Ransomware/Malware

Fred's statement is actually very helpful. Based on user experience which is easily determined by a judiciuos use of Google, porn sites are by far and away the leading method of malicious computer crimes.

Your "friend's" hi-jacked computer is a classic case.

Your lascivious tag line indicates you wouldn't be too offended by remarks of this nature.

I guess to you his remarks would seem helpful, however, my freinds internet use is really no business of mine. Also, the fact that such sites are used to distribute malware etc. is common knowledge so I see no point in trying to embarass my freind with such comments. He and I are both free, white, and over 21, and I believe in "to each his own". Maybe you like to poke fun at people you deem to be below your personal standards, or publicly embarrass people with your remarks, but I dont use this site for that. I just wanted constructive information, and will leave the name calling and the judgement calls to others. Thank you

Thanks, I appreciate the help. Will start right away. Thanks again.

GA my eye!

How do we know your reply isn't a forgery??? Huh, Mr. Bird? And those links you posted? How come you know so much about 'em, huh??? You ain't foolin' me. I mighta been born yesterday, but it sure wasn't late last night! For shame, tryin' t' herd us all down that Garden Path o' yourn, cracking that whip until we all collapse in a heap, exhausted and spent and desperate with nowhere to go, and fork over our credit cards. You are a raptor, after all. (actually, I wish you would steal my identity while yore at it, cuz that means you'd get all my bills, too! hehe)

Great job on those FBI webpages, btw. GIMP, or a pirated copy of PhotoSlop?

Well, then I'll just consider that OT given me by some anonymous sourpuss as the cost of giving S.E. that GA. I'd give 'im another if I could. Nice post, SunBird.

Combofix is great, I used it in a similar manner today to get rid of a "redirect virus" on my wife's system.

GA SolarEagle,

I had a scammer call me and try to sell a program to remove a so called virus from our computer for 150 bucks. They claimed to be Microsoft. They actually gave us a number to reach them at. When I called Microsoft to check up on them, they had received several calls about this type of scam. Some people have way too much time on their hands.

Amen brother sister....

There are many more, all fake...

The third example is similar, however, we all know the FBI does not go around locking peoples computers and demanding money. What bothers me is the fact that some people must be falling for the scam. Why else would it be so widespread? I keep thinking "what next?" My freind is working on the problem now, will inform you all of the results. Thanks again for the help.

I picked one of these things up a while back.

Starting in safe mode, and going back to an earlier restore point got rid of it.

Ran an antimalware program afterwards, just to make sure.

Problem solved, thank you all, especially solar eagle.

Something I always do to help prevent things like this from getting into my machine (besides having an anti-virus program of some kind running), is to never click anything on a strange page or message I don't expect. Even if there is a button that says cancel or close. I only try and use the close button (the x) at the top right of the browser. If that doesn't close the window or causes a pop-up (which it often does), I use CTRL + ALT + DEL to close any browser windows in the task manager. I've even run into a few items that tried to stop you from doing that. Of course this is all running windows.

And all I have to say to those posters in the early replies is: boy is my wrist tired from all that x clicking

You follow some of the same safety steps I use. Additionally, any time I suspect something might have gotten into my computer, I press and hold the power button till the computer does a hard shutdown. Some malicious things that get into computers rely on the "saving" part of a normal shutdown to fully infect the system.

If your computer is acpi compliant then it does the save with a power button shut down. Same as start/shutdown. It is ALWAYS best to NOT shutdown when a virus or other malware is suspected. Set your anitvirus program to do a boot time scan, and any other anti-malware as well. If possible clean out all cookies and temp internet files. Try to run a cleaner like Advanced System Care immediately. Then reboot for the boot time pre windows scan. Sometimes just taking out a few key parts of the virus will make it unable to rebuild itself. But in many cases it is just best to remove the drive, replace it with a new one, reinstall windows, attach the original drive as a slave, virus/malware scan it, grab what data you might want, then hard format the original drive. A wise computer owner/operator always stores data on a secondary drive leaving the primary "C" drive to the programming only. Then when the OS gets messed up, just format "C", reinstall windows (or whatever OS you use) and all your data remains on "E" or whatever the secondary hard drive is called. Yes some virus mess with all the drives and sometimes even entire networks, but that is rare for the stuff guys are talking about here.

Most computers can be manually set to do what you want when you press the power button while the system is on. Pressing and holding the power button for about 5 seconds is the equivalent of unplugging it, and in the case of a laptop, also removing the battery.

The easier ones to spot (malicious links) usually show you the intended target site.

Hovering over the written "www.xyz.com" can actually read (in the window footer)

www.realnastysite.ru (or such) Simply, a totally different name to the one proposed.

This I find is a real give away.

(if they cannot write the truth in the link name, what more is on offer?)

Hope this helps.

jt.

Sorry, no jokes. (banned by the management.)

Hey,

You may also boot off of a CD such as The Trinity Rescue Kit or similar, and run a full scan of your hard-drives, sorry, friend's hard-drives. Depending on the number of objects, this may take up to a few hours.

This kind of nastiness comes in various flavors. The one your "friend" got is probably a gentle one: on several occasions have I seen the malware not only looking the machine up, but also encrypting most of the Office and Image files on the computer.

And please tell your "friend" not to skimp on a good AV protection. That's usually the only line of defense non tech-savvy people have on their machines.

J.

Ok guys I have repaired countless computers for so many different types of virus, malware, browser hijacks etc. I will tell you NO software anti-virus or malware blocker is 100%. But what has been near 100% effective is Sandboxie's Sandbox program. You run your browser or any other program in "the sandbox". This is now a fully isolated section within your system that does not allow any code within the box to access anything outside the box. Your virus pops up, tries to do it's thing to your operating system, but is stuck in the box. Then simply click on the "delete contents" of the sandbox and all the malicious code is wiped away. If you are downloading data, you will be prompted to allow the file out of the box and into open memory. If you want to see video or audio files, they too will run within the box. Running a viral keygen? Run it in the box and copy the key, delete the box and move on. And though the porn comments are quite true, the worst virus I have ever seen was infecting computers from the CNN online newsite page. Another bad one was the hacked into the Disney site. So to be fair, it's everywhere. So far no one has broken the Sandbox to my knowledge, but I'm sure they will. But for now it's the best defense we common folk have.

Since these randsom ware screens are using the FBI logo, you would think the FBI cybercrimes unit would be all over this. What do our friends in the States think about this statement?

They probably already know since the FBI probably surfs the porn sites more than the rest of us.

I use SpyBot along with Norton. Had that same phone call about being a Microsoft Consultant and that my computer was sending Microsoft all kinds of error messages. His link was to some outfit that sold programs to "clean up" your registry and remove trojans. Could hardly understand the guy. The phone number he gave I Googled and it was a Microsoft number in Denver, Co. Got him off the line and never called the number. Figured if it was a real problem let Microsoft call me back only with someone who spoke decent English (or American). Ran a Full Scan and Spybot and only found a few tracking cookies.

Thanks for the heads up Spinco. I'll watch out for that.

UFG

I've got a chrome laptop with google OS . The blurb claims that it can't be affected by stuff like that because everything is ' out there ' , so there is nowhere for nasties to hide and infect my stuff . Is that 100% correct , or no ?

I would think that if the browser can store cookies, you'd face some kind of trouble.

Adding to the lore:

I once had a nasty hooked into the Windows logon chain: would refresh itself from the Net.

After deleting it, I had to reboot while not connected to the net.