Oh no -- major malware attack

General discussions on songwriting, mixing, music business and other music related topics.
twilightsong
Senior Member
Posts: 1888
Joined: Wed Dec 15, 2010 6:08 pm
Contact:

Oh no -- major malware attack

Post by twilightsong » Mon Feb 28, 2011 10:25 pm

Today I clicked on a picture and my computer went haywire -- some sort of app launched and "detected" "38 instances of spyware and malware" and then asked me if i wanted to remove them. When I clicked "yes" it took me to a site where I could purchase the app in order to remove them. The site looked VERY suspicious.

Haven't I obviously run into some shady deal that infects you with various malware in order for you to buy their product?

I couldn't find the app in my list of programs. When I try to run Adaware to deal with this, it won't launch -- error message says it's "infected" too. :roll:

Any suggestions?
"There is no avant-garde; only some people a bit behind." -- Edgar Varese
-----------------------------------------------------------
Cubase 5.5.2/ Win 7 64-bit/ Quad 9550/ UAD-2/ Wavelab 4/ more sample libraries than I can remember

User avatar
NorthWood MediaWorks
Senior Member
Posts: 2339
Joined: Wed Dec 15, 2010 5:51 pm
Location: Canada
Contact:

Re: Oh no -- major malware attack

Post by NorthWood MediaWorks » Mon Feb 28, 2011 10:27 pm

Google the name of the removal tool, you may get some more info... there is one of these that actually has a frereware removal tool, they just hide it in the hope you'll buy the expensive one.... the name of it escapes me right now....

Zenda
Member
Posts: 371
Joined: Wed Dec 15, 2010 5:52 pm

Re: Oh no -- major malware attack

Post by Zenda » Mon Feb 28, 2011 10:34 pm

Doug .. hang on and don't do anything ...


the bugger's interfering with 'interventons' yuo might make.

I'm gogin to try to find something .... it's made to give you a bit of leeway .....


Malwarebytes is something yuo need to google, download and install and apply ....

BUT, the malwayre you've got MIGHT try to stop that proces..

yuo do that ... I'll be back asap.


NOTE someone with more experience than me might get back to you in the meantime .. ifso, run with them ......


Ill be back ..
The Gypsy King
Music - out of date
Photos

i7930, OCZ Vertex2, Raptors, RME Multiface 2, 12gigRam, C5, Photoshop CS5, Unreal Tournament.


User avatar
HowlingUlf
Senior Member
Posts: 2199
Joined: Wed Dec 15, 2010 4:58 pm
Contact:

Re: Oh no -- major malware attack

Post by HowlingUlf » Mon Feb 28, 2011 10:35 pm

twilightsong wrote:When I clicked "yes" ...
:o

Oh, man! :lol:

I'm sorry, but that's a nono!

And you should already have something stopping executable files from surprising you like that? I even think you do but the stress level made you forget? ;)
They want to scare the sh!t out of you and look like they are the only one that can help you. But it's not the truth ... unless you like it? ;)
Last edited by HowlingUlf on Mon Feb 28, 2011 10:38 pm, edited 2 times in total.
Gothenburg, Sweden
Steinberg Cubase Pro 10.5 | Steinberg WaveLab 10 | Steinberg Absolute 4 | Steinberg SpectralLayers 6
Win10 63.5 Pro | ASUS ATX Z170-P | Intel Core i7-6700K Skylake | 32GB RAM |
Nektar Panorama P6 | | Steinberg Midex8 | Steinberg UR824 |

Zenda
Member
Posts: 371
Joined: Wed Dec 15, 2010 5:52 pm

Re: Oh no -- major malware attack

Post by Zenda » Mon Feb 28, 2011 10:36 pm

First up, Doug .. red this ........

http://www.articlealley.com/article_774570_11.html
The Gypsy King
Music - out of date
Photos

i7930, OCZ Vertex2, Raptors, RME Multiface 2, 12gigRam, C5, Photoshop CS5, Unreal Tournament.


Zenda
Member
Posts: 371
Joined: Wed Dec 15, 2010 5:52 pm

Re: Oh no -- major malware attack

Post by Zenda » Mon Feb 28, 2011 10:45 pm

FOUND IT


Read this thread:
http://forums.cnet.com/7723-6132_102-392046.html

THis is the specific bit:

Code: Select all

First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
_____________________
RKILL is a program designed to counter the malware's attempts to stop you downloading or installing malwarebytes. Run Rkil First. Then Malwarebytes.

Part of your malware is a nasty sod which stops you from accessing popular security sites or installing popular security programs.


THIS IS THE LIMIT OF WHAT I KNOW

Doug - I've put the 'warning' so yuo know I don't ahve that 'skill' which enables me to 'walk you through individual bits' if this process is not sufficient to solve the problem.


I will, however, stay by the computer, and kseep checking in ....

If you need ME to download something for you, and put it on a 'neutral' serve, so YOU can then download it, 'under the radar' of the malware, I'll be happy to do that.

OK

:)
The Gypsy King
Music - out of date
Photos

i7930, OCZ Vertex2, Raptors, RME Multiface 2, 12gigRam, C5, Photoshop CS5, Unreal Tournament.


Zenda
Member
Posts: 371
Joined: Wed Dec 15, 2010 5:52 pm

Re: Oh no -- major malware attack

Post by Zenda » Mon Feb 28, 2011 11:04 pm

in and out of the kitchen for a bit as I get my dinner ready ...
The Gypsy King
Music - out of date
Photos

i7930, OCZ Vertex2, Raptors, RME Multiface 2, 12gigRam, C5, Photoshop CS5, Unreal Tournament.


Zenda
Member
Posts: 371
Joined: Wed Dec 15, 2010 5:52 pm

Re: Oh no -- major malware attack

Post by Zenda » Mon Feb 28, 2011 11:31 pm

ok ... got my diner. So I'm here And I've subscribed to this topic so it'll ping my email.

ok
The Gypsy King
Music - out of date
Photos

i7930, OCZ Vertex2, Raptors, RME Multiface 2, 12gigRam, C5, Photoshop CS5, Unreal Tournament.


Woodcrest Studio

Re: Oh no -- major malware attack

Post by Woodcrest Studio » Mon Feb 28, 2011 11:55 pm

Take a big electro-magnet to your computer. It will suck that malware right off it. :mrgreen:


Glyn told me to write this.

Zenda
Member
Posts: 371
Joined: Wed Dec 15, 2010 5:52 pm

Re: Oh no -- major malware attack

Post by Zenda » Tue Mar 01, 2011 12:01 am

:evil:



:(



:?



:)



:D




:lol:
The Gypsy King
Music - out of date
Photos

i7930, OCZ Vertex2, Raptors, RME Multiface 2, 12gigRam, C5, Photoshop CS5, Unreal Tournament.


twilightsong
Senior Member
Posts: 1888
Joined: Wed Dec 15, 2010 6:08 pm
Contact:

Re: Oh no -- major malware attack

Post by twilightsong » Tue Mar 01, 2011 3:41 am

Oh, sorry guys -- I went out to dinner and was gone for a few hours

Anyway I think I got it. It was some type of "scareware" like Ulf said. It was called "System Tools" :roll: and I found the cure on the web -- had to go into Safe Mode and remove it using Adaware (the Adaware was scanning very slowly so that's why I went to dinner).

When i got back it looked like the Adaware had removed it, but when I rebooted it came up again. So I went back to the website that had instructions for removing it where they listed "registration" codes for "activating" System Tools and all I had to do was highlight it and chose "copy" and a message came up saying "38 entries removed." :roll:

So I think it's still in there, somewhere. The website showed what the registry entry should look like, should I delete it?

Yeah, I should not have hit "yes" but the window said "System Tools" and looked like a regular Windows message and yes I do feel like quite the idiot now!
"There is no avant-garde; only some people a bit behind." -- Edgar Varese
-----------------------------------------------------------
Cubase 5.5.2/ Win 7 64-bit/ Quad 9550/ UAD-2/ Wavelab 4/ more sample libraries than I can remember

Zenda
Member
Posts: 371
Joined: Wed Dec 15, 2010 5:52 pm

Re: Oh no -- major malware attack

Post by Zenda » Tue Mar 01, 2011 3:50 am

Download Malawarebytes - Free version from here ...

http://www.malwarebytes.org/

Run it and let it do its stuff.


IF it cannot run, then get VKILL from that link I gave you above, and run that to prevent the malware from stopping malawarebytes.


Doug ... I was nearly 'caught' by precisely the same System tools fake message ....

I just straightway phoned my antivirus company, and they remote-accessed my computer and fixed it in the way I am recommenting to you.

this is also a method recommended and described by Geoff ... you know .. used to post as HaXX)r on the old forum.

OK .....

Ah ... and yes .. AVOID toushing or clicking anywhere withihn that nasty window ... even the X at the top. Either rebood computer when it happens, or Call up task manager and close your browser.
The Gypsy King
Music - out of date
Photos

i7930, OCZ Vertex2, Raptors, RME Multiface 2, 12gigRam, C5, Photoshop CS5, Unreal Tournament.


JohnOnKeyz
Member
Posts: 516
Joined: Wed Dec 15, 2010 5:53 pm
Contact:

Re: Oh no -- major malware attack

Post by JohnOnKeyz » Tue Mar 01, 2011 4:22 am

On all my computers, I use Avast Antivirus http://www.avast.com/free-antivirus-download (it's free, you just have to re-register once a year).
Spybot S&D http://www.safer-networking.org/en/home/index.html (disable TeaTimer when running music apps though, it's performance intensive!).
And Sygate Firewall, http://www.filehippo.com/download_sygat ... _firewall/ an older version, but extremely powerful.

These are all free.

I've tuned computers for years, as well as removing sticky viruses and trojans. My email is available on my profile page or website. If you are still running into problems, send me a link to the suspicious website, and any info you have gathered. I just have to visit the website, and my antivirus should go on alert, which will also give me a link to information on the avast threat site.

Also download this. http://download.cnet.com/Process-Explor ... 23605.html (Process Explorer). If you have a slow running system, it may be linked to a process, and this should at least give you some information on what that process might be. It may help in the investigation process.

