so i was cruising the web and one of those " congradulation" bla bla bla pop ups
came up, I know better than to click on them, but i guess i must have clicked on it inadvertantly when I clicked the x icon.
anyway, the browser window kinda flickered then a pop up from micro soft security center poped up and started doing a scan, it told me that prety much every game, media player and a whack of other programs were viri.
the name of the scaner was XP malware scanner. it had all the right looks of the ms security icon that does come with windows, but a year or so ago i ran into a simular situation and it was a pain in the ****. so instead of doing the removal and regestering as it strongly suggest I do, I x ed out of it and and went to run anti virus and malware bytes. to my surprise nothing would work, any icon or .exe file would just start the xp malware scaner again. i tried safe mode with the same out come. could not get online to do an online scan.
I then poped in a ubcd played with that and still couldent get my av or malware going so I used the avir av thats on the cd and it came up with 11 infections, 2 were in the regestry and 9 others, didnt jot down thier names, should have I guess but o well. anyway did the removal thing and restarted the computer. it all looked good till i klicked on an icon, and i mean any icon, all it did was open up the what program do you want to open this with folder.
i played about for a while with no luck so i thought, hmmm, lets do a repair install of windows. well that didnt work. once done basicaly i got the same symptoms but instead of the open with window, i got a sys32/run.dll error.
I finaly said f*$$# it and just did a clean install and spent the day tracking down my drivers and programs. all is well.
anyway, now that Ive vented... has anyone ever heard of this XP malware scanner from micro soft? I only have one machine using xp and i only use it when Im home, i work in camp and my lap tops are vista and win 7 so... viri or am i just paranoid.
Stark Raving MOD
Sounds like a fake antimalware.
What antivirus and antispyware are you using? Malwarebytes and Superantispyware are pretty effective.
yeah, thats what i was thinkin.
i dont realy do anything of great importance on my computers so i just run AVG and maleware bytes. used to use adaware but hear thats kinda out dated so...
I did notice that one of the infections was a hijack something or other, but couldent run hijack this since nothing would work.
I do tend to forget to turn off this tower when i head off to work and i dont run windows firewall, I am behind a router though and i did just get back a few days ago. i ran malware bytes the day I got home and came up clean then, thats why i figure it came from that pop up( didnt even read what it was about).
anyway just a heads up if anyone else falls prey, Im thinking the regstry entries i removed were the sys 32 DLL,s. live and learn and keep on smilin
I find that Combofix will remove some of the fake AV programs that can't be found by SAS or MalwareBytes. I had one notebook infected with System Tool, a well known piece of Malware that had a 450% infection rate back in Februrary. Combofix was the only removal tool that could get rid of it.
Many of these rogue malware will drop a rootkit and within seconds your SOL. Most people's security is useless against them. You need a proactive layer using a limited user account and perhaps a sandbox, and keep your software updated.
as mentioned, all my computers are just glorified home(work) entertainment centers. in the event i did do any buisness on or with them, i would be protected to the maximum. ( with your devine guidance of coarse).
on that note, what is a sand box?. and other than the av on the ubcd, is their an anti virus/maleware program one can make(bootable) so if this was to happen again you could just pop it in and out smart these script kiddies?
anyway like I said it wasent the end of the world just an inconviniance.
o one more question, what is a root kit. I see stuff about it but have no idea what it is.
cheers all, ward.
A security sandbox is essentially a virtual environment where programs can run safely without having an effect on the overall system. This works well when browsing the web or testing an untrusted program from perhaps an unknown or untrusted source. Turn off the sandbox and poof the malware is gone. Some AV's include sandboxes, and there are programs such as Sandboxie that do a more complete job.
There are many bootable security disks, but eventually you will run across something impossible to fix reliably. Its still a reactive measure. It is better to focus on proactive or preventive measures. And have a backup plan.
A good list of free bootable Security programs on CD or for USB:
Comodo has released a new one, Comodo Cleaning Essentials
, but I have not tested it yet. Looks promising.
One good measure to minimize an attack is LUA, Limited User Account, for your everyday pc usage. Any Admin duties can be handled with the Admin account or the "run as" command . This makes it very difficult for an attacker to control the pc if you don't have Admin rights.
How to set it up:
Setup a new user account with Admin rights, something like Supervisor. Be sure to password protect it. Then, log in to the account and change your user account to Limited. Password protect it.
You can always change it back if needed, no harm done.
If that is too inconvenient, you might consider the Drop My Rights method.
Use Secunia PSI , it can scan and help keep your apps updated . This is why a pc becomes vulnerable, it is not patched properly.
Look over your AV , Firewall , Internet Security programs if sandboxing is available and learn how to implement it. Avast and Comodo have it maybe your does as well. Or check out Sandboxie
Where is your Backup !!!
Image your drive, backup the system , backup your files. A backup is 100% foolproof against malware.
What is a Rootkit ?
If you get these, seek a pro or better yet , break the glass " In case of emergency" where your drive backup image is.
It's free so there is never an excuse ,
Here is a better guide in helping you get started in securing your pc's.
rocketmech, thanks so much for your time and wisdom.(and every one else that makes this site what it is).
I started looking into the virtual drives and stuff a while back, but then as luck would have it work got realy buisy and the computering fell to the wayside.
spring has sprung and we are shut down for a while( I hope) and I can spend some quality time on the ole computers again.
I do pay attention to what ya,ll have to say and I assure you anything of importance is backed up on external drives, and the realy important stuff
like drivers for all my rigs, family pics, etc.. are backed up on cd/dvd.
anyway, again thanks, looks like I got some reading ahead of me.I will be trying some of this stuff out real soon and look forward to sharing the trials and tribulations that Im sure are coming my way.