trojan virus

General discussion of identity theft issues, including identity theft schemes, phishing scams, and related issues.
vejerraa

trojan virus

Post by vejerraa »

Not surprisingly, the OP came back to edit in spam links. I left the thread due to the contributions of the Quatloosians.
- wserra
Last edited by vejerraa on Fri Dec 17, 2010 7:05 am, edited 1 time in total.
The Dog
First Mate
First Mate
Posts: 140
Joined: Fri Jul 07, 2006 9:11 pm
Location: England

Re: trojan virus

Post by The Dog »

You may find something here helpful:
http://us.norton.com/theme4.jsp?themeid ... ls_trials2
Arthur Rubin
Tupa-O-Quatloosia
Posts: 1753
Joined: Thu May 29, 2003 11:02 pm
Location: Brea, CA

Re: trojan virus

Post by Arthur Rubin »

Norton will likely remove your virus, but also many of your files. If you don't have a recent backup to restore to, you might try Spysweeper with Antivirus, or one of the many other antivirus products on the market. It's not free, but does better separating virus from data.
Arthur Rubin, unemployed tax preparer and aerospace engineer
ImageJoin the Blue Ribbon Online Free Speech Campaign!

Butterflies are free. T-shirts are $19.95 $24.95 $29.95
Unidyne
Admiral of the Quatloosian Seas
Admiral of the Quatloosian Seas
Posts: 292
Joined: Sat Mar 07, 2009 2:56 am
Location: Great Basin Bioregion

Re: trojan virus

Post by Unidyne »

Malwarebytes produces "Anti-Malware", which I swear by. It's available for a free download (which has to be updated each time you use it), or a pay version can be had which runs automatically.

http://malwarebytes.org/mbam.php
Irony: The Ayn Rand® Institute (ARI) is a 501(c)(3) nonprofit organization.
lyfbond

Re: trojan virus

Post by lyfbond »

Unidyne wrote:Malwarebytes produces "Anti-Malware", which I swear by. It's available for a free download (which has to be updated each time you use it), or a pay version can be had which runs automatically.
http://malwarebytes.org/mbam.php
I'm actually using this anti-malware... effective as you've said. 8)
fortinbras
Princeps Wooloosia
Posts: 3144
Joined: Sat May 24, 2008 4:50 pm

Re: trojan virus

Post by fortinbras »

There is a very real and formidable virus threat out there right now, mentioned last Friday in USA Today, known as LizaMoon. Very similar to last year's "Antivirus2010". It attaches itself, illegally and unwelcome, to as many websites as possible. When someone arrives at that website, the virus throws up a screen that is made to look just like the one generated by the Windows system, announcing that a virus has been detected and that your computer will now be scanned as a precaution. This is followed by an animation that makes it appear that the scanner is at work going through the computer memory and the like. In fact, the virus is actually planting its own bot into your computer which will, henceforth, announce that your computer is hopelessly infested by a virus and the only cure is the alleged anti-virus program peddled by the people who worked up this scam, so you must order their remedy online with your credit card right away. You won't be able to do anything with computer until you buy their remedy (usually around $50) -- the only thing it's known to do is turn off their own bot.

My advice: Immediately take evasive maneuvers. Although the fake warning screen has buttons that supposedly will stop the scan, the buttons don't work; the warning screen and the animation of a scanning page happen no matter what.

The instant you see this fake warning screen, even if it claims to be in the midst of a scan, get out of the internet. Use the red X in the upper right corner. If need be, use the Windows Task Manager (CTRL+ALT+DELETE) to get out of the internet before this virus finishes sabotaging your system. Then run an authentic anti-virus program -- MalwareBytes is very good for this -- but you must have this program already on your computer, because once the LizaMoon virus has been planted you won't be able to load any new programs.
Arthur Rubin
Tupa-O-Quatloosia
Posts: 1753
Joined: Thu May 29, 2003 11:02 pm
Location: Brea, CA

Re: trojan virus

Post by Arthur Rubin »

fortinbras wrote:There is a very real and formidable virus threat out there right now, mentioned last Friday in USA Today, known as LizaMoon. Very similar to last year's "Antivirus2010". It attaches itself, illegally and unwelcome, to as many websites as possible. When someone arrives at that website, the virus throws up a screen that is made to look just like the one generated by the Windows system, announcing that a virus has been detected and that your computer will now be scanned as a precaution. This is followed by an animation that makes it appear that the scanner is at work going through the computer memory and the like. In fact, the virus is actually planting its own bot into your computer which will, henceforth, announce that your computer is hopelessly infested by a virus and the only cure is the alleged anti-virus program peddled by the people who worked up this scam, so you must order their remedy online with your credit card right away. You won't be able to do anything with computer until you buy their remedy (usually around $50) -- the only thing it's known to do is turn off their own bot.

My advice: Immediately take evasive maneuvers. Although the fake warning screen has buttons that supposedly will stop the scan, the buttons don't work; the warning screen and the animation of a scanning page happen no matter what.

The instant you see this fake warning screen, even if it claims to be in the midst of a scan, get out of the internet. Use the red X in the upper right corner. If need be, use the Windows Task Manager (CTRL+ALT+DELETE) to get out of the internet before this virus finishes sabotaging your system. Then run an authentic anti-virus program -- MalwareBytes is very good for this -- but you must have this program already on your computer, because once the LizaMoon virus has been planted you won't be able to load any new programs.
Not entirely true. According to WebSense, and F-Secure, you aren't in trouble until you download the "free software". Then you can't load new programs until you pay for the removal tool. Still, it's important to be careful.
Last edited by Arthur Rubin on Tue Apr 05, 2011 7:49 am, edited 1 time in total.
Reason: Added F-Secure as a source of information
Arthur Rubin, unemployed tax preparer and aerospace engineer
ImageJoin the Blue Ribbon Online Free Speech Campaign!

Butterflies are free. T-shirts are $19.95 $24.95 $29.95
YAAFP
Stowaway
Stowaway
Posts: 12
Joined: Sun Jan 10, 2010 9:48 pm

Re: trojan virus

Post by YAAFP »

Arthur Rubin wrote:Not entirely true. According to WebSense, and F-Secure, you aren't in trouble until you download the "free software". Then you can't load new programs until you pay for the removal tool. Still, it's important to be careful.
Not so -- based on the experience of my sister. She knows enough not to download and/or install ANYTHING new without first checking with me. When she encountered the fake "Windows Security" virus warning, she tried all the normal methods to get out of it (click "Cancel", hit the "Back" button, close the window), yet she still got infected.

I spent probably 6-8 hours over a three day period getting it cleared up. Each time I thought I finally erased all the files and registry entries, after reboot it was all magically back! ARGH, that was frustrating!

I finally found the answer on the Malwarebytes forum. It involved a combination of programs used in a very specific series of steps.
fortinbras
Princeps Wooloosia
Posts: 3144
Joined: Sat May 24, 2008 4:50 pm

Re: trojan virus

Post by fortinbras »

My one reliable piece of advice about this scareware is do not let it continue on your computer. It uses a pre-arranged animation to make it look like it's scanning your system but it is actually using the time and access to load the virus onto your system. Although it pretends to have buttons giving you a choice of scanning or not, they either don't work or are disguised to make your computer believe that you approve the loading of this virus. This means you must be alert and act quickly when this scareware starts.
Nikki

Re: trojan virus

Post by Nikki »

If all else fails, unplug the computer.

Yes, you'll have to argue with the operating system when you restart and anything else you were doing at the time will be lost, but the nasty-gram will be toast.

I have a power-off switch right below my monitor which I use whenever crap like that shows up.

It's annoying to have to go through a restart, but it's a lot less annoying than having to de-virus a system.

Unfortunately, this technique doesn't work for laptop / notebook or other battery operated computers.
Judge Roy Bean
Judge for the District of Quatloosia
Judge for the District of Quatloosia
Posts: 3704
Joined: Tue May 17, 2005 6:04 pm
Location: West of the Pecos

Re: trojan virus

Post by Judge Roy Bean »

Nikki wrote:If all else fails, unplug the computer.

Yes, you'll have to argue with the operating system when you restart and anything else you were doing at the time will be lost, but the nasty-gram will be toast.

I have a power-off switch right below my monitor which I use whenever crap like that shows up.

It's annoying to have to go through a restart, but it's a lot less annoying than having to de-virus a system.

Unfortunately, this technique doesn't work for laptop / notebook or other battery operated computers.
There are wireless network connection buttons on many laptops and on wi-fi you can unplug the USB device.
The Honorable Judge Roy Bean
The world is a car and you're a crash-test dummy.
The Devil Makes Three
Arthur Rubin
Tupa-O-Quatloosia
Posts: 1753
Joined: Thu May 29, 2003 11:02 pm
Location: Brea, CA

Re: trojan virus

Post by Arthur Rubin »

YAAFP wrote:
Arthur Rubin wrote:Not entirely true. According to WebSense, and F-Secure, you aren't in trouble until you download the "free software". Then you can't load new programs until you pay for the removal tool. Still, it's important to be careful.
Not so -- based on the experience of my sister. She knows enough not to download and/or install ANYTHING new without first checking with me. When she encountered the fake "Windows Security" virus warning, she tried all the normal methods to get out of it (click "Cancel", hit the "Back" button, close the window), yet she still got infected.
I don't know your sister, so I'm willing to believe the WebSense article, even if they differ. No offense intended.
Arthur Rubin, unemployed tax preparer and aerospace engineer
ImageJoin the Blue Ribbon Online Free Speech Campaign!

Butterflies are free. T-shirts are $19.95 $24.95 $29.95
fortinbras
Princeps Wooloosia
Posts: 3144
Joined: Sat May 24, 2008 4:50 pm

Re: trojan virus

Post by fortinbras »

(1) The AARP newsletter sided with my advice to get out of the internet as quickly as possible - without bothering to click either of the two buttons provided by the scareware - and then run your own antivirus software immediately to make sure that your computer is clear.

(2) Until now the Macintosh/Apple computers were relatively free from this menace because either not popular enough to tempt hackers or at least not popular enough among hackers that none of them learned the Apple system to spot the vulnerabilities.

Well, that day is over. Apple now has a virus menace:
http://technolog.msnbc.msn.com/_news/20 ... -mac-users
fortinbras
Princeps Wooloosia
Posts: 3144
Joined: Sat May 24, 2008 4:50 pm

Re: trojan virus

Post by fortinbras »

As an update, I had a scareware virus attack yesterday, very diabolical.

Evidently as part of a website, a file pretending to be from the Microsoft Corp presented itself, and since it claimed to be from Microsoft I assumed it to be one of the innumerable updates to any of several Windows features and allowed it in. Instead it emulated the other scareware viruses, repeatedly blocking every screen with a "warning" that my system was infected and my option was to buy the remedy online which purported to be a Windows XP anti-virus program -- the scareware would not let me refuse or bring up anything else on the internet. It evidently was either new enough or cleverly contrived that the real anti-virus programs on my computer could not see it or remove it, but finally by going back to an earlier recovery checkpoint I got it out of my system.
fortinbras
Princeps Wooloosia
Posts: 3144
Joined: Sat May 24, 2008 4:50 pm

Re: trojan virus

Post by fortinbras »

I had another attack of scareware, this one a fake antivirus program called "Security Shield" which was evidently activated by arriving at an infected website. As with some others, it starts by appearing to be an authorized Windows-provided virus warning, unlike some others it doesn't require you to click on anything or do anything to infect your computer. Once implanted in your computer it blocks every sort of internet activity with a panicky warning of multiple infections which can only be removed by buying their software online - in reality, the multiple infections don't exist and this software removes no malware except (when the ransom is paid) itself.

