Be Excellent To Each Other

And, you know, party on. Dude.

All times are UTC [ DST ]




Reply to topic  [ 40 posts ] 
Author Message
 Post subject: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 10:06 
User avatar

Joined: 31st Mar, 2008
Posts: 8655
GJ was using her PC yesterday, when suddenly XP Antispyware 2012 appeared, and said her pc was infected with all manner of keyloggers, trojans and whatevers. From what I could find out, this was all rubbish, and the only thing wrong with her pc was that it had XP Antispyware 2012 on it. I think I've got rid of it, but my questions are:

1. Have I got rid of it, or are we in format and reinstall, just to be safe territory (from what I can see it doesn't do anything malicious, just tells you your pc is full of junk and that you need to buy this software to fix it, so unless it rears its ugly head again, I don't think it's secretly stealing all her bank details in the background)?
2. Where did it come from, and why did a running and updated Microsoft Security Essentials let it through?


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 10:27 
User avatar
Comfortably Dumb

Joined: 30th Mar, 2008
Posts: 12034
Location: Sunny Stoke
I'd be tempted to run a HijackThis scan on it - it'll basically show you everything that starts up, runs in the background etc as a list so you can nose through it and remove anything that looks suspicious.

Joans wrote:
2. Where did it come from...


The first word of your post. ;)

_________________
Consolemad | Under Logic
Curse, the day is long
Realise you don't belong


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 10:49 
User avatar
Noob as of 6/8/10

Joined: 6th Aug, 2010
Posts: 5578
Location: , Location, Location.
Joans wrote:
2. Where did it come from, and why did a running and updated Microsoft Security Essentials let it through?


It will have come from a seemingly legitimate website. MSE will have let the message appear because it's not a virus in itself, it's just a web page made to look like a proper anti-virus warning message.


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 10:55 
User avatar

Joined: 31st Mar, 2008
Posts: 8655
Warhead wrote:
Joans wrote:
2. Where did it come from, and why did a running and updated Microsoft Security Essentials let it through?


It will have come from a seemingly legitimate website. MSE will have let the message appear because it's not a virus in itself, it's just a web page made to look like a proper anti-virus warning message.


I've seen those webpage ones that say they're scanning your computer, but you can just close the tab and it's gone. This wouldn't let me browse to any sites because it said they were all untrusted, and wouldn't let me open things like regedit or a command prompt because it said they were trying to connect to the internet.


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 11:02 
SupaMod
User avatar
Commander-in-Cheese

Joined: 30th Mar, 2008
Posts: 49244
Warhead wrote:
Joans wrote:
2. Where did it come from, and why did a running and updated Microsoft Security Essentials let it through?


It will have come from a seemingly legitimate website. MSE will have let the message appear because it's not a virus in itself, it's just a web page made to look like a proper anti-virus warning message.


Nah. XP Antispyware 2012 isn't a 'trick you into downloading' one - it installs totally without user interaction by a drive-by exploition of a number of unpatched vulnerabilities, in most cases (IIRC) Java ones.



SANDBOXIE!

_________________
GoddessJasmine wrote:
Drunk, pulled Craster's pork, waiting for brdyime story,reading nuts. Xz


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 11:11 
User avatar
Noob as of 6/8/10

Joined: 6th Aug, 2010
Posts: 5578
Location: , Location, Location.
Craster wrote:
Warhead wrote:
Joans wrote:
2. Where did it come from, and why did a running and updated Microsoft Security Essentials let it through?


It will have come from a seemingly legitimate website. MSE will have let the message appear because it's not a virus in itself, it's just a web page made to look like a proper anti-virus warning message.


Nah. XP Antispyware 2012 isn't a 'trick you into downloading' one - it installs totally without user interaction by a drive-by exploition of a number of unpatched vulnerabilities, in most cases (IIRC) Java ones.



SANDBOXIE!

Amen.

I stand corrected.


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 11:25 
User avatar
Bouncing Hedgehog

Joined: 27th Mar, 2008
Posts: 26065
So Goddess Jasmine's porn habit as finally caught up with her... We all said it would happen one day soon. She was warned if she was going to spend time visiting those kinds of sites she should get a Mac, but she just would not listen.

_________________
Image


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 11:29 
User avatar
baron of techno

Joined: 30th Mar, 2008
Posts: 24136
Location: fife
:D

Mimi wrote:
She was warned if she was going to spend time visiting those kinds of sites she should get a dirty Mac, but she just would not listen.


FTFZ


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 11:31 
User avatar
baron of techno

Joined: 30th Mar, 2008
Posts: 24136
Location: fife
XP AntiSpyware 2012 sounds like complete malware then, is it doing any damage?


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 11:36 
User avatar
Unpossible!

Joined: 27th Jun, 2008
Posts: 38652
kalmar wrote:
XP AntiSpyware 2012 sounds like complete malware then, is it doing any damage?

Just to the sanity of those of us who have to get rid of the fucker :)


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 11:38 
User avatar
Paws for thought

Joined: 27th Mar, 2008
Posts: 17161
Location: Just Outside That London, England, Europe
Standard answer whenever security is breached.

Nuke from orbit, reinstall from backup


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 11:39 
User avatar
Unpossible!

Joined: 27th Jun, 2008
Posts: 38652
Mr Dave wrote:
Standard answer whenever security is breached.

Nuke from orbit, reinstall from backup

That's what it usually boils down to, yes. But we have to be seen to make an effort to remove first. Oh, yes.


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 11:47 
User avatar

Joined: 31st Mar, 2008
Posts: 8655
kalmar wrote:
XP AntiSpyware 2012 sounds like complete malware then, is it doing any damage?


It just pops up a window saying "buy me and I'll fix your computer" whenever you try and do anything. From what I can see, it's now gone, but whether it's gone, or merely gone, I don't know.


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 11:50 
SupaMod
User avatar
Commander-in-Cheese

Joined: 30th Mar, 2008
Posts: 49244
Guarantee there's also a rootkit install - selling off a machine as a compromised box that can form part of a botnet is an easy extra revenue source.

_________________
GoddessJasmine wrote:
Drunk, pulled Craster's pork, waiting for brdyime story,reading nuts. Xz


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 20, 2011 11:58 
SupaMod
User avatar
Est. 1978

Joined: 27th Mar, 2008
Posts: 69713
Location: Your Mum
As always, like Dave says: format, reinstall.

_________________
Grim... wrote:
I wish Craster had left some girls for the rest of us.


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Thu Jun 23, 2011 22:42 
User avatar
Comfortably Dumb

Joined: 30th Mar, 2008
Posts: 12034
Location: Sunny Stoke
Had a phone call at 10pm from a guy at work whose Mother-in-Law has something similar on her laptop. I remember now why I don't give my mobile number out readily.

_________________
Consolemad | Under Logic
Curse, the day is long
Realise you don't belong


Top
 Profile  
 
 Post subject: XP AntiSpyware 2012
PostPosted: Thu Jun 23, 2011 23:24 
Awesome
User avatar
Yes

Joined: 6th Apr, 2008
Posts: 12334
Do a search for rkill.exe and run it in safe mode. Removes it completely. Then run Malware Malabytes (or whatever it's called-sounds similar).
I had this and cured it completely with the above.
Then run Sandboxie. Forever.

_________________
Always proof read carefully in case you any words out


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Fri Jun 24, 2011 9:55 
User avatar

Joined: 30th Mar, 2008
Posts: 2053
Something like this infected my brother's mate's laptop and I had the joy of fixing it via my brother (who isn't tech-savvy at all) on the phone. In the end it involved running a bit of anti-malware software in safe mode. A bollocks chore but it fixed it.

_________________
PlayStation Country


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Fri Jun 24, 2011 10:05 
User avatar
Sleepyhead

Joined: 30th Mar, 2008
Posts: 27354
Location: Kidbrooke
What is sandboxie?

The wife had the same issues with this stupid malware a while back. I recall posting about it. I think the Malware Malbytes thingy fixed it one time, and the other time I just told Windows to go back in time by a few weeks, and it was fine.

_________________
We are young despite the years
We are concern
We are hope, despite the times


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Fri Jun 24, 2011 10:22 
SupaMod
User avatar
Commander-in-Cheese

Joined: 30th Mar, 2008
Posts: 49244
It's a launcher that runs your browser sandboxed so anything that goes wrong can't affect the rest of the system.

_________________
GoddessJasmine wrote:
Drunk, pulled Craster's pork, waiting for brdyime story,reading nuts. Xz


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Fri Jun 24, 2011 10:51 
User avatar
Sleepyhead

Joined: 30th Mar, 2008
Posts: 27354
Location: Kidbrooke
Do I get to play in the sand?

_________________
We are young despite the years
We are concern
We are hope, despite the times


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Fri Jun 24, 2011 12:47 
Awesome
User avatar
Yes

Joined: 6th Apr, 2008
Posts: 12334
Curiosity wrote:
Do I get to play in the sand?


You can piss in the sand if you want. It'll still empty it out whenever you want.

_________________
Always proof read carefully in case you any words out


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Fri Jun 24, 2011 14:08 
User avatar
Ticket to Ride World Champion

Joined: 18th Apr, 2008
Posts: 11897
apart from it isn't (as of last night) compatible with Firefox 5.

_________________
No, it was a giant robot castle!


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Fri Jun 24, 2011 14:09 
SupaMod
User avatar
Commander-in-Cheese

Joined: 30th Mar, 2008
Posts: 49244
Well that's a bit shit. I wonder why not?

_________________
GoddessJasmine wrote:
Drunk, pulled Craster's pork, waiting for brdyime story,reading nuts. Xz


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Fri Jun 24, 2011 14:10 
Awesome
User avatar
Yes

Joined: 6th Apr, 2008
Posts: 12334
Bobbyaro wrote:
apart from it isn't (as of last night) compatible with Firefox 5.


Well there's your problem. Stop trying to use an inferior browser.

_________________
Always proof read carefully in case you any words out


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Fri Jun 24, 2011 15:10 
User avatar
Ticket to Ride World Champion

Joined: 18th Apr, 2008
Posts: 11897
what would you recommend, given Chrome won't run on my computer.

_________________
No, it was a giant robot castle!


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Fri Jun 24, 2011 15:52 
User avatar
Sleepyhead

Joined: 30th Mar, 2008
Posts: 27354
Location: Kidbrooke
Get a 360.

_________________
We are young despite the years
We are concern
We are hope, despite the times


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 27, 2011 18:05 
Best
User avatar
Board Mother

Joined: 6th Apr, 2008
Posts: 11395
Location: Mount Olympus
I have been suitably nuked and am back up and running, thanks guys. :)

/Jazzy's PC

_________________
Doctor Glyndwr wrote:
GJ is right.


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 27, 2011 18:10 
User avatar
Comfortably Dumb

Joined: 30th Mar, 2008
Posts: 12034
Location: Sunny Stoke
Longines Symphonette wrote:
Do a search for rkill.exe and run it in safe mode. Removes it completely. Then run Malware Malabytes (or whatever it's called-sounds similar).
I had this and cured it completely with the above.
Then run Sandboxie. Forever.


I suspect the process name might vary. On the laptop I was looking at it, it was kek.exe, so I killed that off, removed the actual file itself then did the usual clean up stuff and it seemed to do the trick. Ideally I'd have wiped it, but I wasn't going to spend too much time on it.

_________________
Consolemad | Under Logic
Curse, the day is long
Realise you don't belong


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 27, 2011 18:11 
User avatar
Part physicist, part WARLORD

Joined: 2nd Apr, 2008
Posts: 13421
Location: Chester, UK
Goddess Jasmine wrote:
I have been suitably nuked and am back up and running, thanks guys. :)

/Jazzy's PC


Totally read that as ‘suitably naked’.


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 27, 2011 18:13 
Best
User avatar
Board Mother

Joined: 6th Apr, 2008
Posts: 11395
Location: Mount Olympus
Well it is a bit warm today...

_________________
Doctor Glyndwr wrote:
GJ is right.


Top
 Profile  
 
 Post subject: XP AntiSpyware 2012
PostPosted: Mon Jun 27, 2011 19:02 
Awesome
User avatar
Yes

Joined: 6th Apr, 2008
Posts: 12334
And there's never a time to be unsuitably naked.

