Home arrow Forums



Go Back   XS11.com Forums > Idle Talk Forum > Members Lounge

Reply
 
Thread Tools Display Modes
  #1  
Old 10-03-2012, 03:17 AM
ViperRon's Avatar
ViperRon ViperRon is offline
XS-XJ Guru
 
Join Date: Feb 2011
Location: Woodstock, VA
Posts: 1,058
Anti Virus

Since we all depend on the internet to get our info I thought this may be helpful. I have for years used AVG antivirus on my laptop always latest updates and scans each day. On the 27th I was hit by a variant of the Ransom Virus. The one that pretends to be the FBI extorting money.

I could not identify exactly which one as it was near impossible to load any tool availiable to remove or identify it. After 2 days I give up as nothing seemed to get all the roots out.

I got the virus while watching a vidio on ABC so it was not a high risk site. The main issue was no stand alone virus tools could identify or detect the virus and it imediately locked the computer the second anything connected to the internet. This is evidently not a wide spread virus but showed me that AVG had no protection and did not even identify I had one.

It was troublesome for me as this is the first I have been hit by anything that required me to format the drive and reinstall from scratch as usually symantec or someone has a utility that works. Understand I could not get any online tools to run as it locked before they could even start
__________________
To fix the problem one should not make more assumptions than the minimum needed.

Rodan
https://www.youtube.com/watch?v=khm6...liHntN91DHjHiS
1980 G Silverbird
Original Yamaha Fairfing and Bags
1198 Overbore kit
Grizzly 660 ACCT
Barnett Clutch Springs
R1 Clutch Fiber Plates
122.5 Main Jets
ACCT Mod
Mac 4-2 Flare Tips
Antivibe Bar ends
Rear trunk add-on
http://s1184.photobucket.com/albums/z329/viperron1/
Reply With Quote
  #2  
Old 10-03-2012, 07:38 AM
pbaker27 pbaker27 is offline
Truly XSive
 
Join Date: Jun 2012
Location: Shakopee, Minn.
Posts: 108
1.
You should print these instructions before continuing. They will not be available after you shut your computer down in step 2.

2.
Click Start and then click Shut Down.

3.
In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.

4.
As your computer restarts but before Windows launches, press F8.
On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears.

5.
Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER.

6.
If you have a dual-boot or multiple-boot system, choose the installation that you need to access using the arrow keys, and then press ENTER.

Once you have it rebooted in safe mode, you should be able to connect to the internet and find and install Malwarebytes antimalware program. Once installed, run a full scan. I have gotten similar viruses and this has been the only way to correct it.

Granted, nuking your hard drive and reinstalling windows is always the safest bet, but for the future this should help get rid of the virus. I would install Malwarebytes now as a precaution should you get another virus in the future.
__________________
Hydra'82 XJ1100 Frankenbike with a '79 engine

~dubbed "Hydra" by a friend, because "once one problem is fixed, another rears its ugly head!"
Reply With Quote
  #3  
Old 10-03-2012, 09:45 AM
TheFrugalTech's Avatar
TheFrugalTech TheFrugalTech is offline
XStremely XSive
 
Join Date: Sep 2007
Location: Lebanon, OH
Posts: 249
The infection Ron has is Reveton Ransomware.
While the above will get you back on the internet, it will not completely remove the infection and all of its components as well as other infections the PC may have due to the vulnerabilities created. This leaves your PC vulnerable to further infection and theft of information.
I highly recommend you seek the help of an IT professional to remove all components of the infection, even if you have to pay for it.
I have cleaned the infection from about 12 PCs in the last month. 3 of the PC owners actually paid the $200, which they will never see again.
__________________
Current Stable:
1978 XS1100E - Beauty - Vetter Full Dress
1979 XS1100F - The Beast - Winter Project to Factory Full Dress
1979 XS1100SF - Black Sunshine - The Lucky Find
1978 XS1100E - Little Orphan Annie - Sold to a friend, slowly becoming a 1196 monster.
WTB:
1981 XS1100H Venturer - Long distance cruiser.
1989 FJ1200 - For playing in the curves!
Reply With Quote
  #4  
Old 10-04-2012, 06:32 AM
rover's Avatar
rover rover is offline
XSive Maximus
 
Join Date: Jan 2004
Location: central WI (715)
Posts: 762
Talking antivirus

On Win 7, restart computer, look at bottom of screen, and push F button for setup (Usually F2), type admin password, using right arrow key, move across to Advance, push enter. There will be one or two items disabled. Using arrow keys, highlight each disabled entry, push enter to enable. Or, look at bottom menu, and push the F key to restore default, (F9 on mine)then the F key to save and exit.(F10 on mine) Computer will restart. Do a system restore a few days back, and you will be good to go. Malwarebytes is a very good antivirus, especially the advanced version, well worth the money. And once you have it downloaded and paid for, you can install it on other PCs with the code you will get when you pay for it. No antivirus program I know of will prevent this virus, or one like it that says you have illegal music on your PC (Which can be defeated the same way as described) Hope this works for you, it did for me several times. Have a wonderful day.
__________________
put something smooooth betwen your legs, XS eleven
79 F (Blueballs)
79 SF (Redbutt)
81 LH (organ donor)
79 XS 650S (gone to MC heaven)
76 CB 750 (gone to MC heaven)
rover has spoken
Reply With Quote
  #5  
Old 10-04-2012, 07:27 PM
ViperRon's Avatar
ViperRon ViperRon is offline
XS-XJ Guru
 
Join Date: Feb 2011
Location: Woodstock, VA
Posts: 1,058
I am on Widows XP The virus version I had (Still unidentified) was not isolated in safe mode and if you went to safe mode with networking as soon as you tried to access the internet your screen went to background and no other function except pounding on your disk. I tried the standard windows restore and had no effect on it. I had Symantec go back and it did not remove it. I used information off the web and removed all registry entries identified by Symantec Mccaffrey Microtrends and AVG. Explorer was wiped all networking removed the main user profile and user files wiped and restored from a stand alone copy of known working clean windows it slowed the activation long enough to get to symantec security center and then locked giving the Ransom display. Windows was reinstalled over it from the CD and it remained. Formating wiped it.

If it was only the Identified Reventon just the registry entries I edited and removed should have cured it. I can say it resides within the operating system. I have 30 years experience in IT from the early versions of macro programs in Dec DDP1145 to Solaris UNix AIX etc etc and a vast group of support people I can write directly at Dell development and no one had a complete answer. Appreciate all the advice and help from those here but I am fixed.

I did feel an obligation to warn my fellow XSers if you do get it do not play with it as its primary desire is to gain access to your accounts and money.
__________________
To fix the problem one should not make more assumptions than the minimum needed.

Rodan
https://www.youtube.com/watch?v=khm6...liHntN91DHjHiS
1980 G Silverbird
Original Yamaha Fairfing and Bags
1198 Overbore kit
Grizzly 660 ACCT
Barnett Clutch Springs
R1 Clutch Fiber Plates
122.5 Main Jets
ACCT Mod
Mac 4-2 Flare Tips
Antivibe Bar ends
Rear trunk add-on
http://s1184.photobucket.com/albums/z329/viperron1/

Last edited by ViperRon; 10-04-2012 at 07:31 PM. Reason: other things
Reply With Quote
  #6  
Old 10-05-2012, 02:07 PM
TheFrugalTech's Avatar
TheFrugalTech TheFrugalTech is offline
XStremely XSive
 
Join Date: Sep 2007
Location: Lebanon, OH
Posts: 249
Hey Ron, nice to see another long term IT guy on here. I first got my feet wet programming on a TRS-80 and playing with logic boards in '83. Branched off a couple times over the years into CNC Laser programming and vibration analysis then ended up right back in IT work.
I prefer to say when I started rather than how long I've been at it. Makes it not seem so long ago.
__________________
Current Stable:
1978 XS1100E - Beauty - Vetter Full Dress
1979 XS1100F - The Beast - Winter Project to Factory Full Dress
1979 XS1100SF - Black Sunshine - The Lucky Find
1978 XS1100E - Little Orphan Annie - Sold to a friend, slowly becoming a 1196 monster.
WTB:
1981 XS1100H Venturer - Long distance cruiser.
1989 FJ1200 - For playing in the curves!
Reply With Quote
  #7  
Old 10-05-2012, 05:21 PM
TopCatGr58's Avatar
TopCatGr58 TopCatGr58 is offline
Administrator
 
Join Date: Jul 2002
Location: Portsmouth, Va.
Posts: 12,621
Hey Ron,

Dayam, that was a real nasty one! I was just wondering if you bothered to contact ABC and inform them of your infection, what video you had watched, etc? Also have you contacted AVG with the information?

I had actually NOT heard of this rootkit/virus, but I wouldn't have fallen for it because I know where I get my music from, my own records, CDS and sometimes iTunes, not places like P2P file sharing apps!!