I hope you get it taken care of.
John
(Maryland, USA)
~~~ the Aftereffekt ~~~ - - - - - | | | - - - - - ~~~ Slyd Studios ~~~

twilightsong
Senior Member
Posts: 1888
Joined: Wed Dec 15, 2010 6:08 pm
Contact:

Re: Oh no -- major malware attack

Post by twilightsong » Tue Mar 01, 2011 4:54 am

Thanks!

My computer IS now running quite slow -- apps take forever to open, an I can't stream anything

If I knew who was responsible for this, I would drive to their city and shoot them. Dead.

This incident has had an affect on me
"There is no avant-garde; only some people a bit behind." -- Edgar Varese
-----------------------------------------------------------
Cubase 5.5.2/ Win 7 64-bit/ Quad 9550/ UAD-2/ Wavelab 4/ more sample libraries than I can remember

Zenda
Member
Posts: 371
Joined: Wed Dec 15, 2010 5:52 pm

Re: Oh no -- major malware attack

Post by Zenda » Tue Mar 01, 2011 5:00 am

I bet it has. That's why I stayed close.

Let's face it. It's a bloody Trauma.



fwiw ... since it happened to me, I scoured through my rig to make dang sure there were no sensitive login details or passwords floating around on text files. Even got Roboform password safe to assure that even if buggerrs DID get stuff, it wold be encrypted beyond what's worth their while.
The Gypsy King
Music - out of date
Photos

i7930, OCZ Vertex2, Raptors, RME Multiface 2, 12gigRam, C5, Photoshop CS5, Unreal Tournament.


Ron Garrison
Member
Posts: 237
Joined: Wed Dec 15, 2010 9:23 pm
Contact:

Re: Oh no -- major malware attack

Post by Ron Garrison » Tue Mar 01, 2011 6:38 am

Zenda wrote:Download Malawarebytes - Free version from here ...

http://www.malwarebytes.org/

Run it and let it do its stuff.
+1

Also combofix for some particularly nasty stuff (I have 4 kids).

Ron
Cubase 6.5, Sonar 8.5, Q6700@2.66GHz, Windows 7 Professional 64-bit, MCU+2Extenders, Presonus Firepod, Tascam VL-X5.

Zenda
Member
Posts: 371
Joined: Wed Dec 15, 2010 5:52 pm

Re: Oh no -- major malware attack

Post by Zenda » Tue Mar 01, 2011 6:46 am

Ron .. hi ....

that "particularly nasty stuff (I have four kids)" gave me a sudden abs-crunch laugh-spasm. I didnt quite break my jaw on the tabletop, but my funnybone is still feeling it.

All the best
Glyn :)



PS ... eh Steve :) ... Disk Image. PLUS ONE. I've got them going back to 2001.
The Gypsy King
Music - out of date
Photos

i7930, OCZ Vertex2, Raptors, RME Multiface 2, 12gigRam, C5, Photoshop CS5, Unreal Tournament.


Guest

Re: Oh no -- major malware attack

Post by Guest » Tue Mar 01, 2011 6:56 am

twilightsong wrote:If I knew who was responsible for this, I would drive to their city and shoot them. Dead.
Umm...you know where you live. Please don't shoot yourself. (Yes, you are responsible for what you do on your computer).

Spend $25 and get the full version of Malwarebytes, then nuke the site from orbit.

It's the only way to be sure....and you won't have to bang your head against the wall in the future....which will be ruled by dam dirty apes!

User avatar
HowlingUlf
Senior Member
Posts: 2199
Joined: Wed Dec 15, 2010 4:58 pm
Contact:

Re: Oh no -- major malware attack

Post by HowlingUlf » Tue Mar 01, 2011 8:05 am

twilightsong wrote:Thanks!

My computer IS now running quite slow -- apps take forever to open, an I can't stream anything

If I knew who was responsible for this, I would drive to their city and shoot them. Dead.

This incident has had an affect on me
Pain!
This is the way the idiots rule the world!
The rest of us must clean up after their mindless attempts of ... of what? :evil:
Been there dont that too ... even if it was a long time ago.
Maybe I should check my routines again? Better safe than sorry :?
Gothenburg, Sweden
Steinberg Cubase Pro 10.5 | Steinberg WaveLab 10 | Steinberg Absolute 4 | Steinberg SpectralLayers 6