Security Shield is diabolical because it not only blocks every bit of internet contact but also seems to block a good deal of installed remedies, such as Task Manager. The remedy -- I had to find it on the internet by using my sister-in-law's computer -- involves rebooting the computer into Safe mode, and running MalwareBytes (and it may help to go back to a previous recovery point).

An interesting Wikipedia article: http://en.wikipedia.org/wiki/Rogue_software
JamesVincent
A Councilor of the Kabosh
Posts: 3047
Joined: Sat Oct 23, 2010 7:01 am
Location: Wherever my truck goes.

Re: trojan virus

Post by JamesVincent »

Theres actually quite a few viruses out there that do the same thing and along the same lines. Micro AV is a big one that pops up every now and then. It basically disables your computer access, overrides things like windows explorer and locks you out of your start menu functions. Best way to get rid of it is to have a program like Malwarebytes on your desktop, but there are strains of it that will auto-detect most legit anti-viral software and will block them from opening. An easy way around that is to load it and save it under a different file name and in an unusual location, like in a G drive instead of C drive in program files where Windows will automatically will install it. I use Malwarebytes and S&D and have for years. One thing about Malwarebytes if you do wish to pay for it you can set it up to do automatic scans instead of manual scans.
Disciple of the cross and champion in suffering
Immerse yourself into the kingdom of redemption
Pardon your mind through the chains of the divine
Make way, the shepherd of fire

Avenged Sevenfold "Shepherd of Fire"
fortinbras
Princeps Wooloosia
Posts: 3144
Joined: Sat May 24, 2008 4:50 pm

Re: trojan virus

Post by fortinbras »

S&D? Don't know that one. Please elaborate.
User avatar
webhick
Illuminati Obfuscation: Black Ops Div
Posts: 3994
Joined: Tue Jan 23, 2007 1:41 am

Re: trojan virus

Post by webhick »

fortinbras wrote:S&D? Don't know that one. Please elaborate.
SpyBot's Search & Destroy
When chosen for jury duty, tell the judge "fortune cookie says guilty" - A fortune cookie
JamesVincent
A Councilor of the Kabosh
Posts: 3047
Joined: Sat Oct 23, 2010 7:01 am
Location: Wherever my truck goes.

Re: trojan virus

Post by JamesVincent »

webhick wrote:
fortinbras wrote:S&D? Don't know that one. Please elaborate.
SpyBot's Search & Destroy
Thank you Web, wasnt thinking about that when I posted it earlier. S&D is an entirely free, constantly updated anti-virus. They do ask for donations, which I have sent a few dollars their way over the years Ive used it but not required. It is a good supplement to Malwarebytes program.
Disciple of the cross and champion in suffering
Immerse yourself into the kingdom of redemption
Pardon your mind through the chains of the divine
Make way, the shepherd of fire

Avenged Sevenfold "Shepherd of Fire"
User avatar
webhick
Illuminati Obfuscation: Black Ops Div
Posts: 3994
Joined: Tue Jan 23, 2007 1:41 am

Re: trojan virus

Post by webhick »

JamesVincent wrote:
webhick wrote:
fortinbras wrote:S&D? Don't know that one. Please elaborate.
SpyBot's Search & Destroy
Thank you Web, wasnt thinking about that when I posted it earlier. S&D is an entirely free, constantly updated anti-spyware. They do ask for donations, which I have sent a few dollars their way over the years Ive used it but not required. It is a good supplement to Malwarebytes program.
Fixed it for you. I know it seems like a minor quibble, but spyware is not the same as a virus despite the fact that both are incredibly annoying and sometimes difficult to remove. It should also be noted that an anti-virus program's main focus is prevention (their ability to effectively remove an infection is lacking) and an anti-spyware's main focus is removal (some offer the same behavior of prevention that an anti-virus does, but it slows down the system severely). That being said, there is an overlap between the two. Anti-viruses will often pick up spyware trying to infect your system while anti-spyware will often remove viral infections. But one is never a substitute for the other which is where the spirit of my correction lies.
When chosen for jury duty, tell the judge "fortune cookie says guilty" - A fortune cookie