1. Attention: We have put together a thread with tips and a tutorial video to help with using the new software. Please take a moment to check out the thread here: Trapshooters.com Tutorial & Help Video.
    Dismiss Notice

A Computer Virus comment

Discussion in 'Off Topic Threads' started by JACK, Dec 24, 2009.

Thread Status:
Not open for further replies.
  1. JACK

    JACK Well-Known Member Supporting Vendor

    Joined:
    Apr 28, 2006
    Messages:
    14,695
    Location:
    NW Wisconsin
    I have an old school chum that heads up the Astronomy lab and telescope affiliated with the University of Chicago. Wednesday at 3:41 AM I got a email message while I was on with you guys from a person on his contact list. His contact book had been used to redirect a virus attached to an innocuous appearing webiste. I knew of this person but figured it was potentially a virus waiting to happen. I deleted the email and carried on. But at 3:42 I got a samll window on the task bar and a Microsoft looking icon that inforemd me that my computer had been infected and to click on the icon to find and isolate the virus. Realizing that I had a problem I looked for an exit out of this situation and it was one of those deals wherby if you did anyting to delete/defeat the incoming virus you in fact began the process of allowing them to install what they wanted. I attempted to click the X but that just started the virus installation. It masquaraded as a anti virus and began a "scan". Within 30 seconds It told me I had 30 viruses on my computer.

    I nixed it as best I could but it was determined to finish and within a minute I shut down. But it was in. I tried rebooting but the asme thing occurred and nothing worked even tho I had seemingly stopped the "scan".

    I took the hard drive to my guy and he cleaned it up for $60 and a bottle of Brandy. But here is what he told me to do the next time this happens

    As soon as you see it hit, Manually (using the physical button) turn off your computer. Allow it to rest for 30 seconds or a minute and then take these steps

    1)Turn off computer and wait a minute

    2)hit the ON button and

    3)as soon as the computer logo flashes on the screen (DELL in my case)

    4) Tap-Tap-Tap-Tap the F8 key and continue tapping until you computer boots up in "Safe-Mode"

    5)Once in Safe-Mode you should be able to activate your antivirus to isolate this antagonist virus wanting into your computer.

    I hope I do not have to try it too soon as I bought him a 1.75/

    Print this instruction out and paste it somewhere you can access it quicky. Tiem is very important. The longer the bogus scan runs, the more files will be infected and potentially compromised.

    Jack
     
  2. TEXASZEPHYR

    TEXASZEPHYR Member

    Joined:
    Jan 29, 1998
    Messages:
    841
    Location:
    TEXAS
    Jack, u shure get up early. I got the rib roast out for room temp, can hardly wait. BTW thanks for the virus info

    Bob
     
  3. AveragEd

    AveragEd Well-Known Member

    Joined:
    Jan 29, 1998
    Messages:
    5,477
    Location:
    Mechanicsburg, Pennsylvania
    I had a similar thing happen a year or so ago (while my computer was supposedly protected by an AVG paid subscription) and asked our company IT guy for advice, as I couldn't use the computer for more than 10 seconds or so without another "warning" message popping up and rendering keystrokes useless. I was concerned but he laughed and told me to download and run MalwareBytes, a virus/spyware/malware scanner that will locate and neutralize the infection.

    I did, it did and we're living happily ever after. I've also 86'd the two-year subscription to AVG in favor of AVAST free edition and it gives me plenty of warning that danger lurkes if I continue what I'm doing. I update the MalwareBytes and scan all four PCs weekly and the AVAST updates automatically numerous times each day.

    By the way, before I consulted with our IT guy, I worked with AVG to correct the problem. Several days later, I had tried unsuccessfully to send some files to them that they said they needed to identify the bug but the bug itself was interrupting the file transfers, so they said they couldn't help me. When MalwareBytes found and eliminated the problem in less than an hour, I contacted them again and asked for a refund of the 19 months remaining on my subscription. Believe it or not, I never heard back from them...

    Ed
     
  4. smoked

    smoked TS Member

    Joined:
    Jan 29, 1998
    Messages:
    27
    Great Info Ed, I have AVG also and have been a bit suspicious lately that it is "Leaking"

    I am going to try your recommendations

    Merry Christmas

    Chris
     
  5. zzt

    zzt Well-Known Member

    Joined:
    Jan 29, 1998
    Messages:
    3,459
    Location:
    SE PA
    Jack, it sounds like you clicked on the URL and called up the web site. That was the no no. But thanks for the warning.

