• I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...

Replicator I found your virus (Google Rant)

K

Keith Rae

New Member
I got that windows security alert virus that says your system is infected with all kinds of viruses looks like a legitimate anti virus program. I had came across it before on a cap site. Had a backup so I wiped that system. This time it came from a link in a Google search. You know the one that when you click on a link that you think is to the company or site you get hijacked and taken to an other search site.
GOOGLE is getting to be hijacked by people putting false and misleading links to increase traffic through their sites to increase their hit count so they can charge more for there pop-up and site advertising. Google barges about being he biggest search engine, but when you type in a search and it show that there are 65,000 links. I'm not impressed. the amount of crap you have to wade through, with redirects, bad links, misleading links, links to sites no longer there, the list goes on. And on... When I enter a website if there is something I want I'll click on it to download it. I hate sites that automatically uploads things to my computer without asking permission. THE ANSWERS NO!
The virus came from site I was redirected to... I recognized the beast and thought O-$#!T Thought about it for a second it was either loaded in memory or in the file cache area of Firefox that I have set to clear cache and history when i exit the program. So I held down the start button till the system shut down then restarted the computer. Its gone and all is working fine. But it turns nasty if you try do do anything to it, or with it, even trying to close and shut it down.
Thanks Replicator your post on the weekend had it fresh in my mind. That virus is like my uncles old sleeping dog, It looks innocent enough but just leave it alone! I started to rant a little in the middle sorry. :biggrin:
 
Replicator

Replicator

New Member
Like I said before, if anything pops up when I'm on a site, I hit Ctrl-Alt-Del and shutdown my browser completely.

Better safe than sorry !

Clicking NO or EXIT could really be YES or I ACCEPT . . . It's just not worth the risk !
 
choucove

choucove

New Member
I've removed this variant of virus off of eighteen computers since Thanksgiving, many of them with different names to the false anti-virus program that pops up, but all of them functioning the same way. There are many things that make this virus bad:

1) It is coming from legitimate sources. People think you only get viruses through bad emails or inappropriate websites. Not true. This virus is rampant everywhere, from Facebook to forums to Google Search (if you just happen to hit the right server at the right time you never can tell)

2) It infects computers even with up-to-date legitimate anti-virus software. Most of the computers I have removed this virus from have been running AVG, McAfee, or Norton and still have been infected and even had the legitimate anti-virus program so corrupted that it had to be completely removed.

3) It can take over all functionality of the system very quickly if not dealt with properly and promptly. Some of the computers that I had worked on with this virus had been left going with this issue for a week. By that point, when the user started up the computer it would not even let them open a single file or so much as shut down the computer or open the start menu, stating that the root .exe file for that action or file was corrupted or infected and had been blocked.

Many times they state for this virus to restart into safe mode to scan your computer with a very good antivirus program (I've had great luck with Avast!) but in many cases, this option does not work as the anti-virus files will be skipped over in a scan or simply not load and thus evade deletion. The only real key I have found to remove it is, when the computer loads at the very beginning just after the logon screen, immediately begin hitting the Ctrl+Alt+Del combo to bring up the task manager. You have to do this before the virus loads into memory or it will block the task manager from opening. If you are fast enough, you can get the task manager to load and can then switch over to kill the fake anti-virus process after it loads. That should allow you then to run virus definition updates and system scans. There have also been some manual removal tricks that involve finding a hidden uninstaller application and then removing some registry keys.
 
johnnysigns

johnnysigns

New Member
I got dinked w/ that and a trojan for surfing two weekends in a row. I had to do a system restore on the AV 2010 thing, none of the removal steps I tried worked at all.
 
Graphics2u

Graphics2u

New Member
johnnysigns said:
I got dinked w/ that and a trojan for surfing two weekends in a row. I had to do a system restore on the AV 2010 thing, none of the removal steps I tried worked at all.
Click to expand...
Same here! I couldn't remove it, had to do a full recovery. One computer I was able to save by doing a manual registry restore.
 
choucove

choucove

New Member
johnnysigns said:
I got dinked w/ that and a trojan for surfing two weekends in a row. I had to do a system restore on the AV 2010 thing, none of the removal steps I tried worked at all.
Click to expand...

AV 2010 is the most recent "variant" that I've seen around lately. It was slightly more difficult for me to remove than other variants because starting up into safe mode and attempting a scan would not catch the virus as with some previous variants I had fixed. In fact the first time I ran across this variant about a month ago, the antivirus programs didn't have an updated definition to catch it, so none of them would properly scan and fix the issue.

This is the variant that, as I stated above, has a hidden uninstall file within the /Program Files/Common Files folder that you can run and will disable the application. However, you still have to go in and do some registry removal or changes, as well as a few other steps to remove it. The way I found those steps out was just to google the name of the fraud virus and how to remove.

However, these viruses do not require a complete reformat to undo, and in some cases a system restore will remove them from the system, but not all variants will fix this I have found.
 
G

gamerxr72

New Member
I was a computer tech before I got into the sign industry. Even got certified. Here's some info:

If you get a virus, do not restart your computer until you run a virus scan. A virus cannot completely compromise vital system components that are already loaded. To get really bad, it needs to set itself up to load before they do and this can only be done when windows loads. Most virus scanners should be able to remove it fairly easily on initial infection before a restart.

Don't use internet explorer. Because IE has the largest market share of any browser, it is also the most targeted for security vulnerabilities. I use Firefox because Ive gotten used to it, but I hear Chrome is good to.

If you are getting popups from Google, your browser is compromised already. Google does not have popups. For that matter if you're getting porn popups while reading this post, you can be pretty sure this site isn't doing it.

Personally, I use AVG Free edition as a virus scanner, and superantispyware (google it) as my spyware/malware scanner. There is a difference but much of what a virus scanner and a spyware/malware scanner does may overlap. My house computer has AVG run a scan at 10:00am every morning because Im never at home at 10:00am.

If I download a suspicious file, I scan it before running it.
 
K

Keith Rae

New Member
In My case it was not a pop up in Google, but a site link that took me to an another search domain (Boggas link) Then shit started happening. I had chased this thing around in circles before and it seamed the more you tried to bet it out of your system the more in trenched it became till you couldn't boot even into safe mode. This time as soon as the pop up security warnings started and I recognized them for what the were I didn't want to save anything or shut anything down properly because your computer saves settings automatically in the last mode your in. I had the feeling that at the virus was still only in memory so I dumped the system so nothing cached in memory would be written to the drive. I pulled the plug so to speak it was my laptop so held down the power button till the system turned off. I know its not good to dump a system like this But it worked, started backup and has been running fine. I hope you all manage to avoid this one.
 
J

jon vital

New Member
I've had to remove this virus several times aswell. I am frankly staggered that all the highly rated AV programs let this thing through.

When it gets to the stage that your PC can be almost ruined by simply clicking on a link then the internet is on the verge of being broken IMO. I can't imagine how many thousands of hours are being wasted and money being lost by this type of thing. I really think the virus writers deserve shooting.

I ran loads of AV scanners and Malware removers and none of them worked. In the end I think I used Combofix, which costs nothing.
 
You must log in or register to reply here.
Top