Hit by spyware/virus. What to do?

Discussion in 'Computing and Networks' started by wannaBinventor, Nov 21, 2010.

  1. wannaBinventor

    Thread Starter Member

    Apr 8, 2010
    179
    4
    Somehow I got the "Windows 7 2011 AntiSpyware" crap on my computer. I actually got it on my work computer the same day, so go figure. I don't know it I got it through my email or what, but either way I'm stuck fixing my own computer (helpdesk hooked me up at work -- they are just replacing the machine).

    It kept popping up with phony messages about finding infections to try and con me into buying their crap. I found some stuff about deleting registry keys that get placed by the program. I deleted those, not when I click on almost anything I get an error that says "This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel." It also lists the directory of the executable at the top of the error window. I have to go into that directory and right click the file to get it to open.

    Can anyone help here?
     
  2. thatoneguy

    AAC Fanatic!

    Feb 19, 2009
    6,357
    718
    http://www.malwarebytes.org/

    It will remove it, it is awesome for that. Those fake antivirus viruses are EXTREMELY annoying. Users need to be careful what they click/allow.
     
  3. Markd77

    Senior Member

    Sep 7, 2009
    2,803
    594
    Last edited: Nov 21, 2010
  4. bodge

    New Member

    May 30, 2010
    2
    0
    I use XP Pro because its so flexible. I got a anti spy programme that dowloaded itself whilst my son was using it and it was of the really annoying ones that will not let you use the computer until you buy it and if you try to open task manager it says infected, if you try and start other anti v progs it says infected. So you force start the PC in "safe mode" and look for whats starting up in your pcs start menu or you look for programmes running and remove any you know are not the ones you want.

    Alternatively as your computer is starting up quickly right click on the task bar and open task manager (once its opened it wont shut down) then look for programmes running that you dont want to run and shut them down (be very careful) have a pen and paper handy to write down the exact name of the files you shut and then go check them out in "search mode" this will identify your problem, open originating folder and remove it entirelyψ.
     
  5. blueroomelectronics

    AAC Fanatic!

    Jul 22, 2007
    1,758
    98
    Why would anyone run windows without a virus scanner. Even Microsoft gives away Security Essentials for Windows 7 free.
     
  6. thatoneguy

    AAC Fanatic!

    Feb 19, 2009
    6,357
    718
    The one the OP has actually installs and replaces your antivirus software, as a VALID antivirus solution (if you pay them $50, it turns into real software or something like that). Then it disables all of the common antivirus, windows says you are protected, etc.

    They keep coming out with new versions, most get installed by an internet popup window that looks Exactly like a Windows 7 Alert Dialog, and people click "OK", and that's the end of it.

    How they haven't been either sued to death or shot is beyond me, this has been a problem for about 4 years now.
     
  7. tom66

    Senior Member

    May 9, 2009
    2,613
    214
    This is wrong. It is a complete scam and giving your credit card details to the company will have you find someone in Israel (where they are based) has emptied your account.
     
  8. Otaku

    Active Member

    Nov 19, 2008
    128
    2
    MBytes can find most, but not all of these bugs. I needed to use Hitman Pro 3.5 (free for 30 days) to clear the WinXP AntiVirus malware from a home machine. The bug prevented all Internet access as well. I had to install the program from a thumb drive.
    The reason a lot of people get these things is that they are logged in to their computers as Administrators. This gives implicit approval to download scripts from whatever site you visit, and the antivirus program you have won't stop all of them. I never go online as an Admin - it leaves you open to all kinds of bad stuff. The only issue with limiting your privileges is that you need to be an Admin to install new software (typically). Switching usernames is a small price for the added security.
    BTW, some of the jerks that set up these scams are currently in jail in Europe. Your CC info may be just going down a black hole. The only sure thing is that you won't get a key or password to fix the bug, and as Tom66 said, you may find your CC gets maxed out within an hour.
     
  9. tech5563

    New Member

    Sep 30, 2010
    19
    0
    all of these fake viruses have one thing in common,
    they all reside in "users-appdata-local" folder and can be simply deleted in safe mode :D... i deal with these on a daily basis at work :p
     
  10. tom66

    Senior Member

    May 9, 2009
    2,613
    214
    Not all of them. Several embed themselves in Windows, and it's pretty difficult to remove them.
     
  11. sceadwian

    New Member

    Jun 1, 2009
    499
    37
    I hope you don't take offense to this, but if you were able to get infected by such a virus then you do not have the skills to remove it.

    True PC viruses on non-updated software haven't existed in near 10 years. Anything else is a security vulnerability where a fault in the software allows unauthorized users access.. The user themself has to initiate the infection process. Pretty much every 'virus' you've heard about on a PC in the last 10 years is actually a Trojan.
     
  12. tom66

    Senior Member

    May 9, 2009
    2,613
    214
    In many cases, you're correct, but do remember some viruses do exploit security holes. Many nowadays use social engineering, but not all. You can still get a proper virus on a system.
     
