Digital Spy

Search Digital Spy
 

DS Forums

 
 

Metropolitan police virus scam - how to get rid of it?


Reply
Thread Tools Search this Thread
Old 04-12-2011, 13:36
cressida100
Forum Member
 
Join Date: Dec 2007
Location: Gloucestershire
Posts: 3,316

I have done a search and cannot find any threads relating to this but I'm sure there must be one

Unfortunately I have managed to get my computer infected with the metropolitan police scam, I am been checking the internet for ways to get rid of it but I am worried that I might get 'scammed' and use the wrong info! Any help really appreciated. Thanks in advance.
cressida100 is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 04-12-2011, 14:03
RobinOfLoxley
Forum Member
 
Join Date: May 2009
Location: Devon
Posts: 6,620
What operating system is on the machine (XP/Vista/W7)?

See if you have a Restore Point from before the infection and try it.
This works in some cases, but extra tools are needed.

Reboot in Safe Mode with Networking (tap F8 during boot).

Download and run TDSS Killer.

Download and scan with Malwarebytes.

Edit: Your virus alson known as UKAsh it seems.

What AntiVirus is installed on the system?
RobinOfLoxley is offline   Reply With Quote
Old 04-12-2011, 14:24
cressida100
Forum Member
 
Join Date: Dec 2007
Location: Gloucestershire
Posts: 3,316
What operating system is on the machine (XP/Vista/W7)?

See if you have a Restore Point from before the infection and try it.
This works in some cases, but extra tools are needed.

Reboot in Safe Mode with Networking (tap F8 during boot).

Download and run TDSS Killer.

Download and scan with Malwarebytes.

Edit: Your virus alson known as UKAsh it seems.

What AntiVirus is installed on the system?
I tried restore but it did not work.

I am using Windows 7

Antivirus is the Microsoft security essentials I am also customer of virgin and could use their anti-virus if this is more effective

I will have a go, thanks.
cressida100 is offline   Reply With Quote
Old 04-12-2011, 14:44
markcuk
Forum Member
 
Join Date: Jan 2005
Location: manchester
Posts: 74
follow this http://www.malwarelibrary.com/remova...irus/#more-171
markcuk is offline   Reply With Quote
Old 05-12-2011, 03:29
REDBUS
Forum Member
 
Join Date: Jan 2010
Posts: 1,990
I tried restore but it did not work.

I am using Windows 7

Antivirus is the Microsoft security essentials I am also customer of virgin and could use their anti-virus if this is more effective

I will have a go, thanks.
I'd stay WELL clear of virgin security if i was you ,the amount of time people on here have installed a decent AV after using virgin security then seeing the results of what has infected their p.c. is shocking.

MSE and malwarebytes with Adblock plus,browser protect and Bitdefender quickscan and Noscript with palemoon 8.0 ,has done me proud over the years ,i also download & update random AV every month ie avira ,avg ,do full scan then uninstall,never have any issue's so i'll stick with these and common sense ,only ever download from trusted sites and scan before and after,only use trusted media player,don't use torrent's personally ,rather stream direct.

Also use Malicious Software Removal Tool monthly just to be on safe side .

Only when i bought my first p.c. did i use virgin security ,big mistake (and costly) i know it release's 'new improved version' A LOT,but steer well clear, free security from the top 5 are light years away from this travesty.
REDBUS is offline   Reply With Quote
Old 05-12-2011, 20:08
cressida100
Forum Member
 
Join Date: Dec 2007
Location: Gloucestershire
Posts: 3,316
I'd stay WELL clear of virgin security if i was you ,the amount of time people on here have installed a decent AV after using virgin security then seeing the results of what has infected their p.c. is shocking.

MSE and malwarebytes with Adblock plus,browser protect and Bitdefender quickscan and Noscript with palemoon 8.0 ,has done me proud over the years ,i also download & update random AV every month ie avira ,avg ,do full scan then uninstall,never have any issue's so i'll stick with these and common sense ,only ever download from trusted sites and scan before and after,only use trusted media player,don't use torrent's personally ,rather stream direct.

Also use Malicious Software Removal Tool monthly just to be on safe side .

Only when i bought my first p.c. did i use virgin security ,big mistake (and costly) i know it release's 'new improved version' A LOT,but steer well clear, free security from the top 5 are light years away from this travesty.
Thanks to everyone who answered my query. Also for the advice on the virgin security. I have managed to get rid of the virus, I followed the links given and today I used the malwarebytes software which I put on a memory stick at work.

