I’ve seen the ravages of this ransomware
./ malware on a couple of peoples systems. I’ve always asked what
preceded the infection. You know ….. So then I could tell other
users to avoid that. I’ve not been able to pin point exactly what
happened maybe the users are so embarrassed that they’ve been had?
Does anybody know how this gets
installed? Is it a popup that tells the user that their computer is
infected with Viruses or Trojans? Is it a supposed video codec that
contains the malware?
Once I know I am going to tell my users
about it.
LD
Information Technology Professional
517-432-5296
From: MSU Network
Administrators Group [mailto:[log in to unmask]] On Behalf Of Skutt, Tim
Sent: Thursday, June 26, 2008 6:46
AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Removing
Al,
I came across a system with this last
week. It was quite a pain, but I did notice that I could get most of the
stuff removed if I logged into the machine with a different profile. I
then used superantispyware to scan and delete the malware. I finally had
to delete the users profile as there were still reminants of this running to
reinstall it from there.
Symantec Antivirus 10.2 didn’t
detect anything either.
From: MSU Network
Administrators Group [mailto:[log in to unmask]] On Behalf Of
Sent: Wednesday, June 25, 2008
10:15 PM
To: [log in to unmask]
Subject: [MSUNAG] Removing
I'm working on a pC that has this malware. It's one of
those programs that pop up a fake antivirus dialog and try to scare the user
into either installing something, or buying something that they
shouldn't. Has anyone seen this particular variant before?
Nod32 isn't detecting it at all. I've seen similar trojans in the
past, and I was able to remove those using a little utility called
SmitfraudFix.exe; However, SmitfraudFix isn't detecting this particular
worm. The issue is further complicated by the fact that this machine is
offsite, and I'm trying to talk a user through fixing this over the
phone. I therefore really want to stay away from solutions that require
hand editing the registry if at all possible.
Thanks,
Information
Technologist
http://www.rcpd.msu.edu
120 Bessey Hall
517-884-1915