I’ve seen the ravages of this ransomware ./ malware on a couple of peoples systems. I’ve always asked what preceded the infection. You know ….. So then I could tell other users to avoid that. I’ve not been able to pin point exactly what happened maybe the users are so embarrassed that they’ve been had?
Does anybody know how this gets installed? Is it a popup that tells the user that their computer is infected with Viruses or Trojans? Is it a supposed video codec that contains the malware?
Once I know I am going to tell my users about it.
LD
Lee Duynslager
Information Technology Professional
Michigan State University
517-432-5296
Al,
I came across a system with this last week. It was quite a pain, but I did notice that I could get most of the stuff removed if I logged into the machine with a different profile. I then used superantispyware to scan and delete the malware. I finally had to delete the users profile as there were still reminants of this running to reinstall it from there.
Symantec Antivirus 10.2 didn’t detect anything either.
I'm working on a pC that has this malware. It's one of those programs that pop up a fake antivirus dialog and try to scare the user into either installing something, or buying something that they shouldn't. Has anyone seen this particular variant before? Nod32 isn't detecting it at all. I've seen similar trojans in the past, and I was able to remove those using a little utility called SmitfraudFix.exe; However, SmitfraudFix isn't detecting this particular worm. The issue is further complicated by the fact that this machine is offsite, and I'm trying to talk a user through fixing this over the phone. I therefore really want to stay away from solutions that require hand editing the registry if at all possible.
Michigan State University
Resource Center for Persons with Disabilities
120 Bessey Hall East Lansing, MI 48824-1033
