Should ISPs be able to take infected PCs off the net

[WizardHawk]

Funny that this thread should come up today because this is exactly what just happened to one of our facilities. I got a call today that every web page this site tried to visit redirected them to a page from century link telling them their internet has been blocked due to a potential virus. It wasn't just web pages that were down of course, they also took down the services we use to take care of customers.

So of course I had to drop everything and rush to this site. Followed the steps on the browser to get things turned back on. Basically lied and said the infection was gone. Then I went about trying to find out where this was coming from. I didn't think it was any of our main computers as we have decent protection on them. I was right. Turns out it was on a laptop of someone visiting from another office I have no control over.

As for Malwarebytes Anti-Malware... Great program, but don't expect that a clean scan means you don't have an infection. In the case of this laptop all MBAM found was 2 PUP (nothing major). Zeus (zbot or win32-zbot) is very good at stealthing from anti virus and anti malware scanning.

I used a couple of free apps from Kaspersky to find the critter and stomp it out.
Utilities
Is a great page if you have some stubborn trojans. I used the zbotkiller and TDSSkiller apps off that page and both found things and fixed them. After that I ran rkill Downloading RKill. That link saves the file as iexplorer.exe, don't panic if you use that. They rename it to that so ruthless trojans don't block it.

Once you run all 3 of those (under 5 mins for all of it) you run MBAM again (don't reboot first!) and it's all good.

I keep trying to tell upper management that allowing visitors from other offices to use our internet without us having any control over their systems is dangerous and maybe now they will listen?

 

[KansasSooner]

TDSSkiller is available for use on USB with PortableApps installed. It is one of the tools in my arsenal too. Also MS and Kaspersky both have off line scanners that can be burned to CD ROM. Microsoft is a 32 and 64 bit version for their respective OS flavors in 32 and 64 bit. Booting from CD and updating the database for either Kaspersky or MS is rather slow though...

Also I have the PortableApps version of HijackThis, can be indispensable when looking for strange behavior and can reset the Hosts file and delete malicious services...

 

[HaroldSeattle]

A forum on high tech here would be great. Put KansasSooner in charge. It would open some eyes here, I know I'd be reading it everyday and adding what I could.

 

[KansasSooner]

There are several good tech sites already on the net, including Malwarebyte's own forum. A really good one to check out is Bleeping Computer - Technical Support and Computer Help

 

[fordman84]

My desktop here got infected a few months ago from some photo sharing crap my wife downloaded (a major name, just can't think of it, icon looked like a jack in the box or something). Wouldn't leave my damn browser alone, so I reformatted. Have done that probably 3 or 4 times in the life of this computer. Have all my bookmarks archived, keep photos on some online storage and a backup on a portable HD, and just a quick jot down of crap I want to remember to redownload and 30 minutes later I have basically a brand new computer that actually runs much better since it clears out the 6-12 months of bloat and crap.

I'm not smart enough to mess with the registry to clean it up, and most of those steps to remove trojans dont' work for me. So, clean wipe and all good. But this isn't my work computer, just for playing dominoes/cards/pron/hoop...in no particular order

 

[KansasSooner]

My desktop here got infected a few months ago from some photo sharing crap my wife downloaded (a major name, just can't think of it, icon looked like a jack in the box or something). Wouldn't leave my damn browser alone, so I reformatted. Have done that probably 3 or 4 times in the life of this computer. Have all my bookmarks archived, keep photos on some online storage and a backup on a portable HD, and just a quick jot down of crap I want to remember to redownload and 30 minutes later I have basically a brand new computer that actually runs much better since it clears out the 6-12 months of bloat and crap.

I'm not smart enough to mess with the registry to clean it up, and most of those steps to remove trojans dont' work for me. So, clean wipe and all good. But this isn't my work computer, just for playing dominoes/cards/pron/hoop...in no particular order

You really need to get Malwarebyte's Anti-Malware then and let it do all the work. It's easy enough to use.

 

[fordman84]

Hmm, in the last wipe guess I didn't get adaware back. Hardly ran it anyways. Have MBAM and Avast. Used kaspersky before, it was too intrusive. Avast is nice and quiet and just is noticeable when I need it to be.

