trojan virus
trojan virus
Not surprisingly, the OP came back to edit in spam links. I left the thread due to the contributions of the Quatloosians.
- wserra
- wserra
Last edited by vejerraa on Fri Dec 17, 2010 7:05 am, edited 1 time in total.
-
- First Mate
- Posts: 140
- Joined: Fri Jul 07, 2006 9:11 pm
- Location: England
Re: trojan virus
You may find something here helpful:
http://us.norton.com/theme4.jsp?themeid ... ls_trials2
http://us.norton.com/theme4.jsp?themeid ... ls_trials2
-
- Tupa-O-Quatloosia
- Posts: 1756
- Joined: Thu May 29, 2003 11:02 pm
- Location: Brea, CA
Re: trojan virus
Norton will likely remove your virus, but also many of your files. If you don't have a recent backup to restore to, you might try Spysweeper with Antivirus, or one of the many other antivirus products on the market. It's not free, but does better separating virus from data.
Arthur Rubin, unemployed tax preparer and aerospace engineer
Join the Blue Ribbon Online Free Speech Campaign!
Butterflies are free. T-shirts are $19.95 $24.95 $29.95
Join the Blue Ribbon Online Free Speech Campaign!
Butterflies are free. T-shirts are $19.95 $24.95 $29.95
-
- Admiral of the Quatloosian Seas
- Posts: 292
- Joined: Sat Mar 07, 2009 2:56 am
- Location: Great Basin Bioregion
Re: trojan virus
Malwarebytes produces "Anti-Malware", which I swear by. It's available for a free download (which has to be updated each time you use it), or a pay version can be had which runs automatically.
http://malwarebytes.org/mbam.php
http://malwarebytes.org/mbam.php
Irony: The Ayn Rand® Institute (ARI) is a 501(c)(3) nonprofit organization.
Re: trojan virus
I'm actually using this anti-malware... effective as you've said.Unidyne wrote:Malwarebytes produces "Anti-Malware", which I swear by. It's available for a free download (which has to be updated each time you use it), or a pay version can be had which runs automatically.
http://malwarebytes.org/mbam.php
-
- Princeps Wooloosia
- Posts: 3144
- Joined: Sat May 24, 2008 4:50 pm
Re: trojan virus
There is a very real and formidable virus threat out there right now, mentioned last Friday in USA Today, known as LizaMoon. Very similar to last year's "Antivirus2010". It attaches itself, illegally and unwelcome, to as many websites as possible. When someone arrives at that website, the virus throws up a screen that is made to look just like the one generated by the Windows system, announcing that a virus has been detected and that your computer will now be scanned as a precaution. This is followed by an animation that makes it appear that the scanner is at work going through the computer memory and the like. In fact, the virus is actually planting its own bot into your computer which will, henceforth, announce that your computer is hopelessly infested by a virus and the only cure is the alleged anti-virus program peddled by the people who worked up this scam, so you must order their remedy online with your credit card right away. You won't be able to do anything with computer until you buy their remedy (usually around $50) -- the only thing it's known to do is turn off their own bot.
My advice: Immediately take evasive maneuvers. Although the fake warning screen has buttons that supposedly will stop the scan, the buttons don't work; the warning screen and the animation of a scanning page happen no matter what.
The instant you see this fake warning screen, even if it claims to be in the midst of a scan, get out of the internet. Use the red X in the upper right corner. If need be, use the Windows Task Manager (CTRL+ALT+DELETE) to get out of the internet before this virus finishes sabotaging your system. Then run an authentic anti-virus program -- MalwareBytes is very good for this -- but you must have this program already on your computer, because once the LizaMoon virus has been planted you won't be able to load any new programs.
My advice: Immediately take evasive maneuvers. Although the fake warning screen has buttons that supposedly will stop the scan, the buttons don't work; the warning screen and the animation of a scanning page happen no matter what.
The instant you see this fake warning screen, even if it claims to be in the midst of a scan, get out of the internet. Use the red X in the upper right corner. If need be, use the Windows Task Manager (CTRL+ALT+DELETE) to get out of the internet before this virus finishes sabotaging your system. Then run an authentic anti-virus program -- MalwareBytes is very good for this -- but you must have this program already on your computer, because once the LizaMoon virus has been planted you won't be able to load any new programs.
-
- Tupa-O-Quatloosia
- Posts: 1756
- Joined: Thu May 29, 2003 11:02 pm
- Location: Brea, CA
Re: trojan virus
Not entirely true. According to WebSense, and F-Secure, you aren't in trouble until you download the "free software". Then you can't load new programs until you pay for the removal tool. Still, it's important to be careful.fortinbras wrote:There is a very real and formidable virus threat out there right now, mentioned last Friday in USA Today, known as LizaMoon. Very similar to last year's "Antivirus2010". It attaches itself, illegally and unwelcome, to as many websites as possible. When someone arrives at that website, the virus throws up a screen that is made to look just like the one generated by the Windows system, announcing that a virus has been detected and that your computer will now be scanned as a precaution. This is followed by an animation that makes it appear that the scanner is at work going through the computer memory and the like. In fact, the virus is actually planting its own bot into your computer which will, henceforth, announce that your computer is hopelessly infested by a virus and the only cure is the alleged anti-virus program peddled by the people who worked up this scam, so you must order their remedy online with your credit card right away. You won't be able to do anything with computer until you buy their remedy (usually around $50) -- the only thing it's known to do is turn off their own bot.
My advice: Immediately take evasive maneuvers. Although the fake warning screen has buttons that supposedly will stop the scan, the buttons don't work; the warning screen and the animation of a scanning page happen no matter what.
The instant you see this fake warning screen, even if it claims to be in the midst of a scan, get out of the internet. Use the red X in the upper right corner. If need be, use the Windows Task Manager (CTRL+ALT+DELETE) to get out of the internet before this virus finishes sabotaging your system. Then run an authentic anti-virus program -- MalwareBytes is very good for this -- but you must have this program already on your computer, because once the LizaMoon virus has been planted you won't be able to load any new programs.
Last edited by Arthur Rubin on Tue Apr 05, 2011 7:49 am, edited 1 time in total.
Reason: Added F-Secure as a source of information
Reason: Added F-Secure as a source of information
Arthur Rubin, unemployed tax preparer and aerospace engineer
Join the Blue Ribbon Online Free Speech Campaign!
Butterflies are free. T-shirts are $19.95 $24.95 $29.95
Join the Blue Ribbon Online Free Speech Campaign!
Butterflies are free. T-shirts are $19.95 $24.95 $29.95
-
- Stowaway
- Posts: 12
- Joined: Sun Jan 10, 2010 9:48 pm
Re: trojan virus
Not so -- based on the experience of my sister. She knows enough not to download and/or install ANYTHING new without first checking with me. When she encountered the fake "Windows Security" virus warning, she tried all the normal methods to get out of it (click "Cancel", hit the "Back" button, close the window), yet she still got infected.Arthur Rubin wrote:Not entirely true. According to WebSense, and F-Secure, you aren't in trouble until you download the "free software". Then you can't load new programs until you pay for the removal tool. Still, it's important to be careful.
I spent probably 6-8 hours over a three day period getting it cleared up. Each time I thought I finally erased all the files and registry entries, after reboot it was all magically back! ARGH, that was frustrating!
I finally found the answer on the Malwarebytes forum. It involved a combination of programs used in a very specific series of steps.
-
- Princeps Wooloosia
- Posts: 3144
- Joined: Sat May 24, 2008 4:50 pm
Re: trojan virus
My one reliable piece of advice about this scareware is do not let it continue on your computer. It uses a pre-arranged animation to make it look like it's scanning your system but it is actually using the time and access to load the virus onto your system. Although it pretends to have buttons giving you a choice of scanning or not, they either don't work or are disguised to make your computer believe that you approve the loading of this virus. This means you must be alert and act quickly when this scareware starts.
Re: trojan virus
If all else fails, unplug the computer.
Yes, you'll have to argue with the operating system when you restart and anything else you were doing at the time will be lost, but the nasty-gram will be toast.
I have a power-off switch right below my monitor which I use whenever crap like that shows up.
It's annoying to have to go through a restart, but it's a lot less annoying than having to de-virus a system.
Unfortunately, this technique doesn't work for laptop / notebook or other battery operated computers.
Yes, you'll have to argue with the operating system when you restart and anything else you were doing at the time will be lost, but the nasty-gram will be toast.
I have a power-off switch right below my monitor which I use whenever crap like that shows up.
It's annoying to have to go through a restart, but it's a lot less annoying than having to de-virus a system.
Unfortunately, this technique doesn't work for laptop / notebook or other battery operated computers.
-
- Judge for the District of Quatloosia
- Posts: 3704
- Joined: Tue May 17, 2005 6:04 pm
- Location: West of the Pecos
Re: trojan virus
There are wireless network connection buttons on many laptops and on wi-fi you can unplug the USB device.Nikki wrote:If all else fails, unplug the computer.
Yes, you'll have to argue with the operating system when you restart and anything else you were doing at the time will be lost, but the nasty-gram will be toast.
I have a power-off switch right below my monitor which I use whenever crap like that shows up.
It's annoying to have to go through a restart, but it's a lot less annoying than having to de-virus a system.
Unfortunately, this technique doesn't work for laptop / notebook or other battery operated computers.
The Honorable Judge Roy Bean
The world is a car and you're a crash-test dummy.
The Devil Makes Three
The world is a car and you're a crash-test dummy.
The Devil Makes Three
-
- Tupa-O-Quatloosia
- Posts: 1756
- Joined: Thu May 29, 2003 11:02 pm
- Location: Brea, CA
Re: trojan virus
I don't know your sister, so I'm willing to believe the WebSense article, even if they differ. No offense intended.YAAFP wrote:Not so -- based on the experience of my sister. She knows enough not to download and/or install ANYTHING new without first checking with me. When she encountered the fake "Windows Security" virus warning, she tried all the normal methods to get out of it (click "Cancel", hit the "Back" button, close the window), yet she still got infected.Arthur Rubin wrote:Not entirely true. According to WebSense, and F-Secure, you aren't in trouble until you download the "free software". Then you can't load new programs until you pay for the removal tool. Still, it's important to be careful.
Arthur Rubin, unemployed tax preparer and aerospace engineer
Join the Blue Ribbon Online Free Speech Campaign!
Butterflies are free. T-shirts are $19.95 $24.95 $29.95
Join the Blue Ribbon Online Free Speech Campaign!
Butterflies are free. T-shirts are $19.95 $24.95 $29.95
-
- Princeps Wooloosia
- Posts: 3144
- Joined: Sat May 24, 2008 4:50 pm
Re: trojan virus
(1) The AARP newsletter sided with my advice to get out of the internet as quickly as possible - without bothering to click either of the two buttons provided by the scareware - and then run your own antivirus software immediately to make sure that your computer is clear.
(2) Until now the Macintosh/Apple computers were relatively free from this menace because either not popular enough to tempt hackers or at least not popular enough among hackers that none of them learned the Apple system to spot the vulnerabilities.
Well, that day is over. Apple now has a virus menace:
http://technolog.msnbc.msn.com/_news/20 ... -mac-users
(2) Until now the Macintosh/Apple computers were relatively free from this menace because either not popular enough to tempt hackers or at least not popular enough among hackers that none of them learned the Apple system to spot the vulnerabilities.
Well, that day is over. Apple now has a virus menace:
http://technolog.msnbc.msn.com/_news/20 ... -mac-users
-
- Princeps Wooloosia
- Posts: 3144
- Joined: Sat May 24, 2008 4:50 pm
Re: trojan virus
As an update, I had a scareware virus attack yesterday, very diabolical.
Evidently as part of a website, a file pretending to be from the Microsoft Corp presented itself, and since it claimed to be from Microsoft I assumed it to be one of the innumerable updates to any of several Windows features and allowed it in. Instead it emulated the other scareware viruses, repeatedly blocking every screen with a "warning" that my system was infected and my option was to buy the remedy online which purported to be a Windows XP anti-virus program -- the scareware would not let me refuse or bring up anything else on the internet. It evidently was either new enough or cleverly contrived that the real anti-virus programs on my computer could not see it or remove it, but finally by going back to an earlier recovery checkpoint I got it out of my system.
Evidently as part of a website, a file pretending to be from the Microsoft Corp presented itself, and since it claimed to be from Microsoft I assumed it to be one of the innumerable updates to any of several Windows features and allowed it in. Instead it emulated the other scareware viruses, repeatedly blocking every screen with a "warning" that my system was infected and my option was to buy the remedy online which purported to be a Windows XP anti-virus program -- the scareware would not let me refuse or bring up anything else on the internet. It evidently was either new enough or cleverly contrived that the real anti-virus programs on my computer could not see it or remove it, but finally by going back to an earlier recovery checkpoint I got it out of my system.
-
- Princeps Wooloosia
- Posts: 3144
- Joined: Sat May 24, 2008 4:50 pm
Re: trojan virus
I had another attack of scareware, this one a fake antivirus program called "Security Shield" which was evidently activated by arriving at an infected website. As with some others, it starts by appearing to be an authorized Windows-provided virus warning, unlike some others it doesn't require you to click on anything or do anything to infect your computer. Once implanted in your computer it blocks every sort of internet activity with a panicky warning of multiple infections which can only be removed by buying their software online - in reality, the multiple infections don't exist and this software removes no malware except (when the ransom is paid) itself.
