Non-FJ - Virus\Malware Public Service Announcement

[rlucas]

Note: this is not one of those scare-the-pants-off-everyone, send-this-to-everyone-you-know things. I can attest that it's real, and a huge pain in the ass.

I'm fixing the Canadian sales rep's computer for the third time in 6 months. Last time, it was a particularly nasty piece of malware called Smitfraud.C, which I've now seen 6 times on 4 PCs. I've managed to remove it in the past, although it took a full day the first time. Most (nearly all) spyware\malware\virus tools won't touch it. Usually comes bundled inside a hacked video codec download, and I can now verify this...

...because the dumb fuck turned around and caught it again almost immediately. He downloaded a codec called Xvid, which is actually a legit codec replacement for Divx...but it's open-source, so anybody can get the source code and screw with it, then post it up for download - and there's about a million places to download it with no way to tell if you're getting the infected version or not. This time, I can't clean it; it's going to have to be rebuilt. I'm tempted to blast the damn thing and let him lose all his documents...but the business impact would be too great. However...

If the dumb shit does it again, I'm killing his account. I can do that. It's good to be da King.

Be very careful. If you get it, it will disable your anti-malware software, throw bogus virus messages, disable your desktop, and, potentially, a bunch of other crap depending on the variant. The potential fix is to download SmitFraudFix and MalwareBytes (both free). SmitFraudFix must be run from the hard drive of the infected PC: it won't run from a CD or floppy. Run SmitFraudFix in Safe Mode, reboot and run MalwareBytes in normal Windows mode (if you can), then go back to Safe Mode and run SmitFraudFix again. Then cross your fingers and say a novena, or sacrifice a chicken or something; it can't hurt.

Now, back to your regularly scheduled programming.

Rossi

[Marsh White]

Rock,

Good info.  On a slightly related note, that is why I don't allow attachments to be uploaded here.  Pictures no problem - but no attachments.

As we know, that is how 99% of computer viruses are spread...I would just hate for someone to upload one of those lame PowerPoint presentations that people e-mail each other and infect the whole damn lot of us.

[Yamifj1200]

Rock,

Good info.  On a slightly related note, that is why I don't allow attachments to be uploaded here.  Pictures no problem - but no attachments.

As we know, that is how 99% of computer viruses are spread...I would just hate for someone to upload one of those lame PowerPoint presentations that people e-mail each other and infect the whole damn lot of us.

Thanks Marsh, I'm glad some one is looking out for us. I never understood anyone creating a virus... WTF do they get out of trashing peoples computers,,, bunch of asshats....

Eric M

[gradice]

Rock,

Good info.  On a slightly related note, that is why I don't allow attachments to be uploaded here.  Pictures no problem - but no attachments.

As we know, that is how 99% of computer viruses are spread...I would just hate for someone to upload one of those lame PowerPoint presentations that people e-mail each other and infect the whole damn lot of us.

Thanks Marsh, I'm glad some one is looking out for us. I never understood anyone creating a virus... WTF do they get out of trashing peoples computers,,, bunch of asshats....

Eric M

Hey Eric,
It's like electronic GRAFFITI. What we need is a system that when they catch these little BASTARDS they put'em in JAIL with someone who'll invade their SOFTWARE, if you catch my drift!!!!!

[ddlewis]

Weird how none of the malware busters works on everything. smitfraud is a bitch.  Some combination of ccleaner, malwarebytes, SS&D, and SuperAntiSpyware ususally will do it.  Have you come across "yoog"?

My secret recipe is to start by logging in on every local account on the system, and run ccleaner.  Then the anti malware coctail..  followed by mutiple reboots, cuss loudly, manual registry editing of run keys, more reboots, throw shit.. Once you get it clean load up the latest AVG and threaten to kill if they eff it up again.

[FJ Flyer]

I use the Malwarebytes and Super Anti-spyware.  Good stuff.  Guy at work pointed me toward majorgeeks.com for all that stuff.  He got some nasty infections from some music downloads. 

The government travel system contracted thru Northrop Grumman got hacked with a worm and they shut the whole thing down for a week.  So no new authorizations, and more importantly, no voucher reimbursements.  And some idiot in HR left a file with names and socials for 46K FAA employees on some server on the west coast.  Got hacked by our friends in Russia.  Now we're all getting credit monitoring.  Oh boy!!!!

Stay protected!!!

[rlucas]

Weird how none of the malware busters works on everything. smitfraud is a bitch.  Some combination of ccleaner, malwarebytes, SS&D, and SuperAntiSpyware ususally will do it.  Have you come across "yoog"?

My secret recipe is to start by logging in on every local account on the system, and run ccleaner.  Then the anti malware coctail..  followed by mutiple reboots, cuss loudly, manual registry editing of run keys, more reboots, throw shit.. Once you get it clean load up the latest AVG and threaten to kill if they eff it up again.

Part of the problem is many of the "busters" actually detect *each other* as spyware. SS&D doesn't like Spysweeper; Symantec doesn't like McAfee, etc. AVG and MalWareBytes seem to play nice.

Yoog sucks, and if I never have to see another HijackThis! log, it'll be too soon.

Rossi

[FJ Flyer]

I had installed search and destroy on our old computer.  Found stuff fine, but then had the incessant window pop up begging for you to buy it.  Couldn't uninstall the damn thing.  Had to use another anti-spyware program to get rid of it.