For PC Virus Victims, Pay or Else

[AVGWarhawk]

Quote:

Originally Posted by jimbuna

This ransomware has been around for a while yet some people actually pay and that is what annoys me.

In your line of work I'm sure you noticed people are gullible and easily open to suggestion. The flashing alert with red numbers running up like mad indicating virus and porn on the computer is overkill on suggestion. People breakout in a cold sweat as soon as they realize something might be wrong with their beloved computer. Visual stimulus of their world crashing in on them. All of this takes place in a second. Second number two the card is out to pay for the program to unlock the virus and free the individual from eminent failure of all they have amassed on the computer! It plays on one's fears. It works quite well.

[Jimbuna]

Quote:

Originally Posted by AVGWarhawk

In your line of work I'm sure you noticed people are gullible and easily open to suggestion. The flashing alert with red numbers running up like mad indicating virus and porn on the computer is overkill on suggestion. People breakout in a cold sweat as soon as they realize something might be wrong with their beloved computer. Visual stimulus of their world crashing in on them. All of this takes place in a second. Second number two the card is out to pay for the program to unlock the virus and free the individual from eminent failure of all they have amassed on the computer! It plays on one's fears. It works quite well.

Yep, quite a rollercoaster ride for some I should imagine...especially if they've been looking at iffy sites in the past

[AVGWarhawk]

Quote:

Originally Posted by jimbuna

Yep, quite a rollercoaster ride for some I should imagine...especially if they've been looking at iffy sites in the past

Hmmmmmm....wonder how Dowly handles these.

[Jimbuna]

Quote:

Originally Posted by AVGWarhawk

Hmmmmmm....wonder how Dowly handles these.

LOL....with just two little fingers I should imagine

[Sailor Steve]

Quote:

Originally Posted by HunterICX

Ransomwares are a joke...

I've already removed 2 of them on PC's at work, you only need a set of tools (Anti Virus, Malware scanners, Rootkit killer and stuff that hunts and eliminated the traces)

just boot up your computer in Safe Mode with Network acces to have your PC unlocked from that crap and you can get to work.

Yep. I had one of these not too long ago, and completely re-installing Windows didn't help. Once I found out about doing it in safe mode, Malewarebytes was the only program that finally found the thing and killed it. It was a good thing I already had MB on my PC, because you can't get online to download stuff in safe mode.

[eddie]

Well Steve, with Win7 you have a choice to rreboot in Safe mode or Safe Mode with networking, which means you can get online while in Safe mode.

I picked up that stupid redirect virus or rootkit. Everytime I wanted to go to a site I normally go to, I would get redirected to somewhere else, a real PITA too,lol

I went to Symantics website, and tried a small virus proggy that they let you have for free, but it didn't work. So I checked out Kaspersky's site and found this for removing rootkits. It does run in Safe mode and fixed my system just fine without reinstalling Windows, which I really appreciated. I also picked up a virus that won't let Windows boot up, has a funnjy name (which I can't remember ATM) but you'll see a blue screen that says something about I/O problem and you should get your systems admin for help. Its name includes Harddisk, but I don't recall the full virus' name.

Should dl it and keep it handy if you pick up this rootkit, when you run this, it will update itself also, which is great!

http://support.kaspersky.com/faq/?qid=208283363

[Sailor Steve]

Quote:

Originally Posted by eddie

Well Steve, with Win7...

Well, you see, I still have XP. So I keep my Malwarebytes handy.

[eddie]

That's good!

[HundertzehnGustav]

boot safe mode, malwarebytes... presto.
or boot safemode, dos commands, activate admin accont (the hidden one!) and reboot.
log in as asmin account, check msconfig for funny stuff, and find relevant files.
remove delete burn and nuke.
reboot
malwarebytes.
Ccleaner
reboot
use regular account to check...
remove admiin account (deactivate)

basta.

1h work, 50 dollar in the pocket.
5 dollar tip and an embarassed customer... it was obvious where he got the stuff.
happened wednesday to me...

[Stealhead]

I guess that some people really believe the fake law enforcement ones it seems.Who ever gets the money from these must not be doing to poorly I'd say
not to much effort to make them up really.

Really common sense would be that if you really had been busted you'd have the police at your door with a search warrant but I suppose that people are gullible.

[Jimbuna]

Quote:

Originally Posted by Stealhead

I guess that some people really believe the fake law enforcement ones it seems.Who ever gets the money from these must not be doing to poorly I'd say
not to much effort to make them up really.

Really common sense would be that if you really had been busted you'd have the police at your door with a search warrant but I suppose that people are gullible.

Precisely

[Catfish]

Quote:

Originally Posted by HundertzehnGustav

boot safe mode, malwarebytes... presto.
or boot safemode, dos commands, activate admin accont (the hidden one!) and reboot.
log in as asmin account, check msconfig for funny stuff, and find relevant files.
remove delete burn and nuke.
reboot
malwarebytes.
Ccleaner
reboot
use regular account to check...
remove admiin account (deactivate)

basta.

1h work, 50 dollar in the pocket.
5 dollar tip and an embarassed customer... it was obvious where he got the stuff.
happened wednesday to me...

Well then you had another than our clients in Germany.
We did exactly what you did, only it came back after 5-7 reboots.

There was no other way than really wiping it -

[HundertzehnGustav]

There was one thing i did not have to try yet:
http://www.bleepingcomputer.com/download/combofix/

It seems to be like ACID for your OS... removing everything but the stuff needed to operate your programs, and leaving your files alone.

The guys that use it where i work can not praise it enough...

and this webpage says:
http://www.bleepingcomputer.com/download/windows/

Based on Total Downloads
1. ComboFix 5,794,630
2. RKill 882,349
3. Malwarebytes Anti-Malware 803,527
4. Unhide 258,174
5. TDSSKiller 188,374




and i mean... 5mill to 800k in second position... can not be bad software!
But as they say: handle with care (test in VM or something...?) and know exactly what you do!

I use ComboFix when needed.

[Skybird]

Careful with Combofix, it seems to be very powerful, but can kill system elements that leave you with anm instabile system. I know of two such cases, and inb oth cases people were not able to revert via system restore points and sooner or later ended with reinstalling.

At a couple of German places I also occasionally read that it is not fully reliable/compatible under x64 OS.

For routine scans I would definitely stay away from it.

Number of downloads must not mean anything. On German sites, it does not get mentioned much, and gets mediocre ratings only.