Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Citadel Reveton Malwre attack! Help! (Vanity)
me ^ | metesky

Posted on 08/31/2012 4:57:03 AM PDT by metesky

This thing invaded my machine. What kind of scum does this for amusement? Warnings and info at FBI - New internet scam and here


TOPICS: Computers/Internet
KEYWORDS: driveby; euroscum; ransomware
Navigation: use the links below to view more comments.
first previous 1-2021-4041-50 next last
To: metesky
Good, then my Task Manager suggestion will work. To access hold Control/Alt then only tap on the Delete key, don't hold it or you'll get a restart. Don't wait for Windows to finish loading. I don't know what processes to tell you to shut down as shutting down some will make you have to restart. The name of the piece of malware as a process will possibly look different than real ones ( mixed caps and lower case in the name ). They change it often so it's hard to track down. You only have a few seconds to find and stop it before it launches so this may take a few tries but it does work. If this does kill the malware then do not restart until you get rid of the junk by using earlier suggested programs.

Combofix can do the job but I only recommend it as a last resort as it changes settings you'll spend a good while getting back.

21 posted on 08/31/2012 5:40:35 AM PDT by Hillarys Gate Cult (Liberals make unrealistic demands on reality and reality doesn't oblige them.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Hillarys Gate Cult

The process name will be random and also may contain letters and numbers. Shutting down just the ones that look like that should do it. It may even get by you and load the first time. Try again. Just be quick to end process as soon as you see it.


22 posted on 08/31/2012 5:55:13 AM PDT by Hillarys Gate Cult (Liberals make unrealistic demands on reality and reality doesn't oblige them.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Hillarys Gate Cult
I forgot to add that other manual correction suggestions may be good, but the malware will probably not let you get that far. One example was I wasted some time trying to get quickly into msconfig and uncheck the bad process. The malware had already loaded and locked things up by then. Task manager is the most direct route, even if it takes a few tries.
23 posted on 08/31/2012 6:02:20 AM PDT by Hillarys Gate Cult (Liberals make unrealistic demands on reality and reality doesn't oblige them.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: metesky

Most viruses are designed to exploit the windows architecture. You should try Linux instead.


24 posted on 08/31/2012 6:14:37 AM PDT by TexasRepublic (Socialism is the gospel of envy and the religion of thieves)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Hillarys Gate Cult

I’m running Webroot after the family’s IT software and hardware professionals recommended it. It has knocked out things Malwarebytes did not clean up. It even protects my USMC son, who is incredibly stupid about this matter and has stupid friends who send him stupid things. Before I got Webroot, Mr Marine got some awful thing and Malwarebytes did nothing to clean it up.

They have to track these people down, put ‘em up against a wall, shoot them, and put the images on the internet as a warning—the 21st century equivalent of mounting traitors’ heads on the castle wall.


25 posted on 08/31/2012 6:24:35 AM PDT by ottbmare (The OTTB Mare)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Hillarys Gate Cult; All
I've downloaded Malwarebytes Free to a USB drive, put the USB drive into my machine, rebooted in Safe Mode. Running Malwarebytes now. I'll get back to ya.

Thank you every one for your help and support.

26 posted on 08/31/2012 6:28:52 AM PDT by metesky (Brethren, leave us go amongst them! - Rev. Capt. Samuel Johnston Clayton - Ward Bond, The Searchers)
[ Post Reply | Private Reply | To 21 | View Replies]

To: ottbmare
I go to tons of different sites and Malwarebytes and Superantispyware haven't let me down yet. I used to run Adaware but it hasn't found anything in years.
27 posted on 08/31/2012 6:31:24 AM PDT by Hillarys Gate Cult (Liberals make unrealistic demands on reality and reality doesn't oblige them.)
[ Post Reply | Private Reply | To 25 | View Replies]

To: metesky
I use AVG, Spybot-Search and Destroy, Adaware and Iobit Advanced System Care, including Iobit Malware Fighter.

LOL. Well, you could use Linux or OSX, then you wouldn't need all that stuff.

28 posted on 08/31/2012 6:47:46 AM PDT by zeugma (Those of us who work for a living are outnumbered by those who vote for a living.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: metesky
Good. Last time I had a malware problem it was locking up normal windows loading and the safe mode at about the same time.

For Superantispyware portable, one you can load to a CD on a good machine and run on the bad one, go here.

http://www.superantispyware.com/portablescanner.html

Not sure about the portable for Malwarebytes but be careful. They say there isn't one but Google lists several sites for download. If you're not loading it directly from or through their website, you may be loading malware/spyware/viruses.

Now I would like to vent to nobody in particular. When somebody fixes your computer and loads these programs could you please show them some appreciation by updating and running these programs occasionally. I lost count of the times I did that, then several months later they come back to me to fix it again having not once touched the programs after I showed them how to use them.

