The Lounge
  |
Metropolitan Police Viruses Aren't Scarey
  Dec 15 2011, 02:32 AM Post #1 | |
 Coding like a Rockstar!  Posts: 1,468 From: ??? Joined: 28-May 09  | Metropolitan Police Virus You may not get this if you aren't in the UK since it's obviously aimed there but apparently there are different versions of this for different countries. Time to rant about how dumb the makers of the latest virus to strike my computer must have been. Crappy tech blogs will give a long-winded solution on removal. Seems everyone still makes a huge deal out of viruses. Particularly those who don't understand computer programming, etc. when most are barely even a big deal. Contrary to popular belief, most viruses don't crap all over everything and the worst we usually get is a replacement of a system file (which is pretty damn annoying - involves downloading the original... OMG!). And this really is a baby virus. What happened? In my experience, I visited a webpage and boom! It got me. Even though the website itself was fine and non-malicious, little things that were loaded at that particular time (probably in the form of an ad - bloody javascript!) wasn't. The big scary message appeared and for a brief second, I got a lil freight. I thought the police had finally caught on to my antics of world domination. But upon Ctrl+Alt+Delete (task manager)! Okay, I guess it covered that. Standard... WinKey+R (Run)! Okay, it covered that, too. I considered restarting. Then I realised, "hey, this is just a fullscreen application". Alt+F4! And done. The virus was disabled. Simple as that. Disabled, but not removed however. I then just ran Malwarebytes, to save me the effort of having to locate the malicious .exe myself and re-enable task manager for me and used CCleaner to remove the virus from the startup process list. It's gone, simple as. Howz it work? I'll go ahead and accuse JavaScript (or Java.. I have to be fair) of running the malicious .exe file in the first place. The .exe is placed in the temporary files directory (which is a really stupid place to leave a virus, IMO - at least go to the effort of putting it in a windows directory, jeesh) and runs immediately, removing access to Task Manager and many other parts of your computer that would help in removing this thing. In my case the file was: C:\Users\USER\AppData\Local\Temp\0.25526446549474546.exe (Windows 7) That path is then added to your startup programs list, which is a list of executables for Windows to run when the system boots (safe mode doesn't run these executables, so that's another way to stop this virus running). But this virus is flawed in that it didn't even disable the hotkey to close the top window, Alt+F4. It's a stupid idea to put a virus in the temporary directory because a lot of people nowadays know how to make the browser clear the temporary directory when it closes, and set it to do just that. So all that needs to happen is for the browser to close properly and the computer to restart. Windows will try to run that virus (as it's on the startup list) but can't, cause the browser deleted it. So, to sum up... Alt+F4, delete temporary files (CCleaner can do this), remove startup entry. Done. Well, that's just removing the virus. Easiest way to re-enable task manager is Malwarebytes, which can actually remove this virus automatically. My main antivirus, AVG, didn't do anything. It sat back and watched the show while I handled it. Should I switch anti-virus? Nah, I don't even need one. Just keeping Windows Action Center satisfied. -------------------- | CLEO 4.3.22 | A?i?a?o?3D | UI SDK | Black Market Mod 1.0.1 | GInput 0.3 | Cheat Keyboard | Tactile Cheat Activation | Stream Ini Extender 0.7 | SuperVars | ScrDebug | Vigilante Justice: San Andreas |  |
 |  |
| Dec 15 2011, 03:17 AM Post #2 | |
 Devil's Advocate Posts: 413 From: CA US Joined: 26-July 09 | My mom and sister recently had some adware (Windows 7 Antivirus or whatever) which blended in well with the UI of Windows 7 of course, inhibited access to web pages by any web browser, and also launched annoying popups every time I attempted to launch any program. However, I was disappointed at how easily it could be removed. So I started up task manager as a natural response when the adware popped up, saw a process that was running that was named with 3 random letters (jfj.exe for instance) and killed it since it was suspicious. Whaddya know! The adware disappeared as I killed the surprisingly conspicuous process. That was just to stop the popups from annoying me as I searched for the source. A scan with ESET Smart Security couldn't remove it so I took my chances and checked the temporary folders as what I believed to be a long shot, and there it was - jfj.exe just staring at me in the face! Deleted it, computer back to normal, no annoying pop-ups. Scanned with Super Anti-Spyware to remove remaining traces in the registry and such. Frankly, I'm insulted! I mean, do they think we're idiots?? Even moi with not even the least bit of programming experience could figure it out!  Not that it's a bad thing that they're so easy to remove though.  --------------------  |
| |
| Dec 16 2011, 09:38 AM Post #3 | |
Ameteur Member Posts: 49 Joined: 5-August 09 | Another tool that's worth trying when you come across such malware is Combofix - I can't tell you guys as to how many times this tool saved my clients' asses. Removes most threats like autorun worms, rogue programs and other such shit. |
| |
| Dec 17 2011, 12:55 AM Post #4 | |
Devil's Advocate Posts: 413 From: CA US Joined: 26-July 09 | I've heard of Combofix on numerous tech-support websites, but they always say to leave it to a tech support professional (just upload the log and they'll tell you what to do). As a result of that, I have no idea if I should use it or not should the scenario come up where I'd have to use it. What's the big idea, I wonder? And how should you use it in that case? -------------------- |
| |
|
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members: