I was perusing the DrudgeReport yesterday and clicked on a link to a video hosted by a local San Diego TV Station (ABC Channel 10). Got zapped right away. Essentially took over my computer. Our IT guy has worked on my computer all day, but to no avail. Can’t find a fix online anywhere.
Anyone out there possibly know about a recent virus without a fix?
I’d need to know more to be sure, but I’ll bet that ComboFix will take care of it.
Several screens would pop up advising numerous “dangerous” pieces of spyware were found. Knowing better, I didn’t even attempt to “X Out” of the windows. The desktop was also loaded with text and warnings.
Are the warnings in a familiar format and wording? Do they look similar to warnings you’ve gotten on that computer in the past? if so, that would indicate that they’re actually being generated by your computer’s anti-virus software, in which case it should be able to remove it.
If they’re popping up in browser windows, or otherwise look strange, you might have one of those newfangled viruses that holds your computer hostage, and basically makes you pay the virus maker for his “anti-virus” software to get rid of it. Obviously, you should not give these people any money.
I always heard you could get a virus from that site, I thought it was just a bunch of gossip to hurt the site’s credibility. I’ve been there a few times and no issues
Cnet had an article about it
If you Googlearound you get a mess of hits to see what I mean
So what was the operating system of the computer you were using? What browser (and version) were you using?
I had not heard of Combofix before this, but Web Of Trust seems to think that the site you link to (possibly it is not the “real” Combofix site) is not to be trusted.
From the comments there, this may be the real combofix site. (I don’t know if the program itself is any good.)
ETA: Hmm. I see even the latter site tells you not to use Combofix unless you have been “trained.” :dubious:
combofix.org sends you to the exact same link you provided. And, yes, there are times when combofix will do something really weird, and if you don’t know what you are doing, you may run into problems. It’s provided by bleepingcomputer.com for use with their free online tech support, which you might as well use.
That said, the only problem I’ve ever had with ComboFix is that, if you have any harmless remnants of something bad that you fixed yourself, it will freak out after cleaning it, but not being able to detect it actually running. The only way to stop it is to log out, and that’s hard to do since it will be starting and restarting itself in a continuous loop, stealing both focus and CPU time.
For most users, Malwarebytes is a better choice than combofix. Combofix is very good, but it’s more a tool for the tech savvy and I’ve never found it to be that much better than Malwarebytes or Super Antispyware.
Also, the malware removal forums on MBAM and SAS would try other methods of removing the virus. I’ve state in previous posts about Combofix that when I used it, I required a script for it for work properly. This script was created through analysis of various logs from different programs.
If they’re popping up in a browser window, they’re probably just hypertext made to look like a semi-official Windows warning, and your computer isn’t actually infected with anything at all. Just saw one of those last night.
Looks scary, with real Windows security icons and what not, but look close and you see it’s all inside a browser window, meaning it’s just a picture. If you say ‘yes’ to whatever crap they’re trying to get you to download and run, though, then you will be infected.
If it is a browser windows that the messages show up in then the chances are you have a DNS hijack that is re-routing your web traffic to a different address. If the messages are appearing in ‘regular’ windows then it sounds like you have yourself a RogueAV, which there are many many of doing the rounds at the moment. I am a mobile IT technician and probably 70% of the work I do is removing stuff like this, I haven’t come across anything new that can’t be removed but they do seem to be getting more sophisticated.
The process for removing these infections is practically the same regardless of the ‘flavour’ of virus. Boot with a recovery CD, remove all temp and temp internet files. Check autoruns and remove anything suspicious. Boot back into Windows in safe mode and run TDSS Killer and MBAM. 99% of the time that is all you need to do.
One of the fake AV leaves an error message in an Asian font when it can’t find it’s install after removal. I can’t kill that. Have you run across that one?
It doesn’t ring a bell but some process must be running to produce the error message, try using autoruns to find the startup entry that is causing it and then you can go about removing it.
It may be that winlogin or explorer has been injected with malicious code in which case you don’t want to remove the file, it will need to be cured using something like TDSS Killer.