OT facebook users beware

[BigJay]

NASTY virus going around facebook right now. My wife got it on her netbook last night. Was a message from a friend that included a blog link. Spent 15 hours trying to remove the virus and finally had to reformat and reinstall the OS(confirmed only solution by multiple virus resolution sites(MRT(microsot malware removal tool, AVG, Spybot, Avast, Mcafee cannot remove it). The virus Alureon.H and it's really a package virus(rootkit) more then a stand alone tojan. I can't stress how severe this virus was for one that didn't actually destroy the system. Be careful everyone in what you click on!!

 

[BigAl07]

Dang links!! I wrote one off a few weeks back from same issue. Dang rootkit got in there and even a FORMAT didn't get it. It was "Google Redirect" but can't remember the exact package name.

I tell EVERYONE to not click on links unless you KNOW what it is AND you're expecting it. Of course I don't scream it too loud because my other business is cleaning computers up for people Business is GOOD!!

 

[Dweezil]

For future reference here are 3 websites explaning how to get rid of that particular virus. All pretty much the same methods. I'm a systems analyst in real life

Alureon.H Removal - Tech Support Guy Forums

win32/alureon.h [Solved] - Geeks to Go Forums

Help Please - Alureon.H - Malwarebytes Forum

 

[BigAl07]

Tammy excellent links (MBAM is one heck of an AMAZING tool and I carry it and updated definitions on my thumbdrive 24/7).

That one can be eradicated with those techniques but unfortunately not all ROTKITS can (this info is for anyone not familiar with RootKits) The last one I tried to clean I had to go into the BIOS and disable the CD-ROM and flash the stinking BIOS before all was said and done. That stinks and from a "Tech" standpoint not worth the time ($$$) to fix it.

We need a "Geek Talk" thread around here

 

[Dweezil]

We need a "Geek Talk" thread around here

Agreed! LOL you would think I'd get my fill at work hehe

 

[BigAl07]

Agreed! LOL you would think I'd get my fill at work hehe

DITTO!

Full-Time GEEK here with a side business of "Geeking" to support my other hobbies LOL!

 

[Reefmack]

Good information!

 

[BigJay]

Dang links!! I wrote one off a few weeks back from same issue. Dang rootkit got in there and even a FORMAT didn't get it. It was "Google Redirect" but can't remember the exact package name.
)

yeah this one included a google redirect as well, some file called adam123 or something plus an Iwin installer. I tried searching the few terms I could pull out of the files and I was only able to come up with a 3 or 4 hits on foreign language sites. The trojan was the only part that I could get a name of since thats all avast was able to pick up. I assume the rootkit was removed with the reformat. We are using that netbook only for web surfing for the next little bit till I am for sure all instances are gone.
Thanks for the links. I know who to lean on next time I run into an issue.

 

[Edison]

Boot to Safe Mode/Networking. Download a program named "rkill" Download and install MBAM, update, run full scan.
IF you can't get on the Net, check Internet Options/Connections/LAN Settings and un-check any proxy settings, then do the above.
You should be able to boot to Win and have net access. The next thing to do is to download the 30-day trial of Kaspersky Internet Security, install, update, run full scan.
Your comp should be now clean.

This should work for most all malware infections.

The above works for about 90% of all malware out there now. For the other 10%, you'll want to pull the hard drive, pop it into an external enclosure and scan with Kaspersky. Then do the above.

One of the things I do for a living is clean infected machines and I can usually get about 98% without having to reformat.

 

[GrendelPrime]

damn guys im lucky i can turn my computer on

 

[Dweezil]

GP ~ I'm glad....it's people like you that keep me in a job! LOL

 

[BigAl07]

One of the things I do for a living is clean infected machines and I can usually get about 98% without having to reformat.

DITTO! That's my last resort. I only format if:

It's hosed and not worth the "labor" to manually clean

It's got one of the newer "Root Kit" infection. I am not going to go through all the "Boot Disk" this, "Boot Disk" that when I can just reformat.

Excellent advice.! MBAM is sweet. I know some people "turn their noses" at AVG but it's saved our company COUNTLESS times and the new version has a decent Root Kit scanner.

 

[BigAl07]

GP ~ I'm glad....it's people like you that keep me in a job! LOL

:LOL: I made a comment like that to a client this morning. He said, "What do you know about Facebook and social networking security?"

My reply was, "It's GOOD for my business!" :LOL:

 

[GrendelPrime]

lol me + technonlgy= bad news

 

[Edison]

You can usually kill a rootkit if you scan the infected drive from another computer.
The nature of a rootkit is to remain invisible to the operating system it's installed on but you can usually snag them by slaving the OS drive.

AVG and MS Security Essentials are the two best free one out there but I do see machines come in that are infected that have been running those programs.

I've been a Kaspersky reseller for the past 4 years and average 2 sales a day. Since I've been dispensing Kaspersky, I have had 3 come back infected and one of those was because the client didn't renew their license.