411 total posts
(Page 1 of 14)
I had that too
I was running Norton 360V3 and it clocked it straight away and binned it .
So Try Norton 360(its worth the money)
PC INFECTIONS - POP UPS FROM NEFERIOUS SITES
Yes it happened to family members laptops running XP home about two years ago. Back then I was using AVG but it never gave any notification of what was happening, it just allowed the download to complete.
Since then I have switched to AVAST Home 4.8 and it is an excellent Antivirus with 7 shields. One of them is dedicated to WEB TRAFIC, checking every packet.
So even if you get re-directed or mistype a URL address and end up on a infected site, AVAST stops it before it even reaches your drive.
Another option in AVAST is to run a complete and Thorough scan outside Windows so that no file is lock by Windows.
And this is my suggestion, if you have that option with your current antivirus I would suggest you run it outside Windows to make sure you get rid of any possible left overs.
Or you can download AVAST HOME FREE EDITION and run the complete scan with rootkit module turn on.
Using a different Antivirus for a second check is better because not all infections are picked up by one antivirus alone.
So using another one may cover what the first one missed.
I also recommend PC TOOLS THREAT FIRE ONLY.
Hope that helps, at least in making sure that all infections are gone.
PC INFECTIONS - POP UPS
By the way, keep in mind that hackers are programing all 3 buttons on the pop-ups - Install - Cancel - and the RED X to do the same thing.
Run the program.
Therefore in Windows XP, the safest way to get rid of this pop-ups, is to Ctrl-Alt-Del and as Windows exits to the log on screen choose - Start Task Manager and closed the Pop-ups.
In Vista and Windows 7, the security is improved and the Pop-ups can be closed safely within the Windows Enviroment.
If you are not using Internet Explorer 7 or 8 I would suggest you upgrade as this pop-ups run on their own memory space. IE 7 is better at protecting from this pop-ups but you have to turn on a setting that MS left open for users of Windows XP.
IE 7 - Right click on the IE icon, Select Run as Administrator - Go to the Tools - Select Internet Options - Click the Advance Tab.
Scroll all the way down and find the entry - ENABLE MEMORY PROTECTION TO MITIGATE ATTACKS - put a check on the box - click Apply or OK and closed the browser.
I know, MS screw up on this one for Windowx XP users, but they automatically turn it on for XP users on Internet Explorer 8.
So I would also suggest you that you move on to IE 8 if you like IE.
"In Vista and Windows 7, the security is improved and the Pop-ups can be closed safely within the Windows Enviroment."
I've run Vista and now 7, nope.
Another way to avoid these is to log off. My wife has problems with tech. stuff so this is simple and most can log off. If you can't remove these from the taskbar then log off.
As said before, do not press buttons on a "mystery" applet. If it showed up seemingly, out of nowhere then it more then likely trouble.
Rogue Variants are bad news for PC users:
In many instances these can contain a host of mAlware and appear to be modular so the bad guys can plug various forms of meanness into your system very quickly, perhaps quicker then your security program company can create a definition to identify it. Meaning one version might have a virus, the next spyware, and the next both.
Report these and as a first line of defence use something like this:
Run outside windows?
You can't run a program outside windows unless windows is running from a virtual environment. When it says run outside windows it most likely means that it boots up right after the windows core components to prevent access by rogue programs loading up before anything else. To run a program outside the operating system its running on is like trying to run a toaster with the plug 5 feet from the wall.
THE TERM RUN OUTSIDE OF WINDOWS
You are correct in that the term I used is ssomewhat debatable, or maybe not completly clear for everyone. Depending on their experience.
But regardless, Any antivirus that has the capability to run a scan ouside of windows " ON THE NEXT REBOOT " can do so prior to the the EXECUTION OR LOADING - of ANY MAIN WINDOWS COMPONENTS / DRIVER / OR SYSTEM FILES.
Hence the ability to check all those files or folders that Windows would otherwise lock, where part of or some infections could be hiding..
do you mean a boot-time scan? with any (good) security software, configuring a boot-time scan is possible. try entering the settings of your security software and look for an option along the lines of "scan before windows starts", "boot time scan" etc. if your security software doesn't have that option, dump it and look for another that has one. or alternatively, try safe mode and run your scan from there. the program shouldn't start there (but it's very easy to do so), its worth a try.
If You Accidently Find Yourself At A Rogue Website...
If You accidentally find yourself at a rogue website, DO NOT click on the "X" or "OK", etc. Instead, do the Ctrl+Alt+Delete maneuver instead
and use the Task Manager to end your browser's process. If you try and exit the page in any other way, well... your goose will be cooked.
I have killed the popup using the "X" gadget with no ill effects, although now that I know the possibilities, I will use <Ctrl><Alt><Del>.
I will wholly stand for your opinion.
yes u can
I can set a boot disc to run a Disc Operating System that I wrote myself or add one of the many other ones out in the data bank. boot it and access the drive and all the files without ever loading the poorly wrote windows OS... and have full control of all the memory and every single instruction excuteded. then boot windows in a((window)) without windows or any of the antivirus software out there even knowing. And if I can do it, so can others... I dont think only I can. however .. I may have miss-understood the topic and inderjected garble on your page space.....LOL Z edolon
Norton 360 - bad choice
360 is a system hog. It is unwieldy, sucks up cycles, takes forever to perform tasks and generally bites as a program. It causes as many problems as it solves.
360 is the Vista of Norton.
Go with Norton Internet Security 2009. It has about all the same features, it much easier to use, and is way less of an all-around pain in the butt. It has been highly recommended in a number of reviews as about the best paid-for anti-virus for the average user.
The number of attacks out there just keeps growing.
Back in its day, when I was put onto Spybot, it used to take about 20 mins to scan the computer--now it takes something like FIVE HOURS, and despite having all the security lockdowns in place, it still finds at least one fault on a daily basis. I'm at the point now where I'm prepared to do a complete reinstallation, because AVG9 keeps crashing!
I went Mac last Spring and I don't have to worry about all these things anymore....think of the hours saved!
Now The Steve will get your liver next
A tasteless remark. But the Russian mafia and People's Liberation Army are more likely to get yours if you stick to a PC, seeing the ease with which they seem to walk in and out of your PCs and copy anything they want, use your built-in cameras and microphones in Orwellian 1984 style to watch you and listen to what you have to say, and gather your identities and credit-cards to sell to some low-life highest bidder in the underworld. Then the buyer can arrange operations on your health insurance, holidays on your credit card. Why not your liver in the long run? And if you have any commercial technological inventions, rest assured that they have long gone east (and west!).
Btw, all this is in no way fantasy but has been in the news over the past few years for those who can read. Just who do you think sends you the Trojans that knock you down like ninepins? And why do they do it? Google the Russian Business Network and you will see that precisely they are responsible for all those fake AntiVirus you are all talking about on this thread.
So you thought it was the Russians!
A really childish rant, but you are entitled to it. Do you know that EVERY UK connection to the WWW has to go through 7 BT monitoring computers, (definately NOT Macs lol), BT is a private company. Add to this all the CCTV ( with facial recognition cameras around our towns city's and roads, (hence the illegality of full tinted windscreens), our mobile phones are all chipped and GPS enabled to within 3m, every call and txt and picture must be "stored" by your ISP, ( private company), for 7 years. Do I need to mention the details obtained through your credit card,, medical records? All of this information is stored by private companies and freely available at a price or free to your government! Your paranoid fears of the "Russian" mafia wanting your details only encourages more intrussive and investigation by our governments to collect and collate information for their own ends! You only have to look at the several hundred new laws enacted in the pretense of "for our own protection" to realise its a world wide lie! You not only have to be able to read you also have to understand what is being written to see through the facade of protection on offer, and 1984 is long gone my friend. Look at current topics weeding there way into society, uthanasia, arrests without reasons, books replaced by web mis-information, child birth restrictions the list goes on and is updated quickly as it is integrated into our society. You fear the Russian Mafia? Look into your own back-yard because it is your children who will be suffering in the new age of the American Empire through your naivety and lack of social uderstanding at this time. So you continue with your insular Mac existance and keep your self deception festering in your pious ignorance!
So you thought it was the British Government!
For those with fewer paranoid delusions about Her Majesty's Government being the creator of rogue antivirus programs, I submit just one of many reports in my archives showing AV firms pointing the finger at the Russian 'partnerka' and specifically mentioning rogue AV as one of their distribution products. It may be an eye-opener for some. For others it will just be further proof that the world press generally and the respectable AV producers in particular are all in the pay of HMG. (Actually not the Government I live under and pay taxes to, despite the brilliant detective work of Mr Gee!). Incidentally it also gives information on the attempt to plant Trojans on Macs by the Russian mafia by using a fake video Codec, so don't suggest I am blissfully unaware of the fact that the Russians are tempted by macs. It's just that they were not all that successful and the drying up of new Mac Trojans suggests they have concluded that themselves. Read my many other contributions on this very thread too.
For those interested in how important identity theft now is in the motivation behind malware distribution, I pass on the following links to read up on:
Perhaps HMG will now release Robert Mugabe's thugs upon the general population of GB and USA as a vengeance for such revelations, Mr McGee....?
Shortsightedness of the Mac Brigade
re: the pop-up window that ruined my PC
I had a similar problem. For weeks a window kept appearing that looked like a microsoft message telling me that I had horrible viruses and to let it scan my computer. I ignored it as my computer was running fine and my antivirus program hadn't reported issues. One day the window popped up and got on my nerves. Without thinking I clicked yes when it asked to scan my computer. I immediately regretted the choice as I hadn't researched the window/message via the internet as I normally do to see if it was legitimate. Of course it was a malware program that stopped me from accessing any program on my hard drive and prevented me from getting onto the internet. I rebooted again and noticed a safe mode choice. I selected it. Got to the control panel where I selected a restore point from a month before when the message didn't appear and rebooted. I was proud of myself as this solved the problem very simply. I have never been plagued by it again. I don't know if this would have helped in your case but it might. I was thrilled not to have to reformat the hard drive.
Are you using Internet Explorer?
If so, then simply changing to a more secure browser may cure the problem for good. Even better would be to install mozilla firefox with the noscript add-on to block scripting except when you want it to run.
IE, especially if you never shut ActiveX down, is very insecure.
Firewall your computer
First, get yourself a better anti-virus software. Something that updates itself every few hours. This ensures that the virus definitions database on your PC is updated and you can hope to be better protected. Second install a firewall. A firewall will prevent any software from interacting with your PC without you being aware of it. This is the kind of pop-up window you will love. Just be sure that it is your Firewall pop-up befoee you click on the OK button. Lastly, a lot of pop-ups with malicious codes have the 'OK' as well as the 'CANCEL' button programmed to do the same thing. Infect your computer. Even the 'X'(Close) button at the top corner is programmed to do exactly the same. The best option here is to use ALT+F4 to close the window instead of clicking it close. Again, the page is programmed in such a way that the moment you close the window, another pops up. If by repeatedly pressing ALT+F4 doesn't work, the best thing to do is simply hard boot / restart your PC. That's the safest. All the best
malware masquerading as antivirus / infection alerts
many of the programes that offer to scan your PC ( or even force you to scan your PC) are in fact installing rogue viruses or trojans,
ie malware doctor, I am submitting these responses by others who know better than I do....
Best Answer - Chosen by Voters
These fake anti-virus/anti-spyware programs are becoming a very common problem! Here are steps to get rid of this rogue infection once and for all.
1 Use another computer to download Malwarebytes from www.malwarebytes.org
2 Rename the downloaded file to something like HELP.exe
3 Transfer the renamed file to a thumb drive or CD.
4 Boot the infected computer to SAFEMODE
5 Install the renamed file from the flash drive or CD.
6 Run the program.
Info on this type of infection from bleepingcomputer.com:
This is a new rogue anti-spyware program. Like its predecessors, this program is installed and advertised through the use of Trojans that display fake security alerts on your computer. These security alerts state that your computer is infected and that you should click on them in order to download software that will protect you. Once you click on these alerts, the Trojan will automatically download and install the program on your computer.
This program has only one purpose and that is to trick you into thinking you are infected so that you purchase it. Please ignore any warnings that this program may display and instead use the free program below to remove this program and any associated malware.
You MAY be able to download, install and run Malwarebytes anti-malware program from www.malwarebytes.org, or you may need to use a clean computer to download the program from www.malwarebytes.org and copy it to a flash drive or CD. Then transfer the install file to the infected computer and install and run.
Occasionally you will not be able to run this program without being in SAFE MODE. To get there, reboot your computer and tap the F8 key, repeatedly until a menu comes up. You want to choose SAFE MODE WITH NETWORKING.
If you still are unable to run this program, you may need to RENAME the downloaded file to something like HELP.EXE before you transfer it to the infected computer or you may be able to RUN the program directly from the flash drive.
Don't Believe Pop-ups That You Don't Really Know
This is the new favorite destructive "virus" for bad guys trying to extort money from PC users... you go to a website you have never visited and unbeknownst to you it installs a stealth program behind the scenes. Then it starts sending pop-ups that are designed to look legitimate, telling you that you have a virus or spyware or malware, and to click the button to download a piece of software to help clean the problem. At the same time it changes your system to prevent all the normal methods to find and delete the program causing the fake pop-up warnings.
The best way to solve this problem is to use the System Restore feature of Windows XP (not sure about Vista and Windows 7 yet). To get to System Restore, go to Start>Programs>Accessories> System Tools. Then follow the screens to select a date before the ?virus? was introduced to your system. System Restore must be turned on prior to this problem occurring. You can do so from the System Restore tab of the System program in the Control Panel.
You might need to boot to safe mode before running system restore since some of these pop-up malware viri will disable your control panel or otherwise make it impossible to get anything done.
They say there's a sucker born every second. May I go a little further to imply that they are even 'born again'. I was looking for a registry cleaner after being harrassed by one I paid for. So I went on line to find one that may harrass me to a lesser extent. Lo and behold, I find a FREE registry cleaner. My common sense, (emphasis on common) told me that 'you get nothing for free and very little for a sixpence' (Very old saying from the days of sterling and yore) So I opted for it. This thing went mad. It filled my screen with scrolling lists of errors in registry. After a loooong while, when I was just about to cancel, up comes another BIG warning in RED. 'There are 756 serious errors in your registry. Press (something or other) to list these. Up comes a whole lot of mumbo jumbo that would even stymie lord Gates. I smelt a rat and immediately erased the damned thing because the previous day my ex-registry cleaner told me that all is now well. Be warned.
XP restore is an option
.. but I've already seen few malware that resist (they mark themselves as restorable). So my suggestion would be:
- unplug PC from network/Internet; if your PC is networked with other computers, make sure to isolate the one infected (check others to be 100% sure)
- try the System Restore function (as many described here)
- if the problem doesn't fade away (icons in system tray, desktop and pop-ups persist), check your PC with some online scanner and maybe also the malwarebytes application, that might help
this kind of malware is usually a trojan horse, so be careful when going online from that computer, since some additional threats may be downloaded into your computer.
All-in-all, every malware is highly specific (sometimes just with minor functional changes), hence it is very difficult to provide one exact path, that would work (apart from reinstalling computer, of course ).
If all the advices didn't help, try sending us a screenshot to check what kind of popup gets displayed, maybe also list of running processes would be handy.
Look for strange names
The task manager is your friend, use it. When the window pops up, its because a file has already been planted in your system and is running. When the window pops up, as has been said before, don't click anything on that window, instead bring up the task manager (Ctrl+Alt+Del or right click on the task bar) and look for a file that looks strange. It sounds silly but most of these have file names with numbers or all capital letters or just pretty weird. Click on the file and then click 'End Process', it will give you a warning and you click end process. From time to time it's good to look and see what files are running on your computer. Don't mess around too much with it though, although most problems that you will do can be restored by a simply reboot. By the way processes not to end will be explorer (although this can be useful sometimes), svchost, rundll32, winlogon, services and winint. There maybe some others depending on what you are running but those are the main ones. Good programs that I have used are Ultimate Troubleshooter and Tuneup Utilities. They both can tell you what is running, along with a description of it's purpose and what file will be run at bootup (of windows not bios). This can also help you get rid of unwanted files. Spybot is free and good too. Hope this helped.
Disconnect your online...forget system restore
System restore always seems to be the first thing compromised after a hack attack. The BEST thing to do at the start of any attack is to isolate your computer and take it offline. Turn off your modem, pull your DSL do whatever you have to do to get offline. Then you can take your time to do whatever you need to do to remove any harmful programming.
By the way, I know this is an open thread, but do you Mac posters get paid by Apple? Really, it's annoying for someone to post that they have a pc problem that they need advise on and have to scroll through inappropriate content relating to Macs. Maybe y'all could start a separate thread.
Also btw I disagree that malware and viruses are random acts. I believe a lot of them are generated by software companies selling antispyware and it wouldn't be far fetched to think that some of it might be generated by anyone competing with the pc platform.
It isn't wise for anyone to be too dependent on computers. I have heard of no prosecution that allows for users like us to be compensated when programs crash our computers. We need to look at why not, and whatever happened to consumer protection in the US anyway?