http://www.sabresjunkie.com/forum/ |
|
| Calling all my Sabres Junkie IT friends http://www.sabresjunkie.com/forum/viewtopic.php?f=8&t=1768 |
Page 1 of 1 |
| Author: | sabresindc [ Sat Jan 16, 2010 2:10 pm ] |
| Post subject: | Calling all my Sabres Junkie IT friends |
My sister called me today saying her computer has been affected with something. Whenever she tries to go to a web site it redirects her everywhere else but. When she shuts down and reboots, a warning pops up saying something like your computer has been infected with worm.win32.netsky and that it has its own smtph engine. Other than taking it to a computer repair place, is there anything she can do to find this worm and get rid of it or does she need to get the whole hard drive wiped?? |
|
| Author: | Squanto [ Sat Jan 16, 2010 3:26 pm ] |
| Post subject: | Re: Calling all my Sabres Junkie IT friends |
DL and run this: http://www.symantec.com/security_respon ... 16-1759-99 Netsky is pretty old, that should be enough. If it backdoored more stuff along with it, your safest best is a format/reinstall. |
|
| Author: | Crosscheck [ Sun Jan 17, 2010 11:46 am ] |
| Post subject: | Re: Calling all my Sabres Junkie IT friends |
What Squanto said. If it's already opened itself up to other things you may not have a better option than a reformat but there are well known ways to dump netsky. |
|
| Author: | sabresindc [ Sun Jan 17, 2010 9:57 pm ] |
| Post subject: | Re: Calling all my Sabres Junkie IT friends |
come to find out it's a bogus alert. Somehow a bullshit program called internet security 2010 has taken over her computer. Any info on this???? A google search shows that it will pop up all these bogus warnings until you buy their software. Anyway to get rid of it???? |
|
| Author: | mechaphil [ Sun Jan 17, 2010 10:00 pm ] |
| Post subject: | Re: Calling all my Sabres Junkie IT friends |
Well, you could always go to the Program Files folder to delete it, or go to Add/Remove Programs in the Control Panel and remove it there. |
|
| Author: | sabresindc [ Sun Jan 17, 2010 10:18 pm ] |
| Post subject: | Re: Calling all my Sabres Junkie IT friends |
mechaphil wrote: Well, you could always go to the Program Files folder to delete it, or go to Add/Remove Programs in the Control Panel and remove it there. It's inbedded into the registry and the program will not let me run regiedit to try and manually remove the registry files. A friend was able to log into her computer through webex and download a program to clean it |
|
| Author: | mechaphil [ Sun Jan 17, 2010 10:23 pm ] |
| Post subject: | Re: Calling all my Sabres Junkie IT friends |
OK, that's good. |
|
| Author: | Squanto [ Mon Jan 18, 2010 12:33 am ] |
| Post subject: | Re: Calling all my Sabres Junkie IT friends |
Be very careful. Every time I've encountered one of the 'Internet Security 20XX' variants it's lead to a format. That thing is a bear, even with the removal utilities. |
|
| Author: | Crosscheck [ Mon Jan 18, 2010 11:48 am ] |
| Post subject: | Re: Calling all my Sabres Junkie IT friends |
Squanto wrote: Be very careful. Every time I've encountered one of the 'Internet Security 20XX' variants it's lead to a format. That thing is a bear, even with the removal utilities. Yep, I've run across that once while being nice and fixing a computer for my wife's friend. It ended in a format as well. Get it off of your home network ASAP. |
|
| Author: | NYIntensity [ Mon Jan 18, 2010 2:12 pm ] |
| Post subject: | Re: Calling all my Sabres Junkie IT friends |
I've actually never had a problem removing them.... go to an uninfected computer, and download Malwarebytes to a flash drive. Rename the install program to something you will know. When you install it, do it in safe mode, and rename the install folder. Run the full scan. Download avast antivirus, again, renaming install program. Save it to a flash drive. Boot the infected computer into safe mode (with networking), and then run avast's setup and scan. Or slave the HD of the infected PC to a clean PC running up to date antivirus. scan the slaved drive and then reinstall. The only time I've had a virus removal/recovery end up in reformat was 1) at the customer's request, or 2) when the PC wouldn't boot to begin with, due to MBR corruption. |
|
| Author: | Squanto [ Mon Jan 18, 2010 3:11 pm ] |
| Post subject: | Re: Calling all my Sabres Junkie IT friends |
Depends on how long it's been running. The longer it runs, the more shit it backdoors in. Every tiem I've encountered it, it's been on a machine that's a cesspool of internet herpes. I'm a little more pragmatic with this stuff. If it's going to take me 5 hours to clean up the mess, or 2 to format/reinstall/restore data, I'm not going to clean it. |
|
| Author: | NYIntensity [ Mon Jan 18, 2010 3:12 pm ] |
| Post subject: | Re: Calling all my Sabres Junkie IT friends |
Squanto wrote: Depends on how long it's been running. The longer it runs, the more shit it backdoors in. Every tiem I've encountered it, it's been on a machine that's a cesspool of internet herpes. I'm a little more pragmatic with this stuff. If it's going to take me 5 hours to clean up the mess, or 2 to format/reinstall/restore data, I'm not going to clean it. Oh, I'm the same way...my default is usually to take an image of the HD, then wipe it, and scan data directories before transferring back pertinent user data (you know, pictures, music, pr0n, etc) |
|
| Page 1 of 1 | All times are UTC - 5 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|