Watch Out; New Computer Virus:

[John Stiles]

Called "internet security 2010" and it's a real malicious one........it has my wifes computer and so far I can't defeat it.....BE WARNED! 

[Bob Reeves]

Just cleaned this off a friends computer. It is nasty but Malwarebytes has a little dos program you can run to shut down the process then you can run the free version of Malwarebytes to clean it.

http://www.malwarebytes.org/

Couldn't remember how I found the dos kill program, was thinking it was part of Malwarebytes but it's a stand alone available here.

http://download.bleepingcomputer.com/grinler/rkill.com

Start your computer in safe mode, (press F-8 at start up and select safe mode with network support). This will allow you to get to the internet to download the above programs. Download rkill to your desktop and run it. Then download malwarebytes to your desktop and install it. Check for and download updates then run it.. Do not reboot your computer after you run rkill until malwarebytes has finished it's scan and deleted the IS2010 files. Now you can reboot and you should be good to go. This doesn't completely get rid of everything but it does keep IS2010 from running.

If you want to manually clean all the left over stuff you can search the web for Internet Security 2010, find a site that has a list of the files and registry entries it creates then go through your computer and delete the left over junk.

[Alan Hahn]

How do you guys get these things? Is it by opening up an attachment or something?

[Bob Reeves]

How do you guys get these things? Is it by opening up an attachment or something?

Most of the time it is by opening an email attachment, sometimes it's going to a rogue web site. Game and porn sites are the worst. I never click on an email link even if I know who it's from, sorry guys if you send me something you think is cool odds are I'll just delete the email. I'm also extremely careful about what web sites I visit, even when I do a search for a product I check the URL before I actually click on the search link. If it looks at all suspicious I don't go there. By following these few simple rules I have no need to and don't run any antivirus software. All it does is use up clock cycles and most of the time won't catch the virus anyway.

The friend above was running the free version of AVG which is touted to be one the best. It didn't stop him from getting the IS2010 virus so what good was it other than to use processor time.

[Robert Organ]

Bob, I just left a message on B.O.T.R. Forum about this virus and MALWAREBYTES. These things are disguised to look like legit programs, unfortunaly if you open them, they can be a real pain to remove. I have found MALWAREBYTES to be very effective in removing these things but I didnt know about the other program you mentioned. I really enjoy all your postings as I am a BIG Saito fan. Bob

[Randy Powell]

You can also get these by clicking anywhere on a pop-up window. If you get a pop-up that asks you do download some sort of virus protection, don't click on it anywhere. Go through the task manager and shut the process down. MS has, I'm told, addressed this in updates, but I'd still shut it down from the task manager.

My wife's computer recent got infected with a rootkit virus. No real way to get rid of it as it overwrites certain system files. I found a list of the files to replace from a trust web site, then booted her computer using a linux live CD, deleted the files and replaced them with uninfected versions and deleted several other files. From there I was able to boot the computer and clean up the registry and restore some other stuff. Seems OK now, but I feel a re-install coming on if the thing has hidden somewhere and resurfaces.

[John Stiles]

Looks like my wife's PC is toast........somehow the virus shut down the task manager by the way............tried to "safe" boot, but no joy. It's one of them emachines and had about 75% of the hard drive free last time I defragged it a month ago. I guess it's back to the electronics section..........prolly cost me enough to build a couple more planes

[Robertc]

I got Internet Security 2010 by looking up Nelson Paints!  Clicked on a web site and bang, I got it.  It ended up corrupting my Windows XP - it refused to load.  Had to boot from the XP disk,
reload Windows, (repair) took over an hour, then once booted, run a full scan with Malwarebites, nearly two hours, which did get rid of it.  I lost a least 5 hours of my days dealing
with Internet Security 2010.

[Bill Gruby]

 Internet Security 2010 will get in there by a pop up usually. It looks like it came from Windows and once in it's there period. If MALWARBYTES can remove it you are lucky to have them. The Virus itself will allow you to remove it till you get to the Task bar part. Then it will lock you out and eat the hard drives. I have been three weeks now trying to get everything back to normal. This Virus is a bad one, real bad. The best you can do is get rid of everything and then reload the computer. If you get it I hope you have a recovery disk.
 "Billy G" 

[Bob Reeves]

Too bad you guys aren't closer, I would take care of it for you for $50.00 (normal charge) and you wouldn't have to reload anything except maybe your anti-virus software. I will need to remove any AV because this thing modifies files in some anti-virus software. In fact if you clean it with Malwarebytes and want to keep Malwarebytes on your computer you will need to remove and reinstall it after you run it.

If you can't get into safe mode, it's probably because you aren't hitting F-8 soon enough during boot up. Just keep taping the F-8 key during the whole boot process.. Eventually a screen will show up with a bunch of boot options where you can select Safe Mode.

[Larry Cunningham]

John,

Before you surrender, I suggest a visit to the Safer Networking site. These are the guys that
make Spybot, and they walked me through a process last fall that completely fixed a hideous
infection called Virtumonde. They have half a dozen tools that they use to look over your system
and fix it. It's a detailed process, and your communications may take place over a couple of days,
but it gets fixed. Here is a link to my episode, where they started me out with their Hijack This
utility: http://forums.spybot.info/showthread.php?p=224224#post224224.

They saved my computer, and I was so impressed I donated $50 to Safer Networking.

Also, the Spybot program is one you should have installed and running regularly, it has a
resident program called Teatimer that intercepts attempts to alter your registry, which
saves you in most cases. Safer Networking points out that several of the more
virulent trojans are exploiting some special Microsoft IE "object" to propagate
themselves, and helps you deal with that.

Safer Networking also links to Malwarebytes, and has suggestions for using it.

I've had very good fortune avoiding problems on my current computer after the
Virtumonde incident. I have installed and use the following security programs:

Norton 360
Safer Networking's Spybot with Teatimer
Malwarebytes

At least as important is your internet browser's security add on
programs. I run Firefox, and have the following add ons protecting
it:

NoScript
Adblock Plus
IE Tab (opens an Internet Explorer compatible tab)

I also cleaned out all non-essential cookies, and set the security to allow
cookies, but discard them on exit. Similar deal with cookies on IE setup.
It's a slight inconvenience to allow new cookies, but well worth it. Also,
disable redirection from any selected site until it is known trustworthy.

It takes awhile, but eventually you're allowing the safe sites you can
trust, and avoiding masses of troubles.

Keep your antivirus program, plus Spybot and Malwarebytes all up to date and
run them regularly (I run them daily at 3 AM), you won't regret it.

Safer Networking has three free utilities that I downloaded and found
useful: RegAlyzer, FileAlyzer, and RunAlyzer for looking at registry, files
and run configurations. FileAlyzer is great for examining virtually any file
and getting a hex/ascii dump.

This is the very best advice I can give you. Good luck!

L.

Edit: forgot to mention I'm running Windows XP Pro. All bets are off for Vista
or Windows 7, I simply have no experience with these operating systems..

"You know, I have one simple request. And that is to have sharks with frickin' laser beams
attached to their heads! Now evidently my cycloptic colleague informs me that that cannot
be done. Ah, would you remind me what I pay you people for, honestly? Throw me a
bone here! What do we have?" -Dr. Evil

[Dick Pacini]

This might help some.

http://www.showbizgalore.com/3456/remove-internet-security-2010-virus-effectively/

[Larry Cunningham]

Dick, not to be a wet blanket, but just be VERY suspicious of programs and sites
offering to fix a particular virus, and very much extra when they want to download
and run a "free" analysis of your registery. As a general rule, don't even play that
game, so many of these things are scams, typically designed to sign you up and
get you to pay for a version to actually remove the virus. Some even infect your
computer.

I'm not saying there is anything wrong with showbizgalore.com, just be very
suspicious. (Typically, I wouldn't expect to get a virus removal tool from a
site named showbizgalore.com.. )

L.

"Always carry a flagon of whiskey in case of snakebite and furthermore always
carry a small snake." -W. C. Fields

[Larrys4227]

I love LINUX .... :-)

[Dick Pacini]

Dick, not to be a wet blanket, but just be VERY suspicious of programs and sites
offering to fix a particular virus, and very much extra when they want to download
and run a "free" analysis of your registery. As a general rule, don't even play that
game, so many of these things are scams, typically designed to sign you up and
get you to pay for a version to actually remove the virus. Some even infect your
computer.

I'm not saying there is anything wrong with showbizgalore.com, just be very
suspicious. (Typically, I wouldn't expect to get a virus removal tool from a
site named showbizgalore.com.. )



L.

"Always carry a flagon of whiskey in case of snakebite and furthermore always
carry a small snake." -W. C. Fields

That site actually walks you through the steps and you do it yourself.  There is no analysis or trial offered.  In truth, I did a Google on the 2010 virus and browsed through the hits.  This one seemed decent, although there are no guarantees on anything free.

[Randy Powell]

>>Spybot program is one you should have installed and running regularly<<

I use AdAware on the spouse's laptop (along with AVG and regular checkups). I've trained her about opening questionable attachments and clicking on popups. I'm trying to get her to just let me put Fedora on the thing and avoid all this nonsense, but she's stubborn. I mean, all she does is email and web browsing. Sigh....

But then, I'm getting ready to venture into Fedora 12 Rawhide, so I suppose I shouldn't complain too much.

[Larrys4227]

I couldnt decide which Linux-Version to load up ... looked at Fedora too ..... was an old Slackware fan .... but went with Ubuntu Koala on all the machines.  Wife and daughter had no choice in the matter since I admin the household computers. :-)  But I did this to them 7-8 years ago, so they know what LINUX is and aren't scared!  LOL!

Unlike the past, I dont run webservers, email, ftp, Etc. ....  I gotta say that Ubuntu has been a great desktop environment for everybody in the house!  And I've been a happy camper the last 4-5months not having to deal with issues such as what this thread is about. I also get the pat on the back from wife and daughter because they remember Slackware from years ago .....  Linux has come a LONG way!  Very user friendly and everything works!!

Enough --- Linux Rules ..... Larry

[Larry Cunningham]

Fedora == hat == Red Hat 

Darr! I get it! Yuk yuk.. From the same people who gave you software named awk, gnu, bison, java etc.
((that's nothing, I once named a signal line ZONK, which I was happy to see on the official Datapoint schematic..))

All my True Wizard (tm) friends have been proseletizing about unix based systems for
PCs forever.. Maybe I should be listening to them, but I'm an old dog who is very slow
to learn new tricks (in spite of using unix based computers at work for years). 

L.

"Poetry is like fish: if it's fresh, it's good; if it's stale, it's bad; and if you're not certain,
try it on the cat." -Osbert Sitwell

[Randy Powell]

Larry,

Now, now, don't bore then nice people with unix-speak. (I'm partial to chron myself).

"Insanity is doing the same thing over and over again and each time expecting a different outcome."

                                             ---Albert Einstein - 1923

[Larrys4227]

Yeah .... no UNIX-Speak.  :-) 

Lets just show them what their missing!!

Linux Rocks!  Larry

[BillLee]

...My wife's computer recent got infected with a rootkit virus. No real way to get rid of it as it overwrites certain system files. I found a list of the files to replace from a trust web site, then booted her computer using a linux live CD, deleted the files and replaced them with uninfected versions and deleted several other files. From there I was able to boot the computer and clean up the registry and restore some other stuff. Seems OK now, but I feel a re-install coming on if the thing has hidden somewhere and resurfaces.

Hi, Randy;

I have a disconnect here! You talk about a "rootkit" which is typically a Linux term, not normally associated with a Windows OS, you booted using a Linux live CD, but then talk about cleaning up the "registry", a term that is not used for Linux AFAIK.

Is your wife's system a Linux system, and if so, how did it get a rootkit installed? And if it's a Windows system, what is a rootkit? I think I can understand using the Linux live CD since that gives you an OS that is uninfected and can access the file system on the PC, even if it's a WIndows system. I just don't understand the combination of terms you used.

What am I missing?

Regards,

Bill Lee

[Larrys4227]

I can help alittle bit here ....

His wifes computer is Windows and had a rootkit virus ... basically a backdoor with admin privledges.  He got a list of windows files that were infected, DL'd a duplicate set of trusted/clean files and then booted the windows PC into Linux using the live CD. While in Linux, he replaced the Windows infected files with the trusted ones. Rebooted the PC back into Windows mode and cleaned up the registry and other stuff.

Thats it in a nutshell ..... :-)   Linux is GREAT for stuff like this, and Randy did a good job in utilizing it to fix a severe Windows problem that was probably unfixable any other way.  Well, short of  format c:\ -a -s ..... :-)

Sorry Randy if I stepped on your toes.

Larry

[Bruce Reynolds]

You can download a program called RootkitRevealer

http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

which will list all registry and file system discrepancies caused by a rootkit. You still have to surf around the web to find out removal techniques for the particular rootkit found, but at least you can find all of the files that need to be zapped.

[Bob Reeves]

This is what I use..

http://www.ubcd4win.com

[Randy Powell]

Larry pretty much has it. Some rootkit viruses respond to Windows based fixes. Some not so much. They sort of work, but can hide and come back. The very fact that Windows won't let you run processes separate from the primary kernel process makes things like the Internet Security 2010 and rootkit viruses almost impossible to eradicate from inside the system (you don't have to re-boot linux to update the system - some linux based computers haven't been rebooted in years). Such viruses often require hacking the registry to find hidden pieces. I got lucky this worked as well as it did.

Linux can be a pain occasionally because it protects the system from access to certain things without going through a couple of hoops (like having to go through a terminal to run certain programs with adequate privileges to do something or other - the famous sudo route). But that is why it doesn't have virus problems, too. That's not to say it's un-hackable or anything. Just that the relatively easy route to infect Windows computers with viruses doesn't exist in linux. There are other wonderful ways that it can get hacked by someone that knows what they are doing, but viruses aren't one of them.

[Bob Reeves]

If Unix and MAC's were as abundant as wintel machines I believe they would be targeted just as Windows users are now. The only reason the bad guys haven't attacked is because there wouldn't be enough return for the effort. It does irk me that mainstream and coporate America chose Wintel because it forced me to go and stick with it in my business. Now I'm too old and lazy to put forth the effort to learn as much about another OS as I know about Windows.

[John Stiles]

This is what I use..

http://www.ubcd4win.com

Couldn't find a download button.....how do you get the recovery disc?

[Randy Powell]

>>If Unix and MAC's were as abundant as wintel machines I believe they would be targeted just as Windows users are now. <<

Well, yes and no. Yes, were linux boxes as numerous as Windows boxes, then linux would receive more attacks. Absolutely true. But it wouldn't be viruses. This sort of approach just doesn't work on linux. And it would take someone with some real skill to develop DOS or interception type attacks or similar, not some pimply faced kid in some out of the way place that just learned to program. Malware is another type of attack that doesn't really work on linux, but trust me, there are types of attack that would work. Particularly if people messed with the permission structure in linux. Unfortunately, Windows, by design, is more susceptible to attack. Windows 7 is a good deal better about this and as the design evolves to catchup to more modern network design, it should get better still.

[BillLee]

Not to mention that a large portion(majority?) of the web servers "out there" are running a Unix OS of some sort. If Unix was susceptible to the type of crap that infests the Windows universe, you'd see a lot more of it since the hackers would be after the servers, not just the PC on Joe Average Turkey's desk. The bang for the buck of cracking into a server would certainly justify the effort.

Regards,

Bill

[Randy Powell]

>>Not to mention that a large portion(majority?) of the web servers "out there" are running a Unix OS of some sort.<<

Last estimate I saw (based on Freewire's last report about 4 months ago) was about 81% of all servers worldwide used some form of linux, FreeBSD or straight UNIX (with many being Solaris). Another 14% or so used some kind of Mac (which nowadays means BSD/Unix). The other 5% are Windows servers of some flavor. Trust me, there's a reason for that.

[Larrys4227]

(you don't have to re-boot linux to update the system - some linux based computers haven't been rebooted in years).
 

Mentioning this reminded me that the day we packed and moved down to FL in 2004, I had to shutdown a Pentium90 that was running command-line Slackware LINUX and was my Gateway/Firewall to the world.  This machine had an uptime of almost 3 years!!!  It sat in a corner with nothing but a keyboard and network cable attached to it and it ran perfectly!  I loved that little machine!!!  Sigh .... those were the good ole days when computers was my only hobby. :-)  Now I live in the sunshine state and cant stand to be inside ..... :-)

[Alan Hahn]

If Unix and MAC's were as abundant as wintel machines I believe they would be targeted just as Windows users are now. The only reason the bad guys haven't attacked is because there wouldn't be enough return for the effort. It does irk me that mainstream and coporate America chose Wintel because it forced me to go and stick with it in my business. Now I'm too old and lazy to put forth the effort to learn as much about another OS as I know about Windows.

Well Bob, you can believe what you want, but if people could hose a Mac (or Linux Box) they would certainly do it just to crow about it.

To be honest, these Window machines (I think this would probably be XP and earlier) just sound scary to me. I do believe the newer ones (Vista and 7) are a lot better.

[john e. holliday]

To tell the truth in my opinion, I think our internet providers and all the other outfits cause more problems than they fix.  I have had an e-mail from individuals that I don't respond to any more.