Beware of "Internet Security 2010" -- worst Trojan
Moderators: NeilBlanchard, Ralf Hutter, sthayashi, Lawrence Lee
-
- Moderator
- Posts: 7681
- Joined: Mon Dec 09, 2002 7:11 pm
- Location: Maynard, MA, Eaarth
- Contact:
Beware of "Internet Security 2010" -- worst Trojan
Hello Folks,
I'm just finishing up reinstalling Windows on a laptop for a client, that was infected by a Trojan malware program, that calls itself "Internet Security 2010" -- PLEASE KEEP YOUR FIREWALL & ANTIVIRUS UP TO DATE!!! Update Windows with all the security updates, as well. Microsoft has a big job ahead of them, fighting this thing...
*This* *is* *the* *worst* *Trojan* *malware* *EVER*!
It installs in the "Safe" mode of Windows.
It prevents you from using System Restore to reverse its installation.
It blocks you from getting to websites that help you fight it.
It blocks you from downloading files, by shutting down the browser.
You cannot install another browser like FireFox.
It blocks your antivirus.
It blocks you from using RegEdit.
It modifies the hard drive so you cannot read the drive in Linux.
It pops up continuously with warnings that your machine is infected (NO KIDDING!) and they want to sell you the "solution". I am *sure* that while it might make the symptoms go away, it would remain infected. You have to pay them to let them continue to use your computer.
If it gets a foothold on you computer, it downloads and installs additional Trojan programs.
Google "Internet Security 2010" and you will see lots of evidence of this huge threat.
It seems to do something even more: when I tried to install WinXP from an installation CD -- the hard drive is not "seen". You would have to buy a new hard drive, and that might not work. I tried putting in another old hard drive, and it was not "seen" either, but it might have other issues... I *was* able to install Linux on that other hard drive -- it was "seen" by Linux. The only plausible explanation I can come up with is that this malware *moves* something required for running Windows from the hard drive controller to the hard drive; thus making it impossible to even use a new hard drive to reinstall Windows. [Edit: a better explanation is suggested below.]
Have I raised your awareness enough to get you to take steps to prevent your Windows machine from getting this? Please do this -- this is a very, very serious challenge.
I'm just finishing up reinstalling Windows on a laptop for a client, that was infected by a Trojan malware program, that calls itself "Internet Security 2010" -- PLEASE KEEP YOUR FIREWALL & ANTIVIRUS UP TO DATE!!! Update Windows with all the security updates, as well. Microsoft has a big job ahead of them, fighting this thing...
*This* *is* *the* *worst* *Trojan* *malware* *EVER*!
It installs in the "Safe" mode of Windows.
It prevents you from using System Restore to reverse its installation.
It blocks you from getting to websites that help you fight it.
It blocks you from downloading files, by shutting down the browser.
You cannot install another browser like FireFox.
It blocks your antivirus.
It blocks you from using RegEdit.
It modifies the hard drive so you cannot read the drive in Linux.
It pops up continuously with warnings that your machine is infected (NO KIDDING!) and they want to sell you the "solution". I am *sure* that while it might make the symptoms go away, it would remain infected. You have to pay them to let them continue to use your computer.
If it gets a foothold on you computer, it downloads and installs additional Trojan programs.
Google "Internet Security 2010" and you will see lots of evidence of this huge threat.
It seems to do something even more: when I tried to install WinXP from an installation CD -- the hard drive is not "seen". You would have to buy a new hard drive, and that might not work. I tried putting in another old hard drive, and it was not "seen" either, but it might have other issues... I *was* able to install Linux on that other hard drive -- it was "seen" by Linux. The only plausible explanation I can come up with is that this malware *moves* something required for running Windows from the hard drive controller to the hard drive; thus making it impossible to even use a new hard drive to reinstall Windows. [Edit: a better explanation is suggested below.]
Have I raised your awareness enough to get you to take steps to prevent your Windows machine from getting this? Please do this -- this is a very, very serious challenge.
Last edited by NeilBlanchard on Thu Feb 11, 2010 6:47 pm, edited 1 time in total.
-
- Moderator
- Posts: 7681
- Joined: Mon Dec 09, 2002 7:11 pm
- Location: Maynard, MA, Eaarth
- Contact:
-
- *Lifetime Patron*
- Posts: 4284
- Joined: Fri Apr 04, 2003 6:21 pm
- Location: Undisclosed but sober in US
I clicked on a pick of Natalie Portman on Google images. Next thing I know my system freaks out. Popup boxes with a security symbol popup immediately. I'm infected with 6 virsuses and I need to buy this software now. I kept closing boxes, but they opened as fast I closed them. I used Task Manager finally to shut them all down. When I ran my Av software there was nothing there. The whole thing was a lie to make me buy.
I know now - Look at Natalie Portman only in magazines.
Ransom ware:
http://www.msnbc.msn.com/id/7961600/
I know now - Look at Natalie Portman only in magazines.
Ransom ware:
http://www.msnbc.msn.com/id/7961600/
-
- *Lifetime Patron*
- Posts: 2269
- Joined: Sun May 21, 2006 9:09 am
- Location: Northern California.
http://www.msnbc.msn.com/id/32533198/ns ... -security/aristide1 wrote:I clicked on a pick of Natalie Portman on Google images.