Also, last year a company on Cnet Downloads was offering a free version of their hard drive backup/imaging type software, I got it, and after I had done my original install of WinXP onto my new homebuilt system, along with having all of the security updates and such to SP3 and all, I then ran the utility and created a set of reinstall DVD discs, and then surprisingly I got a chance to use them just a short time later, made wiping and reinstalling Windows much faster/easier than the Original OS discs and such!

Glad you got it wiped and running just sorry to hear that you had to do thru all of that trouble to get a clean machine!

T.C.
Reply With Quote
  #8  
Old 10-05-2012, 09:16 PM
ViperRon's Avatar
ViperRon ViperRon is offline
XS-XJ Guru
 
Join Date: Feb 2011
Location: Woodstock, VA
Posts: 1,058
ABC evidently knew about it because they made the vidio not availiable. It was a pre release of Last Resort the new mini series they have aired.

I had stuff backed up to a degree my main effort was trying to identify what
it was. Kinda like being bitten by a snake you want to at least find it and cut its head off so you do not get bit again. Currently all I know is there is a version of the Ransom tied to streaming vidio that is bad news. If I had to name it it would be called Medusa.
__________________
To fix the problem one should not make more assumptions than the minimum needed.

Rodan
https://www.youtube.com/watch?v=khm6...liHntN91DHjHiS
1980 G Silverbird
Original Yamaha Fairfing and Bags
1198 Overbore kit
Grizzly 660 ACCT
Barnett Clutch Springs
R1 Clutch Fiber Plates
122.5 Main Jets
ACCT Mod
Mac 4-2 Flare Tips
Antivibe Bar ends
Rear trunk add-on
http://s1184.photobucket.com/albums/z329/viperron1/
Reply With Quote
  #9  
Old 10-10-2012, 08:15 PM
Cobia's Avatar
Cobia Cobia is offline
XS-XJ Guru
 
Join Date: Jul 2007
Location: Palm Beach County, Fl
Posts: 1,587
Believe it or not, because of the association with them, the FBI is offering a remedy on their website. I was warned about this virus and couldn't believe the FBI had a solution for it. This was months ago.
For my money, or lack thereof, and according to most reviewers, the best and less intrusive anti virus, anti everything software is MS Security
Essentials, and the best part is that it's FREE !!
I'm an A+ and MCSE network engineer in the higher end tech support field.
__________________
1980G Standard, Restored
Kerker 4 - 1
850 Rear End Mod
2-21 Flashing LED Arrays on either side of license plate for Brake Light Assist, 1100 Lumen Cree Aux Lights,
Progressive springs, Showa rear shocks
Automatic CCT
1980GH Special, Restored
Stock Exhaust, New Handlebars, 1" Spacer in Fork Springs, Automatic CCT, Showa Rear Shocks
'82 XJ1100 (Sold)
Automatic CCT, RC Engineering 4 X 1 Exhaust, K&N Pods, #50 Pilot Jets, YICS Eliminator. Sorely missed.
Reply With Quote
  #10  
Old 10-11-2012, 10:04 PM
Jerry's Avatar
Jerry Jerry is offline
XS & TRUE XJ GURU
 
Join Date: Jun 2002
Location: Elma, IA.
Posts: 2,998
Two cents worth.

No one program will catch everything. In general, freebie programs will only scan files after they are on your hard drive, paid-for versions scan as files are being downloaded. I use ESET Nod32, Malware anti-malware bytes (Mbam), Microsoft Essentials, and others including SpyBot, but mostly for its other utilities such as the Shred function. The MS program is free, ESET and Mbam are paid-for subscriptions.

I am an IT manager for an organization of about 175 users. Many of our PCs are laptops that travel. I have had to deal with removing viruses, but with the multi-program approach the frequency has gone down. Spend the money to get good anti-virus protection.

So do yourself a favor and do not rely on a single program. Avoid using public Wi-Fi when possible. Most of my portables now use cell card modems with unlimited data plans so users can avoid Wi-Fi.

Just like crashing on a bike, it is a question of when, not if, you will pick up a computer virus. Backup your data and keep a list of your software licenses. You will need both when you have to rebuild your PC.

For the record, I can remove most viruses, but have had a couple root-kit viruses that caused me to replace the hard drives in those units. There are some nasty bugs out there that cannot be defeated by booting into safe mode or going back to a restore point.
__________________
Jerry Fields
'82 XJ 'Sojourn'
'06 Concours
My Galleries Page.
My Blog Page.
"... life is just a honky-tonk show." Cherry Poppin' Daddy Strut
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 04:17 PM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
Integrated by BBpixel ©2004-2022, jvbPlugin