Just received virus from hell, be warned!

[Dave Baker]

I agree Robert. One of my favourite Firefox add-ons is called No Script and it prevents Flash from running until I allow it.

Dave

[Dave Blackhurst]

Another good bit of advice - if you can remove the infected drive and use a USB external case or whatever to attach it to a uninfected machine, you have better results cleaning the nasties off... Trying to get rid of some current virii while the drive is "live" is like shoveling snow in a blizzard...

Many of the latest viruses can mutate a bit, or even have a "time bomb" reinfection mode, PLUS block any effort to install or run any "anti" software, once they've got your browsers/OS under their control. By not booting the drive, you get a better shot at removing the infection.

Probably not a bad idea to attack the infected drive from another OS, but never had issues thus far just using another Win-ders machine to do the primary eradication.


The encryption virus is of course another animal as it scrambles your uninfected files, which can't be unlocked without the "ransom" paid for the decryption code... have not seen that one in action YET, hope not to!! Only a clean current detached backup will give you recovery options from that one from what I've read of it...

And yes, it's a good idea to have a "toolkit" just in case! VERY wise to have a few arrows in the quiver in case an infection does get in, but I've still run into a couple browser hijack exploits that rendered the machine unusable, requiring a re-install.... in which case, you'll need that backup!

[Dave Baker]

Removing the drive and attaching it to an uninfected machine and attacking it with Puppy Linux are pretty much just different sides of the same coin, the only difference is that it is possible to infect the uninfected machine, whereas Linux cannot be infected with Windows malware (and you don't have to remove the drive).

Quote:

Originally Posted by Dave Blackhurst

Many of the latest viruses ...............even have a "time bomb" reinfection mode,

That's usually caused by LSOs, Flash cookies or super cookies, call them what you will, that hold much more information than a normal cookie and are not deleted when normal cookies are deleted. They need to be deleted first, they're found in the Flash folder, or it's probably easier to download a free Flash cookie deleting tool, easy to find with a quick search.

Another of my favourite Firefox extensions is Better Privacy, which I have set to delete Flash cookies when I exit Firefox.

Dave

[John Kazas]

My parallel job is computer technician and the last year I had 2 cases that a virus encrypt the photos, music, videos and documents and ask for money for decrypt. My opinion is that if you even pay the ranson you they never gonna send you the "cure". If you google it you can find solutions regarding the history files of restore system. Don't panic and don't pay just search... And the most important always have a backup of everything not because of viruses but because of disk accidents.

[Peter Rush]

Touch wood I've never had this problem but it can't harm to be prepared - can anyone recommend a good windows drive clone application?

You can create a system image from within Windows 7 including applications and settings but is it any good?

Pete

[Chris Hewitt]

Thanks for all your advice, guys. Been busy restoring this system. Fortunately, my other PC, the edit one which is not online ever, was not affected.
For the last few years, I've been using Ghost as a drive backup for my system drive and that's saved me a few times but it wasn't able to save me this time as the virus had spread across all my partitions.
It seemed to affect jpegs but not PNG files and quite a few .exe programs, also text files and pdfs.....enough to warrant a complete reinstall. It gave me a chance to put a new drive in anyway as the original was getting tired.
I had Windows Security and MalwareBytes on the PC but neither intercepted this virus which is why I posted here to let everyone know.
I will take the advice re having a flash drive with security tools on, some of it I didn't know so thanks for that.
It wouldn't have mattered if I had no backups, I would never have paid them a cent!

[Dave Blackhurst]

The thing I've noticed is that "piggybacking" seems to be a new vector - you install something you believe is OK (I've even seen one bugger apparently ride in on an AVG download!), and some nasties sneak in behind it - not sure how, but seems to "fool" the AV programs, I guess because it thinks you OK'd the install? Must be careful what you install, and from whence it cometh... and be extra cautious of all the little checkboxes that try to automatically add in toolbar extensions, and crapola you don't need....

For drive cloning, Seagate and WD have free versions of Acronis that work as long as one of the drives being cloned is "their" brand. I usually have a spare WD or Seagate laying around that can be used as an intermediate should that be needed.

[Chris Medico]

Quote:

Originally Posted by Noa Put

Why would you want to open suspicious email attachments? :) I never ever do that. If I don't know the sender or if family or friends forward me these funny emails they get from other people that all goes straight to the bin.

Even if they say they are HOT? :D

[Dave Baker]

Quote:

Originally Posted by Dave Blackhurst

... and be extra cautious of all the little checkboxes that try to automatically add in toolbar extensions, and crapola you don't need....

And sometimes the buggers install anyway even when you decline! On my toolbox USB stick I keep an uninstaller, one that does a deep scan and can force an uninstall for the difficult ones, for just such an occasion.

Dave