Win 7 Security 2012

[Kaiser7 33]

Just had an encounter with this thing earlier, spent about 2 hours trying to remove it, which was hard since it blocks all anti-virus software, and pretends to be antivirus software. The truth is, it is a rogue anti-virus program that will totally mess your stuff up, and try to get you to pay for it. Anyway, I figured I'd just warn you guys about it, since it appears to be part of windows. Honestly, the best free anti-virus software that I use is malwarebytes, which was blocked by win 7 security. Anyway, should you guys run into it, use another computer, and look for the website dedicated 2-viruses, since they tell you how to remove all that stuff, basically I beat it by giving it a registry key (that I saw on 2-viruses's page about win 7) and then I was able to run malwarebytes by right clicking and running as an administrator. Anyway, just figured I'd warn you guys about it, and hopefully save you guys a few hours.

[Recon Racoon 49]

Hit me last year and I had to do a clean install from Win7 to Ubuntu Linux. After that happened a family friend told me that all I had to do was install MB on a flash drive and rename the file to something weird. The rouge AV has a list of names coded into it to look out for, and their execution names. By renaming the file you circumvent this little bit of code, and are able to run it without interruption.

[Nick S 2]

I too have had some weird virus attacks lately. About a month ago I had a pop up on my computer that looked like the virus software that I run and it was telling me that I had to download updates. So being the dork that I am, I went and did that. As it was downloading my actual software detected a virus and after a few hours of tinkering with my system and downloading other virus protection software I was able to eliminate the virus. Then a few days ago I had another instance of attack and I got rid of the virus thanks to Malwarebytes in safe mode.

 

I don't even go to weird sites or unknown websites anymore so I'm not sure where I got the virus from. What an annoyance.

 

I support Malwarebytes and Superantispyware plus AVG on my system. You would think my system would be unhackable with all the extra protection I've built into it over the years. I'm not computer savvy so I go overboard on virus protection all the time.

[Duppie 73]

I've had the same problem with a newer 7 installation on a wiped laptop and a new netbook. I use Webroot for all my security needs and CCleaner for cleanup and maintainance.So to get rid of their built in viruses especially those Free trial virus protection programs, I install the CCleaner first, use that to clear out the offending programs and then install any thing I want. After. if you really want to destroy any malware or insidious virus,look into installing Search and Destroy.

[Malsua 1,422]

I've had the same problem with a newer 7 installation on a wiped laptop and a new netbook. I use Webroot for all my security needs and CCleaner for cleanup and maintainance.So to get rid of their built in viruses especially those Free trial virus protection programs, I install the CCleaner first, use that to clear out the offending programs and then install any thing I want. After. if you really want to destroy any malware or insidious virus,look into installing Search and Destroy.

 

Spybot Search and Destroy hasn't been useful in a while now. Same with Adaware.

 

The number 1 thing you can do to minimize malware is to stop using internet explorer.

 

The number 2 thing is to get an ad remover. I recommend Admuncher but there are free alternatives if you use firefox, like adblock.

 

If you still get infected after that, there are three utilities that can generally fix it. Autoruns, Combofix and Malwarebytes. I also use Hijackthis to unload some of the crapola that starts once i'm done killing the beast.

 

The problem with most of these rogue programs is they actively prevent scanners from running. I've found that if you can boot into safe mode and run autoruns, you can generally disable the startup component of the malware then you can use combofix and malwarebytes to root out the rest of the junk.

 

In some cases, I end up booting to a bootable ERD commander disc and run autoruns from that. You can make the emergency repair disc using the Microsoft desktop optimization pack. Once you download and create that tool using the DART "Diagnostics and Recovery Toolset", you can then make a bootable repair disc for your particular version of your OS(XP, Vista 32, Vista 64, W7 32, W7 64). You can also download a burnable image of your repair disc from various torrent sites. As a note, if you don't have the bootable recovery disc ahead of time, you probably won't be able to create it on an infected machine.

 

In some extreme cases, I'll pull the drive out and use an external box to run scans against it. This usually breaks the malware enough that you can boot the OS again and clean it out from there.

 

I've cleaned hundreds of machines of Malware and I can tell you that there is no infection that requires a re-install. There are however infections that take enough time to cure that a re-install of the OS is desirable, specially if you can just reinstall an app or two and it's done.

[Dan 177]

Prevention - Norton Internet Security 2011. If you knocked Norton's stuff in the past, I understand it was pretty bad bloatware. Since 2009, they have completely redesigned it. It's lean and mean. Even includes a performance meter to show you exactly what resources it is using. On top of that the security it offers is second to none. It is using a Symantec cloud based file reputation service called Insight. They have been cataloging executable and other file types since 2008. It compares every file you run or download to this database, to determine if it is dangerous or not. Chances are if it is a brand new file, that no other Norton users have ever seen, it is malware. You can even check file statistics yourself, it will tell you how many other users are running that program, along with when it was first seen and Norton's trust rating.

