Nasty computer virus is running amok

Just wanted to give a heads up to all GRMers, my IT guy notified me yesterday of a nasty virus that's making the rounds. This is a very convincing pop up that says a virus has been detected on your computer click here to fix it. We've all seen those before and I started to dismiss his warning with a "I would never click on that" but he insisted that this one looks very much like a windows security essentials window and several of his clients clicked on it. This particular virus relocated the files on your computer, so in addition of getting the virus off there you are also faced with the daunting task of locating all of those files, and they apparently go EVERYWHERE.

This morning I got the pop up and let me tell you it looked VERY CONVINCING. I almost clicked on it. I could hear the hard drive activity starting after the window popped up. If you get the pop up you should not even click on the red X to close it, you have to pull up the task manager and shut down from there. Clicking anything on the screen will initiate a download.

Luckily I had the heads up, I wanted to pay it forward. Happy surfing!

Tell me more about this Task Manager...

Cars, I know. Computers, not so much.

I got hit with this one a few weeks ago. Major pain to hunt/kill.

In Windows, hit the "Vulcan Nerve Pinch" of Control, Alt, and Delete keys together. This will bring up a dialog with a few options to choose. One is Task Manager. Using the Task Manger, you can force the computer to quit any particular open programs without having to make them active.

I got it two months ago.

Got a new laptop six weeks ago.

DOA.

If you get the virus you can start your computer in safe mode (mash F8 a few times after the single 'beep' when you first turn it on) and run the Windows Malicious Software Removal Tool or MalwareBytes or some other trusted malware remover to deal with it.

Don't search for 'malware removal' or anything like that because the first results on any search engine will be more scams.

This is why I love owning a Mac

what he said

MA$$hole wrote: This is why I love owning a Mac

Yeah, what's the point of writing a virus when the company's willing to screw it up for you.....

(From an iPad owner that has NEVER seen a "software update" not blow the machine away and watched Apple updates kill his son's Mac Mini on several occasions...)

-Rob

This is why I run Linux. Which is safer than even a Mac. Macs can get a nasty virus, but, no one cares to make them. Not as fun as a Windows virus I guess?

Huh. Macs are for sissies.

UBUNTU RULES!!!!!!

No one wants to take the trouble to write a virus for 4.3% of the computers sold.

I had a similar situation a few months ago. Malwarebytes and AVG took care of it without too much drama.

Thanks for the heads up Ms Mojo.

Combofix.exe will remove it. I run into it often with clients

Does anyone know what it is called? I think I got it this morning, and I think that I probably clicked the red-x.

Will ad-aware take care of it? And GRtechguy, more info on Combofix.exe?

What's a virus?

It calls itself Win 7 Security Update. The kid downloaded it onto her laptop Saturday, I was up till midnight getting rid of it and it popped up again yesterday. Dammit. She and the computer are at gramma's this week, I guess I get to do battle with the damn thing again next weekend. My computer guru told me how to get rid of it through Safe mode using Malwarebytes and something else: the latest version masquerades as a Java update window and there have been instances of it showing up as an Adobe version as well. So be REAL careful.

pstrbrc wrote: UBUNTU RULES!!!!!!

I don't get religious disscussions about OSs anymore, but in this case, I'll agree with you. I picked up a similar virus to the one described above, except that it was worse....the data was still on the drive, but it was inaccessible under windows.

Ubuntu saved the day. I could still mount the drives and read the data, so I used it to copy everything onto a new hard drive. More info here: http://grassrootsmotorsports.com/forum/off-topic-discussion/recovering-data-from-a-locked-hard-drive/33960/page1/

(BTW, if I was going to get into an OS war, I'd say OpenBSD is more secure than Linux. )

Curmudgeon wrote: there have been instances of it showing up as an Adobe version as well. So be REAL careful.

That's the variant I was dealing with....Like I said, it "locked" the hard drives (as far as windows was concerned.)

Twin_Cam wrote: What's a virus?

A nucleic acid core, with a protein capsule around it. Possibly a membranous envelope from the host cell. If it is a retrovirus it will have the enzyme reverse transcriptase packed inside with the core.....never mind.

JoeyM wrote:

Twin_Cam wrote: What's a virus?

A nucleic acid core, with a protein capsule around it. Possibly a membranous envelope from the host cell. If it is a retrovirus it will have the enzyme reverse transcriptase packed inside with the core.....never mind.

The punchline of that should be "but that's not important right now"

Curmudgeon wrote: and something else: the latest version masquerades as a Java update window and there have been instances of it showing up as an Adobe version as well. So be REAL careful.

Oh E36 M3

Good news is most of them can be fixed by running the recovery console through the command line.

DOS saves the day again!

I've had those rogue anti-spyware/anti-malware viruses a time or two between a few different computers, and after a day or two PER COMPUTER to root out the little piece of E36 M3, I have come to the conclusion that the guy who wrote that particular code deserves to go straight to hell. he does not get to pass "Go" and he most certainly does not get to collect $200. berkleyers, the whole stinkin' lot of 'em.

oh, and +eleventybillion for Malwarebytes, I'm just about convinced that program can root out any malicious bit of code known to man

I made $20 getting rid of it for someone once, I used microsofts process explorer to kill it (you have to rename it to iexplore.exe or something to get it to let you run it), then once the program (virus) is no longer running, malwarebytes will get rid of the bad files. It could have gotten more sophisticated since then, but that worked when I did it.

Can we just send him our viruses? Huh, please?