_________________
Always proof read carefully in case you any words out


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 27, 2011 22:14 
Best
User avatar
Board Mother

Joined: 6th Apr, 2008
Posts: 11395
Location: Mount Olympus
It still won't connect to the internet for more than two mins at a time. :(

*Shops for a laptop*

*hugs phone*


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 27, 2011 22:22 
User avatar
Comfortably Dumb

Joined: 30th Mar, 2008
Posts: 12034
Location: Sunny Stoke
If it's a complete reinstall, it might be worth looking for newer network drivers.

_________________
Consolemad | Under Logic
Curse, the day is long
Realise you don't belong


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 27, 2011 22:26 
Best
User avatar
Board Mother

Joined: 6th Apr, 2008
Posts: 11395
Location: Mount Olympus
I'm pretty sure Joans did that. It had been happening last week too.


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 27, 2011 22:29 
User avatar

Joined: 31st Mar, 2008
Posts: 8655
devilman wrote:
If it's a complete reinstall, it might be worth looking for newer network drivers.


After eventually finding out what card it was I downloaded the latest ones from the Linksys site. Wireless networking is a bit of a strange voodoo to me though I'm afraid, I used to have the same problem with my parents PC, every so often it would just point blank refuse to see any wireless networks (sometimes none at all, sometimes it would see all of them except our router), no amount of fiddling with it would fix it, it would just stop sulking and start working again after a bit. We have got another card lying around, so I might swap them over and see if that helps.

Fake edit - What she said ^^^


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Mon Jun 27, 2011 22:35 
User avatar
Comfortably Dumb

Joined: 30th Mar, 2008
Posts: 12034
Location: Sunny Stoke
You need to take the technological curse of GJ's house into effect too.

I may have a spare PCI wireless card around here somewhere. For some reason, it seems like the case of my PC has some kind of odd effect on wireless round the back of my computer so I end up running a USB extension cable from the front and trailing an adaptor from that. Stupid, but it works.

_________________
Consolemad | Under Logic
Curse, the day is long
Realise you don't belong


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Tue Jun 28, 2011 8:20 
User avatar

Joined: 31st Mar, 2008
Posts: 8655
devilman wrote:
You need to take the technological curse of GJ's house into effect too.

I may have a spare PCI wireless card around here somewhere. For some reason, it seems like the case of my PC has some kind of odd effect on wireless round the back of my computer so I end up running a USB extension cable from the front and trailing an adaptor from that. Stupid, but it works.

It did seem to be working fine until I actually put the pc back into the desk at which point the signal strength dropped from excellent through every stage to low. Having said that, my pc in the other room permanently has no bars of signal, but works perfectly well.
I'll swap the cards later and see if it does anything, if not, I'll just drill loads of holes all over the place and run cables through the ceiling (or give up and cry).


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Tue Jun 28, 2011 17:37 
Best
User avatar
Board Mother

Joined: 6th Apr, 2008
Posts: 11395
Location: Mount Olympus
So far the swapping of cards has worked.

*Hides drill just in case*

_________________
Doctor Glyndwr wrote:
GJ is right.


Top
 Profile  
 
 Post subject: Re: XP AntiSpyware 2012
PostPosted: Tue Jun 28, 2011 17:51 
Best
User avatar
Board Mother

Joined: 6th Apr, 2008
Posts: 11395
Location: Mount Olympus
Unbelievable. Ten seconds after I posted the net went down again. ?:| :shrug:

_________________
Doctor Glyndwr wrote:
GJ is right.


Top
 Profile  
 
Display posts from previous:  Sort by  
Reply to topic  [ 40 posts ] 

All times are UTC [ DST ]


Who is online

Users browsing this forum: Sir Taxalot and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search within this thread:
cron
You are using the 'Ted' forum. Bill doesn't really exist any more. Bogus!
Want to help out with the hosting / advertising costs? That's very nice of you.
Are you on a mobile phone? Try http://beex.co.uk/m/
RIP, Owen. RIP, MrC. RIP, Dimmers.

Powered by a very Grim... version of phpBB © 2000, 2002, 2005, 2007 phpBB Group.