When Malware strikes ...

[StuartR]

...all one needs to do is close the pane using the "White" X on the RED button.

It is better to use task manager to kill the application. I believe that some variants of this have a transparent OK button in front of that white X, just to trick you.

[HansV]

I'd like to reinforce Stuart's recommendation. As I wrote in post=50428 on page 1 of this thread

If you get attacked, do not click on ANYTHING in the web page, including Cancel buttons and close buttons of pop-up dialogs, for ANY click can be interpreted as consent to continue. Use the task manager to kill the browser session.

[StuartR]

The important thing to remember is that windows will never allow any software to intercept the Control-Alt-Del keystroke combination. You can be 100% confident that the dialog box that pops up when you type Control-Alt-Del is authentic.

[Doc Watson]

The important thing to remember is that windows will never allow any software to intercept the Control-Alt-Del keystroke combination. You can be 100% confident that the dialog box that pops up when you type Control-Alt-Del is authentic.

One thing I noticed with a recent infection from one of these lovely things was that the Cntrl-Alt-Del command took forever to open Task Manager and the thing regenerated before I could stop more than one instance running. I had to do a hard shutdown that trashed the MBR (if the nasty didn't do it), slave the drive to another system, clean it using the tools installed there, then do a system restore in Safe Mode when first booting the cleaned drive and once certain the system is OK, dump all the old restore points and start with a fresh one.

IMHO, slaving to another clean system is the best way to clean an infected drive

[StuartR]

...
IMHO, slaving to another clean system is the best way to clean an infected drive

I agree with this 100%, this is the best, fastest, safest and most effective way to clean an infected drive.

[ChrisGreaves]

... slave the drive to another system, clean it using the tools installed there, ...

Hi Doc and Stuart.
This has been a wake-up call for me.
I loaded up the new Notebook back in late December and haven't tried to restore/rebuild, excepting that two weeks ago, for the first time, I did a System Restore from the early-morning boot.
In the past, when troubles arose, I found it simpler to rebuild the C: partition from the WinXp CD and bite, so to speak, the bullet.
I have dug out what I think is the boot CD I made last December and the associated image files and will set aside some time this weekend to get back on track.

[Charlotte]

Is isn't only web sites and search engine that turns up these scams. I got one in an email that popped up and started "scanning" when I previewed the email, which was from a friend's spoofed or hacked email address. Since I run real time scanners and ZoneAlarm firewall, I used task manager, ran my own security programs from safe mode, and found that I had dodged the bullet.

[tedshemyers]

This is why I have stated often that the best security scheme is a user being proactive with their security because so many others have no concept of PC security and their PC's are used to attack us. Many of these attacks come in the form of these fraudulent scanners, but others come in the form of phishing emails. Yesterday I received a fradulent email, supposedly from Microsoft On Line (it was an extremely well programmed email that looked very convincing) that supposedly announced a security breach and wanted me to send personal data to verify my account so I would not be locked out. This was easy to spot for me, but would have been easy to fall for by the masses that are not proactive with security. It is soooo important to keep updated.

[tedshemyers]

To add to the slaving discussion, I have found the Quickest way for me to clean up one of my systems is to restore from an Up To Date Image I made before a problem occured. In my case, due to my proactive approach to security, I have not fallen for one of these and have not been infected. However I screw up regularly while "playing" with my OS. In less than 10 minutes I'm back up and running by restoring from an Up To Date Image. This procedure could also be used if I become infected. I can format the drive and restore from my Image. This works great for PC's that have been Imaged.

[viking33]

To add to the slaving discussion, I have found the Quickest way for me to clean up one of my systems is to restore from an Up To Date Image I made before a problem occured. In my case, due to my proactive approach to security, I have not fallen for one of these and have not been infected. However I screw up regularly while "playing" with my OS. In less than 10 minutes I'm back up and running by restoring from an Up To Date Image. This procedure could also be used if I become infected. I can format the drive and restore from my Image. This works great for PC's that have been Imaged.

Imaging is indeed a real life saver and gets you out a of a number of perplexing problems.
If you are doing a full image restore. there shouldn't be a need to reformat the drive, since the first step in re-imaging is to blow away the old partition, format on the fly and then restore the image information.
Any "nasties" are taken care of in this process.

[BobL]

This procedure could also be used if I become infected. I can format the drive and restore from my Image. This works great for PC's that have been Imaged.

I agree with the whole discussion with just one caveat: Be certain you have 'enough' of a series of backup images so that you can go 'back' to a point in time where you weren't infected. That may be hard to determine and trial and error may be needed.
Obviously, if you are at the peak of your PC skills you should know pretty quick if you've been infected with a virus, but a casual user may not.

[tedshemyers]

I agree that when restoring from an Image whatever is there is blown away so that a format is not necessary. Just added this step for those that are paranoid about trusting Images exclusively to wipe out nasties. Restoring from an Up To Date Image is a less than a 10 minute process on my PC's and that is much less than trying to clean up a bad nasty that is deeply rooted. The key words here are "Up To Date".

[StuartR]

If I have to clean my own PCs then I simply restore the latest image backup.

If I have to clean someone else's computer then the best method is usually to take their hard drive and clean it on one of my PCs.

[ChrisGreaves]

Happened to me today, second time in two weeks.

I had reason to un-install and then re-install Grisoft's AVG 9.0 this morning.
I loaded my browser (FireFox v3.6.1.5) and was greeted with this:

2.png

This is what I had thought would protect me from clicking on malicious links.
I understand that even Grisoft can't be on top of every malicious link, but the malware scare still caught me by surprise.

[stuckling1]

(sort of backtracking the thread a little but..)

I too have had two malware 'false scanners' recently, both from poisoned results in Google Image searches for CD artwork. I've never had these attacks before, so to have two in as many weeks seems odd to me.
I did, of course ensure that I didn't click any tempting links in the poisoned sites, ended the FFx process tree in Task Manager, turned off my wireless (to stop any ongoing connections), scanned with Malwarebites, Avira & Windows Defender, backed up my system once sure it was clean, re-opened FFx in Safe Mode, removed the bad sites from my history to prevent accidentally re-opening them, then and only then switching the Wifi on again and re-connecting to the Web.

Fortunately on both occasions this has helped me dodge the bullet and I've not been infected, but it has set me wondering -

a) I know these attacks are always getting more common, but has there been a sudden explosion almost overnight? Esspecially as other Loungers seem to be commenting on their increased frequency
b) How come in all my years of surfing I've only just recently fallen victim to this?

and c) ; my real question, would the fact that I've recently upgraded to FFx 4.01 (from 3.69) have made any difference to making me more vulnerable to this kind of threat? All my other local protection is up to date and the same as it ever was.

Regards;
Stuckling1

[ChrisGreaves]

b) How come in all my years of surfing I've only just recently fallen victim to this?

Hi Suckling1.
The simplest answer to this is that we haven't changed, nor the software, but the gremlins are getting better at it.

One might have asked the same question about each new malware technology, going backwards in time


How come in all my years of surfing I've only just recently fallen victim to malware links
How come in all my years of surfing I've only just recently fallen victim to phsihing
How come in all my years of surfing I've only just recently fallen victim to exe viruses
How come in all my years of surfing I've only just recently fallen victim to Normal.dot viruses
How come in all my years of surfing I've only just recently fallen victim to infected floppy disks
etc.

[DaveA]

How come in all my years of surfing I've only just recently fallen victim to malware links
How come in all my years of surfing I've only just recently fallen victim to phsihing
How come in all my years of surfing I've only just recently fallen victim to exe viruses
How come in all my years of surfing I've only just recently fallen victim to Normal.dot viruses
How come in all my years of surfing I've only just recently fallen victim to infected floppy disks
etc.

Because they saw that you had not been getting any and tracked you down. The more you post on some of those social places the easier it is to find you. and they did.