2nd computer hit with FAKE AV...Process to clean it up?

Started by Jan Regnier, May 04, 2011, 01:54:38 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Jeff Golas

Quote from: Jeff Zylstra on May 04, 2011, 03:08:55 PM
Quote from: Jeff Golas on May 04, 2011, 02:51:36 PM
Update Acrobat Reader, Java, and Flash. Update your browsers if they're dated. That'll stop the infections. As for what to do with a fake virus infected computer - wipe it and start over. Easier and more guaranteed.

Jeff

Is it possible to keep Flash updated for more than 2 days?   They update more often than our AV product!

And you're lucky if you can find it, and install it in under 3 hours using MSI files.

Jeff
Jeff Golas
Johnson, Kendall & Johnson, Inc. :: Newtown, PA
Epic Online w/CSR24
http://www.jkj.com

Robin Deatherage

Quote from: Jan Regnier on May 04, 2011, 03:59:11 PM
No, Robin, it wasn't that one!  It said "XP HOME Security"....

I can access programs as ADMIN but not as the STATXXX.
Jan have you seen this?  http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011 removal instructions look similar to the other solution but references a registry fix tool you can download. I have not used that tool but have always had good luck with tools from this site.  Hope it helps. 
Robin Deatherage, CIC
Chas. Lunsford Sons & Associates | Roanoke, VA
Applied Private Cloud Server; TAM 2014; Fax@vantage v9; Office 2010;
Applied Hosted Exchange; 3 Office Locations

Jan Regnier

Quote from: Robin Deatherage on May 04, 2011, 04:18:05 PM
Quote from: Jan Regnier on May 04, 2011, 03:59:11 PM
No, Robin, it wasn't that one!  It said "XP HOME Security"....

I can access programs as ADMIN but not as the STATXXX.
Jan have you seen this?  http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011 removal instructions look similar to the other solution but references a registry fix tool you can download. I have not used that tool but have always had good luck with tools from this site.  Hope it helps. 

Looks promising - will give it a try!  Thanks, Robin.
Jan Regnier
jan.regnier@meyersglaros.com
Meyers Glaros Group, Merrillville, IN 26 Users
EPIC 2020, Office 365, Indio

Jan Regnier

+1 for Robin today!!!

FINALLY got it....

Used "FixzNCR.reg"
Used "RKill"
Used Malwarebytes (which I was using anyway)

Another wasted day..... sorta....but I did learn something new....


Jan Regnier
jan.regnier@meyersglaros.com
Meyers Glaros Group, Merrillville, IN 26 Users
EPIC 2020, Office 365, Indio

Robin Deatherage

Quote from: Jan Regnier on May 04, 2011, 05:06:16 PM
+1 for Robin today!!!

FINALLY got it....

Used "FixzNCR.reg"
Used "RKill"
Used Malwarebytes (which I was using anyway)

Another wasted day..... sorta....but I did learn something new....



Yea!!! Way to go Jan, glad it worked.  Sorry you had another wasted day but as you said you did learn something new.  And thanks for the karma.   ;D
Robin Deatherage, CIC
Chas. Lunsford Sons & Associates | Roanoke, VA
Applied Private Cloud Server; TAM 2014; Fax@vantage v9; Office 2010;
Applied Hosted Exchange; 3 Office Locations

Jeff Zylstra

+1 to Robin for mentioning one of my favorite sites, BleepingComputer.Com.  Great site for delousing infected machines, as well as other utilities and problems solvers.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Bloody Jack Kidd

I recently came across a really excellent link that was a malware removal how-to listing all the good tools and how to employ them... gotta find that link.
Sysadmin - Parallel42

Jan Regnier

OK - computer #3 got hit today.....used my new "handy-dandy FAKE AV Repel tool" and in a matter of a few minutes - cleaned up and back in business.  It never got loaded because--->

THANK GOODNESS I passed out the "What NOT to DO" document I put together to the staff yesterday!  It worked perfectly.

*DO NOT CLICK ON ANYTHING  -
*Use CTL/ALT/DEL and end processes for iexplorer (using IE)
*Control Panel /Internet-delete cookies/temp/history

I also went to Control Panel/System and turned off restore point, restarted computer and then reactivated restore point.
Jan Regnier
jan.regnier@meyersglaros.com
Meyers Glaros Group, Merrillville, IN 26 Users
EPIC 2020, Office 365, Indio

Bloody Jack Kidd

I guarantee this people are following links to images, videos etc. supposedly relating to Osama, SEAL, raid, etc.
Sysadmin - Parallel42

Jan Regnier

Quote from: Rick Chisholm on May 05, 2011, 02:28:32 PM
I guarantee this people are following links to images, videos etc. supposedly relating to Osama, SEAL, raid, etc.

She was in TAM on a client but she had the internet open and minimized- she wasn't actually viewing the internet - and it popped up..
Jan Regnier
jan.regnier@meyersglaros.com
Meyers Glaros Group, Merrillville, IN 26 Users
EPIC 2020, Office 365, Indio

Jeff Zylstra

Quote from: Jan Regnier on May 05, 2011, 02:24:09 PM
OK - computer #3 got hit today.....used my new "handy-dandy FAKE AV Repel tool" and in a matter of a few minutes - cleaned up and back in business.  It never got loaded because--->

THANK GOODNESS I passed out the "What NOT to DO" document I put together to the staff yesterday!  It worked perfectly.

-
*Use CTL/ALT/DEL and end processes for iexplorer (using IE)


I think I know your problem.   ;D
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Jan Regnier

Quote from: Jeff Zylstra on May 05, 2011, 03:05:43 PM
Quote from: Jan Regnier on May 05, 2011, 02:24:09 PM
OK - computer #3 got hit today.....used my new "handy-dandy FAKE AV Repel tool" and in a matter of a few minutes - cleaned up and back in business.  It never got loaded because--->

THANK GOODNESS I passed out the "What NOT to DO" document I put together to the staff yesterday!  It worked perfectly.

-
*Use CTL/ALT/DEL and end processes for iexplorer (using IE)



I think I know your problem.   ;D



Yeah - I know!!!  I have FF on some of the machines - but since most company websites work with IE - we still keep it as the default.  I am loading FF on all and asking that other than CO websites they use FF.
Jan Regnier
jan.regnier@meyersglaros.com
Meyers Glaros Group, Merrillville, IN 26 Users
EPIC 2020, Office 365, Indio

Jeff Zylstra

Quote from: Jan Regnier on May 05, 2011, 03:09:23 PM
Quote from: Jeff Zylstra on May 05, 2011, 03:05:43 PM
Quote from: Jan Regnier on May 05, 2011, 02:24:09 PM
OK - computer #3 got hit today.....used my new "handy-dandy FAKE AV Repel tool" and in a matter of a few minutes - cleaned up and back in business.  It never got loaded because--->

THANK GOODNESS I passed out the "What NOT to DO" document I put together to the staff yesterday!  It worked perfectly.

-
*Use CTL/ALT/DEL and end processes for iexplorer (using IE)



I think I know your problem.   ;D



Yeah - I know!!!  I have FF on some of the machines - but since most company websites work with IE - we still keep it as the default.  I am loading FF on all and asking that other than CO websites they use FF.


I haven't used IETabs in Firefox lately, but I think that would get around many of the issues with company websites.  Sadly, there are some companies that force us to use plug ins for printing and display that will only work in IE.  I really have to question why these proprietary plug ins are necessary, and who they really benefit!
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop