Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 04-18-2011, 02:59 PM
Galdorf Galdorf is offline
 
Join Date: Feb 2009
Location: Ontario, Canada
Posts: 1,629
Galdorf will become famous soon enough
Default Loads of machines with ms removal tool

Wow i just have 12 machines in all with ms removal tool looks like some ads on a popular site are infecting people.
Odd thing though none of the av's are stopping it from getting in and these are all new kis 2011, panada total 2011,eset ect.
Reply With Quote
  #2  
Old 04-18-2011, 05:27 PM
iisjman07's Avatar
iisjman07 iisjman07 is offline
 
Join Date: Jul 2009
Location: South End Of The UK
Posts: 3,049
iisjman07 has a spectacular aura aboutiisjman07 has a spectacular aura about
Default

Is it a simple kill and delete process or has it rooted the system?
__________________
put that in your pipe and grep it
Reply With Quote
  #3  
Old 04-18-2011, 10:09 PM
activeits activeits is offline
 
Join Date: Dec 2009
Location: Scarborough
Posts: 153
activeits is on the way
Default

Quote:
Originally Posted by Galdorf View Post
Wow i just have 12 machines in all with ms removal tool looks like some ads on a popular site are infecting people.
Odd thing though none of the av's are stopping it from getting in and these are all new kis 2011, panada total 2011,eset ect.
If i see a fake virus/scareware advert, I purposely download it (not install it) and upload it to www.virustotal.com and often noone recognises it yet.

This is why I always show customers a test of their security software with www.eicar.com, therefore hopefully they remember that the fake virus/scareware advert looks nothing like their own security software and do not install whatever it advises.


Thanks
__________________
Jamie
Active IT Services

Reply With Quote
  #4  
Old 04-18-2011, 10:52 PM
PC Ops's Avatar
PC Ops PC Ops is offline
 
Join Date: Jul 2009
Location: The Netherlands, Europe
Posts: 643
PC Ops will become famous soon enough
Default

Lots of those here in The Netherlands as well. Had several come in the last couple of weeks.

Looks like infections come from popular sites (ads) indeed. Especially holiday related sites were visited by the majority of my clients.

Not up to date Java seems to be the problem.
Reply With Quote
  #5  
Old 04-19-2011, 04:28 AM
TechLoopPC's Avatar
TechLoopPC TechLoopPC is offline
 
Join Date: Mar 2011
Posts: 149
TechLoopPC is an unknown quantity at this point
Default

Great! so I'm not the only one that has been noticing MS-Removal a ton the past few days. Good thing it's a fairly simple fix.
Reply With Quote
  #6  
Old 04-19-2011, 11:25 AM
Fixedathome.com Fixedathome.com is online now
 
Join Date: Feb 2009
Location: Nottingham, England
Posts: 457
Fixedathome.com is an unknown quantity at this point
Default

I had a couple of E-Set 2011 the other day which had an AVG Icon!
Reply With Quote
  #7  
Old 04-19-2011, 12:59 PM
bytebuster bytebuster is offline
 
Join Date: Oct 2009
Location: Sacramento, CA
Posts: 401
bytebuster is on a distinguished road
Default

Quote:
Originally Posted by TechLoopPC View Post
Great! so I'm not the only one that has been noticing MS-Removal a ton the past few days. Good thing it's a fairly simple fix.
Can it be deleted manually? Where does it live at?
__________________
ByteBuster Mobile iPhone Repair of Sacramento
Specializing in 4 Series iPhones
(916) 708-0609 9am-5pm 7 days a week
http://www.bytebustermcr.com/
Reply With Quote
  #8  
Old 04-19-2011, 04:55 PM
tpcg tpcg is offline
 
Join Date: Jun 2010
Posts: 71
tpcg is an unknown quantity at this point
Default

The machine I cleaned this morning had the folder in c:\programdata/some random folder name\several different .exe files.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:54 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.