  13. sceadwian

    New Member

    Jun 1, 2009
    499
    37
    Name one tom =)
     
  14. tom66

    Senior Member

    May 9, 2009
    2,613
    214
    Conficker. It was a big thing a few months ago. From http://en.wikipedia.org/wiki/Conficker.

     
  15. sceadwian

    New Member

    Jun 1, 2009
    499
    37
    2008 was a few months ago? 2011 is less than three weeks away here =)

    I asked you to name one though and you picked a lulu => That one got EVERYONE to notice PC's, including all major governments and every major software maker in the world. It got a lot of press, and it's only 1 virus.

    The point was there are millions upon millions of other 'viruses' out there, not even a large portion of of .001% of them can qualify as a true virus like Conficker can. I doubt the percentage is even that high, unfortunately there's not a lot of good data to show this in black and white because anti virus companies don't make their data collection techniques or results known to the general public.

    You show me a modern PC with a virus infection, I'll guarantee backed by 100 bucks, that the user had outdated software without automatic updates turned on, or that the virus was actively initiated by someone using the machine at the time of infection.

    The SQL bug a few years before Conficker and Conficker itself got everyone's attention, but it's a drop in the bucket compared to the true reality of viruses on home PC's, they'll forever be called viruses but they don't work true to their form anymore.
     
  16. tom66

    Senior Member

    May 9, 2009
    2,613
    214
    You said name one. I did. Anyway, here's a list of major viruses from 2010, again Wikipedia (http://en.wikipedia.org/wiki/Timeline_of_notable_computer_viruses_and_worms):

    2010
    • June 17: Stuxnet, a Windows trojan, was detected.[35] It is the first worm to attack SCADA systems.[36] Some suggest targets Iranian nuclear facilities.[37] It uses a valid certificate from Realtek.[38]
    • September 9: The virus, called "here you have" or "VBMania", is a simple Trojan Horse that arrives in the inbox with the odd-but-suggestive subject line "here you have". The body reads "This is The Document I told you about, you can find it Here" or "This is The Free Download Sex Movies, you can find it Here". (Note this is the only social engineering virus unlike the other ones.)
    • September 15: The Virus called Kenzero is a virus that spreads online from Peer to peer (P2P) sites taking browsing history.[39]
    Don't forget the others from 2009 and 2008. Also, don't forget Conficker was big in April, when it was attempting to update its software. And variants of Conficker, up to Conficker E, were released just over a year ago.
     
  17. sceadwian

    New Member

    Jun 1, 2009
    499
    37
    Kenzero, Alueron, and here you have are all straight up trojans, the user caused the infection directly in every single case, there is no method for it to self propagate, so they technically can't be called true computer viruses. 100% stupid user syndrome there.

    Stuxnet looks like a real piece of work though, maybe not as prolific as Conficker but slick and well designed, a true virus and aimed for industrial/military espionage no less.

    The vast majority of all so call 'virus' infections are user or system admin fault (often the same person sometimes not). Stuxnet even used Conficker which was at the time patched, however it used several other zero day vulnerabilities as well which is why you gotta respect (if not abhor the motives) of the people that made it.

    You have to keep in mind as well just because viruses like conficker and stuxnet hit the news doesn't mean that they're more prolific than the bulk majority of infections. Go talk to anyone that works at a PC repair place that does systems cleanings, ask them how many of the machines that were brought it were hit by a true virus as opposed to a trojan.
     
  18. tom66

    Senior Member

    May 9, 2009
    2,613
    214
    I disagree with this:

    I agree with this:

    as in my previous post:

     
  19. sceadwian

    New Member

    Jun 1, 2009
    499
    37
    Okay then we're on the same page Tom, but let me add this to what I meant when I said "True PC viruses on non-updated software haven't existed in near 10 years"

    When I said 'existed' I should have said not substantially so with a few exceptions =) It's so hard to say things in black and white and still sound sensible, and I've proved that point clearly ;) I do apologize extravagantly on that point in saying that I was a fool for making that statement.

    I think my major contention with your view is based on your previous post.
    It's not just 'many' it's the drastically predominate bulk majority. Viruses do exploit security holes, but social engineering is NOT a security hole in the software/hardware systems themselves it's the users of those systems, the system can't control a so called 'trusted' source such as the user. Modern systems are trying to work around that whole mess because it's not so simple, how do you let the user do what they want without compromising a global network that the user depends their experience upon to exist?

    My main thought is that education of the users of systems is more important by a thousand fold than the inherent security a system can provide, basic things such as good password protection and limiting web traffic to trusted sources and even then restricting those trusted sources via encryption for sensitive matters, and even then knowing that that encrypting can't possible hold over the long term so adjusting the behavior of the users to take this into account to create a stable usable system.

    Modern PC kernals and OS's seriously have to treat anything they interact with as a 'hostile force' scary because the users/admins can't be trusted to know what they're doing.
     
  20. tom66

    Senior Member

    May 9, 2009
    2,613
    214
    sceadwian. Do you think it would be a plausible idea to isolate contaminated computers with viruses on them? It would both cause people to fix their computers and make them more conscious of security. Often a botnet'd computer is not obvious to the user. 80% of spam from botnets. Think maybe 75% less spam.
     
Loading...