Just wanted to alert everyone about a very nasty piece of malware out there!
My companion was the recipient of this "nice" piece of software. He is running Windows 7, 32 bit. He has no idea how he got it. Anyway, it takes over your whole computer, and you cannot even open any executable on your computer. It tells you that your computer is infected...it even takes over your desktop. It disables eveything. You cannot even get into safe mode to try to run a anti-malware program to try to get rid of it. It even blocks all your system restore backups! What a piece of work! I am hoping that I can get to his documents folder and copy that...I can't remember if I put that on a different partition or not...I sure hope I did! I am going to have to wipe and re-install everything for him.
http://www.spywareremove.com/removeSystemTool2011.html
May be some help ...
DON'T! You don't have to do all that, MJ.
Here: http://www.wiki-security.com/downloader/SpyHunter-Installer.exe
or:
how did he sneak that in?
ahhh..... so that is what I have..... I have been on an old lappy for a week..... blocks everything...including the net....gave up...
thanks for the headsup jazzy....
See if you can download the tool, and put it on a flash drive, then transfer it to the laptop, Syd...
Hope that works for you.
I'm not a windows 7 person, still on XP. Can you boot from a different drive, or boot insafe mode, and then restore to an earlier point, etc.?
My system was infected with the infamous 'facebook trojan.' After a week i finally had to reformant my hd, and reinstall windows. I hope you get your system cleaned more easiallly than I did mine. There is hope, many very knowledgabe people on this site who will give excellent' suggestions.
I'm on XP..... no safe mode... no restore points... no nuttin...
might give that a go doc... just over it at the moment........looking at getting a new PC.... 'bout time I bit the bullet and got 7..... just got a lot on at the moment and can't get my head around specs..... then I'll just reformat this one...
hitting F8 at start-up on some newer boards will bring up the boot order menu. on other boards, F2, F10, or F12 will do the same. to get to safe mode, one needs to wait until the motherboard "info page" and list of drives passes and then hit F8. that will bring up a menu of boot options for Windows. safe Mode will be at the top of the list.
UPDATE! I got rid of the dang thing, using MalWare Bytes. I went to their forums, and found very specific instructions on how to get rid of the Trogen. Here is the link to it:
http://forums.malwarebytes.org/index.php?showtopic=66064
You will not be able to download the file from the infected computer. I downloaded it to my pc, then copied it to a flash drive and then copied that to his desktop.
I didn't have to wipe and re-install anything. I also did not have to go into safe mode. It took all of about 15 minutes from to start to finish. Just be sure you follow the instructions EXACTLY as stated in the instructions.
Needles to say, My companion is a happy camper now.
Good!
I have Lavasoft AD AWARE....
and I didn't explain myself well before.... it automatically goes to the Safe Mode boot options menu page only... just, when you select it... it just boots back to the menu....constantly...
but, I don't get the pop ups to buy a removal program... so maybe I have a different prob...
nothing a sufficiently high balcony won't solve though......
Edit.... just saw your reply jazzy...page been sitting here for awhile..... will give that a go....
I've encountered this rascal on several occasions on various PCs. Malwarebytes was the only thing that fixed it. Note of advise. Run at least 2 full scans with it and perform a reboot to safe mode between scans.
For those that encountered the trojan, any thoughts on where you may have picked it up from?
I've seen this thing come in from various places just out of the blue too.
Last encounter.. I saw someone playing a game on facebook and BAM! it just starts scanning your system. Once that starts you are already infested.
Thanks Phoon.
I had this on my daughter's PC. It comes up as a pop-up and tells you you are infected. When you try to close the pop-up, it launches the program. Then entire pop-up is the "accept" button. In other instances that it has come up, I've just killed it with Task Manager or shut down the PC.
The reason I asked about how it is picked up is I believe it tried to get to me by way of ImageShack the last couple of times I used it.
I have not had time to view Doc's video (will do so in a bit), but a friend got a bug just like that one. I was about to reformat and re-install! (not quite, I had other options, but you can see the frustration level). But then I stumbled upon a way around it.
I tried to open a file that did not have an association. So it let me pick something to open it with. I chose CMD.EXE (it would not let me go to the command line itself). And it opened a command line! I was then able to switch to the infected directory, rename the file (not delete it, it was running) and reboot - and then clean everythiing up!
So I guess the key is to leave a disassociated file on your desktop?
As for how your friend got it, I have had many people tell me the same thing. One thing I have read is that when the infecting popup shows up, the only "clean" way of closing it is to crash your browser. Any other click was probably programmed in by the authors to be a "yes".
My companion is not sure how he got it, but he had been looking at a slide show that he got in an email, just before the thing popped up.
You can browse in https mode on facebood (highly recommended).
You can also browse in virtual mode using Sandboxie (sandboxie.com) for x32 and x64, or BufferZonePro (free) for x32.
They give you a red line around your browser window and seemed to bother a couple of skins (sandboxie).
This thing will infect more than just a few files. It will blow itself through the registry and many areas of your system. You got lucky!
I have avoided it before by pulling the plug on the PC... how-ev-errrrrr.... that is NOT advisable.
A few weeks ago I flipped a breaker that turned out to be the computer room. 1 system shut down and the OS was hosed upon attempted reboot.
Yeah. Try the old task manager next time and kill whatever web browser you are using. It's also a good idea to not have firefox set to reload the last page you were viewing or you might be right back at square 1.
Them dang slideshows are frought with peril.
I guess I'm lucky then.
*looking over shoulder warrily*
There are many great features available to you once you register, including:
Sign in or Create Account
