Scary malware/virus!

[edscdk]

XP is soooo bad!

cleaned 9 machines of this over the past 3 days

4 xp
2 vista
3 W7 (1x 32 bit 2 x 64bit)

if its the one the london stock exchange was serving up

 

[Deleted member 77746]

XP isn't bad, it's the users. You wern't saying that 1 year after XP came out ! !

 

[opethdisciple]

Just seen this on a user computer at work!!

Any idea where this is coming from?

 

[bledd]

If MBAM won't update, reset all IE settings to default. Spyware like this can also sometimes enable proxy settings, so make sure all the boxes are unticked within 'Lan Settings' within IE.

I think you can download the definition file and put it in the folder anyway. Probably best to have the system off the web until clean.

Also

Check the hosts file

On W7 it can be a real pain to get into the thing, have to show hidden files, set permissions and start notepad in admin mode, then do file open


Avoid using IE in XP

 

[Deleted member 77746]

Also

Check the hosts file

On W7 it can be a real pain to get into the thing, have to show hidden files, set permissions and start notepad in admin mode, then do file open


Avoid using IE in XP

Theres nothing the matter with using IE in XP.

 

[Deleted member 77746]

Just seen this on a user computer at work!!

Any idea where this is coming from?

Nobody can give any answers yet, don't no if it's a document or an actual site. We have some guys looking into it at the moment here.

 

[bledd]

Theres nothing the matter with using IE in XP.

I've seen some website that fill your fully up to date (with no AV) XP machine with malware if you visit them in IE8.

But with Chrome or Firefox, they pose no threat.

 

[Deleted member 77746]

I've seen some website that fill your fully up to date (with no AV) XP machine with malware if you visit them in IE8.

But with Chrome or Firefox, they pose no threat.

Same with IE8 and Vista/Seven but doesn't mean you can't protect yourself, care to post some links so I can test them?

 

[Pestilence]

Looks like a Smitfraud variant. Combofix'll do the trick.

 

[logix42p]

funny someone earlier mentioned ebay as thats the main site my sister visited when she got it. To be honest i just didnt believe her but maybe i was wrong

 

[McMav]

Well that laptop cleaned fine with MBAM

Safemode with networking
installed mbam.
Did the mbam updates.

Ran full scan. Machine clean.
Have since had to do sameon Windows 7 and Vista along with XP.

 

[swanseajack]

Same here, cleaned a laptop with this. Mbytes safe mode cleaned, and then Norton cleaned something called dr virus.

 

[Sirrel Squirrel]

Friend has this on Vista, tried running MS Essentials and Malwarebytes in safe mode with no luck, I couldn't even open mbam. Going to try combofix now.

 

[Hotwired]

Friend has this on Vista, tried running MS Essentials and Malwarebytes in safe mode with no luck, I couldn't even open mbam. Going to try combofix now.

If you can't run MBAM on the infected drive you can remove the drive from the computer and use another computer to scan it.

I have two HDD in my computer each with an OS and the second one is mostly there to make sure the first one can't be taken out by malware.

So first OS gets disabled, use second OS to recover.

 

[Puppetmaster]

I'd say between the two shops i work in since saturday we have had 15+ pc's / laptops come in with this and heard from about another 10. Seems like it went mad on sunday for everyone.

 

[Radiation]

It would be interesting to know how many people were using alternate browsers like firefox or chrome, also whether they had java installed or any ad blocking?

This sort of thing shows you can't even be sure about reputable sites, their dynamic ads could always be a danger so no one should feel bad about ad blocking, if they were less obnoxious and just simple images i would be fine with them but that added to this makes it a must, its time they considered changing their ways.

 

[Puppetmaster]

Would be interesting to know how many people were using alternate browsers like firefox and chrome, also whether they had java installed or any ad blocking.

Most of the ones I have seen have been using IE.

 

[mukhs11]

also delete any fake anti virus / security an toolbars you hav not installed an make sure u disable system restore when removing virus.

 

[SoundsGood]

It would be interesting to know how many people were using alternate browsers like firefox or chrome, also whether they had java installed or any ad blocking?

This sort of thing shows you can't even be sure about reputable sites, their dynamic ads could always be a danger so no one should feel bad about ad blocking, if they were less obnoxious and just simple images i would be fine with them but that added to this makes it a must, its time they considered changing their ways.

I was using Chrome with the latest version of Java but no adblocking. I was also on eBay at the time.

 

[oldbag]

Didnt think you could install stuff in safe mode as it does not start the installer service, unless you hack the registry that is.