The Microsoft security essentials showed up 2 severe threats:

exploit.java/Blacole.BX - severe
Trojan:Win32/Reveton.A

I'm a bit paranoid now but when something like this happens it's makes you remember how vulnerable you really are.
cressida100 is offline   Reply With Quote
Old 06-12-2011, 08:13
alan1302
Forum Member
 
Join Date: Jul 2008
Location: West Yorks
Posts: 5,784
Thanks to everyone who answered my query. Also for the advice on the virgin security. I have managed to get rid of the virus, I followed the links given and today I used the malwarebytes software which I put on a memory stick at work.

The Microsoft security essentials showed up 2 severe threats:

exploit.java/Blacole.BX - severe
Trojan:Win32/Reveton.A

I'm a bit paranoid now but when something like this happens it's makes you remember how vulnerable you really are.
Just make sure you get a decent Antivirus package now and keep it updated.
alan1302 is offline   Reply With Quote
Old 06-12-2011, 08:26
cressida100
Forum Member
 
Join Date: Dec 2007
Location: Gloucestershire
Posts: 3,316
Just make sure you get a decent Antivirus package now and keep it updated.
I run Microsoft Security Essentials which is updated automatically. I work for a University who recommend we use this package so I assumed this was enough. Can you recommend somethng to run with this? I now have the Malware Byte anti-malware alongside this.
cressida100 is offline   Reply With Quote
Old 06-12-2011, 08:28
alan1302
Forum Member
 
Join Date: Jul 2008
Location: West Yorks
Posts: 5,784
I run Microsoft Security Essentials which is updated automatically. I work for a University who recommend we use this package so I assumed this was enough. Can you recommend somethng to run with this? I now have the Malware Byte anti-malware alongside this.
I would recommend Kaspersky - have used it for about 3 years now and it's been perfect during that time and not had a problem with it.
alan1302 is offline   Reply With Quote
Old 06-12-2011, 10:18
RobinOfLoxley
Forum Member
 
Join Date: May 2009
Location: Devon
Posts: 6,620
The Free AVs are fine. Unless you prefer an all singing and dancing integrated suite.

Redbus mentions some useful extras above.

I'll also mention.

Start Search UAC. Consider having it at maximum. Although many people find it intrusive, I found I got used to it. I now find it comforting.

For an indication of sites' reputations, consider a browser add-on from http://www.mywot.com/

Don't click anywhere on unexpected pop-ups. Rather, close the browser Tab or Ctrl-Alt-Del, Start Task Manager and End Task.

Navigate manually to whatever the Pop-up wanted.

Same with e-mail links and don't open untrusted attachments.

An external USB HDD allows regular Imaging of your complete main drive.
W7, Backup&Restore/Create Image can do this.
Or 3rd party software such as Easeus Todo Backup Free.

Then if you are infected or main drive has problems, you restore latest clean image from the external.
(external drives bit expensive recently due to Thailand 60+. Essential items for almost everyone in my view though)
RobinOfLoxley is offline   Reply With Quote
Old 06-12-2011, 10:28
alan1302
Forum Member
 
Join Date: Jul 2008
Location: West Yorks
Posts: 5,784
I always think the free programmes are fine as long as you are PC savvy to begin with Id always recommend that people pay a few quid for a paid for one like Kaspersky or Norton so that they can get support if they need to from the company and have extra peace of mind.
alan1302 is offline   Reply With Quote
Old 10-08-2012, 14:04
Josh_Edwards
Forum Member
 
Join Date: Aug 2012
Posts: 3
I run Microsoft Security Essentials which is updated automatically. I work for a University who recommend we use this package so I assumed this was enough. Can you recommend somethng to run with this? I now have the Malware Byte anti-malware alongside this.
Microsoft Security Essentials and Malwarebytes are perfectly sufficient in a home environment, especially if you are computer savvy enough to avoid malicious websites and downloads (which I assume you are from your choice of freeware).
Josh_Edwards is offline   Reply With Quote
Old 10-08-2012, 14:21
alan1302
Forum Member
 
Join Date: Jul 2008
Location: West Yorks
Posts: 5,784
Microsoft Security Essentials and Malwarebytes are perfectly sufficient in a home environment, especially if you are computer savvy enough to avoid malicious websites and downloads (which I assume you are from your choice of freeware).
Is there a good reason you felt you needed to join the forum to dig up an old post?
alan1302 is offline   Reply With Quote
Old 10-08-2012, 14:38
max99
Forum Member
 
Join Date: Jun 2005
Posts: 8,659
Microsoft Security Essentials and Malwarebytes are perfectly sufficient in a home environment, especially if you are computer savvy enough to avoid malicious websites and downloads (which I assume you are from your choice of freeware).
That should say 'only if you are computer savvy enough'.

And welcome to DS, where every little thing you say will be torn apart and thrown straight back at you...
max99 is offline   Reply With Quote
Old 11-08-2012, 08:36
shhftw
Forum Member
 
Join Date: Feb 2011
Location: Yorkshire
Posts: 1,853
Thanks to everyone who answered my query. Also for the advice on the virgin security. I have managed to get rid of the virus, I followed the links given and today I used the malwarebytes software which I put on a memory stick at work.

The Microsoft security essentials showed up 2 severe threats:

exploit.java/Blacole.BX - severe
Trojan:Win32/Reveton.A

I'm a bit paranoid now but when something like this happens it's makes you remember how vulnerable you really are.
Why was no advice given to make sure JavaVM was up to date?

http://www.java.com/en/download/installed.jsp

Older versions should be removed via 'Programs and Features' - the newer versions auto-update more cleanly.

64-bit machines require both the 32 and 64-bit VMs. (If you use both versions of the browser).
shhftw is offline   Reply With Quote
Old 13-08-2012, 16:09
Josh_Edwards
Forum Member
 
Join Date: Aug 2012
Posts: 3
Is there a good reason you felt you needed to join the forum to dig up an old post?
I was waiting for that, although, you're not a mod

My reason was that you replied "get a decent AV package". I call that misadvice Alan.

@Max99 have you witnessed first hand a PC that's infected beyond repair, despite running Security Essentials and regular Malwarebytes scans? I would bet that you haven't.

You see, if the old dear clicks on dodgey.com and installs a trojan, Security Essentials will most likely clear it with real time protection. If not, there's always the old dear's daily scan with MB that will do the trick. I'm going to stick with "especially". Thanks for the welcome though.

@Redbus Do not install multiple AV suites, they will conflict. To uninstall a package, use the vendor's removal tool. Finally, If you're going to buy Antivirus go with ESET, although, only buy AV if you're a PC numpty
Josh_Edwards is offline   Reply With Quote
Old 13-08-2012, 16:38
max99
Forum Member
 
Join Date: Jun 2005
Posts: 8,659
@Max99 have you witnessed first hand a PC that's infected beyond repair, despite running Security Essentials and regular Malwarebytes scans? I would bet that you haven't.
I honestly couldn't begin to count the number of infected machines I've worked on - regardless of whatever security software was being used. Even the current 'highest ranking' AV can only do so much. Malwarebytes is pretty effective against mid-level malware. With serious infections, like most AV, it can just sit there and be utterly useless.

You see, if the old dear clicks on dodgey.com and installs a trojan, Security Essentials will most likely clear it with real time protection. If not, there's always the old dear's daily scan with MB that will do the trick. I'm going to stick with "especially". Thanks for the welcome though.)
Two huge assumptions there. The user is always the weakest link and that cannot be ignored. But what can - and should - be ignored is anyone who claims that such-and-such a product is all that's necessary to keep you safe. Bad advice on so many levels.
max99 is offline   Reply With Quote
Old 13-08-2012, 17:15
cressida100
Forum Member
 
Join Date: Dec 2007
Location: Gloucestershire
Posts: 3,316
[quote=Josh_Edwards;60388101

You see, if the old dear clicks on dodgey.com and installs a trojan, Security Essentials will most likely clear it with real time protection. If not, there's always the old dear's daily scan with MB that will do the trick. I'm going to stick with "especially". Thanks for the welcome though.
[/QUOTE]


I hope I'm not the old dear
cressida100 is offline   Reply With Quote
Old 13-08-2012, 17:15
cressida100
Forum Member
 
Join Date: Dec 2007
Location: Gloucestershire
Posts: 3,316
Dear Josh

Thanks for the advice. Everything running as normal now.
cressida100 is offline   Reply With Quote
Old 13-08-2012, 18:30
Josh_Edwards
Forum Member
 
Join Date: Aug 2012
Posts: 3
Dear Josh

Thanks for the advice. Everything running as normal now.
Very pleased to hear it, I just wanted to say that your setup is fine and there's no need to go and buy AV. Also, no, my Grandmother is the old dear who, by the way, is doing just fine with SE and MB and she clicks on everything! There's not a single toolbar she doesn't want, bless her!

Max, I thought people were going to tear apart and throw back my words, not distort and spit them in my face! I said SE and MB are "perfectly sufficient" as a comparison to other AV packages. You are right, the end user is the most important factor but surely that's off-topic?

"I honestly couldn't begin to count the number of infected machines I've worked on"

Sounds like business environment!!! Alright, I'll stop assuming but I stand by what i've said. SE & MB is a good combination if used correctly (at home, regular scanning, regular updates). No need to go and buy AV.
Josh_Edwards is offline   Reply With Quote
Old 13-08-2012, 18:37
Andy_G
Forum Member
 
Join Date: Jun 2004
Location: ☺ Essex ☺
Posts: 10,637
This particular trojan must be doing the rounds ATM, I've got rid of it on 3 different PC's at work and my own one at home in the last week.

I got rid of it by starting in safe mode and deleting dodgy entries in the Run sections of the registry.
It's usually a (random characters).exe
(Delete that file as well of course.)
Andy_G is offline   Reply With Quote
Old 13-08-2012, 19:48
alan1302
Forum Member
 
Join Date: Jul 2008
Location: West Yorks
Posts: 5,784
I was waiting for that, although, you're not a mod

My reason was that you replied "get a decent AV package". I call that misadvice Alan.

@Max99 have you witnessed first hand a PC that's infected beyond repair, despite running Security Essentials and regular Malwarebytes scans? I would bet that you haven't.

You see, if the old dear clicks on dodgey.com and installs a trojan, Security Essentials will most likely clear it with real time protection. If not, there's always the old dear's daily scan with MB that will do the trick. I'm going to stick with "especially". Thanks for the welcome though.

@Redbus Do not install multiple AV suites, they will conflict. To uninstall a package, use the vendor's removal tool. Finally, If you're going to buy Antivirus go with ESET, although, only buy AV if you're a PC numpty
So only mods can question why you brought back an old thread?

You can call it misadvice if you like but I'd very much disagree with you. An average user does not have that much of a clue when it comes to viruses/malware so anything that comes as a clear, easy to use package I would say would be a brilliant thing for them to get.

But what makes you say it is misadvice?
alan1302 is offline   Reply With Quote
Old 13-08-2012, 20:03
max99
Forum Member
 
Join Date: Jun 2005
Posts: 8,659
I stand by what i've said. SE & MB is a good combination if used correctly (at home, regular scanning, regular updates.
Now that is a more reasonable statement compared to your opening one.

My point is simply - no combination of AV and scanner is sufficient on it's own. The user's knowledge, attitude and actions (or lack of) towards security is critical to staying 'clean'. It is ultimately more important than their choice of AV.

This particular trojan must be doing the rounds ATM, I've got rid of it on 3 different PC's at work and my own one at home in the last week.

I got rid of it by starting in safe mode and deleting dodgy entries in the Run sections of the registry.
It's usually a (random characters).exe
(Delete that file as well of course.)
It's not as bad as the previous variants, which would also encrypt your data. Even though it is easy to remove, the one I saw last week used a genuine MS file name, rather than the usual dfxbhgjtk.exe format. And just to conveniently back up my above point, Malwarebytes and the installed McAfee both missed it (even when set to directly scan the file). Uploading it to a couple of online scanners revealed that only a handful of AV flagged it as malware.
max99 is offline   Reply With Quote
Old 28-08-2012, 00:39
njp
Forum Member
 
Join Date: Dec 2004
Posts: 17,148
It's not as bad as the previous variants, which would also encrypt your data. Even though it is easy to remove, the one I saw last week used a genuine MS file name, rather than the usual dfxbhgjtk.exe format. And just to conveniently back up my above point, Malwarebytes and the installed McAfee both missed it (even when set to directly scan the file). Uploading it to a couple of online scanners revealed that only a handful of AV flagged it as malware.
I've just been given a PC to fix that has some variant of this infestation.

The ransomware page came up in both normal and safe mode. Offline scans with various tools found some items of malware, but removing this seems to have just crippled the ransomware, which still appears after login, but now just gives a blank white screen.

Safemode with command prompt allowed me to run malwarebytes, which found some more stuff, but still didn't solve the problem. I looked at the winlogon registry entries, and they look normal (explorer.exe and userinit.exe). If I run these from the command line, I get normal (not ransomware) behaviour. So they seem to be the genuine article, unless they are behaving in a really sneaky context-sensitive fashion.

Any ideas where the sodding thing might be hiding?
njp is offline   Reply With Quote
Old 28-08-2012, 01:00
max99
Forum Member
 
Join Date: Jun 2005
Posts: 8,659
Have you checked all the obvious locations and startup items? The User/AppData folder and C:\ProgramData are two of the most common locations for this type of malware. Sometime the name of the folder or file will stand out, or the date and time may give a clue. The Startup entries in MSConfig or the Registry will often point you in the right location. Even malware that seems particular severe can sometimes rely on simple techniques or a single executable file in a predictable location.

And if you haven't already run ComboFix in Safe Mode, do so now. It usually takes under half an hour.
max99 is offline   Reply With Quote
 
Reply



Thread Tools Search this Thread
Search this Thread:

Advanced Search

 
Forum Jump


All times are GMT +1. The time now is 19:16.