Monday, August 24, 2009

Computer Virus Warning--New and Wicked


I'm running this email with permission from an author friend. I, too, got the pop-up she's talking about but was fortunate enough not to continue with it. But this one is easy to fall for, and the consequences aren't good. Beware!
---------------

This morning I went online to look up something. I noticed a lot of spam pages minimized below. So I began Xing them out. And then I remembered that I shouldn't be having that problem. So I immediately went off line to check my Norton and BOOM! I was infected by a Trojan horse. It rebooted my system and then completely wiped out Norton's software. The long and short of it is that I had to call and pay a Norton tekki to get rid of it. It's a nuisance spyware program that is very nasty and masquerades as a Window Live update--even uses Windows logo. It would not allow me to visit the Norton website--a nasty little side effect of this infection.


It embedded itself on my register. That was early this morning and here it is 3:45 and I'm just now getting back to work. So just an alert. Please pay attention to any update programs that look like Windows and be careful what you approve.

The Bogus name is PC AntiSpyware. And one of the search engines it installed in place of my Google bar is called My Websearch. And its plugins are toxic.

The Trojan horse, called braviax, embeds itself so deeply in the register that even the tekki had to call in his boss. It was a nightmare to get rid of it. It is a spyware program but periodically it shuts off your computer without warning in the middle of your work, so you have to just stop and get rid of it.

Also, the box that pops up tells you that you have a virus. But when you X it out, it just keeps popping back up. That little piece of action is the button that sends it deeper and deeper into your register. Found that out the hard way too.


Another author just emailed and said she just went through this two weeks ago. It's very deceptive. It even pops up a bogus program that looks like Windows is running a virus check. Then it tells you that you have 25 threats and need to update your program. When it asked me for credit card info, I immediately shut off my computer. I had to call Norton and then we rebooted over and over (maybe 20 times or more) blue screens, opening in safe mode, and then finally reinstalling Internet Explorer in order to give them access through the remote program.
---------------

To be clear, the pop-up I saw is the one my friend mentioned in her last paragraph. I was online, went to some web site and up popped this "Microsoft" box, telling me I'd been infected by numerous viruses and to click the Microsoft link to fix immediately. I got suspicious because of the number of hard-core viruses it claimed I had. Just didn't look right. So instead of clicking the link, I hit the X to close the box, went to Norton and did a scan, which turned out clean. If I had followed the link on the pop-up, the virus my friend got would have been downloaded. Once it's downloaded and you have the virus, then hitting the X to close further pop-ups about it will only drive it deeper into your computer.

Anyone else encounter this? How about you techie folks--have you heard of this one? Please share your experience/knowledge with the rest of us.

13 comments:

Ralene said...

Wow! Sounds dangerous! I've had a few weird close-calls, but not like that. Yikes! Don't people have better things to do. *sigh*

Anonymous said...

I had a very similar thing happen to me, and PC AntiSpyware was involved. I was also getting Google searches hijacked, so when I clicked on a result from a search it took me to random web pages sometimes. (I also had just about any ad on any website replaced with a - shall we say - less than family-friendly one.)

I registered (it was free) and logged the problem on this website:
http://www.suggestafix.com . They had me download a number of registry-fixers, some spyware removal tools, and some other things, and stepped me very carefully through a process where I finally got everything removed.

Th whole thing took a couple days, mostly because I only had a few hours each night to do the stages they asked me to do, and then they'd have to analyze the information I sent them.

Good luck!

D. Gudger said...

Mac.
I switched a year and a half ago and will never go back to PC. My Windows computer was plagued by viruses despite having Mr. Norton and I spent more time trying to get the computer to work than working on the computer.

Very few viruses exist for Macs.

Sheila Deeth said...

Sounds nasty. I'll warn the family. They probably know to ask McAfee to check if anything says they have a virus, but sometimes those "warnings" are designed to startle you out of your planned responses.

J.D. Abolins - @JonAbolins@mastodonapp.uk said...

Yes, I have seen various types of "scareware" bogus antivirus programs that pop up "Found viruses" alerts, etc. As for braviax, I haven't deal with it directly but a collegaue recent had to deal with it in an incident response matter.

One of the key things people should know is not to just trust things that look like system alert, security alerts, etc. just because they pop up. Don't click on the "x" in the upper right corner of the alert pop-up to close it off; some malware use bogus controls. Safer to use the Task Manager to close the pop-up's program.

Some more info at

http://technology.inc.com/security/articles/200906/scareware.html

http://redmondmag.com/Articles/2009/02/01/Whos-Afraid-of-Scareware.aspx

http://www.ncpc.org/programs/catalyst-newsletter/catalyst-newsletter-2009/volume-30-number-1/scareware-offers-then-steals-peace-of-mind-and-victims-money

Christy Lockstein said...

My husband faced something similar to this about six months ago, completely wiped out my daughter's laptop. MalWareBytes is a terrific anti-spybot/malware program that has kept up safe ever since. We downloaded it for free from download.com

Sarah Salter said...

This happened to me LAST NIGHT. If my brother hadn't been there to stop me from clicking the wrong prompt, I would have been in big trouble! He pulled up the task manager and used it to close the offending program. Then we ran the McAfee virus scanner on it. When we restarted it, it was just fine. Thank goodness for computer-savvy family members!

Unknown said...

Thanks for the warning. I think I went through something similar with Trojan's a few months ago, but was fortunate enough to realize what was happening. Still took me nearly a week to get rid of it.

I personally use TrendMicro's virus protection, and I've found the pay version very good. They also have a free version called Housecall. Their side is Housecall.TrendMicro.com

Nikole Hahn said...

Oh yeah...this one is not so new. It's malware. We had it infected in our computers at the church. It came through accessing a website not through downloading anything. It's sneaky.

Allie said...

Techie person here.

This is not new at all. I too have been infected by it in the past and the best thing I've found to get rid of it is called www.malwarebytes.org - I *love* their program.

I have to deal with this at work sometimes. Thankfully many of our users have an idea that they shouldn't have to enter in credit card information.

~ Brandilyn Collins said...

I'm grateful for you techie folks' answers. Interesting to hear that this virus isn't new, yet so many of us lay folks hadn't run into it until recently. Wonder if it's somehow "out there" more now. ??

Teri Dawn Smith said...

That one popped up on my husband's computer a few days ago. I warned him not to click on it.

I noticed that in the upper left hand corner, it had something that wasn't quite like microsoft.

bath mateus said...

Amazing so nice posting, I like it.Add more information it will be better...
Bathmate