Replies

Originally Posted by Dammer
Have since been running other scanners but have not found anything else.

If things seem fine, and if you don’t have already it, this might be a good time to download MalwareBytes and do a direct install to the computer / update and do full scan. I think these two programs that I mentioned are the only two free ones, that I’m aware of that rids this thing.

Also, you did a system restore it sounds like. I just wonder if any of these variations include a time bomb, which simply means set to trigger on a certain date. I doubt it at this time, as I’ve never ready anything about that as of yet, however I did have a program that did that.

Anyhow, glad to hear it appears you got things fixed. This one can be a pain to work with.

I would seriously look at Paragon Back-up & recovery 2011 Free .It’s free and when things get really bad, it might be a good way to get things back to normal. Again, I’ve only made archives, never a restore, as I’m a big believer in Acronis TrueImage, which has saved my several times.

b1rd

I was able to get rid of it through SafeMode. I installed MalwareBytes from a flash drive while in SafeMode, then ran it while still in SafeMode.

Several people have had success with renaming the file from .exe to .com (renaming it, not changing the file extension) Both during the download, as well as within the programs folder.

Another option I found some place was a portable version of SuperAnti Spyware. It assigns the file a random name, and can be both downloaded directly to a flash drive, then run from it as well. I would still suggest running either in Safemode, or if you can boot, then hit Run> type msconfig and select diagnostic start up, which is basically the same, just easier to get to on many systems.

Edit:

I did do some quick checking and there were a couple people saying not to start this in Safemode, but did not indicate why. They suggested to bring up the task manager Run > msconfig and get to the start up tab ASAP, and quickly uncheck it if you can find it. Personally, I’ve removed several of these, however different variations, and that has never worked for me. Also, I can’t see why running the fix in Safemode would be any problem at all.

Malwarebytes is available in a free version. There is no need to pay for it, unless you want the frilly, fancy, unnecessary features of the paid version.

I think he was referring to the “real-time” protection aspect and perhaps the automated updates, thus blocking the problem rather than trying to fix it.

COMODO is decent, however it’s only a snapshot. Also, it does insert itself into the Master Boot Record, so if there’s a problem with it- that can be a problem (However I do use it with no problems)

Another FREE option is PargaonBackup & Recovery 2011 (Advanced) Free It’s a free mirroring program in the event you can’t boot. (You need to make an ISO image media which the initial installation will prompt you to do)

I have made several archives, however I have yet to try and restore my system using this program, so I have no comments on that part. I did see it received decent ratings though. Also, if you can boot, you can still use the restore feature without the boot media, but remember it will bring your entire system back to the date of the archive, thus taking away anything you’ve saved as of that time period.

Personally, I use COMODO / TrueImage / and Paragon to back things up.

Paragon is defaulted to save the archive on the main drive, but I would suggest saving it to an external drive (Or another internal dive if you have one) if possible, to reduce the chances of a corrupted archive file, not to mention the longer defrag lag time on a the main drive as well.

b1rd

…but to bring up Task Manager and kill the current browser session

Thanks, that’s been my practice too.

In fact, this popped up on my personal computer just last week. Pretty impressive UI, however I was already familiar with this, and I have two internal hard drives, which this one failed to imitate.

I might add that this was the initial page that showed up, unlike what Fred Langa had, so I’m guessing it’s a different variation. This was an actual screen shot I took prior to shutting down the browser.

I actually sent the editor a letter asking the same, and I was directed to come here to post.

Also I’m new, so I also wanted to say hello!

PS- I already tried to post this, but I’m not sure if it needs to go through a moderator first, so if this a repeat, my apologies.

Regards,
b1rd

My letter:

Hi, and thanks for taking the time to read this.

I was reading Fred Langa’s article about the “LizaMoon” infection in the Windows Secrets Newsletter • Issue 283 and I noted he made the below statement, and I was wondering about a possible problem with this.

“Typically, when you encounter any suspicious webpage dialog, the correct procedure is to immediately dismiss it via the red-X close box in the upper-right corner of the dialog box or to simply close the browser. (If needed, you also can use Windows’ Task Manager to kill offending software or its processes.)”

I’ve always been under the impression that these types of rouge malware should be closed, via right-clicking the tab on the taskbar, or bringing up the Task Manager and closing the entire browser. I’m not sure if he meant close the page via the red X on the browser, or on the rouge dialog box itself.

The reason I’m asking is that is it not possible that the programmer has the ability to create the user interface so that anywhere that one clicks on it actually initiates the install command? I don’t know enough about programming, but I can’t see why the install command can’t be disguised as a red X.

Also, I’ve removed a few of these from some computers. (Different variations, but the same type of scare tactic) The last one I did for a friend would not even allow me to install MalwareBytes from a flash drive and disabled his ability to go online. I was finally able to install MalwareBytes through SafeMode, then scanned it and everything was eventually fixed.

Thanks, and thanks for a great newsletter.