ms removal tool rogue spyware. This is no hoax!!!

Started by sobranie, May 23, 2011, 13:53:11

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

sobranie

Subject rogue spyware has raised it's ugly head again.
Had to do a complete reformat for a friend yesterday.
BUT ..... upon entering his email server he managed to d/l the damned thing again.
Have a look here .... http://www.malware-help.com/remove-ms-removal-tool/

Going to shufty things tomorrow, will keep you posted.

Q. Anyone else had any experience of this and, if so, can it also infect a hidden HD sector pls.?


DorsetBoy

There is an official M$ tool with a similar name so this will be a big problem.

http://www.bleepingcomputer.com/  is the best lace for malware help. The malware help site in your link is just another front for Spyware doctor  ;) ;)

zappaDPJ

Quote from: sobranie on May 23, 2011, 13:53:11
Q. Anyone else had any experience of this and, if so, can it also infect a hidden HD sector pls.?

There seems to be a number of variations of this. I removed it from a PC a while ago but I highly doubt the removal tool linked would have worked on that occasion. The infection shut down various Microsoft services which had a catastrophic effect. For example, it made it impossible to connect to Microsoft Update or install or run anything of any use. I removed it manually and had to run scripts to restart various background processes. It took me two days.

On the other hand my daughter successfully Googled and removed a variation of it from her laptop with ease.

I'd say if you can connect and download/update via Microsoft Update then you have a version that can easily be removed. If not then be prepared to format.
zap
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

tehidyman

Quote from: sobranie on May 23, 2011, 13:53:11
Q. Anyone else had any experience of this and, if so, can it also infect a hidden HD sector pls.?
I cleared this problem a few weeks ago using the download on the bleeping computer site as  recommended by Dorsetboy and as far as I can tell it did a perfect job. :fingers:

sobranie

Quote from: DorsetBoy on May 23, 2011, 14:30:50
There is an official M$ tool with a similar name so this will be a big problem.

http://www.bleepingcomputer.com/  is the best lace for malware help. The malware help site in your link is just another front for Spyware doctor  ;) ;)

Yes,agreed & I have no intention of coughing up for Spyware Doctor. However, it does give some insight of what one is up against does it not!
My initial plan is to go back to yesterdays restore point (Safe Mode), run malwarebytes,nod32,and a few others and if I get a clear machine  :fingers: I will delete sys restore together with his email server, get a new email address etc etc.
If that doesn't work (I don't really think it will), then it's a reformat with new email addresses.
If I still have the prob. after all that I will have to assume that the prob. also lies in the hidden win setup sector then it's either (a) delete this sector too or (b) sledgehammer to the HD! Only prob I have is, there is no winxp disc supplied with this setup as it resides on the HD.
Nowt's easy!!!

Rik

It is if you get someone else to sort it for you, Rick. ;)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

sobranie

Quote....//My initial plan is to go back to yesterdays restore point (Safe Mode), run malwarebytes,nod32,and a few others and if I get a clear machine   I will delete sys restore together with his email server, get a new email address etc etc. Unquote.....//

Got my paws on the machine and sorted it as per above. 
jftr I could not find any trace of this prob. in emails prior to starting the repair so God only knows where the attack originated.
I shall request the chappy keep a log for the next week or so detailing where he's been on the net and if the prob. recurs then
I should be able to block the site(s) accordingly.  (Got my suspicions of course!!!!!)

pctech

You should only get the removal tool via Windows Update.


sobranie

#8
Quote from: pctech on May 24, 2011, 18:02:04
You should only get the removal tool via Windows Update.


Now you've lost me or the plot maybe.
This is a rogue application with a similar name, please read the posts.
Friend did not d/l it, it just arrived and proceeded to massacre his computer.

gizmo71

I always assume that things titled "This is no hoax!!!" are hoaxes. :laugh:
SimRacing.org.uk Director General | Team Shark Online Racing - on the podium since 1993
Up the Mariners!

sobranie

Quote from: gizmo71 on May 24, 2011, 21:08:17
I always assume that things titled "This is no hoax!!!" are hoaxes. :laugh:
I also presume that 99.9% of 'hoaxes' are just that.
I can categorically confirm that this one was a beaut and I've no wish to see it again.

pctech

Be careful whom you give POP3 mail addresses to.


pctech

Quote from: sobranie on May 24, 2011, 20:17:00
Now you've lost me or the plot maybe.
This is a rogue application with a similar name, please read the posts.
Friend did not d/l it, it just arrived and proceeded to massacre his computer.

According to the info you linked to propogation is or was by clicking on a web link so its probably worth your while educating your friend to not click on links in e-mail and to ensure they have an up to date client with security measures such as script blocking.

Chances are they clicked on a link. but will not admit to it because they feel daft that they fell foul of a social engineering technique.

My point was that anyone who thinks MS send out removal tools via e-mail really needs educating in basic security and system maintenance.


sobranie

Quote from: pctech on May 24, 2011, 22:04:23
According to the info you linked to propogation is or was by clicking on a web link so its probably worth your while educating your friend to not click on links in e-mail and to ensure they have an up to date client with security measures such as script blocking.

Chances are they clicked on a link. but will not admit to it because they feel daft that they fell foul of a social engineering technique.

My point was that anyone who thinks MS send out removal tools via e-mail really needs educating in basic security and system maintenance.



You know it!
I know it!
The majority of forum readers know it!
I'll take a guess that 50% of 'puter users don't know it and that's the big problem.
jftr I did instruct the user not to click on links some time ago to no avail. I have also informed him that if it happens again he should refer the prob. to the local computer repair shop where they'll charge him at least £45 per hour .... maybe that will have the desired effect, who knows!

gizmo71

SimRacing.org.uk Director General | Team Shark Online Racing - on the podium since 1993
Up the Mariners!

sobranie


Technical Ben

It seems very similar to a one I saw on a friends laptop. I could not get it off, as I could only spend 2 hours trying. The PC had vista too, so that did not help. :(
I use to have a signature, then it all changed to chip and pin.

Simon

Don't you just love people who give you their computers to fix, with no consideration for the several hours of your time it takes?  

:sigh:
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

gizmo71

SimRacing.org.uk Director General | Team Shark Online Racing - on the podium since 1993
Up the Mariners!

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

I gave up, a thankless task when the pc has so much dust inside its turned into a fossilised rock almost, and after you clean said infections, stop live messenger opening with the writing upside down because they did god knows what but you need to edit the rsgistry, they click on the first spam laden virus riddled popup that comes along and proceed to download open if they even have that choice and give CC details to  :slap: Nope now its go to the computer shop, and leave me alone.
Damned, if you do damned if you don't

Simon

Yes, there's a few I've also given up with, that won't listen and learn.  Their kids download all sorts of cr*p, and when I put a parental control on the PC, they switched it off!  :shake:
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

I bet we could all tell similar tales. Which is probably why we're in technical forums and they're not.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.