It takes over your entire computer
Published on March 1, 2011 By jazzymjr In Personal Computing

Just wanted to alert everyone about a very nasty piece of malware out there! 

My companion was the recipient of this "nice" piece of software.  He is running Windows 7, 32 bit.  He has no idea how he got it.  Anyway, it takes over your whole computer, and you cannot even open any executable on your computer.  It tells you that your computer is infected...it even takes over your desktop.  It disables eveything.  You cannot even get into safe mode to try to run a anti-malware program to try to get rid of it.  It even blocks all your system restore backups!  What a piece of work!  I am hoping that I can get to his documents folder and copy that...I can't remember if I put that on a different partition or not...I sure hope I did!  I am going to have to wipe and re-install everything for him. 


Comments (Page 2)
3 Pages1 2 3 
on Mar 01, 2011

Thanks Phoon.

on Mar 01, 2011

I had this on my daughter's PC.  It comes up as a pop-up and tells you you are infected.  When you try to close the pop-up, it launches the program.  Then entire pop-up is the "accept" button.  In other instances that it has come up, I've just killed it with Task Manager or shut down the PC.

on Mar 01, 2011

The reason I asked about how it is picked up is I believe it tried to get to me by way of ImageShack the last couple of times I used it.

on Mar 01, 2011

I have not had time to view Doc's video (will do so in a bit), but a friend got  a bug just like that one.  I was about to reformat and re-install! (not quite, I had other options, but you can see the frustration level).  But then I stumbled upon a way around it.

I tried to open a file that did not have an association.  So it let me pick something to open it with. I chose CMD.EXE (it would not let me go to the command line itself).  And it opened a command line!  I was then able to switch to the infected directory, rename the file (not delete it, it was running) and reboot - and then clean everythiing up!

So I guess the key is to leave a disassociated file on your desktop? 

As for how your friend got it, I have had many people tell me the same thing.  One thing I have read is that when the infecting popup shows up, the only "clean" way of closing it is to crash your browser.  Any other click was probably programmed in by the authors to be a "yes".

on Mar 01, 2011

Philly0381
For those that encountered the trojan, any thoughts on where you may have picked it up from? 

My companion is not sure how he got it, but he had been looking at a slide show that he got in an email, just before the thing popped up.

on Mar 01, 2011

You can browse in https mode on facebood (highly recommended).

You can also browse in virtual mode using Sandboxie (sandboxie.com) for x32 and x64, or BufferZonePro (free) for x32.

They give you a red line around your browser window and seemed to bother a couple of skins (sandboxie).

on Mar 01, 2011

So I guess the key is to leave a disassociated file on your desktop?

This thing will infect more than just a few files. It will blow itself through the registry and many areas of your system. You got lucky!

I have avoided it before by pulling the plug on the PC... how-ev-errrrrr.... that is NOT advisable.

A few weeks ago I flipped a breaker that turned out to be the computer room. 1 system shut down and the OS was hosed upon attempted reboot.

 

on Mar 01, 2011

I have avoided it before by pulling the plug on the PC... how-ev-errrrrr.... that is NOT advisable.

Yeah.  Try the old task manager next time and kill whatever web browser you are using.  It's also a good idea to not have firefox set to reload the last page you were viewing or you might be right back at square 1.

on Mar 01, 2011

jazzymjr




My companion is not sure how he got it, but he had been looking at a slide show that he got in an email, just before the thing popped up.

 

Them dang slideshows are frought with peril.

on Mar 01, 2011

I guess I'm lucky then.

 

 

*looking over shoulder warrily*

on Mar 01, 2011

Be very wary of Imageshack...I've had it try to install 3 times from the http://imageshack.us/ website so far.

I'm savvy enough to keep it from installing...it would be very easy to make the mistake of letting it load, so be careful.

The best way to avoid these type of attacts is to surf via Virtual PC and discard the changes to your session when closing.

on Mar 01, 2011

I had the very same experiene! I finally did a restore in safe mode to get rid of it! It was really annoying and very malicious! It held me captive until I finally outsmarted it! I have no idea how it got there either, but I never want to experience that again!

on Mar 01, 2011

Also, one of the best step by step guides for removing malware can be found here... http://forums.majorgeeks.com/showthread.php?t=35407

on Mar 01, 2011

DrJBHL
You can browse in https mode on facebood (highly recommended).

You can also browse in virtual mode using Sandboxie (sandboxie.com) for x32 and x64, or BufferZonePro (free) for x32.

They give you a red line around your browser window and seemed to bother a couple of skins (sandboxie).

Okay I downloaded Sandboxie and it is very easy to set up.  It also has a tutorial that walks you through it.  Do the tutorial if you download.  I'm using the Argon Theme and do not have any red line around the browser window, haven't tried it yet with other skins.  The price is right, free. 

on Mar 01, 2011

Thank you everyone for this good security reminder.  It's crucial to revisit good computer security practices regularly.  I'm the one that keeps our five family computers running in tip-top shape, and these reminders/best practices threads help tremendously.

3 Pages1 2 3