13
   

Computer problem

 
 
chai2
 
Reply Wed 16 May, 2012 11:01 am
I'm not at the same computer right now, so I'm going by memory.

I'm not sure if I've been scammed, or infected, or if I've solved the problem.

Last night I got a message I'd been infected, and was referred to Wind0ws Essentials (I think), you know, that free virus scanner you get from microsoft.

Thinking it was a scam I shut down, rebooted, etc. The little icon at the bottom, that has the microsoft shield was X'd out. I was unable to get on the internet, I kept getting redirected back to the window saying I was infected, but apparantly my trail had run out.

I shut the computer down then, and returned to it this morning. I was getting the same messages, so I (I cringe when I admit this) went ahead and purchased the full version, since when I looked up the help link, it did appear to be the same program I'd been using.
I was thinking the Windows Essential/Windows Defender was always free?

I made sure I used a credit card I hardly ever use, to minimize any damage, and intend of checking on that.

But now, although I could now get on the internet, and was able to scan and fix any viruses, etc. It will not let me activate the, here is where my memory isn't clear, the Defender? The one where the icon doesn't look like a red brick firewall, but looks like a gray brick wall,

http://t0.gstatic.com/images?q=tbn:ANd9GcQ0l5xBzAimSe04caUcXebk4u4TFcckRaPK-ErzOmy1znHGuv9jDA

The shield is still X'd out
http://t3.gstatic.com/images?q=tbn:ANd9GcRftKtoZZJIH23q8sfWHb_OfIwyiE_wlUuM_uO87hIjYj9k3WCf

It tells me the Defender is not activated, but when I click on the activate button, I'm asked if I want to go ahead and run, and I say "yes", but then nothing happens.

Wha?
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Question • Score: 13 • Views: 5,522 • Replies: 56
No top replies

 
chai2
 
  1  
Reply Wed 16 May, 2012 11:07 am
@chai2,
Here is a General picture of what I'm seeing, but not exactly....

http://techrepublic.com.com/i/tr/cms/contentPics/6028050-Windows-Defender-A.gif
Under the Virus Protection is where it's giving me the option to fire it up, but when I click on Yes, I get asked permission to proceed. When I give permission, it doesn't change.

When I first made the purchase, I was able to almost immediately get on the internet. Like the Defender ran and repair in 2 seconds.

I ran a quick scan then, and then did a complete scan, which took, you know, a couple/few minutes.

I shut down again, but nothing.
0 Replies
 
chai2
 
  1  
Reply Wed 16 May, 2012 12:20 pm
Well, it was a fraudulent activity.
The bank emailed me on it.
Good thing I used a card I never use otherwise.

But how did they prevent me from accessing the internet until I authorized something?
Rebooting had no effect, I could not proceed.

I think it was the mormons.
chai2
 
  2  
Reply Wed 16 May, 2012 12:26 pm
@chai2,
So no one is interested in chastising me for being an idiot?

It was actually from the Ukraine. I'm sure someone named Peggy.
DrewDad
 
  2  
Reply Wed 16 May, 2012 12:47 pm
@chai2,
There are several ways they keep you from accessing the Internet, depending on the exact malware that you ran into.

Basically, they install a firewall that blocks or redirects traffic.


Things to remember:

1) Microsoft Security Essentials is free. There is no premium version.
2) Never, ever, purchase the software that they prompt you to purchase. If you're going to purchase antivirus, then purchase it by going directly to the manufacturer's site.
parados
 
  1  
Reply Wed 16 May, 2012 12:47 pm
@chai2,
chai2 wrote:


It was actually from the Ukraine. I'm sure someone named Peggy.

There's your problem. You called customer service!!!
0 Replies
 
Irishk
 
  1  
Reply Wed 16 May, 2012 12:49 pm
@chai2,
My default steps would be to restart Windows in safe mode with internet access. Then attempt to run malwarebytes (usually will catch and quarantine it). If that didn't work, google the name of the suspected virus (MS Security Essentials Virus) and follow removal steps.

DrewDad
 
  1  
Reply Wed 16 May, 2012 12:51 pm
@chai2,
Also, you can usually find some dude on Craigslist that will clean your machine for a flat fee. Usually around $30-50.

Drop it off, he/she cleans it, pick it up the next day.
DrewDad
 
  1  
Reply Wed 16 May, 2012 12:54 pm
@DrewDad,
And to prevent the issue in the future: Sandboxie.
0 Replies
 
Cycloptichorn
 
  1  
Reply Wed 16 May, 2012 12:55 pm
@DrewDad,
DrewDad wrote:

Also, you can usually find some dude on Craigslist that will clean your machine for a flat fee. Usually around $30-50.

Drop it off, he/she cleans it, pick it up the next day.


Boy, I would really be cautious about that. I can't imagine handing my box over to a third-party that I met on CL; how do you know he's not rooting your box, or installing a keylogger or something?

****, I ought to go into that business, never thought of doing a human hack from that angle

Cycloptichorn
roger
 
  1  
Reply Wed 16 May, 2012 12:56 pm
@Cycloptichorn,
I have always considered that. I feel marginally better with Staples or Geek Squad. Not a lot better, but at least they have an address.
0 Replies
 
DrewDad
 
  1  
Reply Wed 16 May, 2012 01:00 pm
@Cycloptichorn,
Actually, I'd be cautious about it too. I'm just saying there are alternatives.

Currently, we advise customers with an infected machine to perform a bare-metal reinstall. While cleaning can be effective, this is the most secure method.
Cycloptichorn
 
  1  
Reply Wed 16 May, 2012 01:03 pm
@DrewDad,
DrewDad wrote:

Actually, I'd be cautious about it too. I'm just saying there are alternatives.

Currently, we advise customers with an infected machine to perform a bare-metal reinstall. While cleaning can be effective, this is the most secure method.


Yup, that's what we do. I am pretty paranoid guy when it comes to computer security, though.

Do you remember the argument I was having a while back with someone about SSL and how you shouldn't log in to email and other sites over public wi-fi? Turns out that there have been fake certificates handed out left and right Smile

You can't be paranoid enough on the internet.

Cycloptichorn
DrewDad
 
  1  
Reply Wed 16 May, 2012 01:09 pm
@Cycloptichorn,
Most folks don't want to be computer security experts, though.

This is why I'm a fan of tablets and/or thin clients.
0 Replies
 
Irishk
 
  1  
Reply Wed 16 May, 2012 01:11 pm
@Cycloptichorn,
Have you seen THIS?

I saw it a couple of months ago on a different site, followed the FBI's instructions (which revealed I wasn't infected).

Then I felt kinda foolish lol.

PS...If you're a MAC guy, you might not need to do the test.
0 Replies
 
chai2
 
  1  
Reply Wed 16 May, 2012 01:35 pm
@DrewDad,
DrewDad wrote:

There are several ways they keep you from accessing the Internet, depending on the exact malware that you ran into.

Basically, they install a firewall that blocks or redirects traffic.


Things to remember:

1) Microsoft Security Essentials is free. There is no premium version.
2) Never, ever, purchase the software that they prompt you to purchase. If you're going to purchase antivirus, then purchase it by going directly to the manufacturer's site.


So, what should I have done if I couldn't get on the interweb?
I thought MS security essentials was free, that's what first made me suspecious.

What's sandboxie?

I was hoping you'd come along DD.

So, now that I can access the internet, and the bank is reversing the charge, and I've run a scan using my ms essentials/defender, should I be good to go?

I don't want to access certain accounts websites until.

I recently took my puter to PC Guru because otis pushed the whole magilla onto the floor.
Am I going to have to take it back over?

DrewDad
 
  1  
Reply Wed 16 May, 2012 02:12 pm
@chai2,
The way I've cleaned machines for my friends and family has been this:

1. Make a full backup of the infected machine. My preferred tool is Clonezilla. This is insurance, so that if you make a mistake you can always recover your data. Reasonably large-capacity, external drives (USB and/or eSATA) are available for under $100.
a) Download Clonezilla and burn it to a CD
b) Boot to the CD, backup all partitions to the external drive.

2. Download several antivirus/anti-malware tools and either burn them to a CD or put them on a thumb drive. My favorites: Malwarebytes, Gmer, Trend Micro's Housecall, HijackThis!, Rootkit Revealer

3. Boot the infected machine to safe mode.

4. Run Gmer and/or Rootkit Revealer to see if there are hidden services. Remove any hidden services.

5. Run Housecall (or other stand-alone virus scanner)

6. Run HijackThis! This program is somewhat intimidating, but there are places where you can post the logs to get help. Also, you have a full backup from step 1, so even if you mess something up, it can be fixed.

7. Run Malwarebytes. Frankly, I can't remember if it will run in safe mode. You may have to boot back to normal mode.

8. Reset TCP/IP.
A. Boot to normal mode.
B. Run a command prompt (Start->Run->cmd->OK)
C. Run the command to reset TCP/IP (netsh int ip reset c:\resetlog.txt)
D. Reboot

9. At this point, it's time to see if the machine is working. See if you can browse normally. See if you can download a virus scanner. (Microsoft Security Essentials, AVG, etc.) Download, update the definitions, and run a full virus scan.

10. Make another backup! Schedule regular backups! If you have stuff that you can't recreate (pictures, videos, your unpublished novel), then get an offsite backup such as Carbonite or Mozy!



Any tweaks to this procedure are appreciated. This is just what I remember going through the last time my mother-in-law's laptop was infected.

Other good tools: ComboFix, Spybot Search & Destroy
0 Replies
 
chai2
 
  1  
Reply Wed 16 May, 2012 02:34 pm
Wow!

This is great information.
I'll follow it when I get home.

This would be useful to many people to know.

Thanks!
0 Replies
 
ossobuco
 
  1  
Reply Wed 16 May, 2012 02:40 pm
@chai2,
I had a hunch it was malware or whatever you call it, but didn't post as I'm ignert on what to do about it, especially re pcs. No chance I'll call you an idiot. Just that I've read - probably on a2k - about such stuff happening being a scam.
0 Replies
 
JPB
 
  1  
Reply Wed 16 May, 2012 02:41 pm
@chai2,
I had a similar experience and got great step-by-step help from the folks at geekpolice.net

I described it here

They helped me get all the downloads I needed (one at a time) and had me post back my logs and then they'd go onto the next step. I'd definitely use them again. In my case I couldn't start up half the time so they directed me where I could get downloads from another computer and transfer them over to my usb port with a flash drive.

Also, try to think of what you were doing when you got infected. Lyrics sites are notorious. Opening links that other people post is also risky.

If you act right away (don't click on anything in the pop-up warning), you can try shutting down, rebooting in safe mode and doing a system restore to a previous set point. That didn't work in my case because the trojan eliminated all of my set points and disallowed the used of any anti-virus software.
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Computer problem
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.54 seconds on 12/23/2024 at 06:48:12