Win 7 2011 Security virus

 
Post new topic   Reply to topic    TCPUNK Forum Index -> KOMPUTOR
View previous topic :: View next topic  
Author Message
Ollie Stench



Joined: 22 Sep 2003
Posts: 13697
Location: Hong Kong Noodles

PostPosted: Wed Mar 02, 2011 6:38 am    Post subject: Win 7 2011 Security virus Reply with quote

Got hit with one of these at work this morning. It takes over your web browser and says that you have a shit ton of virii and trojans, and the only way to get rid of them is to buy their $59 spyware suite. I *think* this came in when I was prompted to install an update to Java.

In task manager it runs as msk.exe and has a description of "steam".

I ran our virus scanner (ESET) and the newewst version of Stinger (2-28-11) and neither have found the virus. I ran Eusing registry celaner, and am half way through running spybot. I've got a call into our IT people about it, hopefully they can figure out what to do.
Back to top
View user's profile Send private message Visit poster's website
Mild Thing



Joined: 18 Sep 2007
Posts: 2716

PostPosted: Wed Mar 02, 2011 7:11 am    Post subject: Reply with quote

Sounds like you got hit with a FAKE Java update:
http://forums.malwarebytes.org/index.php?showtopic=71902
Back to top
View user's profile Send private message
Ollie Stench



Joined: 22 Sep 2003
Posts: 13697
Location: Hong Kong Noodles

PostPosted: Wed Mar 02, 2011 11:31 am    Post subject: Reply with quote

yup, that's the one.
Back to top
View user's profile Send private message Visit poster's website
The Notorious SLH



Joined: 11 Apr 2005
Posts: 1593

PostPosted: Wed Mar 02, 2011 12:09 pm    Post subject: Reply with quote

Did you try a rollback?
Back to top
View user's profile Send private message
7734



Joined: 19 Sep 2003
Posts: 4175

PostPosted: Wed Mar 02, 2011 2:29 pm    Post subject: Reply with quote

Google search "combofix"

Take the link that has "bleepingcomputer..."
Download Combo fix on another machine using a keydrive, put Combo fix on your desktop and rename it "iexplore.exe" then double click it and follow the program through until it is complete.
Back to top
View user's profile Send private message
Ollie Stench



Joined: 22 Sep 2003
Posts: 13697
Location: Hong Kong Noodles

PostPosted: Thu Mar 03, 2011 4:11 am    Post subject: Reply with quote

The IT guys we contract with were able to fix the box using malwarebytes. We had to create a new profile for me, as it seems that the virus took all my regkeys with it when it was removed.
Back to top
View user's profile Send private message Visit poster's website
7734



Joined: 19 Sep 2003
Posts: 4175

PostPosted: Fri Mar 04, 2011 6:55 pm    Post subject: Reply with quote

Fixed 4 boxes using combofix, never had to do shit as far as user profiles and reg keys. .02
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    TCPUNK Forum Index -> KOMPUTOR All times are GMT - 12 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum