Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Spoof anti-virus software
New Posts  All Forums:Forum Nav:

Spoof anti-virus software - Page 8

post #71 of 92
It's ransomware, it wants you to pay them for their "AV" to clean itself off the computer. I have two friends who both had the same thing although the AV looked different. The only thing they have in common internet wise is Facebook. My bet is they approved some change w/o realizing what they were approving.


This does not require a format, simply finding and renaming the .exe so it doesn't start up will allow you to restart and have access to your PC again. However, all the other nasty stuff is still there so d/l Malwarebytes and scan immediately to remove all threats. Restart and scan again, you should have 0 results.
post #72 of 92
here at clients, came across a new ransom-ware IVE never seen. bout 90% sure the rar contains the installer. Its called "windows fix disk." granted im in safe mode trying to remove it so im not going to test installer, and it was a hidden file in the downloads file so yeah.

.rar password is ocn

also to op, im sorry i have yet to send you whats on that hard drive, im still in the process of building my workshop. gf wont let me work in the house anymore. Should be finished here today or tomorrow.
P50
(15 items)
 
   
CPUGraphicsRAMHard Drive
Intel Core i7-6700HQ NVIDIA Quadro M1000M 4GB Gskill 32gb 4x8gb DDR4 2300mhz Samsung 850 PRO - 1TB SSD m2 
Hard DriveOptical DriveOSOS
Seagate 2TB w/ 128MB Cache (ST2000LM007) Pioneer External USB-C Blu-Ray Burner Fedora 25 Win 10 LTSB 
MonitorMonitorMonitorPower
15.6" 1920x1080 IPS BenQ GL2460HM 24" LED BenQ GL2460HM 24" LED Lenovo 170w Power adapter 
MouseOther
MX-580 or Razor bluetooth something or other Docking station 40A50230US 
CPUMotherboardRAMHard Drive
i7 3770k BIOSTAR TH67+ 32gb 4x8 Corsair Vengence 1600 1x 256gb m2 
Hard DriveOSPowerCase
6x Seagate 2.5" 3tb > ~8.5tb raid 10 OpenSuse Seasonic G 550w Silverstone SG11B 
Other
Raid card 
  hide details  
Reply
P50
(15 items)
 
   
CPUGraphicsRAMHard Drive
Intel Core i7-6700HQ NVIDIA Quadro M1000M 4GB Gskill 32gb 4x8gb DDR4 2300mhz Samsung 850 PRO - 1TB SSD m2 
Hard DriveOptical DriveOSOS
Seagate 2TB w/ 128MB Cache (ST2000LM007) Pioneer External USB-C Blu-Ray Burner Fedora 25 Win 10 LTSB 
MonitorMonitorMonitorPower
15.6" 1920x1080 IPS BenQ GL2460HM 24" LED BenQ GL2460HM 24" LED Lenovo 170w Power adapter 
MouseOther
MX-580 or Razor bluetooth something or other Docking station 40A50230US 
CPUMotherboardRAMHard Drive
i7 3770k BIOSTAR TH67+ 32gb 4x8 Corsair Vengence 1600 1x 256gb m2 
Hard DriveOSPowerCase
6x Seagate 2.5" 3tb > ~8.5tb raid 10 OpenSuse Seasonic G 550w Silverstone SG11B 
Other
Raid card 
  hide details  
Reply
post #73 of 92
Thread Starter 
Quote:
Originally Posted by Greensystemsgo View Post
here at clients, came across a new ransom-ware IVE never seen. bout 90% sure the rar contains the installer. Its called "windows fix disk." granted im in safe mode trying to remove it so im not going to test installer, and it was a hidden file in the downloads file so yeah.

.rar password is ocn

also to op, im sorry i have yet to send you whats on that hard drive, im still in the process of building my workshop. gf wont let me work in the house anymore. Should be finished here today or tomorrow.
no worries dude, i'm just happy to see that this thread is doing so well, lots of good info in here.

my favorite one so far was "Windows Restore" it mimics a hard drive diagnostic tool and says that the drive is corrupt and user data is lost, buy our "software" to repair your drive...lol good stuff
Big Black Box
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core2Duo E6550 Asus P5K-E EVGA GTX 260 4GB DDR2 800 
Hard DriveOptical DriveOSMonitor
2x 320gb SATA in raid 0 and 2x 1tb WD Black DVD-RW x3 Windows 7 Ultimate x64 Samsung SyncMaster 940bw 19 inch 
KeyboardPowerCaseMouse
Logitech G15 BFG Tech. 650 watt SLI NZXT Logitech G9x 
Mouse Pad
Allsop gamer pad 
  hide details  
Reply
Big Black Box
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core2Duo E6550 Asus P5K-E EVGA GTX 260 4GB DDR2 800 
Hard DriveOptical DriveOSMonitor
2x 320gb SATA in raid 0 and 2x 1tb WD Black DVD-RW x3 Windows 7 Ultimate x64 Samsung SyncMaster 940bw 19 inch 
KeyboardPowerCaseMouse
Logitech G15 BFG Tech. 650 watt SLI NZXT Logitech G9x 
Mouse Pad
Allsop gamer pad 
  hide details  
Reply
post #74 of 92
Quote:
Originally Posted by edgemaster191 View Post
no worries dude, i'm just happy to see that this thread is doing so well, lots of good info in here.

my favorite one so far was "Windows Restore" it mimics a hard drive diagnostic tool and says that the drive is corrupt and user data is lost, buy our "software" to repair your drive...lol good stuff
oh yeah, a live disc and popular av cured that one


im loving these ransomwares lately. i did have a customer taht bought it, called me asking if he should buy it again.
P50
(15 items)
 
   
CPUGraphicsRAMHard Drive
Intel Core i7-6700HQ NVIDIA Quadro M1000M 4GB Gskill 32gb 4x8gb DDR4 2300mhz Samsung 850 PRO - 1TB SSD m2 
Hard DriveOptical DriveOSOS
Seagate 2TB w/ 128MB Cache (ST2000LM007) Pioneer External USB-C Blu-Ray Burner Fedora 25 Win 10 LTSB 
MonitorMonitorMonitorPower
15.6" 1920x1080 IPS BenQ GL2460HM 24" LED BenQ GL2460HM 24" LED Lenovo 170w Power adapter 
MouseOther
MX-580 or Razor bluetooth something or other Docking station 40A50230US 
CPUMotherboardRAMHard Drive
i7 3770k BIOSTAR TH67+ 32gb 4x8 Corsair Vengence 1600 1x 256gb m2 
Hard DriveOSPowerCase
6x Seagate 2.5" 3tb > ~8.5tb raid 10 OpenSuse Seasonic G 550w Silverstone SG11B 
Other
Raid card 
  hide details  
Reply
P50
(15 items)
 
   
CPUGraphicsRAMHard Drive
Intel Core i7-6700HQ NVIDIA Quadro M1000M 4GB Gskill 32gb 4x8gb DDR4 2300mhz Samsung 850 PRO - 1TB SSD m2 
Hard DriveOptical DriveOSOS
Seagate 2TB w/ 128MB Cache (ST2000LM007) Pioneer External USB-C Blu-Ray Burner Fedora 25 Win 10 LTSB 
MonitorMonitorMonitorPower
15.6" 1920x1080 IPS BenQ GL2460HM 24" LED BenQ GL2460HM 24" LED Lenovo 170w Power adapter 
MouseOther
MX-580 or Razor bluetooth something or other Docking station 40A50230US 
CPUMotherboardRAMHard Drive
i7 3770k BIOSTAR TH67+ 32gb 4x8 Corsair Vengence 1600 1x 256gb m2 
Hard DriveOSPowerCase
6x Seagate 2.5" 3tb > ~8.5tb raid 10 OpenSuse Seasonic G 550w Silverstone SG11B 
Other
Raid card 
  hide details  
Reply
post #75 of 92
I have one customer, who also happens to be a very good personal friend. That always has all kinds of spyware/viruses/malware/rootkits on his machine. I have to visit him a couple times a month strictly for cleaning his machine. He's from Mexico, and doesn't have alot of experience with computers (much less the interwebz). Though, the same mistakes he makes, many of my other customers make all the time too.

