Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[AdrianH]

There are several new nasties around that are catching people out and preventing removal as they are replicated or triggered by users natural reponse to reboot and try to reach safe mode.

Win7 Antivirus is seeded all over the net , Facebook is a known source of infection, this malware also is often packaged with other infections and will often prevent even the best AV /Antimalware systems running and preventing removal.

DO NOT shut down/reboot your machine, Rkill a tool available from Bleeping Computers could well rescue your system, download and run this tool THEN use your normal AV system or malware tool to clear the infection.

   What Rkill is and does (and does not ) do http://www.bleepingcomputer.com/forums/topic308364.html

    Rkill downloads http://www.bleepingcomputer.com/download/anti-virus/rkill

rkill comes in various package names, this is because the malware writers know about the tool and include code to prevent download/install/run, keep trying a package till you find one that works.

[tuftedduck]

Thank you for the heads-up, AdrianH, that sounds like a really  nasty one. 

Thank you, too, for the link to the antidote. 

Am I correct in assuming that despite the virus's title, it can affect all versions of Windows ?

[AdrianH]

Thank you for the heads-up, AdrianH, that sounds like a really  nasty one. 

Thank you, too, for the link to the antidote. 

Am I correct in assuming that despite the virus's title, it can affect all versions of Windows ?

From what I have seen it can infect any Windows system, there are various others around, for XP and Vista with 2010/11/12 etc tagged on.

The big issue is the "do not shutdown/reboot" which is what they are targetting now. I read of a laptop this week where the owner got no warnings and the AV in use did not react, there was a "pause" then error messages relating to hard drive errors came up followed by a ficticious Google Update notification, the user clicked cancel which was fatal, having then attempted a reboot to get to Safe Mode his laptop is unusable as it wont boot at all, this is where a boot/rescue disc comes into play.

[AdrianH]

This is what Win7 Antivirus looks like :

http://www.lavasoft.com/mylavasoft/rogues/win7antispyware2012

Lavsoft's Rogue Application gallery >>

http://www.lavasoft.com/mylavasoft/rogues/latest

look through the alphabetical list to see what is out there ( it'll take a while!)

[HPsauce]

I guess it depends on what other resources you have and what approach you take to these threats.

I've concluded that, in general, trying to fix from within a single infected system is at best going to be tedious and fraught with difficulties.
And often impossible. 

My approach is almost invariably an "instant power off" (remove mains and battery if necessary), remove hard disk and scan/repair by connecting (USB caddy usually) to a known good system already up-and-running with all likely tools already installed.