Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 03-30-2012, 06:19 PM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is online now
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,918
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default Wow...crazy heavy malware calls today!

Phone ringing off the hook....all 3 of us out onsite cleaning up rigs hit with hard drive alerts and security fortress 2012. Big outbreak today.
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat
Reply With Quote
  #2  
Old 03-30-2012, 06:50 PM
Tekko Tekko is offline
 
Join Date: Dec 2011
Location: WI
Posts: 409
Tekko will become famous soon enough
Default

Quote:
Originally Posted by YeOldeStonecat View Post
Phone ringing off the hook....all 3 of us out onsite cleaning up rigs hit with hard drive alerts and security fortress 2012. Big outbreak today.
Seeing this at my day job too, for some reason it seems to mostly be our east coast locations.
__________________
Reply With Quote
  #3  
Old 03-30-2012, 07:16 PM
HFultzjr HFultzjr is offline
 
Join Date: Jul 2010
Location: Central PA, USA
Posts: 849
HFultzjr will become famous soon enough
Default

Hello,

All the ones I've seen lately have outdated Flash and/or Java.

Can't seem to convince people to keep them updated.

On several, the update notifications were showing as needing updated, but customer didn't run.

They said they were "afraid to", with all the bogus "updates" out there.

Been instructing them on using Filehippo Update Checker to look for legit updates and how to download and install.
__________________
Harold
ACS Alternative Computer Solutions
Reply With Quote
  #4  
Old 03-30-2012, 08:14 PM
Tekguy Tekguy is offline
 
Join Date: May 2010
Location: USA
Posts: 341
Tekguy is on a distinguished road
Default

Quote:
Originally Posted by HFultzjr View Post
Hello,

All the ones I've seen lately have outdated Flash and/or Java.
I noticed when I installed Flash the other day on a computer that it asked if you would like Flash to update itself automatically which is the default. It's about time they did this. I don't install Java on computers anymore unless the customer is specifically using it.
Reply With Quote
  #5  
Old 03-30-2012, 08:31 PM
coffee's Avatar
coffee coffee is offline
 
Join Date: Oct 2011
Location: USA, Indiana
Posts: 1,670
coffee has a spectacular aura aboutcoffee has a spectacular aura about
Send a message via Skype™ to coffee
Default

Also seeing alot of malware calls today. I was out all day on clean up duty!

Alot of customers are reporting that they are afraid of clicking on the updates. Ive got 2 computers in the shop now that I have to start scans on. I also have an HP laptop with overheat issues that came in too. Business is good today for some reason.

Have a great day everyone!
__________________

www.renuecomputers.com
Reply With Quote
  #6  
Old 03-30-2012, 09:00 PM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is online now
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,918
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default

Quote:
Originally Posted by HFultzjr View Post
Hello,

All the ones I've seen lately have outdated Flash and/or Java.

Can't seem to convince people to keep them updated.

On several, the update notifications were showing as needing updated, but customer didn't run.

They said they were "afraid to", with all the bogus "updates" out there.

Been instructing them on using Filehippo Update Checker to look for legit updates and how to download and install.
Tis my rule of thumb also...but one of the rigs I worked on today HAD all updated...Adobe 10, Flash 11, Java 6.31, IE 8.0.

This new variant here is leaving a redirector behind that we've not yet been able to clean off. Within several minutes your browser starts going to affiliate sites instead of what you hoped for. "letmehelpu" is one of them.
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat
Reply With Quote
  #7  
Old 03-30-2012, 09:09 PM
othersteve othersteve is offline
 
Join Date: Feb 2010
Posts: 517
othersteve is on a distinguished road
Default

Hey YeOldeStonecat,

I'd suggest checking with aswMBR, TDSSKiller, and MBRCheck.exe for MBR infections and running a subsequent OTL scan. If you'd like you can post an OTL log here after running the rootkit scans and I'd be happy to go through it for you to identify the problem.
__________________
-Steve

Born a technician, though always willing to learn and improve. :)

Managing Editor, DigitalChumps.com
Senior Editor, Notebookcheck
Laptop Dude, PC Perspective
Owner/Sole Proprieter, Triple-S Computers
Reply With Quote
  #8  
Old 03-30-2012, 09:50 PM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is online now
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,918
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default

Oh yeah..she's been rooty scanned. TDSS gets blocked..GMER finished and came up clean. Ran out of time...will continue Monday with MBR checks...which is what I'm starting to thing it is. Manually checked everything HJT would...quite clean. TCP/winsock rebuild. Scanned with SAS, MWB, Panda AV, even brought out old Spybot. Will have to continue with MRT (Microsoft tool) on Monday, and yank drive and slave to another machine and scan. TCP clean, no proxy in browser connection settings, browser set to default, even installed and tested Chrome and she still gets redirected.
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat

Last edited by YeOldeStonecat; 03-30-2012 at 09:52 PM.
Reply With Quote
  #9  
Old 03-30-2012, 09:54 PM
Xander's Avatar
Xander Xander is offline
 
Join Date: Oct 2008
Location: Niagara region, Ontario
Posts: 6,822
Xander is just really niceXander is just really niceXander is just really niceXander is just really nice
Default

Wish I had your troubles. I have seen virtually no viral infections for probably 3+ months.
__________________
Xander St Catharines Computer Repairs

New here? Watch this and read this. Remember, it's not our problem, it's yours so ask your questions well.
e.g. Make/Model#, Win version/SP#, BSOD 0x#. Consider posting Event Viewer logs, Autoruns exports or something.
More info means better answers and less snark.

Don't be parasitic and only pose your own questions. Help others.
Never trust a "tech" with a hotmail address.


D7 question/idea/etc? Bring it to the D7 Forums.
Reply With Quote
  #10  
Old 03-30-2012, 10:03 PM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is online now
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,918
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default

Quote:
Originally Posted by Xander View Post
Wish I had your troubles. I have seen virtually no viral infections for probably 3+ months.
It's been a fairly quiet winter! Although bad timing...these time consuming things are cutting into my bigger work stuff...I was supposed to get a Hyper-V host server built today to begin a migration soon. And some quotes for migrating another SBS2003 domain up.
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:42 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.