I have him set up with many non-conflicting AV/AM/AS programs on his system. Not that he uses most of them. It seems everyone thinks that just because you have it installed, your system is automatically, and miraculously clean. No scan necessary.

The last rootkit he had, there was no saving the os install afterwards. It was too broken to bother with, so when reinstalling I set up another partition with all my security tools in it (Rkill, SAS, Mbam Pro, HijackThis, Gmer, Process Explorer, GFI Languard -all with renamed .exe files so as to prevent being blocked by the malicious processes). Saving myself time, and worry of infecting any of my flash drives, or my small external security file drive.

Because he's a friend, I only charge him for the fuel costs. I'm nice like that
Edited by Lucky 13 SpeedShop - 4/19/11 at 12:09pm
Pit Stop
(35 items)
 
  
CPUMotherboardGraphicsRAM
1090T Gigabyte 990FXA-UD5 MSi ref. 6950 2GB unlocked 4GB STT WX200UB2G7 
Hard DriveHard DriveOptical DriveCooling
Samsung F3 Crucial M4 Teac slim slot load DIYINHK Toshiba pwm pump controller upgrade 
CoolingCoolingCoolingCooling
Yate Loon D12SH-12 Silverstone SST-AP181 Koolance DDC pump housing/heasink Sunon 60 mm cooling fan for pump housing 
CoolingCoolingCoolingCooling
Bitspower 7/16" Black Sparkle compression fitt... Bitspower Black Sparkle 90 degree double rotary... Bitspower 45 degree rotary fittings Primochill LRT UV blue tubing 
CoolingCoolingCoolingCooling
XSPC Rasa cpu block XSPC RX-240 radiator XSPC DDC res. top Laing DDC-1  
OSMonitorKeyboardPower
7 Professional Samsung EX-2220 Das Professional Seasonic's dead :( 
CaseMouseMouse PadAudio
Lian Li T60-B PureTrak Valor Ratpadz GS Auzentech X-plosion 7.1 
AudioAudioAudioOther
AKG K701's Lil Dot MK.III hp amp Burr-Brown OPA627SM opamp upgrade Custom built MTM style transmission line 
OtherOtherOther
Various amps. Custom built MTM style transmission line 15" Dayton Titanic MK.III 
  hide details  
Reply
Pit Stop
(35 items)
 
  
CPUMotherboardGraphicsRAM
1090T Gigabyte 990FXA-UD5 MSi ref. 6950 2GB unlocked 4GB STT WX200UB2G7 
Hard DriveHard DriveOptical DriveCooling
Samsung F3 Crucial M4 Teac slim slot load DIYINHK Toshiba pwm pump controller upgrade 
CoolingCoolingCoolingCooling
Yate Loon D12SH-12 Silverstone SST-AP181 Koolance DDC pump housing/heasink Sunon 60 mm cooling fan for pump housing 
CoolingCoolingCoolingCooling
Bitspower 7/16" Black Sparkle compression fitt... Bitspower Black Sparkle 90 degree double rotary... Bitspower 45 degree rotary fittings Primochill LRT UV blue tubing 
CoolingCoolingCoolingCooling
XSPC Rasa cpu block XSPC RX-240 radiator XSPC DDC res. top Laing DDC-1  
OSMonitorKeyboardPower
7 Professional Samsung EX-2220 Das Professional Seasonic's dead :( 
CaseMouseMouse PadAudio
Lian Li T60-B PureTrak Valor Ratpadz GS Auzentech X-plosion 7.1 
AudioAudioAudioOther
AKG K701's Lil Dot MK.III hp amp Burr-Brown OPA627SM opamp upgrade Custom built MTM style transmission line 
OtherOtherOther
Various amps. Custom built MTM style transmission line 15" Dayton Titanic MK.III 
  hide details  
Reply
post #76 of 92
TDSSKiller ended up being able to clear up what mbam and sas couldnt today. interesting day. havent used kaspersky in... years.
P50
(15 items)
 
   
CPUGraphicsRAMHard Drive
Intel Core i7-6700HQ NVIDIA Quadro M1000M 4GB Gskill 32gb 4x8gb DDR4 2300mhz Samsung 850 PRO - 1TB SSD m2 
Hard DriveOptical DriveOSOS
Seagate 2TB w/ 128MB Cache (ST2000LM007) Pioneer External USB-C Blu-Ray Burner Fedora 25 Win 10 LTSB 
MonitorMonitorMonitorPower
15.6" 1920x1080 IPS BenQ GL2460HM 24" LED BenQ GL2460HM 24" LED Lenovo 170w Power adapter 
MouseOther
MX-580 or Razor bluetooth something or other Docking station 40A50230US 
CPUMotherboardRAMHard Drive
i7 3770k BIOSTAR TH67+ 32gb 4x8 Corsair Vengence 1600 1x 256gb m2 
Hard DriveOSPowerCase
6x Seagate 2.5" 3tb > ~8.5tb raid 10 OpenSuse Seasonic G 550w Silverstone SG11B 
Other
Raid card 
  hide details  
Reply
P50
(15 items)
 
   
CPUGraphicsRAMHard Drive
Intel Core i7-6700HQ NVIDIA Quadro M1000M 4GB Gskill 32gb 4x8gb DDR4 2300mhz Samsung 850 PRO - 1TB SSD m2 
Hard DriveOptical DriveOSOS
Seagate 2TB w/ 128MB Cache (ST2000LM007) Pioneer External USB-C Blu-Ray Burner Fedora 25 Win 10 LTSB 
MonitorMonitorMonitorPower
15.6" 1920x1080 IPS BenQ GL2460HM 24" LED BenQ GL2460HM 24" LED Lenovo 170w Power adapter 
MouseOther
MX-580 or Razor bluetooth something or other Docking station 40A50230US 
CPUMotherboardRAMHard Drive
i7 3770k BIOSTAR TH67+ 32gb 4x8 Corsair Vengence 1600 1x 256gb m2 
Hard DriveOSPowerCase
6x Seagate 2.5" 3tb > ~8.5tb raid 10 OpenSuse Seasonic G 550w Silverstone SG11B 
Other
Raid card 
  hide details  
Reply
post #77 of 92
hey edge, i checked my hard drive for those virus' and they are no where to be found

ill look on some other drives here soon. i checked workshop hard drive as i built a new rig
P50
(15 items)
 
   
CPUGraphicsRAMHard Drive
Intel Core i7-6700HQ NVIDIA Quadro M1000M 4GB Gskill 32gb 4x8gb DDR4 2300mhz Samsung 850 PRO - 1TB SSD m2 
Hard DriveOptical DriveOSOS
Seagate 2TB w/ 128MB Cache (ST2000LM007) Pioneer External USB-C Blu-Ray Burner Fedora 25 Win 10 LTSB 
MonitorMonitorMonitorPower
15.6" 1920x1080 IPS BenQ GL2460HM 24" LED BenQ GL2460HM 24" LED Lenovo 170w Power adapter 
MouseOther
MX-580 or Razor bluetooth something or other Docking station 40A50230US 
CPUMotherboardRAMHard Drive
i7 3770k BIOSTAR TH67+ 32gb 4x8 Corsair Vengence 1600 1x 256gb m2 
Hard DriveOSPowerCase
6x Seagate 2.5" 3tb > ~8.5tb raid 10 OpenSuse Seasonic G 550w Silverstone SG11B 
Other
Raid card 
  hide details  
Reply
P50
(15 items)
 
   
CPUGraphicsRAMHard Drive
Intel Core i7-6700HQ NVIDIA Quadro M1000M 4GB Gskill 32gb 4x8gb DDR4 2300mhz Samsung 850 PRO - 1TB SSD m2 
Hard DriveOptical DriveOSOS
Seagate 2TB w/ 128MB Cache (ST2000LM007) Pioneer External USB-C Blu-Ray Burner Fedora 25 Win 10 LTSB 
MonitorMonitorMonitorPower
15.6" 1920x1080 IPS BenQ GL2460HM 24" LED BenQ GL2460HM 24" LED Lenovo 170w Power adapter 
MouseOther
MX-580 or Razor bluetooth something or other Docking station 40A50230US 
CPUMotherboardRAMHard Drive
i7 3770k BIOSTAR TH67+ 32gb 4x8 Corsair Vengence 1600 1x 256gb m2 
Hard DriveOSPowerCase
6x Seagate 2.5" 3tb > ~8.5tb raid 10 OpenSuse Seasonic G 550w Silverstone SG11B 
Other
Raid card 
  hide details  
Reply
post #78 of 92
A.anti malware:
there are a plenty of good anti malware tools and cleaners like:
1.Malware byte anti malware:code name mbam is a good tool for detecting and cleaning malware"file infectors not included"
2.Super anti spyware:another good tool for detecting and removing malware,code name sas.it has an advantge over mbam that it a separate "system and browser repairs"
3.Dr.web cure it!:my favourite tool for totally get rid of file infectors like sality,alman,........and other malware.its cleaning routines are so poweful,and its advantge over mbam and sas that it can handle viruses

after cleaning may some files of registry keys still in the system so you should repair them by system cleaners and fixers

B.System cleaners:
1.ccleaner:a good freeware to clean junk files,registry errors.It has also a uninstaller"some or a lot of spyware has an

uninstall entry so removing by uninstaller is more easier"
2.dial a fix:good powerful tool for xp users can fix policies and had a good arsenal of fixes.
3.glary utilities:another good tool.and there is hunderds of freeware to do such mission.

may you have got a rootkit,so you should check for rootkit
C.Anti rootkits:
1.avast! anti rootkit:simple anti rootkit,it has some false positives in registry,and system restore folder,any the log created by it is what makes it good not its removal functions
2.Panda anti rootkit:another simple UI anti rootkit"it is good but last time i run it i got an olly debug window tell me that an Access violation occur,but dont worry my pc is a freak for anti malware"
3.Radix antirootkit:a very helpful tool generate a few FP and its clean is wonderful,it compains ease of use and power

of another advanced tools like GMER,or RKU.
4.GMER:advanced tool so use it to analyze the system then give the reports

favorite anti rootkit
5.RKU:another good analyzer but like gmer dont take decision if you dont know about what you do
6.rootkit revealer:good tool to analyze files and registry keys that hide from your eyes. enough anti rootkits

Sometimes YOU NEED to analyze the system and clean it by your self because the anti malware dont catch or cant remove the malware

A.Processes managers
1.procexp:
the best task manager i had ever seen give you a very good image of what running with high lighting and it is co-operative with his brother autoruns to catch malware"highlighting explore the packed processes running so you should suspect it first

2.APT"Advanced Process Termination":good in one thing killing process
3.GMER
until now no one program stand against the termination of GMER,firewalls and anti viruses like:comodo,avast,avira,outpost,eset

B.Overall system analyzer:it can give you an overall view of your system
1.Eset Sysinspector:ESET SysInspector is an application that thoroughly inspects your computer and displays

2.autoruns:
the best tool in the world to determine the startups,and it can work with procexp.easy thing to work with it after some tweaking:from options menu check"hide Microsoft and windows entries"then check "verify code signatures",the unverified entries thet come from unknown publisher may be suspect and need to be investigated.you can use autoruns to disable the malware start up entries after terminate it"so it not re-enable it self after terminating"

3.Hijack this:simple tool to do simple logs

4.a2HijackFree:good tool give you an overall look for your processes,ports,autoruns,services,and some other places where the malwares can hide.it has a good removal ability.

C.files and registry removals:

1.unlocker:very good tool to delete malware files since it will remove it on the next start up if it dont remove immediatly
2.FileASSASSIN:nice file deleter,it lack the riht click menu,so i prefer unlocker
3.RegASSASSIN:a tool to remove registry keys&values.