    Good luck with your free edition of Avast! Ed. That's a little to "leaky" for me. I want 100VB ratings for known malware and superb heuristics to stop new malware in the wild. I also want something that is easy on system resources. So far, Sophos seems to be the best. I've never had an infection while using it
     
  6. short shucker

    short shucker TS Member

    Joined:
    Jan 29, 1998
    Messages:
    3,939
    MIA,

    I had nearly the same thing happen about 6 months ago. I was givin about the same set of instructions, but my "geek" loaded my computer with some damn fine antivirus software. No more issues.

    ss
     
  7. i_shoot

    i_shoot Member

    Joined:
    Jan 29, 1998
    Messages:
    433
    I just got that today. It popped up looking like a scan from Microsoft.
     
  8. Bernie K

    Bernie K Member

    Joined:
    Jan 29, 1998
    Messages:
    687
    I had it happen to me just last week. My guy charged me $75.00. It came up as a warning from a virus scan then went on to say I could get my machine protected for $49.95 a month. Once it started I could not stop it. Just be careful, although I don't know what you can do if it happens other than to follow MIA's advice. As he said print this out and keep it near by. Bernie
     
  9. JACK

    JACK Well-Known Member Supporting Vendor

    Joined:
    Apr 28, 2006
    Messages:
    14,695
    Location:
    NW Wisconsin
    ZZT. Do I come off as that dumb?
     
  10. slowdp

    slowdp TS Member

    Joined:
    May 7, 2007
    Messages:
    779
    Virus writers are getting smarter these days. They release a different version of the same virus every few days to make the patterns hard to track. Most virus software is reactionary in nature. They develop a pattern match after the virus is known in the real world. That is why it is important to update often. Use several free virus and spyware scanners whenever you suspect a virus.

    The pop up screen that you click gets around the virus scanners because you are authorizing a program to be installed. The red X and any button on the screen can be captured by the software and acted on. The program that put the pop up warning screen on the computer can be safely closed by using the CTRL, ALT, DEL key combination, selecting TASK MANAGER and closing the application from the APPLICATION tab within TASK MANAGER. Once the program is shut down use the scanners.

    What was said about the F8 key works as well for most viruses but some of the newer viruses will get around the F8 (safe mode) startup.

    You are not safe anywhere. I clicked on a link within a trapshooters.com thread and got the warning screen. These programs are usually "driveby" apps. In other words you are directed to a site where it is downloaded to your machine although the program can come to you as a zip or other type of file within an email.

    Be extremely careful opening a file that is attached to an email or clicking on links within emails. Be even more careful if the file has two extensions attached to it. In other words, the name of the program has 2 periods in it.
     
  11. MGeslock

    MGeslock TS Member

    Joined:
    Jan 29, 1998
    Messages:
    359
    MIA and Slowdp has it right!!

    I have seen this several times.

    From AVG...(links have been disabled)


    It is designed to simulate a scan of the computer, supposedly detecting thousands of strains of (non-existent) malware. The end aim is to sell users a pay version of the fake antivirus in order to eliminate the threats.


    When run, this adware warns the user that the computer is not protected. The main screen displayed is a spoof of the Window Security Center.


    It then pretends to scan the system for malware. If users do not immediately take the bait and buy the pay version of the fake antivirus, the malicious code will sporadically display a message reminding the user that the computer is infected.


    In warning messages, and after the fake scan, a link is provided from which users can download the fake antivirus. Anyone clicking on the link will be redirected to a page like this.


    Additionally, when infected users visit certain Web pages with comparative reviews of antivirus products, there will be redirected to a spoof page showing a review of an 'antivirus', called Antivirus2010, with functions and characteristics similar to Anti-Virus-1.
     
  12. JACK

    JACK Well-Known Member Supporting Vendor

    Joined:
    Apr 28, 2006
    Messages:
    14,695
    Location:
    NW Wisconsin
    A small point here... I thought I was "golden". By that I mean that I run anti-virus daily and purge the cookies and update manually. For a year (or bettter) I thought I had it "figured out". Too, I do not open any emails that contain links to anything. And of course, if anything is other than a real communication to me, I relegate it to the deleted file.

    Where I erred is that in deleting the email from my inbox, I began the installation process of the fake infection notice. And once it began, the infection was so pernicious that it disabled everything including my Task Manager. And it disabled my AVG from starting up.

    This virus was essentially designed to get to a person that became frustrated and then signs up for the bogus anti-virus. You do that with a credit card, and then guess what? Yes, they max out the cash advance portion immediately.

    Mgeslock says some important stuff just above this message. Try and understand it.

    In my opinion the greatiest risk we face is from FWD emails from trusted sources. This particular virus was a "redirection" that uses the contact list of the person and if you are on it, you are randomly selected to recieve the solicitation. Geslock says these guys are smart. Well, they are, and it takes them little to alter the program code in order to defeat your MacAfee or AVG or NOrton. The regular antivirus folks I mention have no way of knowing what the new code will be and that is the risk YOU face as well as I or Geslock. If the random redirector lands on you and your antivirus has not seen the code variant, they are in. And that is what happended to me.

    Read Mgeslock again. He provides data we all need to understand and live by.
     
  13. Fathawk

    Fathawk TS Member

    Joined:
    Dec 28, 2008
    Messages:
    202
    A good comment is to not use AVG anymore and got to AVAST!.



    A second good comment is to stop looking at the free porn sites. There is no such thing as free porn, it always comes at a price.
     
  14. MGeslock

    MGeslock TS Member

    Joined:
    Jan 29, 1998
    Messages:
    359
    Just one side note..... The last few times that I have seen it it was on web pages.


    Just turn your computer off!
    [​IMG]
     
  15. JACK

    JACK Well-Known Member Supporting Vendor

    Joined:
    Apr 28, 2006
    Messages:
    14,695
    Location:
    NW Wisconsin
    Fathawk makes a valid point. A common attachment place is to porn sites. But other sites as well. And as a quick follow-up, my daily scan begins at 10 PM Central and today's scan showed a douuble dose of a generic trojan horse. Same one. AVG picked it up on the way in and isolated it. AVast may be ok for you guys, but if you are counting on one specific program to keep yo safe you are not doing due diligence. Keep up wiht your virus vault andknow what is in there.
     
  16. Shooting Coach

    Shooting Coach Well-Known Member

    Joined:
    Sep 14, 2006
    Messages:
    8,354
    Location:
    Nashville Tn
    I have had great luck with C Cleaner (formerly Crap Cleaner). My Computer Guy said it got rid of stuff before it gets buried into the system.

    I saw the fake Microsoft screen on a re direct, but bailed out without harm.
     
  17. zzt

    zzt Well-Known Member

    Joined:
    Jan 29, 1998
    Messages:
    3,459
    Location:
    SE PA
    You can also help yourself by not allowing HTML in emails, or at least blocking the automatic download of images in HTML emails. If you do not know what they are, you should read up on web bugs.
     
  18. AveragEd

    AveragEd Well-Known Member

    Joined:
    Jan 29, 1998
    Messages:
    5,477
    Location:
    Mechanicsburg, Pennsylvania
    Perhaps we all should just switch from PCs to MACs. Virus infection of PCs is one reason why both magazines and the newspaper for which I've written use MACs. But I just can't bring myself to learning something new.

    Ed
     
  19. JACK

    JACK Well-Known Member Supporting Vendor

    Joined:
    Apr 28, 2006
    Messages:
    14,695
    Location:
    NW Wisconsin
    It seems I get this virus at exactly 3:42 AM. I got it again last nite at the same time as I did a week ago. It comes in from gocomics.com webiste attached to an adobe 3D run. I got it again last nite. I still believe this is a scam to get you to divulge a credit card for them to max out the cash advance.

    It iwllnot delete. It keeps on running as if it weere a scan and it tells you that you have dozens of viruses and trojans on your computer.

    I did as I suggested earlier. I shut down mechanically wiht the button (hold it down till the computer shuts off generally in about 5 seconds). Then wait a bit, restart, tap, tap, tap F8 when the computer name flashes. and then the system begins in a form of safe mode. From theri I selected safe mode and noodled till I got to "system restore" and selected the recommend date/time and wited for that to finish. It worked.

    Each of these instructions takes a bit to work. After you choose the instruction look at the flashing light on your computer tower. If tha tis going, then the procedure is in action. Let it finish. Then follwo the system restore prompts. Computer working normally again.

    Jack
     
  20. crusha

    crusha TS Member

    Joined:
    Jan 29, 1998
    Messages:
    5,762
    And as always, a shout of thanks goes out to FatPigeon for his ever-so-helpful admonition to avoid porn sites...this no doubt represents a hard-earned nugget of wisdom for him.


    Thanks, Fathawk...we'll file that little tidbit away somewhere.


    (Maybe 2010 will be the year you get a girlfriend)
     
Thread Status:
Not open for further replies.