SuzukiSavage.com - Print Page

SuzukiSavage.com
/cgi-bin/YaBB.pl
General Category >> The Cafe >> you need to be aware of this new scam
/cgi-bin/YaBB.pl?num=1354908558

Message started by verslagen1 on 12/07/12 at 11:29:18

Title: you need to be aware of this new scam
Post by verslagen1 on 12/07/12 at 11:29:18

http://finance.yahoo.com/news/pc-virus-victims-pay-else-004529732.html

Title: Re: you need to be aware of this new scam
Post by 360k+ on 12/07/12 at 18:17:18

These ransom-ware viruses have actually been around for 3 or 4 years. They flared up back then, but then kinda died down for a while, but have recently re-emerged again and are a little more sophisticated. Most come from eastern bIock countries. I probably fix 1 or 2 per month and have for the past year or so.

The new version of the virus can be VERY difficult to dig out, if possible at all. Most of the newer versions register themselves, so deleting infected files won't help. Also, in many cases it loads a copy of itself into memory (RAM) at boot time, then rewrites itself back to the HD at shutdown. This means even if you search for instances on the HD while the computer is running and delete them, it won't make any diff because a brand new version will be written at shutdown. If it has already done very much damage, you may need to wipe the HD and reinstall Windows; a PITA, but sometimes necessary. :'(

Title: Re: you need to be aware of this new scam
Post by houstonbofh on 12/07/12 at 20:01:17

That is why you need a bootable windows environment like the old UBCD4 win or Hiren's Boot CD. You have to have a clean platform to look at it. (In other words, it ain't easy...)

Title: Re: you need to be aware of this new scam
Post by Dj12midnit on 12/07/12 at 21:20:22

I have not see that one in a while, but I have always had good results with http://www.malwarebytes.org/

Title: Re: you need to be aware of this new scam
Post by oldNslow on 12/08/12 at 10:12:22

The last time one of those things popped up on my screen I just reached over and hit the off switch on the surge protector and shut everything down. Restarted in safe mode and did a system restore back a couple of days. The bogus stuff was gone when I rebooted normally.

May not work all the time but it's quick and easy and I don't think it can hurt to try. I'm still running XP by the way.

Title: Re: you need to be aware of this new scam
Post by 360k+ on 12/08/12 at 19:51:45

0836373B2935345A0 wrote:

Even tho that is a "last ditch effort", you're probably right. The problem with "pulling the plug" is that Windows creates disk buffers when it's running called swap files. These are files that are "virtual memory"; i.e., a place to store stuff temporarily. If you shut down abruptly, the swap files disappear, so the next time Windows starts, there could be some problems. This is one of those actions that will eventually cause your system to crash altogether (it's a WHEN not IF type problem!). So pulling the plug (removing power) is a last resort to ANY computer, but may be necessary when the alternative is even more horrible.

The separate "boot disk" (there are several of these) mentioned earlier will successfully boot your computer, but only a diagnostic mode. So it gets your foot in the door, but unless you have at least a fundamental knowledge of Windows, you are still infected with the virus and back at square one!

Title: Re: you need to be aware of this new scam
Post by oldNslow on 12/09/12 at 08:44:10

I've been pretty lucky I guess. The power goes out around here with depressing regularity. Since I rarely turn my computer off, the plug gets pulled three or four times a year with no warning. So far so good. It's always been OK when the local power co. gets around to turning the lights back on.