail has infected adverts capable of drive-by installation of System Tools. Tell her to keep off of hotmail and it should be fine.

 

[HighlandeR]

wow so I may end up getting 100s of customers coming back from this virus lol

If its infected hotmail, thats almost as bad if it was google

I havent had anyone come back yet mind u... but its been early days combofix/malwarebytes with both updated via net have worked.

I wonder if combofix/malwarebytes have updated there offline database packs

 

[edscdk]

I love the guys that release this stuff, I really do I had 18 infected machines so far, easy money to clean...

 

[Duke]

Put adblock software on the systems if you don't want to see them back.

 

[Jay662]

Can't believe it! A user has just came in this morning with this on their laptop.

Spreading like wildfire.

 

[Emphacy]

Haha by god have I seen a few of these. My mate also had one on his laptop, which appeared before his eyes the morning after he went out.
Malwarebytes' doesn't remove it itself fully, so we just did a system restore and back to normal. Then I replaced his McAfee with ESET.

I had one person though tell me they entered their details but it still wouldn't remove itself... Silly People!

 

[PiKe]

Been given a machine with Vista on that's got this, running Norton 360, lot of good that is.

 

[cyber69]

The company I provide deskside support for are currently suffering from this infection. I've had only about a dozen so far which the remote offshore teams have been unable to remove.

I've only seen one where it blocked internet and on that one I installed malwarebytes and manually copied the rules file over from an updated PC which then did the trick.

 

[Agemo]

PC at home caught this virus last night. This forum has been very useful today and so I hope I will be able to remove it tonight!!

 

[j.col]

my mum's pc caught this as well
combofix blitzed it on its first run

 

[PiKe]

my mum's pc caught this as well
combofix blitzed it on its first run

Combofix only works on xp doesn't it.