Security Shield is diabolical because it not only blocks every bit of internet contact but also seems to block a good deal of installed remedies, such as Task Manager. The remedy -- I had to find it on the internet by using my sister-in-law's computer -- involves rebooting the computer into Safe mode, and running MalwareBytes (and it may help to go back to a previous recovery point).
An interesting Wikipedia article: http://en.wikipedia.org/wiki/Rogue_software
Security Shield is diabolical because it not only blocks every bit of internet contact but also seems to block a good deal of installed remedies, such as Task Manager. The remedy -- I had to find it on the internet by using my sister-in-law's computer -- involves rebooting the computer into Safe mode, and running MalwareBytes (and it may help to go back to a previous recovery point).
An interesting Wikipedia article: http://en.wikipedia.org/wiki/Rogue_software
-
- A Councilor of the Kabosh
- Posts: 3096
- Joined: Sat Oct 23, 2010 7:01 am
- Location: Wherever my truck goes.
Re: trojan virus
Theres actually quite a few viruses out there that do the same thing and along the same lines. Micro AV is a big one that pops up every now and then. It basically disables your computer access, overrides things like windows explorer and locks you out of your start menu functions. Best way to get rid of it is to have a program like Malwarebytes on your desktop, but there are strains of it that will auto-detect most legit anti-viral software and will block them from opening. An easy way around that is to load it and save it under a different file name and in an unusual location, like in a G drive instead of C drive in program files where Windows will automatically will install it. I use Malwarebytes and S&D and have for years. One thing about Malwarebytes if you do wish to pay for it you can set it up to do automatic scans instead of manual scans.
Disciple of the cross and champion in suffering
Immerse yourself into the kingdom of redemption
Pardon your mind through the chains of the divine
Make way, the shepherd of fire
Avenged Sevenfold "Shepherd of Fire"
Immerse yourself into the kingdom of redemption
Pardon your mind through the chains of the divine
Make way, the shepherd of fire
Avenged Sevenfold "Shepherd of Fire"
-
- Princeps Wooloosia
- Posts: 3144
- Joined: Sat May 24, 2008 4:50 pm
Re: trojan virus
S&D? Don't know that one. Please elaborate.
-
- Illuminati Obfuscation: Black Ops Div
- Posts: 3994
- Joined: Tue Jan 23, 2007 1:41 am
Re: trojan virus
SpyBot's Search & Destroyfortinbras wrote:S&D? Don't know that one. Please elaborate.
When chosen for jury duty, tell the judge "fortune cookie says guilty" - A fortune cookie
-
- A Councilor of the Kabosh
- Posts: 3096
- Joined: Sat Oct 23, 2010 7:01 am
- Location: Wherever my truck goes.
Re: trojan virus
Thank you Web, wasnt thinking about that when I posted it earlier. S&D is an entirely free, constantly updated anti-virus. They do ask for donations, which I have sent a few dollars their way over the years Ive used it but not required. It is a good supplement to Malwarebytes program.webhick wrote:SpyBot's Search & Destroyfortinbras wrote:S&D? Don't know that one. Please elaborate.
Disciple of the cross and champion in suffering
Immerse yourself into the kingdom of redemption
Pardon your mind through the chains of the divine
Make way, the shepherd of fire
Avenged Sevenfold "Shepherd of Fire"
Immerse yourself into the kingdom of redemption
Pardon your mind through the chains of the divine
Make way, the shepherd of fire
Avenged Sevenfold "Shepherd of Fire"
-
- Illuminati Obfuscation: Black Ops Div
- Posts: 3994
- Joined: Tue Jan 23, 2007 1:41 am
Re: trojan virus
Fixed it for you. I know it seems like a minor quibble, but spyware is not the same as a virus despite the fact that both are incredibly annoying and sometimes difficult to remove. It should also be noted that an anti-virus program's main focus is prevention (their ability to effectively remove an infection is lacking) and an anti-spyware's main focus is removal (some offer the same behavior of prevention that an anti-virus does, but it slows down the system severely). That being said, there is an overlap between the two. Anti-viruses will often pick up spyware trying to infect your system while anti-spyware will often remove viral infections. But one is never a substitute for the other which is where the spirit of my correction lies.JamesVincent wrote:Thank you Web, wasnt thinking about that when I posted it earlier. S&D is an entirely free, constantly updated anti-spyware. They do ask for donations, which I have sent a few dollars their way over the years Ive used it but not required. It is a good supplement to Malwarebytes program.webhick wrote:SpyBot's Search & Destroyfortinbras wrote:S&D? Don't know that one. Please elaborate.
When chosen for jury duty, tell the judge "fortune cookie says guilty" - A fortune cookie