Results 1 to 15 of 15
  1. #1
    3 Star Lounger
    Join Date
    Dec 2008
    Location
    Garrisonville, Virginia
    Posts
    288
    Thanks
    46
    Thanked 1 Time in 1 Post

    Blocking a recurring incoming trojan(?) attack

    First of all, my frustration and the following questions all pertain to the following Dell Inspiration 1720 laptop:

    O/S - Vista Home Premium with current updates and SPs.
    Browser - IE9
    AV software/firewall - McAfee Total Protection with current updates.

    For more than a month now, my daughter's (an adult, not a kid) laptop has gotten something called "Vista Internet Security 2012" error an average of once a week, sometimes more. If you are unaware, that is a "rogue software" that gets in while surfing, and scares you into thinking you are under virus attack, and of course they can stop it. . . .for a cost. She knows not to click on anything and always brings it to me, and SO FAR I have had no trouble curing the problem by returning to the previous System Restore point but it is getting very frustrating having to do this so often and I am wondering if this thing can be blocked either by IE9s security settings or else McAfee's firewall, if not both. It just occurred to me that if I am correct and this thing is buried in some webpage somewhere waiting to strike, that maybe I can get a URL for it and block it on IE9, but I've not tried that yet so I can't say much more about that than just that.

    If anyone out there has any ideas on how to block this darned thing and end our frustration, he/she will become my hero. :-) Is there anyone out there who has any knowledge of this thing, and how to stop it from coming back again? I've done some research online on it, but I am in no way "a techie" and reading some of the info confuses me further, but the only thing I do understand is that this thing is going around right now (my wife's desktop got it too, but it has not returned there YET), but I would sure like to know how to block it if that is possible.

    Any ideas or suggestions out there? I thank you in advance for anything you can offer.

    David E. Cann

  2. Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,782
    Thanks
    84
    Thanked 343 Times in 309 Posts
    I doubt whether your System Restores have been completely removing it. If your daughter knows not to click on anything it seems unlikely that she has been continually re-infected by any web page. I think you should follow one of the many comprehensive removal guides.

    Bruce

  4. #3
    Star Lounger
    Join Date
    Dec 2009
    Location
    Eastover, NC, USA
    Posts
    78
    Thanks
    0
    Thanked 6 Times in 6 Posts
    If you haven't already, try a full system scan with Malwarebytes free. Also, System Restore may be infected as stated by BruceR. I would clear all restore points and create a new one after running Malwarebytes.

    JB

  5. #4
    3 Star Lounger
    Join Date
    Dec 2008
    Location
    Garrisonville, Virginia
    Posts
    288
    Thanks
    46
    Thanked 1 Time in 1 Post
    Quote Originally Posted by BruceR View Post
    I doubt whether your System Restores have been completely removing it. If your daughter knows not to click on anything it seems unlikely that she has been continually re-infected by any web page. I think you should follow one of the many comprehensive removal guides.

    Bruce
    I realize there is never any guarantee, but any recommendation for a good one that ought to work? I've always been happy with the protection we got from McAfee, and have always run a full scan of all files with that afterwards, but I'm to the point now where I am ready to try anything. :-(

    David E. Cann

  6. #5
    3 Star Lounger
    Join Date
    Dec 2008
    Location
    Garrisonville, Virginia
    Posts
    288
    Thanks
    46
    Thanked 1 Time in 1 Post
    Quote Originally Posted by junebug View Post
    If you haven't already, try a full system scan with Malwarebytes free. Also, System Restore may be infected as stated by BruceR. I would clear all restore points and create a new one after running Malwarebytes.

    JB
    I will take a look at this, it has got to be worth a try. I have run full scans with McAfee each time, and have use it for years with no doubts about the protection at all, but I guess there is never any guarantee.

    David E. Cann

  7. #6
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,782
    Thanks
    84
    Thanked 343 Times in 309 Posts
    This trusted site is recommended by Microsoft:

    Remove Vista Internet Security 2012 (Uninstall Guide)

    Bruce

  8. #7
    Star Lounger
    Join Date
    Dec 2009
    Location
    Eastover, NC, USA
    Posts
    78
    Thanks
    0
    Thanked 6 Times in 6 Posts
    If Malwarebytes doesn't fix the problem consider Microsoft Standalone System Sweeper Beta.

    JB

  9. #8
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 931 Times in 852 Posts
    You could also try the Windows Defender Offline (beta) app.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  10. #9
    3 Star Lounger
    Join Date
    Dec 2008
    Location
    Garrisonville, Virginia
    Posts
    288
    Thanks
    46
    Thanked 1 Time in 1 Post
    Help is coming in faster than I can digest it all, so kindly let me get some thoughts together and figure out a proper (hopefully) course of action. At first glance right now, it appears that "Malwarebytes" would be a good first step, but I will see what I can do and let you all know the results. Thank you, folks.

    David E. Cann

  11. #10
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,455
    Thanks
    128
    Thanked 497 Times in 457 Posts
    For future reference; Avoid relying on system restore and start getting into the habit of doing system level imaging instead.

    System Restore is intended as a quick means of restoring system functionality. It is a band aid solution at best, and is of no use when it comes to virus or malware infection removal.

  12. #11
    3 Star Lounger
    Join Date
    Dec 2008
    Location
    Garrisonville, Virginia
    Posts
    288
    Thanks
    46
    Thanked 1 Time in 1 Post
    Quote Originally Posted by CLiNT View Post
    For future reference; Avoid relying on system restore and start getting into the habit of doing system level imaging instead.

    System Restore is intended as a quick means of restoring system functionality. It is a band aid solution at best, and is of no use when it comes to virus or malware infection removal.
    I never realized that. I am not "a techie" as I said in the beginning though, just an old retired fogey trying to learn how to use a computer, so I have no doubt that I am saying and/or doing some things that most of you folks find odd. Thanks for the information.

    David E. Cann

  13. #12
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,554
    Thanks
    2
    Thanked 614 Times in 550 Posts
    Whether or not System Restore can help recover from an infection depends on the nature of the infection. Most people who use System Restore only use it to recover from a bad software installation including a faulty driver update.

    Joe

  14. #13
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    While using an Image Backup is by far the more preferred recovery mechanism, System Restore can be used very effectively as part of a recovery from these scareware infections.

    One key thing is to note that the infection is not a single standalone infected file. It is often a suite of executables and infected system files that drop the trojan into your system. I have found from experience that many of these scareware programs rely on the Windows networking components to be activated - though this may evolve over time. Booting into Safe Mode you have the option not to launch any networking system components and most often this prevents the rootkit from being triggered.

    Thus the first port of call is to boot into Safe Mode without networking. From there, run a System Restore to a point where you are certain the infection was not present. Upon completing the System Restore, it is necessary to return to Safe Mode without networking, otherwise the restore will not be complete and the rootkit not removed. Booting into Safe Mode with networking has in the past activated the rootkit for all future session in Safe Mode, so it important to choose correctly when booting into safe mode.

    If you have already booted with Safe Mode (with networking), the infection may now be more deeply embedded into your system: I would suggest running Autoruns, search for the infection and prevent it from running on startup - but this requires knowledge of what to look for.

    After sucessfully running a System Restore from Safe Mode without networking, you should be able to run MalwareBytes and other programs such as TDSS Killer, Autoruns and others to clean up the remains of the infection.

  15. #14
    New Lounger
    Join Date
    Jan 2012
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Complete Fix

    Here is your fix. The Trojan file infects under a number of different names and is scattered at random throughout the web although it predominates on sites you can and should avoid. The odds of getting this just surfing regular sites is low to moderate. More than once in 3 to 6 months you should be paying
    close attention to the site preceding the infection and staying away from it!

    First do a Search/Find and download onto a USB storage device the following:
    FixNCR.reg
    Rkill.com
    Malwarebytes

    Bootable Windows Defender
    HijackThis


    The purpose of having them on a USB is that this Trojan can sometimes corrupt files enough that you cannot access or run correctly the ones on your computer. You may also get locked out of internet access as well.
    SAVE this USB as your emergency back up and run the files from there when needed. You can run these files from the USB in Normal startup but they are
    most efective if run in SAFEMODE. You can do both.

    RUN FixNCR.reg ( This will replace the damaged registration point of entry)
    RUN Rkill.com ( locates and kills Rootkits)
    Run Malwarebytes Full Scan and eliminate any malware found.
    ( You should be free after your reboot! Though I suggest running it in safemode and running your virus software like AVIRA Freeware as soon as possible
    because other things often sneak in with this Trojan.)
    Still have a problem?
    Bootable Windows defender will locate and destroy almost any rootkit and or trojan but is usually not needed. the above processes above should
    have taken care of your problem.

    If you get out of your depth in a bad infection then run Hijack this and printout the damaged files list for your tech guy.
    Hijackthis ( to be used to get information for your tech if all else fails to repair damaged files )
    Last edited by Just Plain Fred; 2012-01-13 at 15:51.

  16. #15
    Lounger Super Sarge's Avatar
    Join Date
    Oct 2011
    Location
    Jordan Minnesota
    Posts
    45
    Thanks
    1
    Thanked 0 Times in 0 Posts
    System restore can also be infected, to make sure it is not after you get system cleaned delete all restore points, create a new system restore point with a given name.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •