Damn! They are getting Better

Always have a Linux live disk handy.

Life is but a game, some players win some players lose.   

The rest of us are looking for the damn basters so we can hang them from a tree and watch their legs kick. 

Good suggestion, 2of3. 

@ Dr Guy:

Where/how did you catch it, what program? Did it give any specific "hostage" message? 

Consider a free program like Sandboxie to isolate your OS from any "New Program" or executable. 

Hope you have a clean backup.

Sorry this happened to you! 

You can install the 30 day trial of Kaspersky even on an infected computer.

How about cutting off their fingers and shoving them where the sun don't shine. Them hang 'em from a very long rope off the Golden Gate bridge with a bag full of bull ants in their underwear.

That would be too kind.

Got to rewrite mine - the CD expired (they do after a time, but this one was only 4 years old).

And toast marshmellows?

I will look into sandbox.  But this one was my son's (away at college), so not a lot on it except his music and movies.  I got everything saved (xcopy is your friend).  As for the name, once the kid told me I had "viruses", I unplugged it from the network and started working on it.  I found the file (another one of those number and letter things), and the name was AntiVirusSuper 2011 (it actually had several names) - I have the silent runner log saved so I can go back and look at it.

If I had the time (family reunion this weekend), I would have tried to dissect it before reformatting.  But once I figured out how bad it waws, I just saved all the data and started the reformat.  I figure that will only take a day (versus perhaps days the other way).

I heard making them slide down a razor blade into a vat of vinegar is fun to watch!

Well - as long as it is not hanging them by the neck - I would go for it! (The neck is too quick - but I like the bull ants touch).

Here are the list of names I found in the registry.  I guess it was try one and see if it snookered?

AlphaAV.exe
Anti-Virus Professional.exe
AntispywarXP2009.exe
AntivirusPlus.exe
AntivirusPro_2010.exe
AntivirusXP.exe
antivirusxppro2009.exe
AntiVirus_Pro.exe
av360.exe
AVCare.exe

I honor your choice.... get an ext. drive and Acronis. You'll never be sorry.

Got the exterior drive.  Will look into acronis.  I finally got it reconfigured last night upon my return.  And promptly (I know!  Do not have to say it should have been done before) set the user account to restricted (actually Power user, but at least they cannot get to the system or the admin).

That sounds like XP Total Security 2011, which I caught yesterday from the Witcher Wiki.

It is one %*(($ to get rid of, too! It totally screwed my primary user profile, even blocking me from getting on the internet.

I created a second user (in secure mode), got Malwarebytes (using another computer and a flash drive), and eradicated it.

My old user ID is still trashed, so I had to recreate my old desktop using the new user ID.

This thing slipped right past my Mcafee Internet Security (which is now uninstalled in favor of MWB and AVG).

All in all: 6 to 8 hours of gaming time lost! Waaaahhhhhhhh!

blank

Thanks!

Yep!

After I found the infection in the All user profile, I did not think to try that.  Another quiver in the arsenal!

I was running AVG on the computer - but I have found it slips by all of them.  As I told the kid - AV does not work when you invite it in.

Great suggestion!  I have been too lazy to do that, but given the time expended, it was lazy time wasted.

For a Linux live disk, related to security, i use Knoppix STD for repair ( kubuntu/Win xp pro x64/opensolaris for normal use )... a list of the tools can be found at http://s-t-d.org/tools.html ... if you don't like Knoppix STD, take a look at http://www.knoppix.net/wiki/Security_Live_CD , you have several choice... Helix3 pro is very good but at 239$ by year, it is more a tool for people in the security business...

Usual Linux live disk have not always the needed tools for repair... only a security live CD/DVD can maybe have all the tools you need...

Which site did you get this malware? The witcher wiki? I guess it's one of those fan made ones, isnt it?

Stay ugly....go with the brooklyn bridge.

I'll take a look at them.  I am not a Linux Snob, so will use any one that does the job (I am also not a power user, so have not gotten into the super secrets of each distro).  Thanks for the suggestion.

The one poster got it from there - I have no clue where the kid got the one that infected my computer.

There appears to be no end as to how many times I have to repeat this.

Decide what is more important.... money or time.

If it's time: http://www.acronis.com/homecomputing/products/trueimage/

If it's money....well... than carry on...............

My father-in-law had a really nasty virus. Dam thing had completely locked down the computer to prevent anyone from killing it. Couldn't access CMD, install anti-vorus, bring up the task manager, hell, couldn't even browse to websites that checked for viruses.

The only reason I was able to beat it without reinstalling Windows was that my father in law's PC was so slow because it only had 512 MBs of memory for Windows Vista that the virus program actually crashed and then i was able to whip the dam thing off the PC by installing an antivirus on it since the other one got screwed by the virus.

Amazing how the lack on memory was the deciding factor in the defeat of this virus. LOL.

Well, the problem is that the best tools are command line tools... so a young guy who have always work with a GUI system will have some difficulty... but older guy who have experience with command line ( like old MS-DOS ) will feel a little more confort... if you know how to call man pages in command line mode, there will be no big problem...

@ CharlesCS

It is the point of a live CD/DVD... the OS is on the CD/DVD... so, the infected OS is not running when we try to heal it...

Anyway, for these with windows XP, or server 2003... and who are not confortable with Linux, take a look at http://www.nu2.nu/pebuilder/ ... Microsoft have a PE version who is command line ( only for OEM and Enterprise customers ) but the BartPE version have a GUI ( everybody can have it and use it )... if you have a legit windows version, you can build your own windows life CD/DVD and use it for repair in case of problem with your harddrive OS... Since windows PE and the non official BartPE can connect to the internet, it can be used for download virus definition and scan infected hard drive... 

For windows 7, look at http://www.youtube.com/watch?v=NmxLNa6UlmA or http://www.youtube.com/watch?v=o_uNn7ItLes ...

For these with more experience, it is possible to make a DVD/USB with a bootloader and various OS on it ( XP, Win 7, Knoppix, and more... )... http://www.youtube.com/watch?v=W_O1aL_sPig ... have made one with opensolaris, knoppix, Vista, Win xp pro x64 on a USB drive of 16 gb...

There is a 3rd point as well.  While inconvenient, I do not use that for most of my computers so that when I do get infected, I have a very controlled and totally owned environment to check it out and figure out how to fight it.  So that when a computer I have no control over (mother's Aunt's, etc.) gets infected, I then know what to do as I know they will not have spent the money.

I once told an "engineer" that if he did not know the command line, he would not be a computer engineer for long!  That has saved me more than once, and while I never expect my wife or mother to use it, I sure as hell expect another engineer to know how to use it!