RC-Monster Forums - View Single Post

BrianG · 01.15.2010, 07:17 PM

At work just two weeks ago, there was some malware people were getting that looked like a legit AV software. It exploited some IE security hole and installed itself as a browser helper object, which it turn opened more back doors to install itself as a program. Anyway, it would "scan" and of course find some viruses (which it put there) and then of course only thier "AV software" would be able to get rid of it. Not only that, but the only website you could go to was their page to buy the crapware. And you couldn't open device manager, or Norton. Low life scums.

We use Norton at work and it never saw anything was wrong. I had to figure out what was going on and remove everything manually. What a PITA. Required booting into safe mode, removing reg entries, stopping services, removing browser helper objects, deleting offending files (which renamed themselves at each iteration), etc. I then had to write a procedure so our other IT staff could help fix people's PCs.

The easiest way for a typical user to maybe fix these types of things: If your computer is bootable at all, get a copy of Spybot, update it, then reboot into safe mode. Run Spybot while in safe mode. Hopefully it will get rid of everything.

	(#4)
BrianG RC-Monster Admin Offline Posts: 14,609 Join Date: Nov 2005 Location: Des Moines, IA	01.15.2010, 07:17 PM At work just two weeks ago, there was some malware people were getting that looked like a legit AV software. It exploited some IE security hole and installed itself as a browser helper object, which it turn opened more back doors to install itself as a program. Anyway, it would "scan" and of course find some viruses (which it put there) and then of course only thier "AV software" would be able to get rid of it. Not only that, but the only website you could go to was their page to buy the crapware. And you couldn't open device manager, or Norton. Low life scums. We use Norton at work and it never saw anything was wrong. I had to figure out what was going on and remove everything manually. What a PITA. Required booting into safe mode, removing reg entries, stopping services, removing browser helper objects, deleting offending files (which renamed themselves at each iteration), etc. I then had to write a procedure so our other IT staff could help fix people's PCs. The easiest way for a typical user to maybe fix these types of things: If your computer is bootable at all, get a copy of Spybot, update it, then reboot into safe mode. Run Spybot while in safe mode. Hopefully it will get rid of everything.