Jack The Ripper Forums  - Ripperology For The 21st Century  

Go Back   Jack The Ripper Forums - Ripperology For The 21st Century > Registration and Assistance > Technical Help

Technical Help Q and A regarding problems which may occur.

Reply
 
Thread Tools Search this Thread Rating: Thread Rating: 2 votes, 5.00 average. Display Modes
Old May 18th, 2011, 11:18 AM   #1
Chris Scott
Author & Researcher
 
Chris Scott's Avatar
 
Join Date: Apr 2008
Posts: 2,615
Default Very nasty PC infection

I was unfortunate enough two days ago to have my PC infected with undoubtedly the worst bit of malicious software I have seen.
It is called "Windows XP Recovery" and completely blocks access to your own system. It tell you all folders are empty and every few seconds you get critical error messages. A dialogue box appears and pretends to run a scan of your system and reports multiple errors and then takes you to a website to buy their software.
This malware is an absolute bastard to get rid of and it took me most of yesterday to get access back to my PC. It disables safe mode startup, and when you try to run an antivirus or anti malware program, as soon as it hits one of the files connected with the malware it restarts the PC.
The worst thing is that now that I have control of my system back virtually every setting on my PC has been screwed up and changed.
It will take me days if not weeks to get back to normal.
And the worst thing is that this f.....g program also disables and screws up System Restore.
If you are unlucky enough to get this infection PLEASE get rid of it as soon as you can.
My PC is well protected with firewall and antvirus but still it got through. I have no idea how I contracted it.
Chris S.
Chris Scott is offline   Reply With Quote
Old May 18th, 2011, 11:30 AM   #2
Tracy Ianson
Researcher
 
Tracy Ianson's Avatar
 
Join Date: Jul 2010
Location: U.K
Posts: 1,105
Default

Hi Chris

This is similar to the one Nathan got a few month back. I used Rkill on it and it worked really well. You can google Rkill and find out more info. As Nathan's laptop wasn't able to download it I downloaded it to my computer and used a usb key to download it into Nathan's computer. No problems since.

Tracy
Tracy Ianson is offline   Reply With Quote
Old May 18th, 2011, 11:52 AM   #3
Mike Covell
Former Member
 
Join Date: Oct 2007
Location: From Hull
Posts: 6,869
Default

Hi Chris, I had it a few months back and had a friend come and help me. Like yourself I have firewalls and anti-virus but this one got through. It continued to tell my that it had scanned my computer for free and found thousands of virus's, but it would cost me $xxx to remove them and install this software.

Luckily my friend took my computer back to a safe point, removed the virus, and restored the system, cleaning it up in the process.

I would love to get my hands on the little scrotes that create these things.
Mike Covell is offline   Reply With Quote
Old May 18th, 2011, 12:23 PM   #4
Magpie
Researcher
 
Magpie's Avatar
 
Join Date: Jul 2006
Posts: 3,431
Default

I had something similar a couple of weeks ago.

If you can get into task manager, look for a process called "oko.exe" and kill it (that stops the pop-ups.) You'll have to find and kill this process a lot while you're fixing the problem.

If you have Malwarebytes, you can rename the .exe file to a .com and run it without the malware knowing what you are doing. Malwarebytes generally cleans up those kinds of malware quite handily.
__________________
"Magpie, for a "brilliant researcher" such as yourself, you still have alot [sic] to learn."

Karen Trenouth
Magpie is offline   Reply With Quote
Old May 18th, 2011, 01:46 PM   #5
Chris Scott
Author & Researcher
 
Chris Scott's Avatar
 
Join Date: Apr 2008
Posts: 2,615
Default

Hi guys
Thanks for the comments
One of the other things it did was to disable Task Manager!
It was Malwarebytes that finally got me thru - each time I ran it it dealt with one of the files of the infection but then Windows closed down
I had to run various cleaners and anti malware programs about 20 times before I got back in
Chris
Chris Scott is offline   Reply With Quote
Old May 18th, 2011, 04:21 PM   #6
Howard Brown
Proprietor-Administrator
 
Join Date: Jul 2003
Location: Eagleville, Pa.
Posts: 69,267
Default

Mike:

You ane I both. I could easily strangle one of those little azzholes without batting an eye.

Chris....Sorry to hear this bad news, old friend....

Little late in the game to be mentioning this...but Trend Titanium anti-virus is a very good system...and I've had a handful of different av systems. They have software for both Windows and Mac.

Looks like its been a tough years for a few of us with these computers...or websites.
__________________
To Join JTR Forums, Contact :
Howard@jtrforums.com
Howard Brown is offline   Reply With Quote
Old May 18th, 2011, 05:21 PM   #7
Paul Kearney A.K.A. NEMO
Theorist & Speculator
 
Paul Kearney A.K.A. NEMO's Avatar
 
Join Date: Feb 2008
Location: Shropshire UK
Posts: 6,516
Default

Good advice is to always back up important files on a regular basis, whether to CD, DVD or pen-drive

Imagine nearing the end of your book on the PC only to lose it all to a bit of malware...
Paul Kearney A.K.A. NEMO is offline   Reply With Quote
Old May 18th, 2011, 06:57 PM   #8
admin tim
Registered user
 
admin tim's Avatar
 
Join Date: Jul 2003
Location: Houston, Texas
Posts: 8,052
Default

I experienced the same infection as Chris today at work. Early this morning, I suddenly got a popup message that announced the end of the world as I knew it - massive malware infections and my only hope was to buy the software there and then to save it all.

I knew it was bogus right away, since these people had misspelled 'Unregistered', and I called our IT people.

Malwarebytes did the trick, but it took them about 6 hours and numerous settings were altered. The malware had actually removed the .exe from any associations, so nothing could be launched. And it didn't get it all the first two times. I had to reboot 4 times today. What a pain.

For future reference:

http://www.geekradio.com/2006/06/26/...removal-system

admin tim is offline   Reply With Quote
Old May 18th, 2011, 07:14 PM   #9
Howard Brown
Proprietor-Administrator
 
Join Date: Jul 2003
Location: Eagleville, Pa.
Posts: 69,267
Default

Tim:

You mean you got the infection without even clicking on a link...or opening an email ?

I'm having one fizzzzzzzzzzzuck of a time with this IE9. My stupid Honko-Polack ass decided to give it a go...and I was ready to pull out the 10 gauge because I had to reboot 6 fizzucking times to get PB to work. What a pain in the tentacles.

I'm done for the day...I am too pissed off. I think I'll go kick Nina.
__________________
To Join JTR Forums, Contact :
Howard@jtrforums.com
Howard Brown is offline   Reply With Quote
Old May 18th, 2011, 07:20 PM   #10
admin tim
Registered user
 
admin tim's Avatar
 
Join Date: Jul 2003
Location: Houston, Texas
Posts: 8,052
Default

It got infected somehow, but I am careful what sites I visit (this was at work) and all incoming email is scanned anyway. I must have picked it up from one of these sites, but these are news sites and political blogs of good repute, so I am at a loss to explain.

Dump IE9 and get Firefox or Avant. I use Firefox at home, and the wife uses avant, and I've never had any problems as overwhelm IE. That's a fool's game, and it'll break you.
admin tim is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
The Bank Holiday Murders by Tom Wescott (2014) Tom_Wescott Ripper Non-fiction 844 February 12th, 2017 06:02 PM
Why No October Murders? admin tim Jack 72 September 24th, 2014 11:45 PM
WARNING - Inactive Account Deletion Coming Soon admin tim Board Announcements 51 September 11th, 2014 07:12 PM
Death By Infection Howard Brown The Forensics Forum 10 October 19th, 2012 06:38 PM
Wounded himself? String JTR's Mechanics and Methodology 33 May 20th, 2009 07:23 AM


All times are GMT -4. The time now is 12:57 AM.


Powered by vBulletin® Version 3.8.10 Beta 2
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright @ Howard & Nina Brown 2015-2022