I'm going to buy mittens for my weekend crew

…so that when I come in on Monday mornings I won’t find they disabled most the security features and downloaded that fucking fake “XP Home Security 2011” virus. Like I did today. I came in and found my computer all fucked up, and nobody knew how it got that way. I’m thinking “Shit, this is going to take a bit of time to fix-I’ve got to reboot into safe mode and start digging it out.” Well, fuck me-I boot up in safe mode, and the first thing that pops up is that damn fake “virus alert” popup! None of my programs will start, CCleaner is blocked, system restore is blocked, even regedit is blocked! In fucking safe mode! This damn virus has blocked off every single program that might be able to affect it. The compgeeks at my company refused at first to believe me when I told them about the problem. “Are you sure you know what ‘safe mode’ is?” “Gee, would it be when it says ‘safe mode’ along the top and bottom of the screen?”
When I leave for home this Friday, I’m putting that damn machine in Romper Room Mode-they’ll be lucky if it allows Disney through.

Sounds like you’ve got a breach. Good thing XP Home Security 2011 caught it in time!

When I left work the compgeeks were staring at the “safe mode” screen with the brightly colored popups that they previously insisted couldn’t exist.

Do they do regular nightly or weekly backups over the network? Maybe they can wipe and restore from Friday’s backup.

Unfortunately my computer is used for business and personal work. It is only tied to the network while in use, so it wasn’t hooked to the network over the weekend when backups were done.

I think that what you need is a keylogger and/or one of those security cameras, so you can find out just WHICH person did it. This time. And then you need a big old hammer, not mittens. Not for the computer, but for the hands that downloaded the virus.

There are several anti-virus boot CDs (typically, Linux) you can download free-of-charge, burn and use to clean your laptop in a case of those pesky safe mode viruses. Kaspersky makes a pretty decent one:


I had this a while back. There’s a registry tweak which disables exe files from opening.

MalwareBytes sorted it - there’s another programe called rkill which allows you to bypass task manager to stop the processes from running, which then allows the malwarebytes software to be run.

You sometimes have to rename the key rkill files to iexplore.exe as the virus is designed to disable any executables except a browser (to allow you to download their “security suite”). That’s why regedit and task manager won’t work.

Hey! That looks handy!

Burned me a copy, and passed the news to the compgeeks. Thank you.

He IS magic! WooT!

Install malwarebytes anti malware, update it weekly

if this happens again, burrow down to the directory where it is installed and rename the malwarebytes executable to iexplore

malwarebytes will now launch and most likely be able to kill the virus.

Te virus leaves internet explorer able to run so you can buy the “full registered versions” <pronounced hand us your CC so we can rob you at will> of their program.

I had that one on a work machine here, and rkill+combofix sorted it proper (if the boot CD doesn’t do it for yah).

Interestingly, Malwarebytes WASN’T able to touch it until I’d run the previous two, but MB did get rid of the temp-folder installers for said malware once it was out of the way.

Will MS Security Essentials cover issues like this or is it not up to the task?

In my experience: MS Security Essentials is an excellent first line of defense and will do a good job in general. It cannot by design protect you from emergent threats that you are conned into clicking on.

I advise (and use for myself) a combination of MS Security Essentials or other high-rated always-on AV scanner and firewall, weekly applications of MalwareBytes Anti-Malware as a secondary screening, and installation of browser plug-ins such as FlashBlock and NoScript. That combination will protect you from almost all traditional viruses and attacks up front, and the browser plugins will greatly reduce your risk of emergent infections (even if there is an up-front cost in setting up whitelists and such).

Better go check, they might still be just as you left them. Did you offer them Skittles?

I’ve got MSE and Malwarebytes, both completely updated. I think the weekend assholes bypassed them somehow to access some iffy sites.

Its important to apply disincentives at the point of action, they must be able to directly associate the action with consequences. Strike them sharply across the nose with a rolled-up brick, while firmly saying “No! No! Bad!”.

I use a tool I like to call the “Mallet of Understanding”

Instructions: Strike offender on the head repeatedly until they understand.

Similar of course to the “Book of Knowledge”

Instructions: Bang dumbass on the head with the book until the knowledge seeps in.

Repeat as necessary is implied with both tools.

If Czarcasm is capable of rolling up a brick, I fail to see why his crew is not more afraid to do such things.