Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!
Fake PC Antivirus program stole my friends credit card (precautions help)
I helped a friend last night with some kind of trojan/virus that I've never seen before to this extent.
Description of Events:
My friend thinks he got it when he was searching for recipes (he would tell me if it was porn or something, we have no problem with that) when he clicked on the first search result without looking and the website kept redirecting him. Eventually a fake program simply called "PC Antivirus" came up and started displaying fake scanning processes. It tells the user that some hundreds of viruses have been found and that you need to register to have them removed. It's designed to not let you do anything else, so he had to restart his computer.
The big problem then was that immediately when Windows boots and you log into any of your user accounts it runs the same fake program. Since he needs to do job searches and such he went to register the product and inputted his credit card information. It gave an error message when submitted. I'll assume the error message was fake and it actually took the info.
To Get Around The Problem:
Since the program runs even before you get to the Windows Vista desktop I didn't see any way to get around it. His HP allows you to try to system restore from a special boot menu but it didn't work. To finally get around it I went to the boot menu that brings up safe mode, etc and then selected advanced boot settings (safe mode would still run the fake program) and selected something like "use last successful windows login settings." Either this alone or the combination of the system restore worked (because it did give a notice about system restore once we got to the desktop).
Now into Windows as normal, I started checking task manager and the msconfig startup list, trying to research if anything was bad, but in the limited time and the abundance of crapware on HP computers I didn't find anything unusual. We ran a full scan using the most up to date Windows Defender and AVG Antivirus (free version) and it came up with nothing at all. I installed Rootkit Revealer but it wasn't able to run. Then I installed Ad-Aware. I started the full scan but I had to head home. This morning he says it removed a lot of cookies and 3 what he called "TAI or TAL" programs. He says he couldn't identify what the 3 specifically were. It seems TAI just stands for threat analysis index so I'm not sure what really happened.
Even though Windows boots normally now, what do you think I could do to try to remove any lingering bad processes or files? I'm afraid that there still might be something malicious running like a keylogger. Searching for removal to this specific PC AntiVirus problem the closest I came up with is this. From what I found nobody really mentions the part where you can't login to windows.
He notified his credit card company about what happened but should he specifically ask them to give him a new card?
Windows Defender, Windows Firewall, and User Account Controls had somehow all been turned off (not by him). They're turned on now. AVG is running. What additional programs should I run? He uses Qwest DSL. He does tend to use Firefox for the web and I'm surprised it let a malicious program run. I thought browsers stopped multiple redirects and such. Is there anything I can do to change browser settings to take better precautions?