Win10 63.5 Pro | ASUS ATX Z170-P | Intel Core i7-6700K Skylake | 32GB RAM |
Nektar Panorama P6 | | Steinberg Midex8 | Steinberg UR824 |

Karl
Junior Member
Posts: 163
Joined: Sun Jan 23, 2011 8:32 am
Contact:

Re: Oh no -- major malware attack

Post by Karl » Tue Mar 01, 2011 1:17 pm

It's this kind of thing that causes me to feel that there is a place for capital punishment :!:
Last edited by Karl on Tue Mar 01, 2011 2:13 pm, edited 1 time in total.
Studio system-i5 750, Intel X25 SSD, 3 Raid 0 arrays (2 for streaming sample players, 1 for projects), 16 gig ram, Win7 Pro 64 bit, RME Multiface and Digiface, Cubase 4.5 and C6, NI Komplete 7, Omnisphere, Trillian, EWQL Symphonic Gold/Colosuss, BFD 2, Jamstix, Waves mercury pack, lots of mic's....yada yada yada.... see my equipment list at...

Reference Point Recording Equipment List

Reference Point Recording

OnkelGrusom
Member
Posts: 227
Joined: Thu Dec 23, 2010 12:19 am
Contact:

Re: Oh no -- major malware attack

Post by OnkelGrusom » Tue Mar 01, 2011 1:50 pm

Hi Doug, sorry to hear about your prevails.
My uncle had something similar just days ago. He knows next to nothing about computers but I was able to help him by simply rolling back his system to the restore point one day before his troubles happened. Have you tried that yet?
If you have system restore turned off you can also wait for the next monthly update of malicious software removal tool from MS. That little program has helped me a couple of times, and on this issue MS is actually quite fast to include newer threats.

All the best, Kim
-------- Cubase 8 and earlier, Halion Sonic 2, Hyper Sonic 2, Superior & EZ Drummer, Tonelab, Tube-Tech LCA 2B, Neumann U67 and ADK Hamburg, Presonus Audiobox 1818VSL, Core I7 4790K, 16 gig DDR3 ram --------
Feel free to check out my music on:
http://urort.p3.no/#!/Search/chapter%2520eight?List

JohnOnKeyz
Member
Posts: 516
Joined: Wed Dec 15, 2010 5:53 pm
Contact:

Re: Oh no -- major malware attack

Post by JohnOnKeyz » Tue Mar 01, 2011 5:12 pm

I had a close call just the other day, but the results would have been much worse. Being a consultant, I'm always looking for web projects, whether simple or complex. I responded to a request on Craigslist (looked legitimate). I didn't hear back from anyone for about a week. Then I got a response email saying that they were interested and to please fill out an application online.

Kind of unusual, since I always attach my resume and it has all the info in it. But it's not by any means rare. So I went to their website. It was a "resume submission service", unusual again, but still not rare. Some companies use these services because it is easier than building it in their own websites. So I began filling it out, and saw that it asked for a little too much info, and all fields were required. This made me suspicious and I stepped through the different sections. Sure enough the last page said to include my banking details so they could set up "direct deposit". So I stopped in my tracks, erased the little non-dangerous info that I had already put in, and went to the home website of this "resume submission service". The page looked like a legit home page, but none of the links went anywhere.

So I looked up the whois information for the website, and sent it and the email that I had received to a company that investigates online fraud, ID theft and phishing.

As Doug says. This kind of stuff affects me in a very potent way. If I even met these people, I'm pretty sure I would act out of character... meaning things like inflicting horrendous and tortuous violence upon who ever is responsible. :twisted:
John
(Maryland, USA)
~~~ the Aftereffekt ~~~ - - - - - | | | - - - - - ~~~ Slyd Studios ~~~

twilightsong
Senior Member
Posts: 1888
Joined: Wed Dec 15, 2010 6:08 pm
Contact:

Re: Oh no -- major malware attack

Post by twilightsong » Tue Mar 01, 2011 7:12 pm

I DO have off-line backup in case total devastation occurs. Since this was just malware, I wouldn't think it necessary to go to that length.

In 15 years or so of being on the Internet, this is actually the FIRST problem I've ever had (other than the Worm that hit everyone in the world about 7 years ago). I dion't even have anti-virus software (although I do have Adaware). Apparently I need to rethink that.

System seems to be running okay now. My streaming problem was actually due to Safe Mode resetting my soundcard sample rate to its default 48khz.

Regarding "retribution": I've said for many years now, 95% of us in the world are basically decent folks that, despite deep disagreements about various things, have goodwill and aren't out to harm anyone else. It's the 5% that RUIN it for the rest of us. I don't know why society tolerates them, frankly. I'm not talking about people that suffer from addictions, or people that make mistakes, or disagreeable chaps, or even people that are forced to steal to feed their family. I'm talking about the motherf-ckers who for whatever reason feel compelled to hurt, defraud, and kill others for their own pleasure, greed, or advancement. If we would simply liquidate them, the world would be so much nicer to live in.
"There is no avant-garde; only some people a bit behind." -- Edgar Varese
-----------------------------------------------------------
Cubase 5.5.2/ Win 7 64-bit/ Quad 9550/ UAD-2/ Wavelab 4/ more sample libraries than I can remember

User avatar
HowlingUlf
Senior Member
Posts: 2199
Joined: Wed Dec 15, 2010 4:58 pm
Contact:

Re: Oh no -- major malware attack

Post by HowlingUlf » Tue Mar 01, 2011 8:27 pm

twilightsong wrote:Regarding "retribution": I've said for many years now, 95% of us in the world are basically decent folks that, despite deep disagreements about various things, have goodwill and aren't out to harm anyone else. It's the 5% that RUIN it for the rest of us. I don't know why society tolerates them, frankly. I'm not talking about people that suffer from addictions, or people that make mistakes, or disagreeable chaps, or even people that are forced to steal to feed their family. I'm talking about the motherf-ckers who for whatever reason feel compelled to hurt, defraud, and kill others for their own pleasure, greed, or advancement. If we would simply liquidate them, the world would be so much nicer to live in.
+1

and it irritates me to no end. All they're good for is contaminating the gene pool. All my thoughts from now on will be so abominable, alarming, appalling, atrocious, awful, bad, beastly, creepy, dire, distressing, fearful, formidable, frightful, frozen, ghastly, godawful, grievous, grim, grody, gross, hideous, horrendous, horrific, humorous, icky, lousy, mean, monstrous, rotten, shameful, shocking, shuddersome, spooky, terrible, terrific, tragic, tremendous and even wicked because what needs to be done with these people is ...
[invisible]

[/invisible]
... and that's my final word!!! :evil:
Gothenburg, Sweden
Steinberg Cubase Pro 10.5 | Steinberg WaveLab 10 | Steinberg Absolute 4 | Steinberg SpectralLayers 6
Win10 63.5 Pro | ASUS ATX Z170-P | Intel Core i7-6700K Skylake | 32GB RAM |
Nektar Panorama P6 | | Steinberg Midex8 | Steinberg UR824 |

User avatar
PMF
Junior Member
Posts: 117
Joined: Fri Dec 31, 2010 9:18 pm
Contact:

Re: Oh no -- major malware attack

Post by PMF » Tue Mar 01, 2011 10:45 pm

Hi Doug

which OS are you using?

try this as an admin (worst case make a new admin user).....

- Save your Data to an external drive
- Make an image of the drive (or drives) if possible
- Someone already mentioned the microsoft Windows Malicious Software Removal Tool (KB890830) - its ok
- If you dont have a virus checker I would try a free one.. either Microsoft Security Essentials, avira personal ed. or f-secure (30 Day) or avast... the last 3 are IMHO a bit more effective than MSE.. - Scan your System
- The other way is you buy a full suite like Norton 360... but its not free
- See that your computer is up to date (windows Updates)

Worst case, if you cant get rid of the whatever is causing the trouble, you might have to re-install the computer.

Hope you can get it up and running again.

Regards
Ian
Multitrack/Mastering HW: ASUS P87 Plus, i7 4790 3.6GHZ, 32GB RAM, Graphics: ATI Radeon HD7750, HD SYS C: 0.5TB, Samsung evo 850, VSTi F: Seagate ST2000DX001, Data E:3TB, Seagate ST3000DM008, Backup/Image: 4TB Seagate ST4000DM005 x2, RME RayDat, 3 Focusrite Clarett Octopre, GAP Prem73 Pre, RME Quadmic II, OS WIN10 64bit 1909, Cubase Pro 10.5.00, Sequel3 and Samplitude PRO-X4 15.2.2.388 64bit.

Post Reply

Return to “Steinberg Lounge”

Who is online

Users browsing this forum: No registered users and 2 guests