29 posted on 08/31/2012 6:54:54 AM PDT by Hillarys Gate Cult (Liberals make unrealistic demands on reality and reality doesn't oblige them.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: metesky
Let us know how it goes. Once again, I've had better results running Mawarebytes as a quick scan than a full scan. No idea why. Once you get it fixed and running I've seen it recommended that next time you run the program, always run it in the safe mode.
30 posted on 08/31/2012 7:03:19 AM PDT by Hillarys Gate Cult (Liberals make unrealistic demands on reality and reality doesn't oblige them.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Hillarys Gate Cult

CNTRL SHFT ESC will get you the task-bar without having to time it or leave the desktop (although, not sure about with this virus)..


31 posted on 08/31/2012 7:27:39 AM PDT by Bikkuri (Choose, a communist, socialist, or Patriot)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Hillarys Gate Cult

Oops.. meant the task-window.. :^D


32 posted on 08/31/2012 7:29:15 AM PDT by Bikkuri (Choose, a communist, socialist, or Patriot)
[ Post Reply | Private Reply | To 31 | View Replies]

To: TexasRepublic

Silly Penguin.

http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/

Got Cross-platform?


33 posted on 08/31/2012 8:16:03 AM PDT by OldEarlGray (The POTUS is FUBAR until the White Hut is sanitized with American Tea)
[ Post Reply | Private Reply | To 24 | View Replies]

To: metesky
Do you run JAVA....very likely....so many sites are using it....

See link at post #33.

**********************************EXCERPT**********************************

Attackers Pounce on Zero-Day Java Exploit

Attackers have seized upon a previously unknown security hole in Oracle’s ubiquitous Java software to break into vulnerable systems.

***********************************SNIP**********************************

Initial reports indicated that the exploit code worked against all versions of Internet Explorer, Firefox and Opera, but did not work against Google Chrome. But according to Rapid 7, there is a Metasploit module in development that successfully deploys this exploit against Chrome (on at least Windows XP).

34 posted on 08/31/2012 12:41:31 PM PDT by Ernest_at_the_Beach ((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
[ Post Reply | Private Reply | To 1 | View Replies]

To: OldEarlGray
Silly Penguin? No need to thank me.

I said, "Most viruses are designed to exploit the windows architecture." I did not say "All".

Please show me ANY system that is absolutely bullet proof. Yes, cross-platform exploits exist, but I doubt they can cause as much harm to a Linux system as to a Windows system. Linux has no Registry like Windows, it has a different system of file and directory permissions, it has different executable binaries. Linux is an alien environment for most viruses.

I have battled computer viruses since the DOS days, while supporting hundreds of machines. In the four years that I have used Linux on a half-dozen machines, I have yet to experience any problem, all the while using no firewall or anti-virus program. Try that with Windows.

The closest thing to absolute protection that I could recommend is to surf the web after booting from a Linux demo CD or DVD. It you need to download and save a file, use a USB memory stick for storage.

35 posted on 08/31/2012 1:06:45 PM PDT by TexasRepublic (Socialism is the gospel of envy and the religion of thieves)
[ Post Reply | Private Reply | To 33 | View Replies]

To: TexasRepublic
Absolutely right!

Keep the Window Machine with personal data away from the WWW.

Much less heartaches....

36 posted on 08/31/2012 1:43:26 PM PDT by Ernest_at_the_Beach ((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
[ Post Reply | Private Reply | To 35 | View Replies]

To: TexasRepublic

“Linux malware includes viruses, trojans, worms and other types of malware that affect the Linux operating system. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected, but not immune, from computer viruses.[1][2]

There has not yet been a widespread Linux malware threat of the type that Microsoft Windows software faces; this is commonly attributed to the small number of users running Linux as a desktop operating system[1], the malware’s lack of root access and fast updates to most Linux vulnerabilities.[2]

The number of malicious programs — including viruses, Trojans, and other threats — specifically written for Linux has been on the rise in recent years and more than doubled during 2005 from 422 to 863.[3]”
http://en.wikipedia.org/wiki/Linux_malware

YMMV.


37 posted on 08/31/2012 3:26:08 PM PDT by OldEarlGray (The POTUS is FUBAR until the White Hut is sanitized with American Tea)
[ Post Reply | Private Reply | To 35 | View Replies]

To: TexasRepublic

>>No need to thank me.

Nope. Half arsed dis/misinformation deserves no thanks.

What’s Android a derivative of Super Genius?

“Android is under attack: New malware threats tripled in Q2”
http://www.bgr.com/2012/08/17/android-malware-q2-2012-study/

“Oops”.


38 posted on 08/31/2012 4:07:14 PM PDT by OldEarlGray (The POTUS is FUBAR until the White Hut is sanitized with American Tea)
[ Post Reply | Private Reply | To 35 | View Replies]

To: OldEarlGray
Android allows automatic updates ....LINUX does not....other than what JAVA does....

Which is a problem Apple had.

39 posted on 08/31/2012 5:39:13 PM PDT by Ernest_at_the_Beach ((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
[ Post Reply | Private Reply | To 38 | View Replies]

To: metesky

assuming your computer can run visa/7 MS has rebranded stand alone system sweeper beta to windows defender. Its free and runs from a memory stick or dvd. you boot the stick/dvd and run it out side of windows.


40 posted on 08/31/2012 8:06:47 PM PDT by waynesa98
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-50 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson