[RESOLVED] Got a virus, now I am paranoid

[MMock]

There seems to be some sort of virus that found its way onto my PC. I am a professional web developer. I am at work, and I have two PC's - an "old" one and a "new" one. The new one is infected, but at least I can work on the old and post to this forum.

I seem to have gotten this virus when I clicked on a link when I was googling why my web service wasn't working (authentication problem). So instead of that one problem, now I have two.

The virus presented windows such as "Files indexation process failed" and a window entitled "System Fix" that says Repair PC - so when I google this stuff I get tons of hits, but those links want me to click on videos and watch what I need to do or click a button that will destroy these parasites - and these seem bogus to me, too, so now I am paranoid about clicking anything!

Well maybe I just need to be patient - Vipre is running on the infected machine but it is taking a long time. And our IT person said it may not even have the definition of this virus or know what to do if it's detected.

Not sure what I'm asking you, but thanks for listening...

[Hack]

How much source code do you have on the infected machine?

Is it backed up?

What would you lose if IT had to restage the box?

[MMock]

Oh my God - thank God for source control!!! It is all there. There may be a change or two not checked in, but I haven't developed anything huge lately.

I don't think I would lose anything terribly important. I have Excel files where I take notes on various deployments that I work with and those notes are helpful, but I'm not rendered useless if I can't refer back to them.

So it's more the inconvenience now that I can't use that machine (it is my VS2010 machine and has all *new*development so I'm limited what else I can still work on that's in VS2008) and how long will it take to get it back?

There might be some kind of a backup, but none that I've explicitly done.

You know, I work with software and earn an honest living and I love it. I don't understand what kind of a person would write a virus. They're obviously intelligent. What are they doing with their lives besides this? Do they go to a job every day like me and do this in their spare time for fun? That is sick.

[Hack]

I don't understand what kind of a person would write a virus. They're obviously intelligent. What are they doing with their lives besides this? Do they go to a job every day like me and do this in their spare time for fun? That is sick.

I've often wondered the same thing.

They aren't like us...they are the one's that tie fire crackers onto a cats tail because its funny to watch the cat scream around in circles.

We occasionally will get someone on VBF asking "how to" questions on creating a virus. Few VBF related things give me greater pleasure than to close the thread and ban the member.

[MMock]

Few VBF related things give me greater pleasure than to close the thread and ban the member.

Thank you for that! You do us all a tremendous service.

Now if we could only help those poor cats...

[Jenner]

People who write viruses typically... about 99% of the time, work for organized crime syndicates. Viruses are the tools they use to extort, con and rob people these days.

Extortion: Slipping a backdoor denial of service program into a "Freeware" program and infecting a few ten-thousands of machines, then picking a target and saying "If you don't pay us $$$$, we're going to shut down your internet. No?" Sends the activation command to that network of infected machines to do a DDoS attack on that site.

Con: Popup saying "OMGZ!? YOUR COMPUTER IS INFECTED WITH THESE (lists 58 official sounding viruses and throw in some spooky works like "hacker" and "child porn")!! You MUST click this link and for ONLY $50, download the program that'll fix it all!!!

Robbery: A "Browser Helper Object" that looks to see if you have "bankofamerica.com" open. If so, starts recording any keystrokes and html POST fields. Send that info back to an anonymous dead drop computer for retrieval.

It's got nothing to do with "malicious kids" these days. It's all big money.

[MMock]

Wow.

[MMock]

Well, IT is on his way down to our office from HQ. I feel bad making him drive an hour or so just because someone's evil and I'm an idiot.

[Jenner]

Exactly, a virus/malware writer is typically some very intelligent kid, usually college-aged, employed by a group like the Russian or Chinese mafia, to program ways to cash in on people's fears and ignorance. If their malware nets the crime syndicate big money, then they live very opulent lifestyles... If not, then they get their fingers smashed with an 8-lb sledgehammer...

[moti barski]

@ MMOCK
was anything new installed ? a program ann activx ? what browser was used ? is your OS updated ?

[MMock]

No, I hadn't installed anything. I was googling a problem I was having with a web service and I think clicking one of the results was the culprint (which is why I am paranoid). I did not download anything, but I was prompted to allow a program to modify my computer. I said yes, which I know is stupid, but I am so sick of Windows 7 asking me everytime I want to do something if I should allow it, that I guess I clicked without thinking of what was really asking me. It's like the boy who cried wolf - you hear (see) it so much you stop paying attention. So I must've said to the virus, sure - come on in! It was IE8. I'm on auto-updates for my OS, so yes it's updated.

Our IT person is awesome and it looks like he was able to get rid of the virus and restore everything because I am using my PC again and so far so good. I emailed him to ask what he had to do.

[Jenner]

That's good to hear. Honestly, that's one of the reasons I stopped using IE. It seemed once a month, it would somehow auto-download something as web content and attempt an execution. Most exploits rely on very specific bugs and file-paths in order to work. Just by using Firefox or Chrome, you've reduced your odds of infection by exploit by massive amounts. Not because Firefox and Chrome are in any ways "better", but because they are "less used".

[incidentals]

hi virus guy here

if you are on the web these days and some service fires up telling you you have a problem

its talking "SHITE"

you do not have an issue - I will be ALMost ( and I ment(sic) that formatting ) 99% sure of it

there is a large amount of **** floating about the web at the moment looking for ip's if it finds you it will present as a dialogue from some service of antivirus or registry fix or whatever

if it was a virus you own antivirus would have picked it up! ( unless its out of date or the attacker is soo new.

what you actually have is a screen show ( the best term i can think of ) because there is no name for them even yet

some people thing of then as rougue antivirus etc

they are simply a piece of code that runs a script to preasure you into paying a fee to be set free, which of course doesn't happen

the thing is a screenshow looking like some thing that is or has been scanning your machine for faults and then offers to resolve the faults by way of a licenced copy i.e fee

your anti-things cannot deal with the baddy because it is a program doing nothing at all viral or problematic, it does not scann or try to access anything it should not, it does not attempt to go to the web unless you tell it to, it just wakes up often and talks "SHITE"

you need to identify it as an unusual file in startup and simply stop it running .

once you have control you can remove it

the problems come when the "BUGGERS" connect them selves to the file types and cause themselves to be started when exe's are started or when html documents are started

that's when it becomes a game of cat and mouse or "BLOODY IRRATE CAT" and mouse to be exact.

there are ways around the latter effects to but I will not mention them in an open forum ( because you can not be too sure if the "BASTARDS" who make this stuff are watching

there is always some thing they forget, its always been the case and always will be, thats how we catch them!

good luck with the machine keep us posted on its progress and get you techy to contact me if they come a cropper, before you lose everything (anything)

I've a machine to clean up when i get back to the island its suffered one of the latter but is working away fine in an altered state of conscienceness (sic)


the simplest thing to do as soon as you get one is

ctrl+alt+del
taskmanager
and kill the process
or all of the internet processes
you will often find that that is enough to prevent getting too enbrolled

here to talk

[mbutler755]

Malwarebytes should do the trick. It's free and readily available from ninite.com. If you have issues running the installer because of the virus, change the name of the executable and that should do the trick.

[MMock]

Everything has been running as if the incident never happened, thanks to our IT here.

Unfortunately, because I felt I owed you all the resolution, when I asked him if he could summarize what he did he said no it was too complicated. I don't know if he's too busy to explain it or would rather forget the whole thing, but I cannot offer anybody else the help I received. Except know you should ignore anything telling you you have a virus unless it's your own installed anti-virus s/w and don't answer yes to dialogs that are prompting you to make changes to your system unless you know what's asking.