Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Zapping System Progressive Protection




    WOODY'S WINDOWS

    Zapping System Progressive Protection


    By Woody Leonhard

    Over the holiday break, three people sent me panic messages asking about an antivirus product that was demanding money to fix their computers.

    If my admittedly small sample is any indication, the venerable and virulent "System Progressive Protection" rogueware is back with new infection methods to delight us all. Oh boy.

    The full text of this column is posted at windowssecrets.com/woodys-windows/zapping-system-progressive-protection/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    Lounger
    Join Date
    Dec 2009
    Location
    NSW
    Posts
    34
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Thanks for the great article. It just shows how careful and attentive we have to be before we madly click away! One thing that Woody didn't mention as a solution was the matter of backups. Wouldn't the easy answer be to restore the system with a system image restore, or am I missing something? I do regular system images plus daily folder and file backups. Surely this would fix SPP?

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    New Haven, Connecticut. USA
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Excellent thread for those not aware...

    Very good article on 'more to be weary of. The section that interested me the most was about the video viewing and the need of a new codec. First of all, almost all the online video players are flash based. The video's are streamed as FLV or mp4. Logical as either can have a smaller file size without sacrificing quality. Specialty, hobby's, and other things sometimes stream in wmv , or mov. These codecs are almost by default in every pc, except for flv. And like the boss said, installing VLC has every codec you should ever need and then some.

    Back to those Flash video streaming sites. Most of the time when you see the "phoney" you need a new codec covering the screen you want to look at, there is many times a way to close the overlay. Sometimes a very tiny x, almost hidden will close it. If you do close the overlay and the player seems dead, then you can know for certain the link you clicked to get there was a dirty link. If you can't close it it's time to find another stream. The streaming sites and their flash based interfaces are not responsible for those overlays. You can access that same streaming site from another link or directly and won't see all that crap.

    Ethics aside, the people that facilitate streaming servers are doing it for a reason. Infecting you is not on the agenda.

    The money game. Some streaming companies (for lack of better words) will throttle your stream and want you to pay a premium for fast streams. I can't tell you what to do, but unless their free stream's video quality is above 480p, don't throw away your money. They don't have video's before the 'other guy either. You'll find those videos on another 'free' server.

    When it comes to streaming and sites offering streaming links, it can become a mission for the inexperienced. I know of sites tagged as malicious yet they have the same links (and more) as popular sites such as Sidereel, and they have absolutely no spam links!

    It's all risky. Just don't download anything from a video window, there's no reason for it and there's a 99% chance you don't need it. If you can't close the overlay just utilize another stream link.
    Last edited by hkb; 2013-01-17 at 02:45. Reason: restructure and errors
    . hkb
    q8:{ }8p

  4. #4
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,796
    Thanks
    117
    Thanked 799 Times in 720 Posts
    Given the title of the article, I expected to find instructions on removing this nasty. If you do get infected, see
    http://malwaretips.com/blogs/remove-...tection-virus/

    For removal instructions.

    Jerry

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    San Francisco, CA
    Posts
    8
    Thanks
    2
    Thanked 0 Times in 0 Posts

    tell us how to disinfect

    I agree with the previous post..

    when you write "this version of SPP. It digs deep into Windows, making it resistant to nearly every type of malware-scanning software I've used. Manual disinfection methods that work on earlier versions of SPP might be ineffective with the latest incarnation.

    then give us effective methods.

    Charlie

    "

  6. #6
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,796
    Thanks
    117
    Thanked 799 Times in 720 Posts
    In fact, the link I posted shows how to use a couple of Anti-Malware software packages to automatically remove the infection. Can't say enough about Malwarebytes. Its my goto program when the primary active antivirus program fails. Unfortunately, in this case you have to run another package as well to get rid of the rootkit.


    Jerry

  7. #7
    New Lounger
    Join Date
    Apr 2010
    Location
    Madison, WI USA
    Posts
    13
    Thanks
    2
    Thanked 0 Times in 0 Posts

    SPP on SmartPhones?

    I recently received a suspicious notice to upgrade Adobe Reader not on my computer, but while reading Outlook Exchange email on my Windows 7.5 phone. The attached file (trusted source, from work) did not open, so the second time I clicked on the "update." Nothing seemed to happen (it kept prompting me to update) so I closed out of mail app and reopened it. This time the file opened and was readable. Nothing seems to have changed, but I'm still nervous.

    Two questions:

    1. Should I expect to see version updates for Adobe and similar programs on my phone?
    2. Is there some sort of well-recommended virus protection for Windows based phones? I know Android malware has been given a lot of attention in the press, but I find little specific to the WP. Even a one-time scan would make me feel better at this point.

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Sydney,NSW,Australia
    Posts
    16
    Thanks
    2
    Thanked 0 Times in 0 Posts
    AussieMike asked if it would not be simpler to restore from an image backup - (as I have seen advised by Ask Leo and many others as a good way to recover from an infection).

    However there is one form a malware which while not the same as the subject of this article, is similar. This is the type of malware that encrypts files, and has been reported as encrypting the backups on attached external drives as well. Advice on this subject often includes "do not leave the external drive connected".

    With backup programs which are scheduled there is an obvious operational conflict. I have been looking for reasonable solutions to this but have not found any. Having a routine to only have the external drive connected when disconnected from the internet would work, but its use is problematical, particularly with daily (or even more frequently with some data backup programs, including that in Windows 8).

    It may be that for selected files, cloud backup is a solution, as even if what is there gets replaced with an encrypted version, a program which keeps earlier versions (e.g. Dropbox) would let the material be recovered.

  9. #9
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by jwitalka View Post
    Given the title of the article, I expected to find instructions on removing this nasty. If you do get infected, see
    http://malwaretips.com/blogs/remove-...tection-virus/

    For removal instructions.

    Jerry
    That site tells you to use Hitman Pro to remove the rootkit. This is not free. Hitman Pro is not an AV program, but only runs the engines of several real AV programs. While I find Hitman Pro's findings useful in everyday cleanup and maintenance, I would never pay them to remove a rootkit. I would go to the source -- the original AV vendors whose engines are used inside of Hitman Pro -- and use their (paid) programs to do a proper scan and removal process.

    I also noticed frequent mention in the Comments of ESET online scanner. I don't know whether this one does the removals for free, but the ESET full product is not free.
    Last edited by bobprimak; 2013-01-17 at 18:37.
    -- Bob Primak --

  10. #10
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by r.woodward View Post
    I recently received a suspicious notice to upgrade Adobe Reader not on my computer, but while reading Outlook Exchange email on my Windows 7.5 phone. The attached file (trusted source, from work) did not open, so the second time I clicked on the "update." Nothing seemed to happen (it kept prompting me to update) so I closed out of mail app and reopened it. This time the file opened and was readable. Nothing seems to have changed, but I'm still nervous.

    Two questions:

    1. Should I expect to see version updates for Adobe and similar programs on my phone?
    2. Is there some sort of well-recommended virus protection for Windows based phones? I know Android malware has been given a lot of attention in the press, but I find little specific to the WP. Even a one-time scan would make me feel better at this point.
    Different OS entirely, and this malware is Windows (full OS or Windows 8 RT on tablets) and possibly an Android variant, last I read. Anyway, there really has been an update for Adobe Reader, so your alert is in all likelihood legit.
    -- Bob Primak --

  11. #11
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by Dean-S View Post
    AussieMike asked if it would not be simpler to restore from an image backup - (as I have seen advised by Ask Leo and many others as a good way to recover from an infection).

    However there is one form a malware which while not the same as the subject of this article, is similar. This is the type of malware that encrypts files, and has been reported as encrypting the backups on attached external drives as well. Advice on this subject often includes "do not leave the external drive connected".

    With backup programs which are scheduled there is an obvious operational conflict. I have been looking for reasonable solutions to this but have not found any. Having a routine to only have the external drive connected when disconnected from the internet would work, but its use is problematical, particularly with daily (or even more frequently with some data backup programs, including that in Windows 8).

    It may be that for selected files, cloud backup is a solution, as even if what is there gets replaced with an encrypted version, a program which keeps earlier versions (e.g. Dropbox) would let the material be recovered.
    For synchronizing or File History backups, it is indeed impractical to leave the backup drive disconnected when not in use, as it is always in use. This is a drawback to these backup methods. I rely on backing up data in batches at intervals, and only after scanning (Full File System Scans) with at least two AV and AS products before attaching any external backup drive to my laptops. No infections of the backup drives, ever, when using this tactic. I also use a separate external drive to manually create and maintain System Image Backups, at less frequent intervals, and again, only on a fully scanned system.
    -- Bob Primak --

  12. #12
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by jwitalka View Post
    In fact, the link I posted shows how to use a couple of Anti-Malware software packages to automatically remove the infection. Can't say enough about Malwarebytes. Its my goto program when the primary active antivirus program fails. Unfortunately, in this case you have to run another package as well to get rid of the rootkit.


    Jerry
    This could be a good case for the Microsoft Windows Defender Offline CD-based tool. This program is particularly adept at ferreting out rootkits and disarming them.
    -- Bob Primak --

  13. #13
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,796
    Thanks
    117
    Thanked 799 Times in 720 Posts
    That site tells you to use Hitman Pro to remove the rootkit. This is not free.
    Bob, Hitman pro is free to use for 30 days.

    Jerry

  14. #14
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by jwitalka View Post
    Bob, Hitman pro is free to use for 30 days.

    Jerry
    I'm aware of that. And of the fine print about limitations on removal even during the free Trial. I prefer longer-term solutions.
    -- Bob Primak --

  15. #15
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,796
    Thanks
    117
    Thanked 799 Times in 720 Posts
    I have a couple of alternate programs I use for rootkit removal as well. The point is, the instructions in the link I provided will remove the nasty at no cost. Neither I or the instructions purport to indicate you keep the removal programs long term although I am a big proponant of Malwarebytes.

    By the way, I haven't had much luck with Defender off line for removing rootkits.

    Jerry

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •