Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Vista Security 2011 Virus

  • 03-04-2011 11:11am
    #1
    Registered Users, Registered Users 2 Posts: 844 ✭✭✭


    Hi and help please!

    Ive already posted this in the Security Section.
    So I was trying to watch a footy match on a streaming site yesterday and when I turned on my laptop this morning I get all sorts of pop ups saying my security has been breached and my machine is under attack from malware etc so I should upgrade to the paid version of Vista Security 2011.I Sussed something was up so a quick google on my iPod Touch tells me this is a not uncommon virus.I've read a a few guides on how to remove and delete tjhis but given that I'm not that tech savvy I was wondering has anybody on here had the experience of doing so and how did they get on?
    I've the use of a second clean machine too cos I'm a bit paranoid about going online with my own one for obvious reasons and what really annoys me is that I have up to date Mcafee installed and running and it never caught it and when a ran a full scan this morning it never picked it up either.
    Thane in advance if anyone can help


Comments

  • Registered Users, Registered Users 2 Posts: 844 ✭✭✭Yellowledbetter


    Thanks very much,Ill give it a bash now


  • Registered Users, Registered Users 2 Posts: 844 ✭✭✭Yellowledbetter


    Couldnt see an option for updating my AV software but the scan is currently now(Full). I still am getting the pop ups even in Safe Mode,Im guessing this is not a good sign


  • Registered Users, Registered Users 2 Posts: 6,794 ✭✭✭cookie1977


    Try downloading malware bytes:
    www.malwarebytes.org
    install, update and run full scan

    Edit
    ^^^^Beat me to it^^^^

    You could also download kaspersky virus removal tool from here:
    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/


  • Closed Accounts Posts: 46 obrien.cathal


    I've been reading quite a lot about the likes of these fake anti-virus programs being on the increase at the moment and they are getting more difficult to remove by the looks of it at this Technibble post. The post refers to 'System Tools 2011' but I'm sure they are all very similar.

    I would follow cookie1977 and LIGHTNINGS advice and when you have completed their steps if reboot your computer and either use the 'netstat' command or examine the router access lights before you launch any programs to confirm that your computer is not generating a lot of unexpected network traffic.

    Cathal


  • Registered Users, Registered Users 2 Posts: 844 ✭✭✭Yellowledbetter


    Cant find a USB stick atm to put those malware removal tools onto so Im just gonna let the McAfee scan run and see how that goes. Been doing a bit of reading on these type Virus's myself in the last few hours and am beginning to panic a bit.
    Thanks for the help so far folks and heres hoping I can gat it sorted


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 6,794 ✭✭✭cookie1977


    I've been reading quite a lot about the likes of these fake anti-virus programs being on the increase at the moment and they are getting more difficult to remove by the looks of it at this Technibble post. The post refers to 'System Tools 2011' but I'm sure they are all very similar.

    I would follow cookie1977 and LIGHTNINGS advice and when you have completed their steps if reboot your computer and either use the 'netstat' command or examine the router access lights before you launch any programs to confirm that your computer is not generating a lot of unexpected network traffic.

    Cathal

    Big enough to hit the bbc:
    http://www.bbc.co.uk/news/technology-12933053


  • Closed Accounts Posts: 46 obrien.cathal


    Some of them can be a bit trickier than that though. I removed one and had to take the computer off line to do it because it was associated with a tandem pair of viruses. When one was removed the other would replace it and so on. It also messed up the MBR. I got it fixed after about 4 hours, but it was really stubborn. And I swore . . . . a lot :)

    Lightning's advice holds true though. Do not enter your credit card information into any websites etc and your money at least is safe.

    The other thing about them is that they don't trash your personal files. So even if the OS is affected your files should be OK. Also, I run a tech support business so if you need any advice or prices on having somebody do the removal for you just go to our computer repairs page or hit the Google highway and look for some good repair services in your area.

    Hope this helps.
    Cathal


  • Closed Accounts Posts: 46 obrien.cathal


    cookie1977 wrote: »

    Big news so. Hackers would say that social engineering can be the most effective hacking tool. Likewise, plausible looking popups and official looking malware can easily be mistaken for bona-fida services and activated by the user.


  • Closed Accounts Posts: 13,249 ✭✭✭✭Kinetic^


    When in safe mode use ccleaner to clear out all of your temp files. Then use it's startup function to disable any unknown programs. If you're not sure on this post what's listed here.


    When the above is done, run TDSS Killer from Kaspersky, it should only take about 1-2 minutes to fully run through. If it finds anything, select "cure" and then it will prompt you to restart.


    Restart back in to safe mode. Open up Internet Explorer, click tools and then internet options. Click on the advanced tab and click "restore advanced settings" and when that's finished click "reset" to restore IE back to it's normal state. Delete personal settings here too if you know passwords etc.


    Install superantispyware and malwarebytes. Run quick scans on both. Whichever is finished first, remove the malware it finds and click restart later so that the other software can finish. Once the 2nd piece of software is finished then you can reboot in to normal mode. Run a full scan with both and whatever AV software you have.


    Let us know how you get on.


  • Closed Accounts Posts: 46 obrien.cathal


    LIGHTNING wrote: »
    Nasty, I have seen a spike in MBR infection`s over the last two weeks. Get ready for a heap of TDL4 infections. Their is also a new variant of it going around that is next to impossible to remove. Still doing some research into at the moment.

    Sh***********t. Well there's always something to keep us guessing I would hate it to get to the stage that the nuke-and-pave model becomes the only viable repair option. I much prefer to get systems up and running without a reinstall. Oh and thanks for the info keep us posted on the TDL4 scenario of you can.

    Cathal


  • Advertisement
  • Closed Accounts Posts: 46 obrien.cathal


    Kinetic^ wrote: »
    When in safe mode use ccleaner to clear out all of your temp files. Then use it's startup function to disable any unknown programs. If you're not sure on this post what's listed here.


    When the above is done, run TDSS Killer from Kaspersky, it should only take about 1-2 minutes to fully run through. If it finds anything, select "cure" and then it will prompt you to restart.


    Restart back in to safe mode. Open up Internet Explorer, click tools and then internet options. Click on the advanced tab and click "restore advanced settings" and when that's finished click "reset" to restore IE back to it's normal state. Delete personal settings here too if you know passwords etc.


    Install superantispyware and malwarebytes. Run quick scans on both. Whichever is finished first, remove the malware it finds and click restart later so that the other software can finish. Once the 2nd piece of software is finished then you can reboot in to normal mode. Run a full scan with both and whatever AV software you have.


    Let us know how you get on.

    Good stuff. Then try to update your antivirus. If it fails, go to C:\Windows\System32\drivers\etc and open the hosts file with notepad and check that your antivirus updates have not been redirected to a nonsense site. This file shouldn't contain any lines that suggest links to update sites such as mcafee.com etc. Probably a bit more info that you need but if your antivirus isn't updating you're not protected.

    Cathal


  • Closed Accounts Posts: 88,972 ✭✭✭✭mike65


    These fake programmes are spreading like wildfire, I've been caught twice both times I restarted in safe mode and used system restore. Worked perfectly both times.


  • Registered Users, Registered Users 2 Posts: 6,794 ✭✭✭cookie1977


    LIGHTNING wrote: »
    System restore is a fail safe that doesn't always work. I advise not using unless you have no other choice.

    Agreed. System restore can be so hit and miss I disable it on my systems.


  • Closed Accounts Posts: 46 obrien.cathal


    Now that I think of it I have a bit of a chicken and egg quesiton. Does the fake anti-virus come prepackaged with rootkits and a couple of viruses or does your system get one of these which allows the attacker to install the fake antivirus as a profit making. I've seen rootkits without fake AV, fake AV without rootkits and increasingly both cohabiting. So I really can't figure out a normal path of attack.

    That said, if the rootkit comes before the 'Vista Security 2011' install, System Restore will only remove 'Vista Security 2011' and the computer would be less secure than before because now at least you have symptoms of the infection.


  • Closed Accounts Posts: 88,972 ✭✭✭✭mike65


    Well one should do a full deep scan after using any removal approach anyway.

    Whats the point of these things? Is it merely to force us to part with cash for a dedicated removal tool?


  • Closed Accounts Posts: 46 obrien.cathal


    LIGHTNING wrote: »
    It really depends on the infection, the likes of TDL will download more infections once they get in. The variant of System tool that was everywhere last month didn't wasn't included with a rootkit it was just a either a drive by download or a script that in a email. I have a couple of nice papers if you want some nice research material?.

    Nice one. If you could PM me that or post the links that would be great.


  • Registered Users, Registered Users 2 Posts: 844 ✭✭✭Yellowledbetter


    OP here, wow this is really gathering pace. Didn't get around to finishing the scan earlier today cos I had to do the dinner thing with the inlaws but Im gonna give a few hours to it tomorrow and try some of the suggestions on here which really have been helpful and thanks to everyone who has pitched in. Can't say I Understand half of what's been talked about in the last few posts but hopefully Il have enough info to get myself sorted out tomorrow


  • Registered Users, Registered Users 2 Posts: 6,794 ✭✭✭cookie1977


    post back if you've any questions/problems


  • Closed Accounts Posts: 13,249 ✭✭✭✭Kinetic^


    mike65 wrote: »
    Whats the point of these things? Is it merely to force us to part with cash for a dedicated removal tool?

    Either take money straight away from your card or harvest credit card numbers and sell them on. Either way, you lose if you submit your details.


  • Registered Users, Registered Users 2 Posts: 844 ✭✭✭Yellowledbetter


    Currently running the malwarebytes full scan in 'safe mode with networking' which i downloaded to a USB from a clean machine,already showing 2 objects infected......watch this space!!!


    Seems to have done the trick and it seems 3 issues were detected and removed so hopefully thats the end of that once and for all.
    A very big thank you to all who offered your advice,its appriciated


  • Advertisement
  • Closed Accounts Posts: 13,249 ✭✭✭✭Kinetic^


    Run a full scan with superantispyware too. 1 piece of software won't pick up everything. Best of luck.


  • Registered Users, Registered Users 2 Posts: 844 ✭✭✭Yellowledbetter


    Kinetic^ wrote: »
    Run a full scan with superantispyware too. 1 piece of software won't pick up everything. Best of luck.

    Just did that and it picked up some cookies and adware too,Cheers


  • Closed Accounts Posts: 5,019 ✭✭✭ct5amr2ig1nfhp


    We've had a huge increase in people reporting TDL4 infections.

    AVG, Avast, Avira, Symantec Endpoint, Malwarebytes, Search & Destroy, MS Security Essentials are not picking one particular basta*d up - "Antimalware Doctor"
    Thankfully TDSS Killer from Kaspersky has been able to remove the bugger.

    I was wondering how so many people were getting infected. But only last week my own PC was hit by this virus. I was reading a long article online (IE8) and I got infected somehow. Didn't click any links or install anything. Very strange.
    AV/AM software all up-to-date.

    I've spent a few days trying to re trace my steps. But all I found was that my Adobe flash palyer isn't up to date.


  • Closed Accounts Posts: 5,019 ✭✭✭ct5amr2ig1nfhp


    hi Lightning - what other AV/AM programs would you recommend I scan with?

    I'm thinking if all the above programs haven't found anything new I'm ok - but maybe a format would be best.

    I'm still totally clueless as to how I got infected.
    Cheers BN


  • Registered Users, Registered Users 2 Posts: 1,259 ✭✭✭TheRedDevil10


    having the same problem :( doing a full scan on malwarebytes atm. any advice on what I do next ?


  • Registered Users, Registered Users 2 Posts: 6,794 ✭✭✭cookie1977


    Did you follow the advice in the rest of the thread?


  • Registered Users, Registered Users 2 Posts: 1,259 ✭✭✭TheRedDevil10


    not really:o


  • Registered Users, Registered Users 2 Posts: 10,534 ✭✭✭✭guil


    not really:o
    ya can't really expect anyone to offer advice then


  • Registered Users, Registered Users 2 Posts: 6,794 ✭✭✭cookie1977


    Naughty naughty ;)

    If the rest of the thread doesn't help post back and we can advise some more :)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,259 ✭✭✭TheRedDevil10


    gonna wait til tomorrow to try and remove this ''Vista Security 2011''


  • Registered Users, Registered Users 2 Posts: 844 ✭✭✭Yellowledbetter


    gonna wait til tomorrow to try and remove this ''Vista Security 2011''



    I'm the OP and I have to say that if you take the time to read through the thread it will help you get it sorted....time well spent if you don't want a sluggish infected PC/laptop


  • Registered Users, Registered Users 2 Posts: 2,345 ✭✭✭Somnus


    Just got a similar situation. The program ran with the name "Vista Total Security"

    I'm guessing this is the same thing? I guessed it was a virus. I can see how people who aren't very tech savy would be thrown though. It looks very real.

    It seems to have prevented me from running MSE, which was working fine earlier. When I try and run it from where it's pinned in the start menu it says the file may have been moved or deleted.

    I have Superantispyware installed anyway and am running that. I haven't rebooted yet.

    I'll see what it comes back with. I assume I'm best off following the instructions here and rebooting in safe mode etc just to be safe anyway?

    Edit: Susperantispyware picked up something and removed it, but when I rebooted in safe mode and tried to run MSE the malware ran again... I can't access MSE at all, it's been renamed or something.

    Gonna download malwarebytes and try and get it sorted


  • Registered Users, Registered Users 2 Posts: 2,345 ✭✭✭Somnus


    Ok so I put the malwarebytes installer on the infected computer, but even in safe mode the malware is running and I can't install malwarebytes....

    What should I do to get around this?

    I'm running Vista by the way


  • Closed Accounts Posts: 46 obrien.cathal


    Hi,

    Your detection of a potential piece of Malware may be determined by your technical expertise. If you are computer savvy you might try to download Sysinternals from the Microsoft website. It provides an excellent suite of tools that can be used for malware detection and removal. I have a bit of a description on what tools to use and what to use them for here. It's a bit rough and I am updating it at the moment but it might prove a good start.

    Hope that helps.
    Cathal


  • Registered Users, Registered Users 2 Posts: 2,345 ✭✭✭Somnus


    Hi Cathal, I actually got it sorted.

    I changed the file name of the malware from the task manager, then ended the process. This let me install the malwarebytes and when I ran it it detected the problem.

    All is running well now. This Thread was helpful.

    But I would say for anyone who is still having this start in safe mode to rename the file and end the process and then install malwarebytes. It worked for me


  • Advertisement
Advertisement