D.other tools
Api guard a handy tool to run suspicious files without hurting your system"if your av dont catch a virus in a suspect file you can run it from api guard

refrences:
www.freedrweb.com/cureit/?lng=en
www.malwarebytes.org/mbam.php
www.superantispyware.com/
www.ccleaner.com/
www.glaryutilities.com/
download.cnet.com/Panda-Anti-Rootkit/3000-8022_4-10717196.html
www.gmer.net/
technet.microsoft.com/en-us/.../bb897445.aspx
technet.microsoft.com/en-us/.../bb896653.aspx
www.diamondcs.com.au/advancedseries/apt.php
www.eset.com/download/sysinspector.php
technet.microsoft.com/en-us/.../bb963902.aspx
www.hijackfree.com/en/hijackfree/
www.freefixer.com/
ccollomb.free.fr/unlocker/
Edited by Spooony - 4/22/11 at 7:48am
post #79 of 92
Thread Starter 
i was just watching a live broadcast from a show Leo Laporte does and he was telling everyone to just reinstall the OS when you get these types of infections and that no one can kill them 100%.

lol he called me out by name telling me i was wrong and that i must be smarter then the guys who wrote the virus..then asked why i'm working in a pc repair shop if i'm smarter than the hackers.

i used to have respect for this guy, but now...i dunno. my customers would rather i remove the infection then reinstall the OS and then tell them they have to figure out what apps they need and good luck if they don't have the cd's any more.
Big Black Box
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core2Duo E6550 Asus P5K-E EVGA GTX 260 4GB DDR2 800 
Hard DriveOptical DriveOSMonitor
2x 320gb SATA in raid 0 and 2x 1tb WD Black DVD-RW x3 Windows 7 Ultimate x64 Samsung SyncMaster 940bw 19 inch 
KeyboardPowerCaseMouse
Logitech G15 BFG Tech. 650 watt SLI NZXT Logitech G9x 
Mouse Pad
Allsop gamer pad 
  hide details  
Reply
Big Black Box
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core2Duo E6550 Asus P5K-E EVGA GTX 260 4GB DDR2 800 
Hard DriveOptical DriveOSMonitor
2x 320gb SATA in raid 0 and 2x 1tb WD Black DVD-RW x3 Windows 7 Ultimate x64 Samsung SyncMaster 940bw 19 inch 
KeyboardPowerCaseMouse
Logitech G15 BFG Tech. 650 watt SLI NZXT Logitech G9x 
Mouse Pad
Allsop gamer pad 
  hide details  
Reply
post #80 of 92
when i inspect customers computers i also ask them to bring any and all thumbsticks and usb storage devices they use on their pc's. i have found several of my customers were being reinfected within a week or so because their usb sticks were infected and as soon as they used them the problem would start over again. some of those fake scanners would install hidden crap onto their external devices and just reinstall or initiate once the stick was plugged in. just a suggestion on how it might come back for some folks. i have also found rkill to be a super usefull tool in combating these fake scanners. once it is ran i usually have little or no problem cleaning up the remnants.
Edited by Deegan - 4/24/11 at 3:19pm
    
CPUMotherboardGraphicsRAM
i5 6600k ASUS Maximus viii hero gtx 1070 16 gb Crucial Ballistix Sport 
Hard DriveCoolingOSMonitor
3 240 gb ssds + 2 2tb hdd for storage Corsair h100i Windows 10 64 bit 42" led lcd 
KeyboardPowerCase
logitech Corsair 850w DiyPC D480-BK 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i5 6600k ASUS Maximus viii hero gtx 1070 16 gb Crucial Ballistix Sport 
Hard DriveCoolingOSMonitor
3 240 gb ssds + 2 2tb hdd for storage Corsair h100i Windows 10 64 bit 42" led lcd 
KeyboardPowerCase
logitech Corsair 850w DiyPC D480-BK 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Spoof anti-virus software