Horrendous Attack!

The friendliest place on the web for anyone with an RV or an interest in RVing!
If you have answers, please help by responding to the unanswered posts.
See posts with no answers
Ray D

Ray D

Well-known member
Joined
Jun 4, 2006
Posts
1,963
Location
Boise, Idaho
Dani, (Jasper's Mom), has at least temporarily lost her computer. She suffered an almost undescribeable attack, featuring graphics too gruesome to tell about, here. This is not something you want to see! I respect the family atmosphere we have.

Probably, most folks will avoid this, without my advice. And, with luck, some of our experts, here, will chime in.

Dani got a warning window that her computer was "under attack." The window said, "click here," to resolve the situation, and that is what she did. She "clicked here!" I heard a scream, and came running.  :eek:

I attempted to get control, but it was for nothing. I pulled the power.

Been working for three days to fix it, and have little hope. I think a new computer is probably in order. I have used Norton and SpyBot, with some success, but it isn't clean, yet. Not going to put a lot more effort into it.

The cable company rep tells me that this is wide spread. I have no idea how widely, but you don't want it!

I attached two photos of the the warning. If you see this, I don't know what is the right thing to do, but don't click anywhere on the "warning" window. That click is all it takes! Even clicking on the "X" to intend to close will bring the thing onto your computer. It takes seconds! Less than a minute!

Note, the photos are exactly that. It is not a link from her computer, but rather from a shot I took with my cell phone camera. It is a photograph of the screen. It is not infectuous.

Ray D  :(
 

Attachments

  • PIC-0036.jpg
    PIC-0036.jpg
    111 KB · Views: 130
  • PIC-0037.jpg
    PIC-0037.jpg
    126.7 KB · Views: 79
You can salvage that computer but it will take a fresh install of Windows to do it.  I wouldn't waste time trying to disinfect it now, it's too late and you'll never know if you got all the malware off.  Use the restore CD that came with the computer (if you have one) or the Windows CD (if that's what you have) to boot and start over.  If there are files on the disk that aren't backed up, we can tell you how to recover them by installing the drive in another computer, or booting from an external drive if that's possible.

A new computer isn't necessary, and when you get this one back up, learn how to practice safe surfing :)  There are lots of articles on the internet that will help Dani avoid problems like this.
 
Sorry to hear of the attack on Dani's computer.  Like Ned suggested there is no need for replacing the computer.  I would suggest not loading Norton when you reload software.
 
Ron said:
Sorry to hear of the attack on Dani's computer.  Like Ned suggested there is no need for replacing the computer.  I would suggest not loading Norton when you reload software.
Click to expand...

Ron, I know why you say that but I think it is time for you to update your information. I had dropped Norton also a few years ago, but wasn't that happy with the alternatives that I used. NAV got an excellent review in PC World recently, so I thought I would give it a try (Fry's had it for $0 after rebates). it is faster, less intrusive and, according to PC World, only the top rated Kapersky was better (slightly)  in AV detection. Since I had used an AV based on Kapersky, I felt more comfortable with NAV and am happy with NAV again.
 
OK, so you can't click on any area of that popup. Then how do you get the popup to go away?
 
Ron - Ned, thanks. I appreciate this. There are other complicating factors. My main hope in posting is that maybe someone would look at those "warnings" and think twice before clicking.

When I retired, a decade ago, I had several merchandise sample cases that to recently still had samples of pretty nice stuff that I have not been able to sell or give away, due to the sheer volume of stuff. I also had 6 or 8 old briefcases. We stored our software and un-needed small accessories in some of the old cases, in the garage, to get more room in the office. So, it was all in the garage. That includes everything that came with my new Toshiba/Vista LapTop except the computer, itself, and the power cord.

The garage was burglarized about a month ago. All of the old briefcases and sample cases, except one, are gone. With it, our software!

I did have the sofware for the old, not quite dead desktop, inside. I still have that. It does have a Windows XT recovery disk. Didn't think of that until just now! Can that be used to recover the laptop?
 
Bruce, need to wait for  one of our gurus to respond. However, I called my son, who is pretty good at this, and did as follows.

On the blue bar at the bottom of the screen each running program shows a button with the name of the program. Right click on the Windows Security button and then click "close." It does close it, for me, without calling up the demons, but it comes right back, again in minutes.

Ray D
 
Ray, perhaps, but most laptops have enough unique hardware that they need specific drivers from the computer manufacturer.  Also, a recover CD will only run on the computer it was designed for.  You would need a generic Windows XP CD to install to a different computer, like the laptop.

Bernie, NAV is a standalone anti-virus program that is about average but not too intrusive.  The really bad Norton stuff is the Security Suite that does a lot of things, most not very well, and is extremely difficult to remove if you want to change to another program.  And that's true of most, if not all, of the suites, including Zone Alarm.  That's why I prefer using individual programs that do one thing well.
 
To get rid of those popups without clicking on them, use the Task Manager and kill the iexplorer.exe task.  Better yet, use Firefox :)
 
The most common way of sending those attacks is a pop up that says

"Warning your computer is under attack, Click here to fix it"

The warning is proper, the suggested cure is not.    DO NOT CLICK ANYWHERE ON THE POP UP even the red "X" may be dangerous, use ALT-F4 or one of the other means to kill it (Three finger salute followed by killing of IE for example) or just shut down and re-start the computer if you must.  BUT DO NOT CLICK ON IT

What I'd like is a good log that lets me identify the attacking site..

Then I could bill them
 
I too would strongly suggest the purchase of an Apple Mac like the MacBook or iMac desktop.

If thats not an option, I would strongly suggest FireFox, and installing a plugin called AdBlock Plus and subscribing to FilterSet.G

Actually, even Mac users should do this!
 
There are many reason you will never see Ron with a Mac.  Besides contary to what they would like you to believe they are not free from such an attack.  Since they only have a small part of the market they don't get the negative reports when it does happen.

If Kapersky is tops then we are really in trouble IMHO.  I had Kapersky for a VERY short time after I dropped Norton and found it writes files to your disk and wasn't all that fast.  I currently use Peergardian from Phoenix Labs, AVG, and the windows firewall in addition to a router. I also use CCleaner as Ned suggested.

I have lost any confidence in PC magazine ratings after using Spyware Doctor that they recommend. It really started slowing things down too and I understand it may have crashed one members computer.
 
Careful Russ, you will have Ron thinking that Apple is part of the Affinity Group. ;D ;D
 
OK, so you can't click on any area of that popup. Then how do you get the popup to go away?
Click to expand...

Jerry had not seen the popup, but his first comment when I showed it to him was that Microsoft would never tell you to download something in that situation.  That's your first clue it's malware. 

Bruce, you can always use the red X to get rid of popups.  Of course, the surefire way to avoid attack when you see something like this is to simply turn off the electricity to the computer or disconnect the computer from the modem.

Ron, I know you don't like Norton, but we've used the Norton security tool for years and have been quite happy with it.  In fact, we recently renewed our subscription.  When you see a big red screen telling you there's a virus it makes you very happy to have Norton.  We have ditched Spyware Doctor however for the reasons mentioned.

Ray, does Dani use Mailwasher to screen email before downloading messages to her computer?  If not, perhaps the malware got in via an email.  I never download email unless I check it first in Mailwasher.  Set it up for Delete and Blacklist, but not Bounce.  If an email is bounced back to the originator they then know your computer exists, but if you blacklist doubtful sites and delete them from the Mailwasher server, then the originator doesn't know whether the message was received and doesn't have a clue what happened to their bad message.  It just disappears into the netherworld!  I LOVE Mailwasher!

ArdraF
 
Correction:  Jerry agrees with John from Detroit.  Do NOT click the red X.  Instead, disconnect the computer from it's power source and turn the computer off.

ArdraF
 
You must log in or register to reply here.

Latest posts

Members online

Total: 800 (members: 7, guests: 793)

Forum statistics

Threads
131,928
Posts
1,387,649
Members
137,676
Latest member
traxster
Back
Top Bottom