[cressida100]

I have done a search and cannot find any threads relating to this but I'm sure there must be one

Unfortunately I have managed to get my computer infected with the metropolitan police scam, I am been checking the internet for ways to get rid of it but I am worried that I might get 'scammed' and use the wrong info! Any help really appreciated. Thanks in advance.

[RobinOfLoxley]

What operating system is on the machine (XP/Vista/W7)?

See if you have a Restore Point from before the infection and try it.
This works in some cases, but extra tools are needed.

Reboot in Safe Mode with Networking (tap F8 during boot).

Download and run TDSS Killer.

Download and scan with Malwarebytes.

Edit: Your virus alson known as UKAsh it seems.

What AntiVirus is installed on the system?

[cressida100]

Quote:

Originally Posted by RobinOfLoxley

What operating system is on the machine (XP/Vista/W7)?

See if you have a Restore Point from before the infection and try it.
This works in some cases, but extra tools are needed.

Reboot in Safe Mode with Networking (tap F8 during boot).

Download and run TDSS Killer.

Download and scan with Malwarebytes.

Edit: Your virus alson known as UKAsh it seems.

What AntiVirus is installed on the system?

I tried restore but it did not work.

I am using Windows 7

Antivirus is the Microsoft security essentials I am also customer of virgin and could use their anti-virus if this is more effective

I will have a go, thanks.

[markcuk]

follow this http://www.malwarelibrary.com/remova...irus/#more-171

[REDBUS]

Quote:

Originally Posted by cressida100

I tried restore but it did not work.

I am using Windows 7

Antivirus is the Microsoft security essentials I am also customer of virgin and could use their anti-virus if this is more effective

I will have a go, thanks.

I'd stay WELL clear of virgin security if i was you ,the amount of time people on here have installed a decent AV after using virgin security then seeing the results of what has infected their p.c. is shocking.

MSE and malwarebytes with Adblock plus,browser protect and Bitdefender quickscan and Noscript with palemoon 8.0 ,has done me proud over the years ,i also download & update random AV every month ie avira ,avg ,do full scan then uninstall,never have any issue's so i'll stick with these and common sense ,only ever download from trusted sites and scan before and after,only use trusted media player,don't use torrent's personally ,rather stream direct.

Also use Malicious Software Removal Tool monthly just to be on safe side .

Only when i bought my first p.c. did i use virgin security ,big mistake (and costly) i know it release's 'new improved version' A LOT,but steer well clear, free security from the top 5 are light years away from this travesty.

[cressida100]

Quote:

Originally Posted by REDBUS

I'd stay WELL clear of virgin security if i was you ,the amount of time people on here have installed a decent AV after using virgin security then seeing the results of what has infected their p.c. is shocking.

MSE and malwarebytes with Adblock plus,browser protect and Bitdefender quickscan and Noscript with palemoon 8.0 ,has done me proud over the years ,i also download & update random AV every month ie avira ,avg ,do full scan then uninstall,never have any issue's so i'll stick with these and common sense ,only ever download from trusted sites and scan before and after,only use trusted media player,don't use torrent's personally ,rather stream direct.

Also use Malicious Software Removal Tool monthly just to be on safe side .

Only when i bought my first p.c. did i use virgin security ,big mistake (and costly) i know it release's 'new improved version' A LOT,but steer well clear, free security from the top 5 are light years away from this travesty.

Thanks to everyone who answered my query. Also for the advice on the virgin security. I have managed to get rid of the virus, I followed the links given and today I used the malwarebytes software which I put on a memory stick at work.

The Microsoft security essentials showed up 2 severe threats:

exploit.java/Blacole.BX - severe
Trojan:Win32/Reveton.A

I'm a bit paranoid now but when something like this happens it's makes you remember how vulnerable you really are.

[alan1302]

Quote:

Originally Posted by cressida100

Thanks to everyone who answered my query. Also for the advice on the virgin security. I have managed to get rid of the virus, I followed the links given and today I used the malwarebytes software which I put on a memory stick at work.

The Microsoft security essentials showed up 2 severe threats:

exploit.java/Blacole.BX - severe
Trojan:Win32/Reveton.A

I'm a bit paranoid now but when something like this happens it's makes you remember how vulnerable you really are.

Just make sure you get a decent Antivirus package now and keep it updated.

[cressida100]

Quote:

Originally Posted by alan1302

Just make sure you get a decent Antivirus package now and keep it updated.

I run Microsoft Security Essentials which is updated automatically. I work for a University who recommend we use this package so I assumed this was enough. Can you recommend somethng to run with this? I now have the Malware Byte anti-malware alongside this.

[alan1302]

Quote:

Originally Posted by cressida100

I run Microsoft Security Essentials which is updated automatically. I work for a University who recommend we use this package so I assumed this was enough. Can you recommend somethng to run with this? I now have the Malware Byte anti-malware alongside this.

I would recommend Kaspersky - have used it for about 3 years now and it's been perfect during that time and not had a problem with it.

[RobinOfLoxley]

The Free AVs are fine. Unless you prefer an all singing and dancing integrated suite.

Redbus mentions some useful extras above.

I'll also mention.

Start Search UAC. Consider having it at maximum. Although many people find it intrusive, I found I got used to it. I now find it comforting.

For an indication of sites' reputations, consider a browser add-on from http://www.mywot.com/

Don't click anywhere on unexpected pop-ups. Rather, close the browser Tab or Ctrl-Alt-Del, Start Task Manager and End Task.

Navigate manually to whatever the Pop-up wanted.

Same with e-mail links and don't open untrusted attachments.

An external USB HDD allows regular Imaging of your complete main drive.
W7, Backup&Restore/Create Image can do this.
Or 3rd party software such as Easeus Todo Backup Free.

Then if you are infected or main drive has problems, you restore latest clean image from the external.
(external drives bit expensive recently due to Thailand £60+. Essential items for almost everyone in my view though)

[alan1302]

I always think the free programmes are fine as long as you are PC savvy to begin with – I’d always recommend that people pay a few quid for a paid for one like Kaspersky or Norton so that they can get support if they need to from the company and have extra peace of mind.

[Josh_Edwards]

Quote:

Originally Posted by cressida100

I run Microsoft Security Essentials which is updated automatically. I work for a University who recommend we use this package so I assumed this was enough. Can you recommend somethng to run with this? I now have the Malware Byte anti-malware alongside this.

Microsoft Security Essentials and Malwarebytes are perfectly sufficient in a home environment, especially if you are computer savvy enough to avoid malicious websites and downloads (which I assume you are from your choice of freeware).

[alan1302]

Quote:

Originally Posted by Josh_Edwards

Microsoft Security Essentials and Malwarebytes are perfectly sufficient in a home environment, especially if you are computer savvy enough to avoid malicious websites and downloads (which I assume you are from your choice of freeware).

Is there a good reason you felt you needed to join the forum to dig up an old post?

[max99]

Quote:

Originally Posted by Josh_Edwards

Microsoft Security Essentials and Malwarebytes are perfectly sufficient in a home environment, especially if you are computer savvy enough to avoid malicious websites and downloads (which I assume you are from your choice of freeware).

That should say 'only if you are computer savvy enough'.

And welcome to DS, where every little thing you say will be torn apart and thrown straight back at you...

[shhftw]

Quote:

Originally Posted by cressida100

Thanks to everyone who answered my query. Also for the advice on the virgin security. I have managed to get rid of the virus, I followed the links given and today I used the malwarebytes software which I put on a memory stick at work.

The Microsoft security essentials showed up 2 severe threats:

exploit.java/Blacole.BX - severe
Trojan:Win32/Reveton.A

I'm a bit paranoid now but when something like this happens it's makes you remember how vulnerable you really are.

Why was no advice given to make sure JavaVM was up to date?

http://www.java.com/en/download/installed.jsp

Older versions should be removed via 'Programs and Features' - the newer versions auto-update more cleanly.

64-bit machines require both the 32 and 64-bit VMs. (If you use both versions of the browser).

[Josh_Edwards]

Quote:

Originally Posted by alan1302

Is there a good reason you felt you needed to join the forum to dig up an old post?

I was waiting for that, although, you're not a mod

My reason was that you replied "get a decent AV package". I call that misadvice Alan.

@Max99 have you witnessed first hand a PC that's infected beyond repair, despite running Security Essentials and regular Malwarebytes scans? I would bet that you haven't.

You see, if the old dear clicks on dodgey.com and installs a trojan, Security Essentials will most likely clear it with real time protection. If not, there's always the old dear's daily scan with MB that will do the trick. I'm going to stick with "especially". Thanks for the welcome though.

@Redbus Do not install multiple AV suites, they will conflict. To uninstall a package, use the vendor's removal tool. Finally, If you're going to buy Antivirus go with ESET, although, only buy AV if you're a PC numpty

[max99]

Quote:

Originally Posted by Josh_Edwards

@Max99 have you witnessed first hand a PC that's infected beyond repair, despite running Security Essentials and regular Malwarebytes scans? I would bet that you haven't.

I honestly couldn't begin to count the number of infected machines I've worked on - regardless of whatever security software was being used. Even the current 'highest ranking' AV can only do so much. Malwarebytes is pretty effective against mid-level malware. With serious infections, like most AV, it can just sit there and be utterly useless.

Quote:

Originally Posted by Josh_Edwards

You see, if the old dear clicks on dodgey.com and installs a trojan, Security Essentials will most likely clear it with real time protection. If not, there's always the old dear's daily scan with MB that will do the trick. I'm going to stick with "especially". Thanks for the welcome though.)

Two huge assumptions there. The user is always the weakest link and that cannot be ignored. But what can - and should - be ignored is anyone who claims that such-and-such a product is all that's necessary to keep you safe. Bad advice on so many levels.

[cressida100]

[quote=Josh_Edwards;60388101

You see, if the old dear clicks on dodgey.com and installs a trojan, Security Essentials will most likely clear it with real time protection. If not, there's always the old dear's daily scan with MB that will do the trick. I'm going to stick with "especially". Thanks for the welcome though.
[/QUOTE]


I hope I'm not the old dear

[cressida100]

Dear Josh

Thanks for the advice. Everything running as normal now.

[Josh_Edwards]

Quote:

Originally Posted by cressida100

Dear Josh

Thanks for the advice. Everything running as normal now.

Very pleased to hear it, I just wanted to say that your setup is fine and there's no need to go and buy AV. Also, no, my Grandmother is the old dear who, by the way, is doing just fine with SE and MB and she clicks on everything! There's not a single toolbar she doesn't want, bless her!

Max, I thought people were going to tear apart and throw back my words, not distort and spit them in my face! I said SE and MB are "perfectly sufficient" as a comparison to other AV packages. You are right, the end user is the most important factor but surely that's off-topic?

"I honestly couldn't begin to count the number of infected machines I've worked on"

Sounds like business environment!!! Alright, I'll stop assuming but I stand by what i've said. SE & MB is a good combination if used correctly (at home, regular scanning, regular updates). No need to go and buy AV.

[Andy_G]

This particular trojan must be doing the rounds ATM, I've got rid of it on 3 different PC's at work and my own one at home in the last week.

I got rid of it by starting in safe mode and deleting dodgy entries in the Run sections of the registry.
It's usually a (random characters).exe
(Delete that file as well of course.)

[alan1302]

Quote:

Originally Posted by Josh_Edwards

I was waiting for that, although, you're not a mod

My reason was that you replied "get a decent AV package". I call that misadvice Alan.

@Max99 have you witnessed first hand a PC that's infected beyond repair, despite running Security Essentials and regular Malwarebytes scans? I would bet that you haven't.

You see, if the old dear clicks on dodgey.com and installs a trojan, Security Essentials will most likely clear it with real time protection. If not, there's always the old dear's daily scan with MB that will do the trick. I'm going to stick with "especially". Thanks for the welcome though.

@Redbus Do not install multiple AV suites, they will conflict. To uninstall a package, use the vendor's removal tool. Finally, If you're going to buy Antivirus go with ESET, although, only buy AV if you're a PC numpty

So only mods can question why you brought back an old thread?

You can call it misadvice if you like but I'd very much disagree with you. An average user does not have that much of a clue when it comes to viruses/malware so anything that comes as a clear, easy to use package I would say would be a brilliant thing for them to get.

But what makes you say it is misadvice?

[max99]

Quote:

Originally Posted by Josh_Edwards

I stand by what i've said. SE & MB is a good combination if used correctly (at home, regular scanning, regular updates.

Now that is a more reasonable statement compared to your opening one.

My point is simply - no combination of AV and scanner is sufficient on it's own. The user's knowledge, attitude and actions (or lack of) towards security is critical to staying 'clean'. It is ultimately more important than their choice of AV.

Quote:

Originally Posted by Andy_G

This particular trojan must be doing the rounds ATM, I've got rid of it on 3 different PC's at work and my own one at home in the last week.

I got rid of it by starting in safe mode and deleting dodgy entries in the Run sections of the registry.
It's usually a (random characters).exe
(Delete that file as well of course.)

It's not as bad as the previous variants, which would also encrypt your data. Even though it is easy to remove, the one I saw last week used a genuine MS file name, rather than the usual dfxbhgjtk.exe format. And just to conveniently back up my above point, Malwarebytes and the installed McAfee both missed it (even when set to directly scan the file). Uploading it to a couple of online scanners revealed that only a handful of AV flagged it as malware.

[njp]

Quote:

Originally Posted by max99

It's not as bad as the previous variants, which would also encrypt your data. Even though it is easy to remove, the one I saw last week used a genuine MS file name, rather than the usual dfxbhgjtk.exe format. And just to conveniently back up my above point, Malwarebytes and the installed McAfee both missed it (even when set to directly scan the file). Uploading it to a couple of online scanners revealed that only a handful of AV flagged it as malware.

I've just been given a PC to fix that has some variant of this infestation.

The ransomware page came up in both normal and safe mode. Offline scans with various tools found some items of malware, but removing this seems to have just crippled the ransomware, which still appears after login, but now just gives a blank white screen.

Safemode with command prompt allowed me to run malwarebytes, which found some more stuff, but still didn't solve the problem. I looked at the winlogon registry entries, and they look normal (explorer.exe and userinit.exe). If I run these from the command line, I get normal (not ransomware) behaviour. So they seem to be the genuine article, unless they are behaving in a really sneaky context-sensitive fashion.

Any ideas where the sodding thing might be hiding?

[max99]

Have you checked all the obvious locations and startup items? The User/AppData folder and C:\ProgramData are two of the most common locations for this type of malware. Sometime the name of the folder or file will stand out, or the date and time may give a clue. The Startup entries in MSConfig or the Registry will often point you in the right location. Even malware that seems particular severe can sometimes rely on simple techniques or a single executable file in a predictable location.

And if you haven't already run ComboFix in Safe Mode, do so now. It usually takes under half an hour.