CKA Forums
Login 
canadian forums
bottom
 
 
Canadian Forums

Author Topic Options
Offline
CKA Uber
CKA Uber
 Toronto Maple Leafs


GROUP_AVATAR

GROUP_AVATAR
Profile
Posts: 20460
PostPosted: Wed Apr 06, 2011 12:17 pm
 


I think a thread that deals with specific viruses/worms/trogans and how best to handle them.

Just recently I was bouncing from this site and my Facebook account. Might a clicked a few links on either when suddenly I was kicked off the net. I couldn't go back on nor use any other program except crt-alt-dele and the option to shot down a restart. Tried many different thinks and eventually was able restore my computer to yesterday.

Don't know what I hit or how I hit it. It kept bring up an official looking microsoft windows virus scanner which was little more then a movie since no option worked execept the directions to the payment screen.

A file search kept showing epy.exe ... I don't know if its fully gone ore why it suddenly took over???


Offline
Forum Super Elite
Forum Super Elite
User avatar
Profile
Posts: 2664
PostPosted: Wed Apr 06, 2011 12:55 pm
 


Yes I've dealt with this one before.

Run Spybot Search and Destroy to remove the virus. Also run Malwarebytes to make sure it's gone.


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63827
PostPosted: Wed Apr 06, 2011 1:41 pm
 


Hi Derby - Spybot is a good choice and it's good advice. But to get things started go to Start > Search and run a file search for *.exe with the date parameter of the past day or so. Delete the files that show up **unless** you've run Microsoft patches and then do not delete anything that installed to a Microsoft program folder. You can tell the bad stuff by hovering your cursor over the .exe to show the description. The description on the evil stuff will be in Chinese or Russian. XD

After that, run Spybot to clean up the balance.

I've been seeing this spyware/scareware 3-5 times a week at the agency I work for.


Offline
CKA Super Elite
CKA Super Elite
User avatar
Profile
Posts: 8851
PostPosted: Wed Apr 06, 2011 1:49 pm
 


I just got nailed with this one on Saturday. 2nd time in the last few months.

Nothing worked! :evil: :evil:

Finally found my own simple fix.

reboot; as this starts, keep hitting F6 (XP) or F9 (Windows).

'Start in Safe Mode' Go to restore and go back a couple days. That's it! :D :D

Then do a complete scan.


Offline
Forum Super Elite
Forum Super Elite
User avatar
Profile
Posts: 2664
PostPosted: Wed Apr 06, 2011 1:59 pm
 


BartSimpson wrote:
Hi Derby - Spybot is a good choice and it's good advice. But to get things started go to Start > Search and run a file search for *.exe with the date parameter of the past day or so. Delete the files that show up **unless** you've run Microsoft patches and then do not delete anything that installed to a Microsoft program folder. You can tell the bad stuff by hovering your cursor over the .exe to show the description. The description on the evil stuff will be in Chinese or Russian. XD

After that, run Spybot to clean up the balance.

I've been seeing this spyware/scareware 3-5 times a week at the agency I work for.


I think it might a java exploit, had a java app running in the background when this one slipped. It made it through 2 times actually, right past Avast.

Also the 2nd time there was an activex script.

I've stopped using mozilla FF 4 as both times it slipped through it was from mozilla FF 4.


Offline
Site Admin
Site Admin
Profile
Posts: 32460
PostPosted: Wed Apr 06, 2011 2:39 pm
 


For you to start with run Malwarebytes in safe mode.
I run the quick scan at least every week and the full scan at least once a month. It's picked off a few and I'm not sure where they came from and although my computer was running fine it deleted them. I also run a full scan if anyone else has been on my computer for anything.





PostPosted: Wed Apr 06, 2011 3:01 pm
 


Thanks for the trip down memory lane.. Now I remember why I got rid of Windows.


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63827
PostPosted: Wed Apr 06, 2011 3:34 pm
 


Curtman wrote:
Thanks for the trip down memory lane.. Now I remember why I got rid of Windows.


Blaming Windows for viruses and etc. is like blaming Toyota because their best-selling Camry is the #1 car stolen by thieves.

Think about it. [B-o]





PostPosted: Wed Apr 06, 2011 3:53 pm
 


BartSimpson wrote:
Curtman wrote:
Thanks for the trip down memory lane.. Now I remember why I got rid of Windows.


Blaming Windows for viruses and etc. is like blaming Toyota because their best-selling Camry is the #1 car stolen by thieves.

Think about it. [B-o]


Yep. Being the weakest link in the chain is not for me.


Offline
CKA Super Elite
CKA Super Elite


GROUP_AVATAR
User avatar
Profile
Posts: 9019
PostPosted: Wed Apr 06, 2011 8:51 pm
 


TIP: most of the previous suggestions won't work once it's got in. It kills your ability to run .exe files and do automatic updates.
Download Malwarebytes from another computer onto a stick. And MSoft's Update Fix Tool
Rename mbam...exe to mbam.com and copy it to the desktop, then it will run.
Update it, run it. If mbam doesn't update, run it get what you can, reboot in safe with networking, update run again.
Then run the Windows tool to fix your auto updates.
This week it's coming mainly from email attachments and infected music downloads.

And get rid of your System Restore - it's just another place to hide viruses. If you really want turn it back on after and set it to 2% diskspace, save a restore point as "DateOK"


Offline
Newbie
Newbie
User avatar
Profile
Posts: 2
PostPosted: Wed Jul 27, 2011 11:59 am
 


I'm coming pretty late to this thread, but for the future I highly recommend installing Microsoft Security Essentials. It's easily the best free antivirus software.

Oh, and like Yogi said: Starting your computer in safe mode is always a good first step. You can then scan your drive for any malware, etc. while it's inactive.

If you're new to this whole thing, think of it this way: You should maintain your computer like a property maintenance expert would maintain your home. If you let things go for too long (in this case, virus scans), then it will be significantly more difficult to restore you computer. This also applies to maintaining your hardware, like cleaning your case every few weeks.


Last edited by monkeyboy on Wed Sep 07, 2011 7:21 am, edited 1 time in total.

Offline
CKA Elite
CKA Elite
User avatar
Profile
Posts: 3355
PostPosted: Wed Jul 27, 2011 12:34 pm
 


Would any of you guys recommend a "Sandbox" application like Sandboxie?


Offline
CKA Elite
CKA Elite
User avatar
Profile
Posts: 4233
PostPosted: Wed Jul 27, 2011 12:49 pm
 


Only benefit of being behind a ISP firewall to censor the net is that it keeps majority of the junk at bay aswell. Plus I have AVG set on scan daily at 4.00pm. Ever since I've been running that, been around two years now I think, I never had a problem.


Offline
CKA Uber
CKA Uber
Profile
Posts: 10666
PostPosted: Wed Jul 27, 2011 12:59 pm
 


Yogi wrote:
I just got nailed with this one on Saturday. 2nd time in the last few months.

Nothing worked! :evil: :evil:

Finally found my own simple fix.

reboot; as this starts, keep hitting F6 (XP) or F9 (Windows).

'Start in Safe Mode' Go to restore and go back a couple days. That's it! :D :D

Then do a complete scan.


It's actually F8, not F6 for those trying to boot into safe mode on all Windows versions.


Offline
CKA Super Elite
CKA Super Elite


GROUP_AVATAR
User avatar
Profile
Posts: 9019
PostPosted: Wed Jul 27, 2011 1:36 pm
 


And being simple it works in about 5% of cases.
System Restore is one of the first place most viruses go to hide. So scan again afterwards.
The ones I see the owner knew something was wrong but they just had to exchange these so f'ing important pictures of their one year year old ramming his head into his birthday cake with every friend on Facebook for two more weeks. Until every contact they have is infected and their system is completely fubar'd.


Post new topic  Reply to topic  [ 148 posts ]  1  2  3  4  5 ... 10  Next



Who is online

Users browsing this forum: No registered users and 1 guest




 
     
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © Canadaka.net. Powered by © phpBB.