Hi Guys, need to know if anyone can help with this. My wife's computer looks to have been hacked with a scam that calls itself "Security Protection". When she reboots a window opens with a system scan underway that claims the system is infected with malicious software/worms/trojan/etc. It prevents her from opening any other programs and warning balloons keep popping up from the new icon it has placed on her desktop warning that every program she tries to open (web browsers or software applications) are infected. The desktop icon and the scan window are designed to look a lot like the Windows 4-color shield. The warnings claim that the problem can only be solved by activating "Security Protection" software and leads you to a "secure" purchase location. $59.99 for 1 year and 89.99 for three years. Seems like a scam but I can't get around it/delete it. Can anyone HELP????

http://www.paceadvantage.com/forum/showthread.php?t=76390&highlight=virus

Try a system restore to prior date of attack. Has worked for me.

Before you do anything harsh, try this:

http://www.surfright.nl/en

You may have to run it in safe mode...and you may have to download it on another computer and copy it over to your infected one if you don't have access to the internet.

Many of these types of invasions prevent you from accessing the internet because they change your Internet settings, adding a fake "proxy" address. You can simply remove this address by using IE and going to TOOLS, INTERNET OPTIONS, CONNECTIONS, LAN SETTINGS and checking to see if there is anything appearing in the PROXY SERVER box...if there is (and assuming you don't need a proxy to connect to the internet, which you most likely don't), delete it, and you should temporarily have access back to the internet to download that program.

Not to pore salt in the wound but if FireFox had been used, it might have help to prevent the scam from taking over the system.

I actually had this one. Put about 10 hours into it over a period of 3 days. Actually thought I had it whipped maybe 4 times. When it reappeared on day 4 saying that all I had to do was give them $35 to make it go away, I took the computer to my local guy and had him fix it.

Cost me $70.

The extra $35 was well spent.


Dave

Gee - if Dave caught it, we're all in trouble. :)

there is a program called "slim cleaner" that is recommended by smart computing magazine. Has a shredder program to deal with stuff like that. Have you tried malwarebytes.org? that works pretty fair.

good luck

Thank You for the replys...My wife will be trying some of these suggestions & I will post the results.
Dave...She read your reply & stated she would rather pay the extra $35 as well!

there is a program called "slim cleaner" that is recommended by smart computing magazine. Has a shredder program to deal with stuff like that. Have you tried malwarebytes.org? that works pretty fair.

good luck

Malwarebytes took care of it for me.

DJ, it can happen to anyone.

I got an email one day that looked just like one that I get regularly from someone I knew. It wasn't but it looked similar.

I said, "Oh, I wonder what this is?" and clicked a link. The instant I clicked it I regretted it. Shut down the browser and the power on the computer but it was already too late.

Those bits can move mighty fast.


Dave

Well, let's take this thread on a tangent, and, give me a chance to get a bit smarter about servers.

Dave, if your email was sent to a mail server running on your home LAN, would there have been a lesser chance of the invection happening?

Malwarebytes took care of it for me.

The best...and price is right.

I know Linux has much the same effect, but I am enjoying ChromeOS for just this reason -- it is designed to be impervious to any sort of persistent malware (yet to be truly tested, but by design it very likely will be).

Using a machine like this just for surfing has its benefits. I surf with impunity.

Malwarebytes and MS Security Essentials did NOT work for me...that link I posted above DID work, and worked VERY well...

I suggest you run that program ASAP before anything else...

Dave, if your email was sent to a mail server running on your home LAN, would there have been a lesser chance of the invection happening?

Not sure if I understand what you are saying but it WAS sent TO ME via my "home" web server. (Obviously it originated outside my network.)

Another additional tool to use is a "sandbox" program. Basically it runs software in isolation. It's really good to use with your browser of choice and also anytime you might be running...um...suspicious software. I personally use this: Sandboxie (http://www.sandboxie.com).

There are some drawbacks -- more like inconveniences, really -- when using it, but I really feel safer when I surf. You could also open your email program with it and then it -- and anything that it opens -- will run in isolation.

Another additional tool to use is a "sandbox" program. Basically it runs software in isolation. It's really good to use with your browser of choice and also anytime you might be running...um...suspicious software. I personally use this: Sandboxie (http://www.sandboxie.com).

There are some drawbacks -- more like inconveniences, really -- when using it, but I really feel safer when I surf. You could also open your email program with it and then it -- and anything that it opens -- will run in isolation.

This is great advice deserves a :ThmbUp:

If you live in central NJ and aren't that far from me I'll offer to try and fix it if you haven't taken it in for repair yet. Just send me a PM.

I know Linux has much the same effect, but I am enjoying ChromeOS for just this reason -- it is designed to be impervious to any sort of persistent malware (yet to be truly tested, but by design it very likely will be).ChromeOS is Linux.

Like other Linux distros, ChromeOS has five built-in security advantages:
1. Security by obscurity -- it has fewer users than other OSs, so it is not the most attractive target;
2. Security by diversity -- there are over 400 versions (distros) of Linux, an attack vector that works on one distro often won't work on another distro;
3. Security by transparency -- Linux is open source and so is most of its apps, many eyeballs inspect its inner workings, making it very difficult to sneak in malicious code;
4. Security by activity -- Linux users often report bugs and problems which are usually fixed rapidly and eagerly by developers.
5. Security by methodology -- it was designed from the ground up to be a networked/multi-user OS, so security measures are integral to Linux.


Using a machine like this just for surfing has its benefits. I surf with impunity.True, and if one boots from a Linux live CD/DVD/USB, one is untouchable.

I actually boot the liveCD SystemRescueCD (http://www.sysresccd.org/Main_Page) when I access my bank and credit card accounts online. Viruses and malware can't be written to the CD, and it is very light weight and snappy, and it autoconnects to the Internet.

Of course, SystemRescueCD can also be used to access Windows partions when one's OS gets borked by malicious and/or buggy code. It also can fix such Windows problems.

The best part is that all of these liveCD/DVD/USBs are free!

Yes, ChromeOS shares those Linux advantages as it uses the kernel, but it has (at least) one specific security feature that goes above and beyond Linux -- in that it has verified boot employing read-only firmware. It is a hardware feature that all ChromeOS OEMs are called to employ. It is designed with the assumption that even though it is Linux, it will get Malware, and it will automatically reload the OS if it detects any changes within the OS.

Getting a piece of malware onto ChromeOS, like Linux, will be difficult. Getting a piece on that will also persist through a power cycle will be all the more difficult with ChromeOS.

@chickenhead

I would imagine that your firmware OS boots fairly quickly, too.

Keep in mind that viruses and malware can reside in user-space/hard-drives, so if your read-write drives are automatically mounted, that could be a vector of attack.

LiveCD/DVDs don't usually mount drives automatically, so, generally, there is an added layer of protection with that method.

Hi Guys,
Mrs. fiveouttasix here. Thank you so much for all the helpful and knowledgable assistance. PA, your leading me to surf-right and the instructions on downloading etc. were especially beneficial and seem to have done the trick. I'm told someone even offered to come out to our home to help. I'd heard the guys on the Horse Racing message board would be willing and able to help and you didn't disappoint. THANKS SO MUCH to all who responded!!!

That hitmanpro link can be a LIFE SAVER, can it not? Glad it seems to have worked for you.

You can thank bigmack when you see him around these parts...he's the one who first turned me onto that program...

Glad the advice worked out - I had that happen to me in early June, what a bitch that was. That trojan marks the files as invisible to windows, moves them around, disables the task manager so you can't stop the thing from running. I believe I got it through a pop-up while playing yahoo games - was in a card game with family, lots of windows open and clicking to do, and I think it snuck in at the right time over my cards and I may have clicked it accidently.

I backed up my files after 'getting rid of the virus', but I was lost on the restore process and started my computer from scratch after backing up my important files to a book drive. However, the files were still marked 'invisible' at that time (I didn't understand this at the time) so when I went to restore my files off the book drive, it told me they weren't there! Cause me a lot of grief until I realized I needed to run a program to unhide those files on the backup drive in order to find them again to copy back to my computer. (And then they were invisible to my old DOS programs, so I had to fix that too - I forgot how I did that.) Took me 3 days to recover, since I didn't take regular backups before that (dummy, dummy, dummy.)

Task manager substitution: http://technet.microsoft.com/en-us/sysinternals/bb896653

I backed up my harddrive to an external drive and then reformatted my drive and reistalled windows from the original CDs.

Then I copied over my important files from the external drive to my main drive.

The cost of the fix was zero dollars and about 12 hours of being without my computer.

Most of the stuff I backed up on the external drive is junk. So my main hard drive is much leaner now. Computer runs a lot faster.

Hi Guys, need to know if anyone can help with this. My wife's computer looks to have been hacked with a scam that calls itself "Security Protection". When she reboots a window opens with a system scan underway that claims the system is infected with malicious software/worms/trojan/etc. It prevents her from opening any other programs and warning balloons keep popping up from the new icon it has placed on her desktop warning that every program she tries to open (web browsers or software applications) are infected. The desktop icon and the scan window are designed to look a lot like the Windows 4-color shield. The warnings claim that the problem can only be solved by activating "Security Protection" software and leads you to a "secure" purchase location. $59.99 for 1 year and 89.99 for three years. Seems like a scam but I can't get around it/delete it. Can anyone HELP????
I am bumping up this thread because this has happened again to another computer in our home..Last time Hitman Pro did the trick....This time the scammers must be getting more sophisticated, I ran Hitman Pro again & received HM Pro fail # 67! any suggestions? Thanks Jim

One thing you might try, since it appears to be something you see after a boot, is to D/L and run this: http://technet.microsoft.com/en-us/sysinternals/bb963902

It is a simplistic approach. And for the price, it's worth a try.

I am bumping up this thread because this has happened again to another computer in our home..Last time Hitman Pro did the trick....This time the scammers must be getting more sophisticated, I ran Hitman Pro again & received HM Pro fail # 67! any suggestions? Thanks Jim
Run Hitman in safe mode.

I use Microsoft Security Essentials to protect my computer...and have had no issues until today.

About half an hour ago, while navigating this very site, a pop-up from what appears to be Microsoft starts scanning my computer...and informs me that 27 malicious threats have been identified, and need to be taken care of immediately.

I am asked to purchase another version of security system (Win 7 Internet Security 2012), in order for my computer to be fully protected.

Is this new security system "for real"...or is it just another virus in disguise?

Thanks in advance for any help...

That is the exact same message I received yesterday. I also wanted to know if it was real. I called a "tech" and was told it's NOT legit, but a trojan. He's coming out to see if he can remove it for me. Will report back after he takes a look tomorrow.

Is this new security system "for real"...or is it just another virus in disguise?
Not real. Get rid of it: http://www.2-spyware.com/remove-win-7-internet-security-2012.html

Not real. Get rid of it: http://www.2-spyware.com/remove-win-7-internet-security-2012.html
Thanks bigmack,

I appreciate the help.

This site has excellent tutorials on how to remove the various forms of malware that are prevalent in Cyberspace. Following is a link on how to remove the Security Protection Rogue Anti-Spyware.

http://www.bleepingcomputer.com/virus-removal/remove-security-protection