Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Battling TDSS/alureon, fake anti-virus. Almost defeated it, but got a


  • Please log in to reply

#1
Alta Loreno

Alta Loreno

    New Member

  • Member
  • Pip
  • 1 posts
So I encountered a fake antivirus, System Security 2012, recently and Manually removed much of it with some online mentoring. I seemed to fix the problem, and it was a good learning experience. I didn't feel comfortable on my computer still, so I clean wiped it after though. After a month or so of use, out of nowhere I was slammed with the same fake anti-virus. Oh, and also this time it is paired with the google-redirect symptom, which didn't seem to be present on my first infection before the wipe. :/



I didn't run half the cleanup and diagnostic programs I could have last time, but now with the google-redirect symptom I'm confident it was related to the dreaded rootkit virus.


Q1 - I have very few files. bookmarks, a few documents, and some pictures. Like most newer computers, mine has an option to recover back to factory settings without a disk - it seems to partially do it through a program called ImageX.exe
Is wiping my computer back to "factory settings" this way, a fairly sure-fire method to get rid of something as nasty as rootkit? Can rootkit hide throughout the wipe and still be in my computer somewhere? I try my best but have some pretty bad browsing habits (at least I understand why/how they are bad though), my work and research leads me to often access >1000 web pages daily. Since I have so little data and its stored in many other physical places, If I encounter something truly nasty like TDSS rootkit, I like clean wiping my system in the way I stated above. After something so nasty it makes me feel reborn in a way. I am trying to prevent this from ever happening again (last time was the second time), but If I fail, is wiping my computer this way effective? It seems to be. Plus it's actually quite fast.


Q2 - After recovering from my first infection of the fake anti-virus, probably with rootkit, I set up my computer with MalwareBytes and Microsoft Security Essentials. After some hardcore browsing sessions on Mozilla I deleted maybe 10 files via MWB. I think they were mostly designated as trojans; other than that everything was smooth. Then like I was saying, after a month of feeling up to date and secure a fake antivirus is on my computer and desktop and I was experiencing google-redirect.

Is there some program any of you recommend which is really "hardcore" about filtering executable programs? I use so little on my computer, It seems like it would be easy to just have my few choice programs allowed. I don't download anything either really, just my base programs. I must be picking up this stuff through other more sly methods. I think there are Mozilla add-ons for something like this but I am afraid they wouldn't be powerful enough. I found a program, amongst a few others called "Trust-No-Exe". Can you guys comment on it, or maybe point me towards a better program/method? In my head, this seems like it could prevent some virus problems, kind of.


Final Q
- These fake antivirus viruses, they are also giving you fake alerts on your main programs and such. Sometimes they give you quite colorful alerts though, like "IP adress ________ is _____ing your computer". Or "_____ on your computer is being sent/accessed by (some e-mail)". It always sounds super nasty and invasive, but I have learned to ignore it as it's part of the fake anti-virus game. One time I wrote down the supposed invading IP adress, and it was from somewhere in Norway.

However I experience a new warning which I haven't heard mentioned once, and it was similar, but a little to much for my taste. It popped up, "alerting" me, that something was being stolen or sent or whatever on my PC. OK, I know the game so no worries. But I noted in the various text, that it said-
"blahblahblah, (my friends email account for facebook)
blahblah (his password for that account)
blahblah (my aol email account screename)
blahblah (a password that I use to access a forum I belong to, but not the one I use for AOL)

Uhhhh? Needless to say I felt a little uncomfortable. I know TDSS rootkit is nasty and can do all sorts of things, so was that some for sure evidence that I was being key-logged at some point? I really don't like the thought of that. For all I know they were taking screen shot's of my research, logging more keystrokes, or remote accessing my computer in my sleep! Have you guys heard of these fake antivirus rootkit combos actually showing real information like this??

Hope this was the right section of the forum. Thanks for anyone who can help.

Edited by Alta Loreno, 14 November 2011 - 12:42 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP