Wow...crazy heavy malware calls today!

[YeOldeStonecat]

Phone ringing off the hook....all 3 of us out onsite cleaning up rigs hit with hard drive alerts and security fortress 2012. Big outbreak today.

[Tekko]

Quote:

Originally Posted by YeOldeStonecat

Phone ringing off the hook....all 3 of us out onsite cleaning up rigs hit with hard drive alerts and security fortress 2012. Big outbreak today.

Seeing this at my day job too, for some reason it seems to mostly be our east coast locations.

[HFultzjr]

Hello,

All the ones I've seen lately have outdated Flash and/or Java.

Can't seem to convince people to keep them updated.

On several, the update notifications were showing as needing updated, but customer didn't run.

They said they were "afraid to", with all the bogus "updates" out there.

Been instructing them on using Filehippo Update Checker to look for legit updates and how to download and install.

[Tekguy]

Quote:

Originally Posted by HFultzjr

Hello,

All the ones I've seen lately have outdated Flash and/or Java.

I noticed when I installed Flash the other day on a computer that it asked if you would like Flash to update itself automatically which is the default. It's about time they did this. I don't install Java on computers anymore unless the customer is specifically using it.

[coffee]

Also seeing alot of malware calls today. I was out all day on clean up duty!

Alot of customers are reporting that they are afraid of clicking on the updates. Ive got 2 computers in the shop now that I have to start scans on. I also have an HP laptop with overheat issues that came in too. Business is good today for some reason.

Have a great day everyone!

[YeOldeStonecat]

Quote:

Originally Posted by HFultzjr

Hello,

All the ones I've seen lately have outdated Flash and/or Java.

Can't seem to convince people to keep them updated.

On several, the update notifications were showing as needing updated, but customer didn't run.

They said they were "afraid to", with all the bogus "updates" out there.

Been instructing them on using Filehippo Update Checker to look for legit updates and how to download and install.

Tis my rule of thumb also...but one of the rigs I worked on today HAD all updated...Adobe 10, Flash 11, Java 6.31, IE 8.0.

This new variant here is leaving a redirector behind that we've not yet been able to clean off. Within several minutes your browser starts going to affiliate sites instead of what you hoped for. "letmehelpu" is one of them.

[othersteve]

Hey YeOldeStonecat,

I'd suggest checking with aswMBR, TDSSKiller, and MBRCheck.exe for MBR infections and running a subsequent OTL scan. If you'd like you can post an OTL log here after running the rootkit scans and I'd be happy to go through it for you to identify the problem.

[YeOldeStonecat]

Oh yeah..she's been rooty scanned. TDSS gets blocked..GMER finished and came up clean. Ran out of time...will continue Monday with MBR checks...which is what I'm starting to thing it is. Manually checked everything HJT would...quite clean. TCP/winsock rebuild. Scanned with SAS, MWB, Panda AV, even brought out old Spybot. Will have to continue with MRT (Microsoft tool) on Monday, and yank drive and slave to another machine and scan. TCP clean, no proxy in browser connection settings, browser set to default, even installed and tested Chrome and she still gets redirected.

[Xander]

Wish I had your troubles. I have seen virtually no viral infections for probably 3+ months.

[YeOldeStonecat]

Quote:

Originally Posted by Xander

Wish I had your troubles. I have seen virtually no viral infections for probably 3+ months.

It's been a fairly quiet winter! Although bad timing...these time consuming things are cutting into my bigger work stuff...I was supposed to get a Hyper-V host server built today to begin a migration soon. And some quotes for migrating another SBS2003 domain up.