I always accepted users comments that they didn’t know how
they got infested because its generally the truth. I didn’t understand
how they couldn’t have noticed that their machine had slowed, but even on
campus the network can get frustratingly slow at times. Now that it happened to
me, I can tell you one way to get it. Using MSIE, browse to a recommended site
from a news aggregator who has never let you down in the past. After thirty
seconds or so your machine slows to the point that any tech knows it’s
been infested. There are thousands of sites that are harboring mal-ware
scripts. I know I should have been using Firefox, but for some reason I was in
IE.
For my home machine running online scans offered by both www.antivirus.com (Trend Micro) and http://www.kaspersky.com/virusscanner
(Kaspersky Labs) cleaned up the problem. While not requiring much interaction
from me, the scan process did take hours.
Here at work I used to trust HitmanPro II http://www.hitmanpro.nl/hitmanpro/
but even it hasn’t been catching the latest script installed malware.
Best practice as of today – Run Firefox or Opera with
scripting turned off. I was amazed at the number of everyday sites that require
scripting to do simple things that could have been better coded. Now I
generally recover data from another profile and re-image the machine.
Good luck.
Don Bosman
Information
Technologist
Libraries,
Michigan State University
100 Library
East Lansing, MI 48824-1048
[log in to unmask]
(517) 432-6123 ext 233
Fax (517) 432-8374
From: MSU Network
Administrators Group [mailto:[log in to unmask]] On Behalf Of Lee
Duynslager
Sent: Thursday, June 26, 2008 9:06 AM
To: [log in to unmask]
Subject: [MSUNAG] XP or Vista Antivirus 2008 ..... What is the mechanism
of infection
I’ve seen the ravages of this ransomware ./ malware on a
couple of peoples systems. I’ve always asked what preceded the
infection. You know ….. So then I could tell other users to avoid
that. I’ve not been able to pin point exactly what happened maybe
the users are so embarrassed that they’ve been had?
Does anybody know how this gets installed? Is it a popup that
tells the user that their computer is infected with Viruses or Trojans?
Is it a supposed video codec that contains the malware?
Once I know I am going to tell my users about it.
LD
Lee Duynslager
Information Technology
Professional
Michigan State University
517-432-5296
From: MSU Network
Administrators Group [mailto:[log in to unmask]] On Behalf Of Skutt,
Tim
Sent: Thursday, June 26, 2008 6:46 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Removing Vista Antivirus 2008?
Al,
I came across a system with this last week. It was quite a
pain, but I did notice that I could get most of the stuff removed if I logged
into the machine with a different profile. I then used superantispyware
to scan and delete the malware. I finally had to delete the users profile
as there were still reminants of this running to reinstall it from there.
Symantec Antivirus 10.2 didn’t detect anything either.
From: MSU Network
Administrators Group [mailto:[log in to unmask]] On Behalf Of Al
Puzzuoli
Sent: Wednesday, June 25, 2008 10:15 PM
To: [log in to unmask]
Subject: [MSUNAG] Removing Vista Antivirus 2008?
I'm
working on a pC that has this malware. It's one of those programs that
pop up a fake antivirus dialog and try to scare the user into either
installing something, or buying something that they shouldn't. Has anyone
seen this particular variant before? Nod32 isn't detecting it at
all. I've seen similar trojans in the past, and I was able to remove
those using a little utility called SmitfraudFix.exe; However, SmitfraudFix
isn't detecting this particular worm. The issue is further
complicated by the fact that this machine is offsite, and I'm trying to talk a
user through fixing this over the phone. I therefore really want to stay
away from solutions that require hand editing the registry if at all
possible.
Thanks,
Al
Puzzuoli
Michigan
State University
Information
Technologist
http://www.rcpd.msu.edu
Resource
Center for Persons with Disabilities
120
Bessey Hall East Lansing, MI 48824-1033
517-884-1915