'ScareWare'

K

Kloofvreter

Honorary Master
Joined
Aug 7, 2008
Messages
30,281
Reaction score
1,991
Location
Cape Town
I have recently picked up a virus while surfing porn sites. Now usually a combination of AVG and Spybot S&D keeps me virus-free, but then this thing popped up and changed by background to bright green with a message that my system has been infected. It also disabled many windows features, like task manager. It is basically a fake antivirus that pops up a message every now and then that it has detected viruses and spyware and then opens a browser window with a site where you need to purchase the full version. What a joke. Only thing that's not a joke, is that I cannot get rid of it.

ProcessExplorer reveals a process called Winupdate86.exe. Once I terminate that, I'm able to remove all the files and registry entries by that name, and once I restart it's back again. Have tried many anti spyware/anti virus packages, no success.

And then my friend phones me and tells me he's got the same issue. :o

Anyone have any experience with this?
 
Firstly,download Sandboxie,run Internet Explorer/Firefox using sandboxie,prevents **** like this from spreading ;)

Next to actually remove this - Malwarebytes' Anti-malware :)

gg
 
Browse pr0nz with Linux, not Winders.

Or use somebody else's PC :D

Or you can use a live CD (Knoppix/OpenSuSE/Ubuntu) to browse your fornication sites and save to local disk without having to worry about malware/scareware.

I laughed at a malware antivirus when I checked out a link my wife was having problems with - all of a sudden I got this windows antivirus running on linux :D:D
 
The_Librarian said:
Browse pr0nz with Linux, not Winders.

Or use somebody else's PC :D

Or you can use a live CD (Knoppix/OpenSuSE/Ubuntu) to browse your fornication sites and save to local disk without having to worry about malware/scareware.

I laughed at a malware antivirus when I checked out a link my wife was having problems with - all of a sudden I got this windows antivirus running on linux :D:D
Click to expand...

Thats what the Sanboxie is for,runs the browser in a sandbox environment,if you downloaded anything you do need move it from the sandbox,otherwise /delete and forget :)
 
Or, better still, virtual windows in virtualbox.

Once infected, delete the infected image and restore from a backup :D
 
PC Direct said:
Just do a system restore. Will sort it out one time.

I know I had this before also.

Cheers.
Click to expand...

Or not. System restore is the mother of virus backup systems


The_Librarian said:
Or, better still, virtual windows in virtualbox.

Once infected, delete the infected image and restore from a backup :D
Click to expand...

Meh,call me pedantic but 1) delete sandbox session of browser or 2) delete entire operating system - even a virtual one. Option two seems a bit baby-bathwaterish :P
 
PsyWulf said:
Meh,call me pedantic but 1) delete sandbox session of browser or 2) delete entire operating system - even a virtual one. Option two seems a bit baby-bathwaterish :P
Click to expand...

Option 2 is the safest bet as you simply delete the infected virtual machine. No need to reinstall everything - you simply create another VM from a backup image you made after a full install - 15 minutes max. Compare that to a system restore, or trying to figure out which registry entries malware uses to restore itself. After all, you'll never know what residue is left by malware after uninstalling said malware from your system.
 
The_Librarian said:
Option 2 is the safest bet as you simply delete the infected virtual machine. No need to reinstall everything - you simply create another VM from a backup image you made after a full install - 15 minutes max. Compare that to a system restore, or trying to figure out which registry entries malware uses to restore itself. After all, you'll never know what residue is left by malware after uninstalling said malware from your system.
Click to expand...

You clearly aren't reading option 1 - or understanding it ;)

Sandboxing the browser is a simpler version of a virtual OS for internet browsing. Sometimes using a sledgehammer to put thumbtacs to a wall isn't the most elegant or even remotely viable option ;)

Give it a read

http://www.sandboxie.com/
about every site you visited. And any malware you come across will usually try to write itself into the paper.

Traditional privacy and anti-malware software try to locate and erase any writings they think you wouldn't want on the paper. Most of the times they get it right. But first the makers of these solutions must teach the solution what to look for on the paper, and also how to erase it safely.

On the other hand, the Sandboxie sandbox works like a transparency layer placed over the paper. Programs write on the transparency layer and to them it looks like the real paper. When you delete the sandbox, it's like removing the transparency layer, the unchanged, real paper is revealed.
Click to expand...
 
Last edited:
Er... Everybody seems to forget the best precautionary solution ---> Stay away from "that" sites ;)
 
PsyWulf said:
Firstly,download Sandboxie,run Internet Explorer/Firefox using sandboxie,prevents **** like this from spreading ;)

Next to actually remove this - Malwarebytes' Anti-malware :)

gg
Click to expand...

The problem here is that this virus is active all the time, even in safe mode, when I'm not running IE or not even connected to the Internet. If I understand correctly, Sandboxie keeps IE in a separate memory space (so to speak). How will this help MalwareBytes to remove this ****ing virus?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X