 

You see the way they get these things past traditional signature AV (which norton still does have), is to constantly mutate. Typically these fake AV programs are built from a malware generator , so each user has a unique version. If the executable doesn't have a good reputation , Norton will flag it and not permit it to download in the first place. Traditional AV signature based solutions will just pass it right through as they don't have the "blacklist" signature for this newly mutated app.

 

Not going to lie, I work for Symantec so I am biased. I have done my own real world testing in the form of every family member having Norton Internet security since version 2010, and not having a single report of a virus or malware since then. I used to get called at least once every few months prior to that. Not completely scientific, but in my eyes pretty damn good.

 

Cleaning - If you do get something, as nothing is 100%... Try Norton Power Eraser, do a search for it. It is a bootable .iso that you boot your PC off of. It then scans your enitre computer and checks it against a more aggressive signature base, along with the Insight reputation scan on every file. Usually does the job. If thats not working I would move onto trying all the usual suspects like MB etc. Haven't had to do that in a long long time.

[Duppie 73]

Prevention - Norton Internet Security 2011. If you knocked Norton's stuff in the past, I understand it was pretty bad bloatware. Since 2009, they have completely redesigned it. It's lean and mean. Even includes a performance meter to show you exactly what resources it is using. On top of that the security it offers is second to none. It is using a Symantec cloud based file reputation service called Insight. They have been cataloging executable and other file types since 2008. It compares every file you run or download to this database, to determine if it is dangerous or not. Chances are if it is a brand new file, that no other Norton users have ever seen, it is malware. You can even check file statistics yourself, it will tell you how many other users are running that program, along with when it was first seen and Norton's trust rating.

 

You see the way they get these things past traditional signature AV (which norton still does have), is to constantly mutate. Typically these fake AV programs are built from a malware generator , so each user has a unique version. If the executable doesn't have a good reputation , Norton will flag it and not permit it to download in the first place. Traditional AV signature based solutions will just pass it right through as they don't have the "blacklist" signature for this newly mutated app.

 

Not going to lie, I work for Symantec so I am biased. I have done my own real world testing in the form of every family member having Norton Internet security since version 2010, and not having a single report of a virus or malware since then. I used to get called at least once every few months prior to that. Not completely scientific, but in my eyes pretty damn good.

 

Cleaning - If you do get something, as nothing is 100%... Try Norton Power Eraser, do a search for it. It is a bootable .iso that you boot your PC off of. It then scans your enitre computer and checks it against a more aggressive signature base, along with the Insight reputation scan on every file. Usually does the job. If thats not working I would move onto trying all the usual suspects like MB etc. Haven't had to do that in a long long time.

 

Good to know... but still not convinced about Norton, which in my mind is at times worse than what it proports to prevent.

[Malsua 1,422]

We uninstalled Symantec's end point protection on over 500 workstations.

 

It caused long delays in boot, caused random 5-10 minute long 100% processor utilization for no apparent reason, often refused to update itself even when the managed server pushed stuff out and then never behaved when we told it to uninstall. 3 years of torture on that POS. We had NAV for a long time before that.

 

On top of all the issues it caused, we had machines completely compromised and SEP was sitting there fat and happy like nothing was wrong. Absolutely worthless.

 

At the end of the licensing in 2010, we punted that bloated uselessware to the curb.

 

You couldn't get me to install another Symantec product and yes, if I say no, my company does not go forward with any software product.

 

Sorry to hear you work for Symantec. I used to have respect for NAV/SEP/Symantec but that capital was all spent.

[Krdshrk 3,878]

I can't stand symantec/norton myself. It doesn't protect against malware, which is what this infection is.

 

Just use malwarebytes/combofix and you should be good.

 

I've been using Avast for an A/V - good stuff.

[Babaganoosh 192]

Yeah Norton slows everything down big time.

 

I have been using Firefox for 3 years now. Virus Protection........None.

 

Although I do regular data backups via external hard drive just to be safe.

[Kaiser7 33]

Yeah Norton slows everything down big time.

 

I have been using Firefox for 3 years now. Virus Protection........None.

 

Although I do regular data backups via external hard drive just to be safe.

 

Yeah, ever since I switched to firefox, I have really seen a decrease in the amount of crap that attacks my computer.

[Dan 177]

Good to know... but still not convinced about Norton, which in my mind is at times worse than what it proports to prevent.

 

 

We uninstalled Symantec's end point protection on over 500 workstations.

 

It caused long delays in boot, caused random 5-10 minute long 100% processor utilization for no apparent reason, often refused to update itself even when the managed server pushed stuff out and then never behaved when we told it to uninstall. 3 years of torture on that POS. We had NAV for a long time before that.

