|
|
|
286
 
Group: Forum Members
Last Login: 17/12/2008 18:57:26
Posts: 227,
Visits: 154
|
|
| I have been given a friends workmate's laptop to look at. This person is from the far east, working over here, (legally), and uses the laptop to keep in touch with home. She had not AV package on it originally and ended up with pop-ups saying that she was infected and needed to purchase the first of these 3. That did not work so she followed instructions and got the 2nd, then the third!!!! I think you see where we are going. £200 later I have the machine to try and help out. I believe these to be very bad Malware/Trojans. A quick Google seems to confirm that but I have never heard of them. Before I try and remove them does anyone know of these and any recommendations for actually doing so without a clean install? I intend to install AVG and Spybot later. Cheers
ASUS P5K AiLifestyle iP35 m/b, Intel C2D E4500 CPU, 2 x Seagate ST3320620 SATA HDD, Maxtor 320 External HDD, Antec 900 Case, Hiper 4M580 PSU, Powercolour X1950Pro PCI-E Gfx, Samsung SH-S203B SATA DVD DL Burner, Samsung SH-S203N SATA DVD Lightscribe, 2GB Corsair CXDDR2 PC6400.
|
|
|
|
|
Pentium
Group: Forum Members
Last Login: Today @ 21:19:19
Posts: 11,128,
Visits: 7,076
|
|
Ouch! Nightmare...
I would install Spybot and Spyware Doctor via google pack and let them have a look.  There was a similar post a little while ago but I cannot remember the out come.
I have a Computer... Try some MM Super Pi(e) here!
|
|
|
|
|
Pentium
Group: Forum Members
Last Login: Today @ 19:27:56
Posts: 1,955,
Visits: 4,926
|
|
Scan in safe mode - recommend Malwarebytes anti-malware and Super anti-spyware/Spyware Doctor Starter Edition.
You can run HijackThis! or Runscanner and find out what you can about dodgy looking entries in the scan log file. You could paste the complete log in a topic at the HJT section of a security forum that deals with them, or try the automated scanner at hijackthis.de.
If feeling paranoid you can clear out cache and temp files in the OS user account folder, and flush system restore points.
'Come down from your swell co-ops, you general partners and merger lawyers! It's the Third World down there! Puerto Ricans, West Indians, Haitians, Dominicans, Cubans, Colombians, Hondurans, Koreans, Chinese, Thais, Vietnamese, Ecuadorians, Panamanians, Filipinos, Albanians, Senegalese and Afro-Americans! Go visit the frontiers, you gutless wonders!'
Tom Wolfe, Bonfire Of The Vanities
|
|
|
|
|
286
Group: Forum Members
Last Login: 17/12/2008 18:57:26
Posts: 227,
Visits: 154
|
|
| Cheers guys, I have just finished a scan with AVG and boy, was it fun I have disabled all the subject programs until I can get hold of her tomorrow, (probably to strangler her), as she paid the money so I had better make sure she will allow me to get rid of it. S & D came up with loads as well, all cleaned.
ASUS P5K AiLifestyle iP35 m/b, Intel C2D E4500 CPU, 2 x Seagate ST3320620 SATA HDD, Maxtor 320 External HDD, Antec 900 Case, Hiper 4M580 PSU, Powercolour X1950Pro PCI-E Gfx, Samsung SH-S203B SATA DVD DL Burner, Samsung SH-S203N SATA DVD Lightscribe, 2GB Corsair CXDDR2 PC6400.
|
|
|
|
|
Santa Pig
Group: Moderators
Last Login: Today @ 18:50:12
Posts: 10,200,
Visits: 11,213
|
|
| They've probably cleaned out whatever card(s) she used to pay for them too! That's the point of this scam, they want your credit card details.
Dave R
XP Pro + various VMs: Q6600 @ stock, Asus V3-P5G33, 2GB DDR2 800, 7600GT
XP Pro: E1200 @2.4Ghz, GA-G33M-DS2R/S2, 2GB DDR2 800, 3450 on HDMI
Mandriva S 2008: SOA Athlon 2200, 1GB DDR, 9550
Windows Home Server: S3000, ASUS V2-M2V890, 512mb DDR2 667, 1TB
4GB USB Pendrive: Mandriva 2009 - my portable PC 
|
|
|
|
|
286
Group: Forum Members
Last Login: 17/12/2008 18:57:26
Posts: 227,
Visits: 154
|
|
| Job done. A mixture of numerous AVG scans, S & D scans and a little bit of manual registry cleaning and a lot of housekeeping eventually managed to clean out the lot. Further to the 'AV' programs she downloaded she also had a program called Resistry helper on it. Googling this came up with a mix of results, some good, some bad but I decided to get rid of this as it kept on appearing in the S & D scans, (apart from that, she did not have the skills to muck around with the registry), but once that went all is okay - until the next time she believes everything the pop-ups tell her!!!!! I believe that her credit card is investigating the case under the Distance Selling Act so she may get the money back, card has been cancelled.
ASUS P5K AiLifestyle iP35 m/b, Intel C2D E4500 CPU, 2 x Seagate ST3320620 SATA HDD, Maxtor 320 External HDD, Antec 900 Case, Hiper 4M580 PSU, Powercolour X1950Pro PCI-E Gfx, Samsung SH-S203B SATA DVD DL Burner, Samsung SH-S203N SATA DVD Lightscribe, 2GB Corsair CXDDR2 PC6400.
|
|
|
|
|
386
Group: Forum Members
Last Login: 05/01/2009 23:36:20
Posts: 641,
Visits: 748
|
|
Those are all Smitfraud related infections.
I saw 3 laptops yesterday with the same infections.
Spybot didn't find a thing, and Avira only pulled 2 unrelated Virii.
I got them working better, but theres still a long way to go to get them spotless again!
Q6600 @ 3.6GHz....4GB RAM @ 900MHz 4-4-5-12....9800GTX @ 800/2000/2400MHz....ASUS P5E
500GB Seagate 7200.11 32MB.....X-Fi Fatal1ty Pro.....Jeantech Storm 700W.....Chieftec Matrix
|
|
|
|
|
486
Group: Forum Members
Last Login: Today @ 16:12:22
Posts: 1,069,
Visits: 2,023
|
|
Its not usually worth the time you waste on them, in my expirence its quicker and easier just to format and start again
|
|
|
|
|
Pentium
Group: Forum Members
Last Login: Today @ 19:27:56
Posts: 1,955,
Visits: 4,926
|
|
it takes more time, effort and nervous energy to follow one of these then?
http://www.bleepingcomputer.com/forums/forum55.html
'Come down from your swell co-ops, you general partners and merger lawyers! It's the Third World down there! Puerto Ricans, West Indians, Haitians, Dominicans, Cubans, Colombians, Hondurans, Koreans, Chinese, Thais, Vietnamese, Ecuadorians, Panamanians, Filipinos, Albanians, Senegalese and Afro-Americans! Go visit the frontiers, you gutless wonders!'
Tom Wolfe, Bonfire Of The Vanities
|
|
| |