PDA

View Full Version : I hate those ** viruses!!!



Gerbrandd
04-15-2011, 06:09 AM
Hello,

I was just searching for some nice aircraft pictures, so I could make a repaint. I clicked on an image to enlarge it, when suddenly a pop-up came up saying that my pc was possibly infected with virusses and that they would perform a system scan...

At the background a saw a loading bar (like on a normal virus scan) and I could nothing do except from agreeing!

Fortunately it was the second time it appeared to me (The first time I didn't know what to do and of course I had to perform a total reinstallation).

So I immediately ran Task Manager and I ended up the iexplorer.exe proces. After, I shut of the internet connection and I performed a system scan with Avira AntiVir and also one with Windows Defender... They didn't discovered anything.

Now I hope there are no viruses on my pc. I don't know if I handled right but, I tried to do the best I could. Maybe someone knows what I have/had to do? Or maybe how to prevent such 'attacks'.:confused:

I just wanted to add this because it could appear by everyone here...

Kinds regards,
Gerbrand

ReggieF5421
04-15-2011, 08:51 AM
Now I hope there are no viruses on my pc. I don't know if I handled right

You handled it right. Those warning NEVER detect a virus on your PC.

They exist for two purposes.

One is that by clicking the "Perform Scan" button - it allows the website to install something on your PC. It is usually something that only tracks your internet usage and captures all your passwords. Some actually install viruses which allow the website to hijack your computer and run processes in the background you never know about - like hosting child pron on your computer, or using it for a DOS attack, etc.

The other purpose is from relatively benign, but poor, AV software - trying to make you agree to buy their scanner service.

You handled it correctly.

Only one other step - know the website you visited and never go there again.

Ragtopjohnny
04-15-2011, 08:56 AM
Reggie,

That happens on random sites. I've had it happen clicking link pictures on here even.

Now I know what to do though, we need to keep an eye out for this one. It's a pain.

John Thuot II
A+/Network+

Gerbrandd
04-15-2011, 09:49 AM
Thanks for your replies already,

the first time I had that problem, I clicked at the X at the top of the window to close the window, but however the files were installed on my (previous) pc. Every 10 minutes, a creepy sound played and another popup appeared saying "buy scan 'BLABLABLA' and it will remove the viruses (more then $100). The pc kept craching and the only solution was a complete reinstall... I didn't want to experience that again. So now I luckily didn't click at the window and started Task Manager. Though, I'm wondering if my firewall don't stop such attacks.:confused:

Cheers,
Gerbrand

ps76
04-15-2011, 10:12 AM
Hi!

I've had the problem with fake antivirus software installed on my PC a couple of times. Normally a restart in safe mode and a running of Malwarebytes anti-malware (excellent freeware) fixes it. I normally perform an online scan afterwards just to make sure. Viruses sure do suck though! I feel your pain!

Hope all's better

Pierre

wdscobie
04-15-2011, 10:13 AM
information that shows how these fake 'scanners' work and it may be helpful for you to review -

http://www.youtube.com/watch?v=wKI5dg1cs74


--

Gerbrandd
04-15-2011, 10:47 AM
Hi!

I've had the problem with fake antivirus software installed on my PC a couple of times. Normally a restart in safe mode and a running of Malwarebytes anti-malware (excellent freeware) fixes it. I normally perform an online scan afterwards just to make sure. Viruses sure do suck though! I feel your pain!

Hope all's better

Pierre

The 1st time I had the problem with fake antivir I searched on the internet for solutions and there were a lot of positive reactions for 'Malwarebytes'. So I downloaded and installed it too, but before I even could start Malwarebytes' scan, several errors came up, i think the fake AV already damaged the Malwarebytes' program... Finally I got the scan running and after maybe 5 minutes, my pc crashed (this happened several times)... So there was no other solution then reinstalling...

You also say that you feel my pain, and yes it gives me a weird 'pain':
On the one hand, I was scared because I didn't want to lose any documents, fsx addons, I didn't want to reinstall again...
On the other hand I felt really angry, because I wonder what ** (you can choose your own word) people want to do such afraid things.


information that shows how these fake 'scanners' work and it may be helpful for you to review -

http://www.youtube.com/watch?v=wKI5dg1cs74--
Well that was exactly what happened the first time I got such fake warnings! (except from that I didn't install anything-because I had to pay for it)

It's fine to share your opinions, thanks,

Gerbrand

lefu
04-15-2011, 12:06 PM
Hello,

I was just searching for some nice aircraft pictures, so I could make a repaint. I clicked on an image to enlarge it, when suddenly a pop-up came up saying that my pc was possibly infected with virusses and that they would perform a system scan...

At the background a saw a loading bar (like on a normal virus scan) and I could nothing do except from agreeing!

Fortunately it was the second time it appeared to me (The first time I didn't know what to do and of course I had to perform a total reinstallation).

So I immediately ran Task Manager and I ended up the iexplorer.exe proces. After, I shut of the internet connection and I performed a system scan with Avira AntiVir and also one with Windows Defender... They didn't discovered anything.

Now I hope there are no viruses on my pc. I don't know if I handled right but, I tried to do the best I could. Maybe someone knows what I have/had to do? Or maybe how to prevent such 'attacks'.:confused:

I just wanted to add this because it could appear by everyone here...

Kinds regards,
Gerbrand

As soon as you click to close the window after that kind of message some crap is going to enter your PC,
same when you get a message saying " are you sure you want to quit this website ? " so the idea about closing iexplore.exe in the process dialog window is the best shot.
If you have IE8 there are many "iexplore.exe" processes, just close the one that uses less RAM; it'll close all windows and no garbage will get in your PC.

InsyleM
04-15-2011, 12:30 PM
If found that running your windows under a limited user account helps alot! It's saved my PC a few times.

ReggieF5421
04-15-2011, 12:37 PM
I also find that leaving UAC On helps stop this type thing on Vista and Win7.

I've never had problems running FS2004 or FSX with UAC enabled once I setup my security correctly.

Gerbrandd
04-15-2011, 01:09 PM
I also find that leaving UAC On helps stop this type thing on Vista and Win7.

I've never had problems running FS2004 or FSX with UAC enabled once I setup my security correctly.

It may sound odd but UAC is enabled, however it didn't warned me. With me, it only ask permission to run a .exe and such file types... Do you have other settings maybe? I didn't change anything since I enabled it :rolleyes:

Thanks,
Gerbrand

mjrhealth
04-15-2011, 07:10 PM
Look up process explorer, its a microsoft tool. I had a friend who had this happen I ran process explorer, found the process chewing up all the cpu time and killed it, rand addaware, which caused avg to remove a few things then all was good.

ReggieF5421
04-15-2011, 08:12 PM
It may sound odd but UAC is enabled, however it didn't warned me.

UAC didn't warn you because you stopped the install before it tried to modify your computer. UAC would bring up a warning if you clicked on the Scan button, the close box or anything else.

Gerbrandd
04-16-2011, 03:18 AM
UAC didn't warn you because you stopped the install before it tried to modify your computer. UAC would bring up a warning if you clicked on the Scan button, the close box or anything else.

Oh I understand, thanks for the info...
And what about your firewall? Doesn't your firewall block such attacks? Isn't that made for such type things?

Regards,
Gerbrand

Gerbrandd
04-16-2011, 03:19 AM
Look up process explorer, its a microsoft tool. I had a friend who had this happen I ran process explorer, found the process chewing up all the cpu time and killed it, rand addaware, which caused avg to remove a few things then all was good.

Is this built in (Win 7)?
I've tried a search but it couldn't find anything...

And can you see the proces by your own when looking at the Task Manager? Or are such processes hidden for you?

Thanks,
Gerbrand

loki
04-16-2011, 03:46 AM
Process Explorer is available below. It provides far more info than the Task Manager.

http://technet.microsoft.com/en-gb/sysinternals/bb896653

loki
04-16-2011, 03:55 AM
And what about your firewall? Doesn't your firewall block such attacks? Isn't that made for such type things?

A firewall will only protect against someone trying to hack into your network or computer. It won't help for connections that you have initiated, such as browsing the net. Many computers are infected through security holes in Flash or PDF browser plug-ins that are triggered when your browser loads a malicious Flash program, or by the user being tricked into clicking on something they shouldn't (like what almost happened in this case). Your firewall will happily let it through as you've "requested" it by browsing to that website. And it may not be the site itself, but a compromised third party ad server.

One of the biggest security problems with XP is that almost all home users run as administrators, and all programs running on the computer have the same level of access as the user. Using a security hole in the Flash plug-in, a malicious programmer could download a program to the XP computer and install it in the background without the user being none the wiser. Under Vista and 7, UAC would catch attempts like this and ask the user what to do. Of course if the user clicks still yes, the program will still be installed.

kingnorris
04-16-2011, 04:09 AM
Reminds me of the time I was doing research for a project, and had to look at free Adult Content ;).....then BAM....I got a mega virus attack. Changed my desktop picture from the Mrs. and me to a giant Virus warning, and changed my internet homepage as well. Restore did nothing......

Finally had to bring my pc in and get a complete uninstall/reinstall of the OS.

Lesson learned: No more research of that kind......... :)

Gerbrandd
04-16-2011, 04:19 AM
Reminds me of the time I was doing research for a project, and had to look at free Adult Content ;).....then BAM....I got a mega virus attack. Changed my desktop picture from the Mrs. and me to a giant Virus warning, and changed my internet homepage as well. Restore did nothing......

Finally had to bring my pc in and get a complete uninstall/reinstall of the OS.

Lesson learned: No more research of that kind......... :)

Haha, maybe then you could expect such mega virus attacks :) Always be careful with popping windows and flashing adds...

Gerbrandd
04-16-2011, 04:23 AM
Process Explorer is available below. It provides far more info than the Task Manager.

http://technet.microsoft.com/en-gb/sysinternals/bb896653

Ran the program, searched for almost every proces at google. Some files could be suspicous when not in the System/Win32 folder, but some of these processes don't show a location (C:\...) is that normal? An example: services.exe --no location, no description...

Regards,
Gerbrand

JSkorna
04-16-2011, 10:09 AM
That is a valid process.

Gerbrandd
04-16-2011, 01:19 PM
OK, thanks.

Gerbrand

Ragtopjohnny
04-16-2011, 01:23 PM
Kaspersky was actually effective in blocking this out. Was surprised. McAfee it always got past. I use Kaspersky Pure Security and it was totally effective against it....

John Thuot II
A+/Network+

Ragtopjohnny
04-16-2011, 01:59 PM
Check this out guys -- this might help you http://www.myantispyware.com/2011/04/05/how-to-remove-vista-total-security-2011-virus/ for the vista thing anyway.

Searching under Google with the different names might help you get rid of them all....

John Thuot II
A+/Network+

Ragtopjohnny
04-16-2011, 02:20 PM
No problem man....

I hear yah -- they are pains. I was shocked Kaspersky blocked it when I clicked on a picture for some textures I needed. I was "Woohoo Kaspersky!"

Let me know how you make out with that one too.....

John Thuot II
A+/Network+

Gerbrandd
04-16-2011, 02:44 PM
You see it can overcome everebody... :(

Gerbrand

mgovernali
04-16-2011, 11:06 PM
Hi American. I own a computer service store in canada. I clean about 5 infected pcs a day. Normally I simply remove the infected hard drive and slave it onto my shop machine and scan it with kaspersky first and other programs after, if you dont have another pc to do that however ( I usually do this i dont feel like removing the drive from the machine) here is step by step instructions on how to disinfect your machine. you must follow these steps to the letter otherwise it will drive you bananas.
1) download antimalwarebites free (download.com) and place it in a usb flash drive.
2) turn pc off, insert the flash drive in a usb port.
3) start pc, as soon as you see bios screen/logo immediately press F8 several times, keep doing this till you see the startup options screen. if the pc starts beeping while pressing f8 it means you have pressed it enough times and you can stop pressing it.
4) choose "START COMPUTER IN SAFE MODE WITH NETWORKING"
5) PAY ATTENTION TO THE NEXT STEP AS IT IS THE MOST CRITICAL. as soon as you see the desktop appear (dont wait for the icons to appear), immediately go to START/MY COMPUTER. as soon as my computer opens, immediately locate your flash drive and open it, as soon as the malwarebites icon appears you must RIGHT CLICK on it and choose RUN AS and pick ADMINISTRATOR, a small window will open, leave the first check mark checked but uncheck the second which says "do not allow to make changes... or something SIMILAR. remember you only have about 10 seconds to do all of the above, cause once the fake antivirus (THE VIRUS) starts up it will block you from running antimalwarebites, in other words you need to take advantage of that 10 seconds window before the fake program/virus kicks-in.
6) allow antimalwarebites to install and allow it to update itself during the install as it prompts you, if you install it and then close it before you run it , the virus will block it from starting. if for some reason antimalwarebites cannot connect to its site and update itself it is because your browser's proxy settings have been blocked by the virus, if this happens (unlikely) leave antimalwarebites open (do not close it), start internet explorer, go to "tools/internet options/connections/LAN settings", you will find 4 checkmarks in there make sure that only the top is checked and uncheck the other 3. close the browser.
7) you will now be able to update antimalwarebites. do a full scan.
once it finishes click on "show results" make sure all infections found are checked, click on disinfect all, it will prompt you to reboot, allow it to reboot to normal mode, your regular antivirus should now be functioning again, update it and do a full scan to make sure all bad stuff is gone.
8) if for whatever reason, you are not able to update antimalwarebites, do a full scan anyways, it wont have the latest signatures but it will take out just enough of the viruse(s) to allow you to reboot and update it, so that you can kill them completely.
9) if you like, follow up with another full scan with superantispyware (free at download.com).

if you need any help, please let me know. good luck.
mark governali.

mgovernali
04-16-2011, 11:16 PM
From Reggies post
"They exist for two purposes.
One is that by clicking the "Perform Scan" button - it allows the website to install something on your PC. It is usually something that only tracks your internet usage and captures all your passwords. Some actually install viruses which allow the website to hijack your computer and run processes in the background you never know about - like hosting child pron on your computer, or using it for a DOS attack, etc.
The other purpose is from relatively benign, but poor, AV software - trying to make you agree to buy their scanner service.
You handled it correctly.
Only one other step - know the website you visited and never go there again. "

..hate to tell you Reggie, but all of these points are inaccurate.
mark.

Ragtopjohnny
04-16-2011, 11:29 PM
Sorry Tyler, was hoping I'd have something there with that for you....:(.

John Thuot II
A+/Network+

Gerbrandd
04-17-2011, 03:23 AM
From Reggies post
"They exist for two purposes.
One is that by clicking the "Perform Scan" button - it allows the website to install something on your PC. It is usually something that only tracks your internet usage and captures all your passwords. Some actually install viruses which allow the website to hijack your computer and run processes in the background you never know about - like hosting child pron on your computer, or using it for a DOS attack, etc.
The other purpose is from relatively benign, but poor, AV software - trying to make you agree to buy their scanner service.
You handled it correctly.
Only one other step - know the website you visited and never go there again. "

..hate to tell you Reggie, but all of these points are inaccurate.
mark.

So do you mean that I didn't handle correctly? Are th ere still risks for my pc now, then?

Regards,
Gerbrand

mgovernali
04-17-2011, 03:54 AM
So do you mean that I didn't handle correctly? Are th ere still risks for my pc now, then?

Regards,
Gerbrand

no Gerbrandd, you did the exact (and only) right thing to do, i was referring to the purpose and "mechanics" of these viruses. their intention is nothing else than to get your credit card, they will leave your machine infected and your bank account lighter.
mark.
p.s. if i was you however, i would run antimalwarebites and superantispyware to make sure. they are both free at download.com

regards. mark.

Gerbrandd
04-17-2011, 04:36 AM
Thanks Mark,

you just made me a little bit anxious, but that's now solved :)
I'll try both...

P.S. Can you notice the activity of viruses without virus scan (so what are the consequences for your computer itsself?)

Gerbrand

Gerbrandd
04-19-2011, 11:56 AM
Holy!

Now it's the second time in one week! It's becoming a plague! I was on a local news site, suddenly again a popup appeared saying almost the same as the previous time. I hate it!!

Gerbrand

JSkorna
04-19-2011, 02:52 PM
Hi,

That means you didn't get rid of it the first time.