I have found that this is very common, and it is NOT the worst bit of malware ever, and is relatively easy to get rid of if you know how and have a spare PC.
Firstly disable system restore on the infected PC, then shut it down, remove the HDD, hook it up to your second PC, make sure the second PC does not try to boot from the infected drive as it will probably destroy windows.
Delete all of the temp and temp internet files, then run NOD32 on the appropriate drive (I have mine set up to find everything except "potentially unwanted programs", and delete everything that it finds that it cant clean), put the drive back into the PC it came from and load windows in safe mode, install Spybot S+D with the latest definitions, and Malwarebytes with the latest difenitions (probably easiest to copy the files onto the drive when it is hooked upto the second PC). And run them one after the other.
The machine should then be usable after a reboot, but your winsock might need to be reset, and you might not be able to edit the registry or change other settings in the control panel or windows explorer. I have a great program that fixes the winsock and another that re-enables the use of regedit, PM me with your e-mail address if you want me to e-mail them to you.
Andy
Firstly disable system restore on the infected PC, then shut it down, remove the HDD, hook it up to your second PC, make sure the second PC does not try to boot from the infected drive as it will probably destroy windows.
Delete all of the temp and temp internet files, then run NOD32 on the appropriate drive (I have mine set up to find everything except "potentially unwanted programs", and delete everything that it finds that it cant clean), put the drive back into the PC it came from and load windows in safe mode, install Spybot S+D with the latest definitions, and Malwarebytes with the latest difenitions (probably easiest to copy the files onto the drive when it is hooked upto the second PC). And run them one after the other.
The machine should then be usable after a reboot, but your winsock might need to be reset, and you might not be able to edit the registry or change other settings in the control panel or windows explorer. I have a great program that fixes the winsock and another that re-enables the use of regedit, PM me with your e-mail address if you want me to e-mail them to you.
Andy
-
- Moderator
- Posts: 7681
- Joined: Mon Dec 09, 2002 7:11 pm
- Location: Maynard, MA, Eaarth
- Contact:
-
- Moderator
- Posts: 7681
- Joined: Mon Dec 09, 2002 7:11 pm
- Location: Maynard, MA, Eaarth
- Contact:
My father in law got this on his machine. Luckily he had it dual-booting with Linux. Was able to get him to download Malwarebytes Anti Malware (aka MBAM) and get it all sorted out. His AV (I think it was AVG) didn't pick it up. Nothing like late night phone support. Urgh.
My dad got one of the Vundo variants a few years ago. Got him through that as well. Nothing like remote phone support and remote VNC through dialup. He had a paid for Norton subscription.
There were some dubious solutions for this Internet Security thing I found originally in my searches as well. Be careful...I can recommend MBAM at least.
My dad got one of the Vundo variants a few years ago. Got him through that as well. Nothing like remote phone support and remote VNC through dialup. He had a paid for Norton subscription.
There were some dubious solutions for this Internet Security thing I found originally in my searches as well. Be careful...I can recommend MBAM at least.
Just sent out an email reminding the old people in my life to not click on anything. I'm the remote phone tech-support and don't enjoy (1200 mile round trip) in home support callsFred wrote:Hmm... viruses and the likes feels so pre-2003.
But maybe that's just me. xD
Why do otherwise smart people click on so much stupid crap (and go where they shouldn't be)?
-
- Patron of SPCR
- Posts: 376
- Joined: Thu Jun 29, 2006 8:37 pm
- Location: Mississauga, ON
- Contact:
my girlfriend's dad had one of these "pay me now to clean up your system" programs installed too. nasty bit of software... something also changed his hosts file to redirect all google addresses to some fake google website, which looks EXACTLY like the real google, except the search results are really weird...
i've also seen one of these things change your DNS server address to some bogus DNS server that returns all these phishing sites instead of the real things...
pretty clever stuff...
i've also seen one of these things change your DNS server address to some bogus DNS server that returns all these phishing sites instead of the real things...
pretty clever stuff...
Sure it will, it just wont scan as fast, all that you need to do to get rid of most viruses (and a malware/virus mixture like you have) is to make sure the viruses/malware are not running.Thanks for that, Andy! Do you think it would also work to put the infected drive in an external enclosure and then cleaning it on another Windows machine?
"Stop Sign" - DO NOT CLICK ON ANYTHING ON THEIR WEBSITE, AND DONT EVEN HAVE A LOOK IF YOU ARE USING INTERNET EXPLORER - NOT FOR THE FEINT HEARTED, DO SO AT YOUR OWN RISK, and another that is also pure evil that I cant remember the name of. We have seen the sum total of 3 PC's with "Stop Sign", the first 2 got re-installed, then we found a specific way of defeating it without totally wrecking windows on the third, fortunately it is pretty rare but is pure evil.This is certainly the worst malware I have ever fought with -- have you encountered a worse one? Shocked Care to tell us about it?
There are also numerous viruses doing the rounds at the moment that if not worked on in the right way (the right order as well) will wreck windows totally. Often its as easy to backup all of the data and totally re-install, and also guarunteed to work, but that has to be weiged up against all of the work of re-installing, I use imaging software and 32/50/64GB boot partitions with all of the software, and the rest of the drive with all of the data (and my doc + desktop thanks to Tweak UI) on XP machines - makes life much easier for re-installs as there is little data to back up (e.g. Firefox bookmarks).
Andy