 

On top of all the issues it caused, we had machines completely compromised and SEP was sitting there fat and happy like nothing was wrong. Absolutely worthless.

 

At the end of the licensing in 2010, we punted that bloated uselessware to the curb.

 

You couldn't get me to install another Symantec product and yes, if I say no, my company does not go forward with any software product.

 

Sorry to hear you work for Symantec. I used to have respect for NAV/SEP/Symantec but that capital was all spent.

 

Looks like you had a very bad experience, sorry to hear that. I know I'm not going to change your mind, but...

 

I have customers with 40K workstations on SEP, and that is by far not even our largest. Sure there are issues that come along, a majority of them are policy/config type things. Occasionally there are incompatibilities with other software , but its dealt with just like anything. I do remember dealing with a boot delay with a big bank that I cover, I do believe they needed a hotfix, which got into one of the service packs. No telling if it was the same issue.

 

As for machines being compromised, it happens.. nothing is 100%. SEP has to balance the line between being too aggressive in causing false positives and potentially bringing down whole company's pc operating environments (like accidentally removing important system files), and being powerful enough to stop most things. This is why many times Malwarebytes and similar products can find stuff that SEP can't, because it is very aggressive with its removal and can cause issues on the workstation; of course at this point you just want the machine cleaned and you probably backed up important stuff at this point. We have something similar to MB, called Power Eraser, details below.

 

Signature based AV detection is a thing of the past (still necessary but not the front line in protection any longer), and SEP 12 coming out next month will incorporate the reputation technology that has been in Norton since 2010.

 

I can't stand symantec/norton myself. It doesn't protect against malware, which is what this infection is.

 

Just use malwarebytes/combofix and you should be good.

 

I've been using Avast for an A/V - good stuff.

 

Norton indeed does protect against malware, lets just say bad stuff in general. Since Norton 2010, the reputation engine will flag anything trying to get on the machine if it doesn't have a good internet hygiene report behind it. Extremely effective, and is why our corporate SEP 12 is incorporating the same tech.

 

If an infection does get on a machine regardless of the AV product, try out Power Eraser, here's the link. It is free.

 

Yeah Norton slows everything down big time.

 

I have been using Firefox for 3 years now. Virus Protection........None.

 

Although I do regular data backups via external hard drive just to be safe.

 

When was the last version that you tried of Norton? Prior to NIS 2009, I would not put anything Norton on my machines even though I worked for the company. 2009 and forward, the product group came under new leadership, they completely re-wrote the code, and the product is spot on. Don't knock it till you try NIS 2011. Try the free trial here. It will do an initial full scan , while analyzing the reputation of all the executable files on your machine. After that first scan, subsequent full scans will go much quicker as it can skip known trusted files like those part of the OS and major apps, etc

 

Scrubbing off the old Norton bloatware product bad memories is a tough thing to do. All I'm saying is to try it out and see for yourself.

[JackDaWack 2,895]

I've been running avast for the past 4 years and not one virus,(knock on wood). Before that i used AVG. The free version of Avast is really good, the upgraded version is better but the real time virus protection is the same. I'm not sure if avast is really that good or if i have evolved to steer clear of malicious software.

[Scrap 4]

Oh man, you know it! I had/have a bad-a** Asus G50VT-X5 computer that is not only a bad-a** laptop for gaming and hi-def-hi-res multimedia, I did some surgery on it and upgraded it and maxed it out. But I also took it to work every day, put it in backpack, opened it up, used it for 9-13 hours, broke it down took it home, reopened it used it 1 -2-3-4 hours, put away for bed, did it again the next day, and its a heavy bulky laptop made for desktop replacing.

 

So it was new in Early 09... in Early 2011 it broke, it had been knocked a few times, the screen stopped lighting up. Sucks. Might be unfixable, might not. Bottom line, I have to go back to my 2008 work issued but given to me Dell Vostro 1400, running Vista. Basically this laptop was designed for Executives, those who would only have to do email, web browsing, open a few programs or multimedias attachments/presentations etc. minimal stuff, cause they're the executives they aint got to do it. Anyway its running vista, i will live I had no laptop for 4 months + before I got this back from the person I "loaned' it to for a week-slash-2 years. And within a week on Sunday morning, I get "Vista Security 2011" and I knew instantly it was Ransomware, it was NASTY. Took me a few hours and plenty of hard work to get rid of it... thing was terrible.

 

And afterwards I had a discussion with a neighbor, who brought up a computer virus she had recently , and how she paid the money cause she thought it was how to fix it, and not only did she get worse virus and worse money requirements ,they did the credit card fraud and tried identify theft. Traced the virus to like eastern europe. Sucks man. What DB's in the world. Organized crime like the sopranos doing airline tickets or nucky thompson bootlegging booze, who different type of crime than these inglorious basterds.