 

[fordman84]

You really need to get Malwarebyte's Anti-Malware then and let it do all the work. It's easy enough to use.

I can't remember the name, but I have always had MBAM on my computer. It was a known issue, it was hijacking my search bar. Kept making some stupid search program the main search in the firefox search bar at the top. Can't for the life of me remember the name of the program, but nothing was getting it. I went to multiple reputable sites that claimed to give steps to clear it and nothing could remove it. Every time I reloaded firefox it was back.

 

[RegentDenali]

A forum on high tech here would be great. Put KansasSooner in charge. It would open some eyes here, I know I'd be reading it everyday and adding what I could.

to that idea.

 

[KansasSooner]

I can't remember the name, but I have always had MBAM on my computer. It was a known issue, it was hijacking my search bar. Kept making some stupid search program the main search in the firefox search bar at the top. Can't for the life of me remember the name of the program, but nothing was getting it. I went to multiple reputable sites that claimed to give steps to clear it and nothing could remove it. Every time I reloaded firefox it was back.

Search bar hijacks are not cleaned up completely by MBAM but there is another tool called JRT that will clean them up, just reset your default search after it's done. It's available here: Junkware Removal Tool Download

 

[fordman84]

Search bar hijacks are not cleaned up completely by MBAM but there is another tool called JRT that will clean them up, just reset your default search after it's done. It's available here: Junkware Removal Tool Download

bookmarked and getting now

 

[HaroldSeattle]

There are several good tech sites already on the net, including Malwarebyte's own forum. A really good one to check out is Bleeping Computer - Technical Support and Computer Help

Yes, some good sites, but lots of folks don't know about them or just not into it enough to go there. However if we had a SportsHoopla high tech forum, I bet we would get lots of feedback and questions from the SportsHoopla faithful.

 

[fordman84]

MyWebSearch....DANG IT. That was the one! bastards

 

[fordman84]

Yes, some good sites, but lots of folks don't know about them or just not into it enough to go there. However if we had a SportsHoopla high tech forum, I bet we would get lots of feedback and questions from the SportsHoopla faithful.

I imagine it would be a lot of people running their diagnostics and posting the logs here and KSooner telling them what to delete. I think he already has a full time job.

 

[KansasSooner]

Yes, some good sites, but lots of folks don't know about them or just not into it enough to go there. However if we had a SportsHoopla high tech forum, I bet we would get lots of feedback and questions from the SportsHoopla faithful.

Maybe, my guess is it would turn into MAC vs Windows forum. Just not into that, all I care about is computers, don't care who makes them or what they run, I can use them all and program most of them...

 

[HaroldSeattle]

Search bar hijacks are not cleaned up completely by MBAM but there is another tool called JRT that will clean them up, just reset your default search after it's done. It's available here: Junkware Removal Tool Download

Yup,going to add that. I actual had a browser hijack problem a short while ago and ended up reformatting.

 

[WizardHawk]

hitmanpro 3 is another useful tool. Does some unique scanning and at least lets you know if things are really clean after MBAM gives you a clean bill of health. The free version only removes things for the first 30 days free and after that it will only tell you that you have infections. Still has found things for me more than once.

I agree on highjackthis as well. Another great tool for the old fix it USB drive.

 

[KansasSooner]

MyWebSearch....DANG IT. That was the one! bastards

That is one of them, there is also Conduit and Babylon. Those two are the shit to remove without JRT although it can be done if you really know how to hack the registry.

 

[HaroldSeattle]

Maybe, my guess is it would turn into MAC vs Windows forum. Just not into that, all I care about is computers, don't care who makes them or what they run, I can use them all and program most of them...

I don't think the Mac vs PC would be a problem here. I use both myself (better withPCs). I think what you would find is folks telling you they got this strange problem.

 

[RegentDenali]

This brought back the memory of about 5 years ago when my sister's computer got infected multiple times with the Win32/Vundo malware. This was the computer she and her kids used at home. Popup windows for fake Viagra, dick enlargement pills, etc.. kept popping up when they would browse sites like Disney and Nickelodeon. LOL.

Was a total PITA to get it completely removed and instruct them on how to get their virus/malware scanning up to snuff.