XP virus scare

by maverick375 Thu 7 Apr 2011 - 10:13

Hey. Just had a fun night and morning with the latest virus going around for Win XP (there's a version for Win7 too). XP Security 2011, a work of art malware, I managed to pick up while trying to DL an image file. It locks out all virus scans and prevents access to the net by emulating the Windows security center. It fakes a scan, in which it picks up all kinds of fake virus, and then prompts for you to "fix" it. When you click it, it wants you to enter your info to buy it, which of course is a ruse to get your info.
Ive run into this before on coworkers comps and simply did a format and re-install, but this was obviously not a choice on my own comp in the short term.
Fixes are complicated, as you can either get functionality restored and download (and buy) a sweeper that it's free, or do it manually, which involved registry editing.

There is, however, a somewhat easier way, though I'm still cleaning up after (just in case)
Apparently it has a weakness in that it has trouble infecting the Admin profile in XP (assuming you're not logged in under it). I was able to boot into my admin and load a restore point from two days ago, and it not only restored functionality, but I'm having trouble finding traces of the malware.
Obviously I'm spending the day cleaning the hell out of this thing, but I figured I'd send out a heads-up to my friends in case you use XP. If you're clean now, make sure you set up automatic restore points in the system and keep the Admin profile separate from your usual working environs.

by hydra282 Thu 7 Apr 2011 - 13:13

Sounds familiar.

by **ElfenMagix** Thu 7 Apr 2011 - 16:23

I have been hit with that several times with it fomr summer of last year. Interesting, I must admit that they have been evolving the software for some time as the Virus scan itself would change to different names and page formats. So, its been around for a while.

by maverick375 Thu 7 Apr 2011 - 17:14

Safe mode was also a little help in killing it. it's about the only way to gain entrance to regedit to manually delete the registry stuff. I got lucky in that my last restore was automatically done on Tuesday, so I didn't lose anything.

by FearTheLASERFACE Thu 7 Apr 2011 - 17:24

I've been hit by this before, as well as my parents. I've beaten it every time so far. The only real thing that ever actually ended up beyond my understanding was when my PC simply broke down. Apparantly, I mashed the power button instead of safely turning it off too much, so it screwed up Razz

.

by Five_X Thu 7 Apr 2011 - 18:45

I've had this one before. I just found the file and deleted it, and did a registry clean/fix to make sure everything was in working order.

Still doesn't explainen vhy I can't view Cyborg Centralhausen without ein proxy, though.

by Guest Fri 8 Apr 2011 - 0:33

I got something like that on my PC. Defender.exe which shuts down malware bytes and kasperskys all while saying that multiple viruses are threating your computer. Managed to get malware to clear it out.

by Alfisti Fri 8 Apr 2011 - 2:37

crazyidiot78 wrote:I got something like that on my PC. Defender.exe which shuts down malware bytes and kasperskys all while saying that multiple viruses are threating your computer. Managed to get malware to clear it out.

I think I got that one, or at least a derivative of it a little while ago. Shut down the virus busters, hid files and disallowed access to the internet... then shut the computer down periodically with the message "RAM temperature critical". Eventually I found that Nortons would block it just long enough for Malwarebytes to remove it. Nortons would only remove part of it and it'd re-install each time the computer shut itself down.

by SPARTAN 119 Fri 8 Apr 2011 - 4:13

This is one of those times I'm glad I have a Mac.

by **Triela** Fri 8 Apr 2011 - 8:41

SPARTAN 119 wrote:This is one of those times I'm glad I have a Mac.

by Nuke is Good Fri 8 Apr 2011 - 13:36

Piracy is a good way to get slammed with viruses and whatnot.

by TTIO Sat 9 Apr 2011 - 14:59

SPARTAN 119 wrote:This is one of those times I'm glad I have a Mac.

Should point out, Macs actually have worse security than Windows - it's just that they're so obscure as compared to Windows computers, people don't target them.
Not so for Linux (downside of your desktop OS being one of the most popular server OSs as well), but then, the security on Linux is very good. Heck, you can't log in as an admin on most desktop versions, unless through the terminal (or if you go through and allow root as a logon-abble account. If you do that, you probably know what you're doing. Still a bad idea though).

Linux still ftw! Very Happy

by **Kiskaloo** Sat 9 Apr 2011 - 15:12

TTIO wrote:
SPARTAN 119 wrote:This is one of those times I'm glad I have a Mac.

Should point out, Macs actually have worse security than Windows - it's just that they're so obscure as compared to Windows computers, people don't target them.

Not so for Linux...

OS X is based on a Unix kernel so, like Linux, it has benefitted from decades of "in service" use and was designed from the ground up with security in mind, unlike Windows.

Those "experts" and "studies" that claim OS X is a security nightmare are funded by companies like Symantec that sell OS X anti-virus software, so consider it's in the benefit to commission a study that gives those results. Wink

It is difficult to infect an OS X and Linux system because by default user accounts do not run with Root privileges.

by SPARTAN 119 Sat 9 Apr 2011 - 15:54

Kiskaloo wrote:
TTIO wrote:
SPARTAN 119 wrote:This is one of those times I'm glad I have a Mac.

Should point out, Macs actually have worse security than Windows - it's just that they're so obscure as compared to Windows computers, people don't target them.

Not so for Linux...

OS X is based on a Unix kernel so, like Linux, it has benefitted from decades of "in service" use and was designed from the ground up with security in mind, unlike Windows.

Those "experts" and "studies" that claim OS X is a security nightmare are funded by companies like Symantec that sell OS X anti-virus software, so consider it's in the benefit to commission a study that gives those results.

It is difficult to infect an OS X and Linux system because by default user accounts do not run with Root privileges.

My fluency in technobabble is limited, but from the sound of it, Mac OS X security actually is pretty good.

But, regardless, my point remains, most of the people who create Mac viruses probably have a specific target in mind, it is much less likely for a Mac virus to be created by some guy who just creates a virus for "mass distribution" for a laugh. There just aren't enough targets.

by **Kiskaloo** Sat 9 Apr 2011 - 16:01

SPARTAN 119 wrote:But, regardless, my point remains, most of the people who create Mac viruses probably have a specific target in mind, it is much less likely for a Mac virus to be created by some guy who just creates a virus for "mass distribution" for a laugh. There just aren't enough targets.

True. There are exploits designed to attack OS X. But almost all, if not all, of them require active user intervention (download a file, install it, and give that file access to the Root folder).

With Windows, so much code can be executed in the background that it's much easier for an infection to find a vector into the system without active user intervention.

User Account Control on Vista and Windows 7 is a good idea. However, it was terribly executed in Vista, requiring you to darn near type in your password just to hit the CapsLock key. Razz

As such, most everyone immediately turned it off.

For Windows 7, UAC offers more granularity and can be configured similar to OS X's default, where you're only prompted for your password when installing an application or when a program needs access to the Root folder. However, with the bad experience users had with it under Vista, most people disable it in Win7, as well.

by TTIO Sat 9 Apr 2011 - 16:04

Kiskaloo wrote:OS X is based on a Unix kernel so, like Linux, it has benefitted from decades of "in service" use and was designed from the ground up with security in mind, unlike Windows.

Those "experts" and "studies" that claim OS X is a security nightmare are funded by companies like Symantec that sell OS X anti-virus software, so consider it's in the benefit to commission a study that gives those results.

It is difficult to infect an OS X and Linux system because by default user accounts do not run with Root privileges.

I was under the impression that whilst the kernel was written with good security, the processes/services etc. are not necessarily the same way (iTunes for example, regularly crashes my w7 computer. Though granted, that may have something to do with it not liking ext3 drivers. But no other program crashes due to ext3 :p)

But you undoubtedly know a lot more about OSX than me - I just love my Linux <3

by Nuke is Good Sat 9 Apr 2011 - 16:24

TTIO wrote:
Kiskaloo wrote:OS X is based on a Unix kernel so, like Linux, it has benefitted from decades of "in service" use and was designed from the ground up with security in mind, unlike Windows.

Those "experts" and "studies" that claim OS X is a security nightmare are funded by companies like Symantec that sell OS X anti-virus software, so consider it's in the benefit to commission a study that gives those results.

It is difficult to infect an OS X and Linux system because by default user accounts do not run with Root privileges.

I was under the impression that whilst the kernel was written with good security, the processes/services etc. are not necessarily the same way (iTunes for example, regularly crashes my w7 computer. Though granted, that may have something to do with it not liking ext3 drivers. But no other program crashes due to ext3 :p)

But you undoubtedly know a lot more about OSX than me - I just love my Linux <3

I enjoy my Solaris 10.....when I'm not gaming.

by **Kiskaloo** Sat 9 Apr 2011 - 20:11

Well iTunes under Windows is a different beast than under OS X. That being said, it is far past time for Apple to have re-written iTunes from Carbon to Cocoa, but that's another rant for another time. Smile

by TTIO Sun 10 Apr 2011 - 3:00

Nuke is Good wrote:I enjoy my Solaris 10.....when I'm not gaming.

Harsh, man, harsh. But true :p
I have a gaming PC that runs only Windows (with Fedora as a recovery OS), and my laptop has to use windows as I still haven't got the wifi working on Linux bang head

But ssh. I still love it :p

by **ElfenMagix** Tue 12 Apr 2011 - 23:58

I found one of many sites pushing such viruses. It tried to attack my Mac. It failed. I lol'd!

It is as exactly as described on this thread.

DO NOT CLICK ON LINK! IT CONTAINS A VIRUS!
http://webavpro-s.co.cc/scan/?key=lRp2At8_qYjus4VrpsEQx_kqvYD0ouipkVGhNxyTx8w~
DO NOT CLICK ON LINK! IT CONTAINS A VIRUS!

by Five_X Wed 13 Apr 2011 - 3:14

My computer currently has more viruses in it than a harem/soup kitchen hybrid!

by maverick375 Sat 16 Apr 2011 - 18:43

Piracy is a good way to get slammed with viruses and whatnot.

Ironically, I was looking for an image of WinXP Pro to replace my scratched original with. Not exactly piracy, but yes, trolling the net for torrents has it's dangers.

by MP5 Sat 16 Apr 2011 - 19:00

Got hit by this in the past 24 hours, managed to restore myself back onto the internet, but I am now running MalwareBytes, Avast, and Secunia PSI as well as MS Security Essentials. however, I now cannot activate any automatic updates for some reason, and MSSE cannot update its definitions. the admin profile is also the only available profile. any suggestions?

by maverick375 Sat 16 Apr 2011 - 19:58

You might have to go in and edit the remnants of the virus from the registry. information on that here.

I personally don't use the windows auto-update since it has screwed things up more than once if left to itself. if you're talking about the anti-virus software autoupdates, I'm not sure that you can fix those without reinstalling them. If I recall correctly, spybot detects changes in the autoupdate and other security center registry entries and flags them, even if you purposely disable them.

The biggest pain of that virus is how effectively it cripples the access to anything that works against it. If you have access to the net and other software, then you can beat it. It just takes time.

by TTIO Sun 17 Apr 2011 - 16:01

MP5 wrote:Got hit by this in the past 24 hours, managed to restore myself back onto the internet, but I am now running MalwareBytes, Avast, and Secunia PSI as well as MS Security Essentials.

To be perfectly honest with you, the chances of them doing anything are slim. And they'll likely interfere with each other.
Anti-viruses are often definition based - they guard against viruses that the writers know about. Sometimes the lists are quite large (see www.securelist.com for Kaspersky's), but the most dangerous attacks the new ones.

Get something with a decent proactive defense (Kaspersky or Comodo Firewall are the ones that I would recommend) and then read whatever it tells you and don't let through suspicious stuff. If a game wants control of your monitor, or your speakers, then fair enough - but if a text editing program wants it, don't let it through. That sort of thing.
That'll give you more protection than any anti-virus (NB I don't use an anti-virus anymore. Just Comodo Firewall and proactive defense).

And if it's too awkward to fix XP now, just reinstall. That's what I did the one occasion I got such a virus Razz

by Nuke is Good Sun 17 Apr 2011 - 16:21

Honestly, if you got hit really bad with a virus I recommend reinstalling Windows.

If you have Sophos thats a good antivirus, its extremely sensitive that approaches false positive territory. But its for the Corporate setting so it runs only on one computer in my house.

by Five_X Sun 1 May 2011 - 15:28

Argh, got hit by it again. And now whenever I try to open .exe files, I'm asked to select which file to use to open each with, every time, which means I can't correctly access most programs on my computer.

by Sponsored content

XP virus scare

XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare

Re: XP virus scare