The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Computer Virus "System Tools 2011"
Al_wat
Registered User regular
Registered User regular
I JUST got this virus that has essentially taken over my computer. I am posting from my sister's computer right now.
Basically I got it from some website, i got a random popup which said something like "your computer is infected! buy this product!" and I shrugged it off as another generic popup and closed it. All of a sudden, it is now popping up from my taskbar. Then a window popped up asking for my credit card number, saying I had all these viruses. Then my background changed. Basically; my computer is fucked.
I did a quick google search and I find threads from other websites recommending that I run malwarebytes and something called "stinger".
Has anyone heard of this "stinger" program before? If it is legit, does anyone know a legitimate site to download it from?
arrggggg I hate this bullshit
basically my plan right now is to download malwarebytes on my sisters computer and move it to mine via a USB key, then run it in safe mode and hope to god it gets rid of this thing.
Basically I got it from some website, i got a random popup which said something like "your computer is infected! buy this product!" and I shrugged it off as another generic popup and closed it. All of a sudden, it is now popping up from my taskbar. Then a window popped up asking for my credit card number, saying I had all these viruses. Then my background changed. Basically; my computer is fucked.
I did a quick google search and I find threads from other websites recommending that I run malwarebytes and something called "stinger".
Has anyone heard of this "stinger" program before? If it is legit, does anyone know a legitimate site to download it from?
arrggggg I hate this bullshit
basically my plan right now is to download malwarebytes on my sisters computer and move it to mine via a USB key, then run it in safe mode and hope to god it gets rid of this thing.
Al_wat on
0
Posts
Looks like it's a McAfee tool. Definitely get it and MBAM on a USB stick, boot in safe mode (without networking). I've heard this one can be kinda nasty.
Yeah I didn't even download any files or anything (manually). I went to a website, and BAM it was on my machine.
I'm kinda terrified right now. I have a lot of shit on my computer I would rather not lose.... but the "nuke from orbit" option might be my only real hope here.
Out of curiosity would it be wise to backup files to an external harddrive and then "nuke" my computer? Or would there be too great of a chance of the virus simply migrating over to the external drive?
If you don't have malwarebytes installed, load up safe mode w/ networking and download it. To update it, go to the folder where it's installed and change the mbam.exe (or whatever it is named) to ieexplore.exe then it will allow itself to be run.
It will clean the infection.
Must be updated though!
edit: I am in no way talking shit or trying to inspire a panic, but the only website I had open when I got the infection was this message board and gmail. Maybe I should tell a mod that if someone else got infected and mostly only went here.
However, I also get the idea that most people posting in that thread are not computer savvy... and therefore would be the type of people to be like "its that damn facebook!" without reason.
i got this one recently and rather than trying to fix it i just booted into safe mode and restored the pc to the restore point windows made that morning after it updated...
That might be a good idea, I'm pretty sure Vista can do this but I might be wrong. I'll try the malware bytes and stinger approaches, if they don't work then I'll look into the restore.
Also this thread (http://forums.malwarebytes.org/index.php?showtopic=66064) shows what I have, right down to how the window looks that pops up.
Thanks everyone for the quick responses too!
Found three files: a registry file, some .lnk file, and the .exe file
location of executable: C:\programdata\dnfii08200\dnfii08200.exe
I've used MB to delete these files.
Think there's a point to doing more scans with different software? Seeing as this did find something is it reasonable to assume it found all the files from this virus?
ceion08200.exe
system tool 2011.lnk
registry value thingy
I think you're fine.
Now I'm trying to figure out what website it was that infected me...
Pretty much any website that hosts ads can infect you. It's the way they operate these days - Hide website redirects in flash and/or other ads. They rotate their schedule, too, so that it doesn't happen 100% of the time, and therefore is much harder to track. Also, any website that allows user generated content, or ever user generated posts. A good way to potentially avoid this crap is to run some kind of adblocker in conjunction with some kind of script blocker. That way, not only will the ads not load, but if someone is injecting a nasty iframe, or other redirect, directly into the page, the scriptblocker will usually prevent the redirect from downloading the malware.
Additionally, if you ever see one of those 'You are infected, scan now!' Pop-up messages? CTRL-ALT-DEL, task manager, immediately kill the browser process. Then scan with MBAM to clean up any non-executed crap. Basically what you're looking at when you see one of those pop-ups isn't an actual window - It's a gigantic javascript trap. Essentially clicking anywhere on the thing (Even the big red 'X' in the upper right) is a trick which says 'Yes! Please infect me with your shit, you son of a bitch', and starts the download.
I realize I'm rambling here, but I'd also highly recommend running your browser in some kind of a sandbox or virtualized environment - And doing so with reduced privileges. For just this reason: There's no such thing as 'Safe surfing' anymore, as regards staying on 'Safe' websites. Just about any website can serve up malware these days, not just porn and illegal software sites.
A lot of viruses like this are now embedding themselves in profile-specific areas, so you have to scan using the same account that got the infection. You may also want to try SuperAntiSpyware.
I'd also bet that most of the people saying "I only ever look at Gmail and PA!" actually mean "I only ever look at Gmail and PA [tiny]and pornography[/tiny]!"
Facebook is a cesspool of infectious programs, as well; you should basically never, ever run any Facebook app.
steam | Dokkan: 868846562
As for sites I was looking at around that time - not gonna lie I was looking at a torrent site, I've never had any kind of problems from it before but I'm leaning towards this site being the culprit. I'm not going to say what one because I think that may violate forum rules.
I was also looking at some stupid dog picture website linked from SE++, I can't rule this one out. I wasn't looking at porn at the time so thank god my go-to porn site seems to still be ok
As far as CTRL-ALT-DELETE'ing and closing the browser - what I actually did when I saw this message was first I hit the physical switch on my laptop that shuts off the wireless. Then I tried to CTRL-ALT-DELETE and it told me "task manager is infected!"
In some ways I feel like this is a stupid virus. Wouldn't an effective virus not want to reveal its presence? Then again based on the fact that it asked for a credit card number a thousand times, this is clearly aimed at idiots.
Ah, okay. Most of these bugs out there do a pretty thorough sniffing of your OS and browser to search for known exploits. If an open vulnerability exists, then they can pretty much download/execute/infect without your even doing anything at all. Since the latest version of Firefox is 3.6.13, chances are something on one of those pages you had open took advantage of a security hole in the older version you were using. That's probably why infection happened before you even called up the task manager.
Yeah, it's two fold. The 'scareware' tactic that's becoming increasingly more popular hopes to frighten people into thinking that they've got an infection, and then trying to leverage that fear to get their money for an illegitimate A/V suite. The second thing to keep in mind is that once something like this is on your computer, the part you see is just the 'face' it wants to present. Usually these infections carry some nasty droppers/trojans, which then let other malware into the system. If a rootkit is involved, you'll never even know that something's left over. You can clean out the obvious stuff, but the rootkit will still own your system. In that case, game over, full stop, reformat and reinstall.
Actually, I'd recommend that regardless - But I realize that's often not what one wants to do.