- Joined
- Aug 30, 2006
- Messages
- 7,197 (1.12/day)
System Name | ICE-QUAD // ICE-CRUNCH |
---|---|
Processor | Q6600 // 2x Xeon 5472 |
Memory | 2GB DDR // 8GB FB-DIMM |
Video Card(s) | HD3850-AGP // FireGL 3400 |
Display(s) | 2 x Samsung 204Ts = 3200x1200 |
Audio Device(s) | Audigy 2 |
Software | Windows Server 2003 R2 as a Workstation now migrated to W10 with regrets. |
Just been down the last couple hours. A very nasty virus/malware of some kind. Didnt find out what it was called.
What did it do?
1./ Hijacked DNS so that every 1 in 5 internet pages would appear with its fake "Windows Firewall security" comment, click here to continue, click there to download...
2./ It BLOCKED the website for Malwarebytes completely.
3./ It BLOCKED the Windows installer for Malwarebytes. It would freeze at a certain point so that the installer would crash.
4./ It would automatically deactive McAfee Antivirus ENTERPRISE after 5 seconds. If you reenabled it manually, 5 seconds later, it would turn off again.
5./ SUPERAntispyware would install, and find all sorts of rubbish, and remove some, but points 1, 2, 3, and 4 would still be there! It was Superantispyware proof!
6./ No joy tracking it down with sysinternals process explorer.
7./ But I found this: RootRepeal http://rootrepeal.googlepages.com/ This managed to find and "force delete" the b14tch.
I'm a bit worried it might have still left some damage somewhere, but will get back to you with more info if I get it.
BE CAREFUL. Something nasty is out there. Keep you antivirus/malware shields up!
What did it do?
1./ Hijacked DNS so that every 1 in 5 internet pages would appear with its fake "Windows Firewall security" comment, click here to continue, click there to download...
2./ It BLOCKED the website for Malwarebytes completely.
3./ It BLOCKED the Windows installer for Malwarebytes. It would freeze at a certain point so that the installer would crash.
4./ It would automatically deactive McAfee Antivirus ENTERPRISE after 5 seconds. If you reenabled it manually, 5 seconds later, it would turn off again.
5./ SUPERAntispyware would install, and find all sorts of rubbish, and remove some, but points 1, 2, 3, and 4 would still be there! It was Superantispyware proof!
6./ No joy tracking it down with sysinternals process explorer.
7./ But I found this: RootRepeal http://rootrepeal.googlepages.com/ This managed to find and "force delete" the b14tch.
I'm a bit worried it might have still left some damage somewhere, but will get back to you with more info if I get it.
BE CAREFUL. Something nasty is out there. Keep you antivirus/malware shields up!