Go Back   EcoModder Forum > Off-Topic > The Lounge
Register Now
 Register Now
 


Reply  Post New Thread
 
Submit Tools LinkBack Thread Tools
Old 02-11-2010, 02:59 PM   #1 (permalink)
Master EcoModder
 
NeilBlanchard's Avatar
 
Join Date: May 2008
Location: Maynard, MA Eaarth
Posts: 7,873

Mica Blue - '05 Scion xA RS 2.0
Team Toyota
90 day: 42.48 mpg (US)

Forest - '15 Nissan Leaf S
Team Nissan
90 day: 156.46 mpg (US)

Number 7 - '15 VW e-Golf SEL
TEAM VW AUDI Group
90 day: 155.81 mpg (US)
Thanks: 3,388
Thanked 2,883 Times in 1,812 Posts
Beware of "Internet Security 2010" -- worst Trojan EVER!

Hello Folks,

I'm just finishing up reinstalling Windows on a laptop for a client, that was infected by a Trojan malware program, that calls itself "Internet Security 2010" -- PLEASE KEEP YOUR FIREWALL & ANTIVIRUS UP TO DATE!!! Update Windows with all the security updates, as well. Microsoft has a big job ahead of them, fighting this thing...

*This* *is* *the* *worst* *Trojan* *malware* *EVER*!

It installs in the "Safe" mode of Windows.
It prevents you from using System Restore to reverse its installation.
It blocks you from getting to websites that help you fight it.
It blocks you from downloading files, by shutting down the browser.
You cannot install another browser like FireFox.
It blocks your antivirus.
It blocks you from using RegEdit.
It modifies the hard drive so you cannot read the drive in Linux.
It pops up continuously with warnings that your machine is infected (NO KIDDING!) and they want to sell you the "solution". I am *sure* that while it might make the symptoms go away, it would remain infected. You have to pay them to let them continue to use your computer.

If it gets a foothold on you computer, it downloads and installs additional Trojan programs.

Google "Internet Security 2010" and you will see lots of evidence of this huge threat.

It seems to do something even more: when I tried to install WinXP from an installation CD -- the hard drive is not "seen". You would have to buy a new hard drive, and that might not work. I tried putting in another old hard drive, and it was not "seen" either, but it might have other issues... I *was* able to install Linux on that other hard drive -- it was "seen" by Linux. The only plausible explanation I can come up with is that this malware *moves* something required for running Windows from the hard drive controller to the hard drive; thus making it impossible to even use a new hard drive to reinstall Windows.

Have I raised your awareness enough to get you to take steps to prevent your Windows machine from getting this? Please do this -- this is a very, very serious challenge.

__________________
Sincerely, Neil

http://neilblanchard.blogspot.com/
  Reply With Quote
Alt Today
Popular topics

Other popular topics in this forum...

   
Old 02-11-2010, 03:08 PM   #2 (permalink)
Pokémoderator
 
cfg83's Avatar
 
Join Date: Dec 2007
Location: Southern California
Posts: 5,864

1999 Saturn SW2 - '99 Saturn SW2 Wagon
Team Saturn
90 day: 40.49 mpg (US)
Thanks: 439
Thanked 528 Times in 355 Posts
Neil -

Yeah, I stopped using Firefox on one of my PCs after a Trojan called "Windows Police Pro" got into it. My PC got nailed within 48 hours of it being discovered. It hides copies of itself in the "System Volume Information".

CarloSW2
__________________

What's your EPA MPG? Go Here and find out!
American Solar Energy Society
  Reply With Quote
Old 02-11-2010, 03:10 PM   #3 (permalink)
Wannabe greenie
 
Join Date: Aug 2008
Location: Yorba Linda, CA
Posts: 1,098

The Clunker (retired) - '90 Honda Accord EX sedan
Team Honda
90 day: 29.49 mpg (US)

Mountain Goat - '96 Ford Ranger XLT 4x4 SuperCab
90 day: 18 mpg (US)

Zippy - '10 Kymco Agility 125
90 day: 65.03 mpg (US)
Thanks: 5
Thanked 53 Times in 40 Posts
Quote:
Originally Posted by NeilBlanchard View Post
Have I raised your awareness enough to get you to take steps to prevent your Windows machine from getting this? Please do this -- this is a very, very serious challenge.
I've seen two versions of this. The first was fairly easy to remove (install Malwarebytes and manual updates from a flash drive, reboot into Safe Mode and run a clean.) The second was a bit harder, as it would automatically delete the Malwarebytes application file when you tried to execute it. (Solution was to install Malwarebytes, rename the executable to something else before running it, then running a clean.)

It seems that they're continually updating it to make it harder to remove. Best advice is not to get it at all, and that's by running an alternative browser such as Firefox, and updating not only Windows, but the Flash Player, Shockwave, Java, Adobe Reader and Firefox.

Better yet, get away from Windows if at all possible.
__________________

  Reply With Quote
Old 02-11-2010, 03:19 PM   #4 (permalink)
Pokémoderator
 
cfg83's Avatar
 
Join Date: Dec 2007
Location: Southern California
Posts: 5,864

1999 Saturn SW2 - '99 Saturn SW2 Wagon
Team Saturn
90 day: 40.49 mpg (US)
Thanks: 439
Thanked 528 Times in 355 Posts
Neil -

Another thing I did was take the hard disk out and attach it as a USB external disk. This didn't fix Registry problems, but it allowed a non-infected system to do successive cleanups.

CarloSW2
__________________

What's your EPA MPG? Go Here and find out!
American Solar Energy Society
  Reply With Quote
Old 02-11-2010, 04:05 PM   #5 (permalink)
aero guerrilla
 
Piwoslaw's Avatar
 
Join Date: Oct 2008
Location: Warsaw, Poland
Posts: 3,541

Svietlana II - '13 Peugeot 308SW e-HDI 6sp
90 day: 58.1 mpg (US)
Thanks: 1,056
Thanked 630 Times in 396 Posts
Niel, you seem to know quite a lot of details about that trojan. Maybe you have something to do with it? And you formatted your disk and reinstalled to get rid of evidence? Ha! Gotcha!
__________________
e·co·mod·ding: the art of turning vehicles into what they should be

What matters is where you're going, not how fast.

"... we humans tend to screw up everything that's good enough as it is...or everything that we're attracted to, we love to go and defile it." - Chris Cornell

Piwoslaw's Peugeot 307sw modding thread

  Reply With Quote
Old 02-11-2010, 04:19 PM   #6 (permalink)
Master EcoModder
 
NeilBlanchard's Avatar
 
Join Date: May 2008
Location: Maynard, MA Eaarth
Posts: 7,873

Mica Blue - '05 Scion xA RS 2.0
Team Toyota
90 day: 42.48 mpg (US)

Forest - '15 Nissan Leaf S
Team Nissan
90 day: 156.46 mpg (US)

Number 7 - '15 VW e-Golf SEL
TEAM VW AUDI Group
90 day: 155.81 mpg (US)
Thanks: 3,388
Thanked 2,883 Times in 1,812 Posts
Hi Carlos,

I had to do that (put it in an external enclosure) to get the files we needed -- I copied them onto my Mac, then onto a thumb drive and now they are back on the refurbished laptop.

Linux could not mount the drive, and Mac could not delete the Internet Security 2010 files, because it can't write to NTFS -- even as root...

Like I said, this version is evil itself!
__________________
Sincerely, Neil

http://neilblanchard.blogspot.com/
  Reply With Quote
Old 02-11-2010, 04:52 PM   #7 (permalink)
Batman Junior
 
MetroMPG's Avatar
 
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 21,761

Blackfly - '98 Geo Metro
Team Metro
Last 3: 70.09 mpg (US)

MPGiata - '90 Mazda Miata
90 day: 53.56 mpg (US)

Winter beater Metro - '00 Chevrolet Metro
90 day: 61.98 mpg (US)

Fancy Metro - '14 Mitsubishi Mirage top spec
90 day: 58.72 mpg (US)

Even Fancier Metro - '14 Mitsubishi Mirage top spec
90 day: 66.29 mpg (US)
Thanks: 3,473
Thanked 6,281 Times in 3,250 Posts
Neil, do you know how your client got infected?
__________________
Latest mods: 3-cylinder Mitsubishi Mirage. EcoMods now in progress...
Ecodriving test:
Manual vs. automatic transmission MPG showdown



EcoModder
has launched a forum for the efficient new Mitsubishi Mirage
www.MetroMPG.com - fuel efficiency info for Geo Metro owners
www.ForkenSwift.com - electric car conversion on a beer budget
  Reply With Quote
Old 02-11-2010, 11:28 PM   #8 (permalink)
Master EcoModder
 
NeilBlanchard's Avatar
 
Join Date: May 2008
Location: Maynard, MA Eaarth
Posts: 7,873

Mica Blue - '05 Scion xA RS 2.0
Team Toyota
90 day: 42.48 mpg (US)

Forest - '15 Nissan Leaf S
Team Nissan
90 day: 156.46 mpg (US)

Number 7 - '15 VW e-Golf SEL
TEAM VW AUDI Group
90 day: 155.81 mpg (US)
Thanks: 3,388
Thanked 2,883 Times in 1,812 Posts
Hi Darin,

They had let the antivirus get slightly out of date, and they were literally in the process of upgrading it to the latest version when this struck... They also used IE and had not kept up with the Windows patches (though they did have WinXP SP3).

Bad luck, bad timing, bad karma...

It is ALL BETTER now. But it was a close thing...

Oh, I got a much better answer to why the HD was not "seen" by the WinXP installation: "the hard drive not being seen by the XP install CD is probably just not loading the AHCI drivers.

You can load the AHCI drivers from a floppy or turn off AHCI in the BIOS. If you tried a Vista or 7 install it should also see the drive just fine."

There is no toggle in the BIOS for this, unfortunately. I replied that MS forces you to install those drivers from a floppy -- and this machine has no floppy! Someone else responded that a custom "slipstreamed" installation CD can be made with these drivers integrated, but how much of a pain would that have been? If we could use Vista or Win7 (we cannot) then this would have been a non-issue.

Thankfully, it is now working, and it did not come to this.
__________________
Sincerely, Neil

http://neilblanchard.blogspot.com/

Last edited by NeilBlanchard; 02-11-2010 at 11:43 PM..
  Reply With Quote
Old 02-12-2010, 12:07 AM   #9 (permalink)
Master EcoModder
 
Join Date: Jun 2008
Location: Earth
Posts: 5,209
Thanks: 225
Thanked 808 Times in 592 Posts
I can't resist a bit of a quibble here. This is only the second-worst malware program around. The undisputed first place of course goes to Windows :-)
  Reply With Quote
The Following 2 Users Say Thank You to jamesqf For This Useful Post:
Christ (02-12-2010), Piwoslaw (02-12-2010)
Old 02-12-2010, 02:04 AM   #10 (permalink)
Master EcoModder
 
Wonderboy's Avatar
 
Join Date: Jun 2008
Location: Chicago
Posts: 674

The Fruit Bat - '01 Honda Insight
90 day: 59.13 mpg (US)
Thanks: 40
Thanked 39 Times in 27 Posts
Ahaha amen jamesqf. I've seen far worse than this trojan. Like clev said, malwarebytes takes it right down. I'm convinced that the people who write programs like malwarebytes and spybot S&D are the people who make these pesky, yet harmless-to-data trojans to keep computer repair techs busy and wealthy. Virus scanning and spy/malware scanning can take so long sometimes that it has become easier and less time consuming to just reinstall windows, which isn't something I've managed to do in under an hour.


Step 1: Cause time consuming computer problems w/ trojans
Step 2: ???
Step 3: Profit! for a bunch of people (like me) who fix computers for a living.

I don't think it's right, but it's not the most evil ploy I can think of.

__________________
  Reply With Quote
Reply  Post New Thread


Thread Tools




Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, vBulletin Solutions Inc.
Content Relevant URLs by vBSEO 3.5.2
All content copyright EcoModder.com