Another Virus Warning

Anything that does not fit elsewhere can be discussed here.

Moderators: DJKeefy, 4u Network

User avatar
Horus
Egypt4u God
Egypt4u God
Posts: 12363
Joined: Fri Dec 05, 2008 2:15 am
Location: UK
Has thanked: 1658 times
Been thanked: 2213 times
Gender:
United Kingdom

Another Virus Warning

Post by Horus »

Another warning I’m afraid and this one could be a biggy
A particular nasty computer virus has been intercepted by America and co-operating Western governments such as the UK that could cause major problems to an infected computer.

It is known as the ‘Game Over Zeus’ botnik and once it activates it is designed to steal banking details and other data and it is very effective and probably the biggest Cyber threat for a long time. It has it’s origins in Russia and the Ukraine and it is a sophisticated criminal operation (probably inspired by Putin as revenge for Western sanctions :tk ).

It is targeted mainly at small and larger businesses and will try to steal money if it deems that the account is worth over a certain amount, if an account does not justify the hack then the trojan reverts to installing another piece of malicious software called ‘Cyberloc’ this will effectively lock your files and images on your PC and threaten to delete them all within 72 hours if a ‘ransom’ is not paid using the Cyber currency ‘bit-coins’ which would be untraceable.

Millions of computers world wide have been identified as being infected by this malware, so what happens next?

First off don’t panic!

This is a very sophisticated cyber attack and governments have been aware for a while that it is in operation. They have kept silent about it until they could put certain features into action, to try and put it in simple terms try and imagine the following scenario.

The following is only a scenario and will not happen, but try and liken it to the attack on your PC
A terrorist group plans to poison your local water supply, the authorities become aware of this attack planned for a certain date. They keep silent for fear that the terrorists may bring forward the date before they can act, but in the mean time they have identified the peoples homes that will be affected. They then connect up another reservoir of water to the existing pipelines supplying the homes that are vulnerable, when everything is in place they switch the supplies from the reservoir that they plan to poison to the safe water supply and then inform everyone of what they have done. However this alternative water supply will only hold out for so long before they have to revert back to using the infected supply again. You are then told that you have just two weeks to fit a water filter onto your water supply that will stop the poison entering your home before they have to switch it back on again.

So that is basically what is happening right now, infected computers will already be being routed through another server and that server would prevent any anti-virus and updating software from running on your PC and removing the trojan so that it keeps the trojan programme running and you will not be aware it is happening.

The action that has been taken is to switch all those infected machines through to another safe server that will allow you to run virus checkers and updates and hopefully remove any threat, but YOU ONLY HAVE TWO WEEKS TO DO SO. before they stop maintaining the replacement server.

Obviously this is a very clever and concerted attack and there are things I do not know about it myself, but I am passing on as much as I do know and as much advice as I can.

These are things you can do and should do.
Run ANY and ALL virus checkers you have, but make sure that you update them first and then run a FULL scan (this can take quite a while) all virus checkers have a similar update format, this is Microsoft Essentials virus software (its free) and you update it like this:

First click on the Virus scanner icon to get up the main menu
4972 then click update 4973

Hopefully you will see this: 4976

You can get Security Essentials here: http://www.microsoft.com/en-gb/security ... y/mse.aspx

If you don’t already have it, get ‘Malawarebytes’ malicious software scanning and removal tool and run a FULL scan. Make sure that you download the FREE version, run an UPDATE after you have installed it and again run a FULL scan.

You can download Malawarebytes here: http://www.malwarebytes.org/lp/lp4_r/?u ... t|bp|pdv|c|

Also make sure that your own PC has the latest UPDATES installed, to do this go to your START icon (bottom left of screen) and after left clicking the icon, click on the option CONTROL PANEL in the next menu. For Win 7 users choose the following two options, SYSTEMS & SECURITY then CHECK FOR UPDATES, it is usually advisable to install all updates in the list.

4974Then Choose4975

It is also a good idea to set a RESTORE POINT on your PC, this is very useful because it gives you a point when you know that your PC was working properly, especially before installing any new software. This will not protect an already infected machine, but is a good thing to do, so if you do experience a problem at any time you can use the SYSTEM RESTORE option to set your PC back to an earlier date when everything was working OK. You can set a restore point as follows in Win 7 as follows:

1. Click the "Start" button. Right-click "Computer" on the right side of your computer's Start menu. Select "Properties" from the context menu.

2. Click "System Protection" in the left panel of the "Properties" window. Type your administrator password or click "Allow" if User Account Control is enabled on your system.


3. Switch to the "System Protection" tab in the "System Properties" dialog. Click the "Create" button to save a new restore point for your computer.

4. Type a description or a date for your manually created restore point, then click the "Create" button to save the System Restore point.

5. Click "Close" when the System Restore point is saved. Close the "System Properties" dialog and the computer's control panel. Your System Restore point is saved to your computer's hard drive and is accessible through the System Restore interface.

There is also a government web-site (but it keeps crashing because of lots of people trying to use it, so keep trying over the next week or so) and it will give you some advice on keeping your PC safe. There is also a small piece of software on the site that you can download and it will run on your PC and check if your PC is infected by this particular trojan.
I cannot give you a direct link that will open as the site keeps crashing, but here is the URL, so best to keep trying over the next few days: http://www.getsafeonline.org

Finally I would advise anyone who has a removable expansion drive on their PC to maybe put their important data onto that and after doing so disconnect the drive until you may need to use it to restore any data should your machine be infected.

I know this may sound a bit of a drastic warning to you all, but it will hopefully not affect you, but I would not open any unsolicited emails or attachments, just bin them and keep updating those virus checkers and keep running virus scans on a regular basis and you should be OK.

Finally beware of any scammers contacting you and offering to fix your PC or run a scan for you, tell them to P*ss Off, I am sure that with this current thread there will be many scammers trying to cash in on peoples fears and make money.


Image
User avatar
Grandad
Egyptian Pharaoh
Egyptian Pharaoh
Posts: 6924
Joined: Fri Dec 05, 2008 2:15 am
Location: South East UK
Has thanked: 797 times
Been thanked: 2254 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Grandad »

Thanks for that very detailed and wise advice H :up I upgraded my protection yesterday and, as I already had Malwaresbytes the upgrade insisted that I allow it to remove Mwb to avoid conflict. Just mentioning in case anyone else gets the same sort of message from their protection.

I had inadvertently started another thread on this subject which I have asked Horus to delete.

However, it sounds as if this latest threat is a real nasty. :xx It prompts the question, "Can the internet ever be completely secure"
As it takes these software geeks to design the systems for all of our internet activity, I suppose that equally, or even more, clever geeks can find ways to get by any inbuilt security.
I find it of great concern because our lives are virtually now run by the internet and the more that is the case, the more opportunities there are for the scoundrels to cause havoc, and make a lot of money.

Must go....need to get a new writing pad, envelopes and stamps.....Oh! And then I must put my money in a tin and bury it. :lol: :lol:
:gg:
User avatar
Kiya
Egyptian Pharaoh
Egyptian Pharaoh
Posts: 4286
Joined: Fri Dec 05, 2008 2:15 am
Location: Peterhead Scotland
Has thanked: 1575 times
Been thanked: 537 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Kiya »

Horus thanks for all the info & links :)

It took me best part of all afternoon doing everything you wrote above & as I restarted my computer after each thing I did.

Sometime ago I lost MSE so now have that as well as Malwarebytes & AVG & I nearly forgot I was shocked when I did a Windows Update there was 45 updates :o which seemed to take longer than the scanning.

I cant understand why so much when I noticed it is set to Update at a certain time once a week :(

I just have the web site from the government to try yet.

I've printed it all out just incase I need it in the future.

Thanks again :)
User avatar
Jayway
Royal V.I.P
Royal V.I.P
Posts: 1617
Joined: Mon Jan 18, 2010 12:47 am
Location: Portugal
Has thanked: 1234 times
Been thanked: 107 times
Portugal

Re: Another Virus Warning

Post by Jayway »

Thankyou. I have done that with the scan that found a lot of rubbish that has now gone. So now Windows asked me if I want to turn on the updates ? The firewall is on.
User avatar
LovelyLadyLux
Egypt4u God
Egypt4u God
Posts: 11596
Joined: Sun Nov 29, 2009 9:12 pm
Location: Canada
Has thanked: 417 times
Been thanked: 2714 times
Canada

Re: Another Virus Warning

Post by LovelyLadyLux »

I`m not certain that Internet can ever be totally secure. I do do online banking and really do worry about it but then I think doesn`t matter if I do online or not cause the BANKS are all online. I`m prepared one day to wake up and find it all gone.

I`ve often pondered taking out a wad of cash and putting it physically into a safety deposit box or a tin in the backyard. Course then I figure if I have nothing nobody else has anything either `cept for that one person somewhere in the world who has it all.

I just hope the banks have good firewalls and are reading what to do on here to keep my investments safe.
User avatar
Horus
Egypt4u God
Egypt4u God
Posts: 12363
Joined: Fri Dec 05, 2008 2:15 am
Location: UK
Has thanked: 1658 times
Been thanked: 2213 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Horus »

Glad you all took note folks and as always I'm happy to have been some help. ;)

@ Grandad, I usually ignore those messages about conflicting virus scanning programs, if one insists upon another being removed before installing itself then I do so, but put it back on again afterwards. ;)

@ Kiya, yes those Microsoft updates can take forever and it is so easy to miss them if your PC is set to do them at a certain time you are not online, best to try and remember to do them manually about once per week. :up

@ Jay, yes let it turn on the Firewall, some programs will switch it off so best to have a check now and again to see it is on. :tk

@ LLL, good idea about the cash box, but don't forget to tell me where you bury it, just in case you forget you understand :P

I reckon you should all be a lot better protected now and hopefully none of you will have any problems, so try and rememember:

Each Week
Check your Windows Updates weekly and install them. :up
Update each of your virus scanners and run a FULL scan at least every two weeks and a 'quick' scan EVERY week :up
Update your 'Malawarebytes' software and run it at least every two weeks or IMMEDIATELY if you suspect a problem. :up

Try to change your passwords about every 4 months and try using things like typing a 'zero' instead of an 'O' so you could spell something like "Paratr00per" using zero's instead, just so long as you remember where you substituted the zero's ;) that type of substitution can make a very strong password. :up
Image
User avatar
Jayway
Royal V.I.P
Royal V.I.P
Posts: 1617
Joined: Mon Jan 18, 2010 12:47 am
Location: Portugal
Has thanked: 1234 times
Been thanked: 107 times
Portugal

Re: Another Virus Warning

Post by Jayway »

On my XP you gave me lots of updates (ages ago), I did that, you told me to turn off Windows updates and keep the Firewall on. Now it keeps asking me if I want to to turn on the updates - DO I ? ? ? And thankyou, if it wasnt for you my comp would probably be quite dead - :up :up :up - - - - Oh and under the 7th fig tree if you want it and it will be your responsibility to home all my animals - - :lol: :lol: :lol:
User avatar
Horus
Egypt4u God
Egypt4u God
Posts: 12363
Joined: Fri Dec 05, 2008 2:15 am
Location: UK
Has thanked: 1658 times
Been thanked: 2213 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Horus »

Jay, in your case still running XP do not turn the AUTOMATIC Updates back on as this may leave your PC vulnerable to attack. What you should do is to follow the instruction I just gave you and Manually check to see if there are any new Updates from Microsoft and if there are any then install them. :up As I said before Microsoft stopped supporting the XP system so are unlikely to issue any updates, but you never know and if they do then install them. ;)

Oh and thanks for the location information, I will promise to ride Glory around the farm singing "I'm in the money, I'm in the money" :lol: :lol:
Image
User avatar
Jayway
Royal V.I.P
Royal V.I.P
Posts: 1617
Joined: Mon Jan 18, 2010 12:47 am
Location: Portugal
Has thanked: 1234 times
Been thanked: 107 times
Portugal

Re: Another Virus Warning

Post by Jayway »

:))) :))) :)))
User avatar
Kiya
Egyptian Pharaoh
Egyptian Pharaoh
Posts: 4286
Joined: Fri Dec 05, 2008 2:15 am
Location: Peterhead Scotland
Has thanked: 1575 times
Been thanked: 537 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Kiya »

Where do I check to see if my " Firewall " is on & should I have it on ?
User avatar
Horus
Egypt4u God
Egypt4u God
Posts: 12363
Joined: Fri Dec 05, 2008 2:15 am
Location: UK
Has thanked: 1658 times
Been thanked: 2213 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Horus »

Kiya, yes you should always have it on unless there is a special reason to turn it off and if you are using Win 7 which I think you are, then do this:

1. Go to START icon (bottom left of screen) and left click it.
2. At the next menu click CONTROL PANEL.
3. At the next menu click on SYSTEM & SECURITY
4. At the next menu look for WINDOWS FIREWALL and beneath it should say “Check firewall status” click on this text.
5. You should now see another window that gives you the status of your Firewall and it should say “Windows Firewall state : On” If you cannot see this information you may have to click on the downward facing arrow where it says ‘Home or Work (private) networks’ to make it drop down.
6. If it says that the firewall is on then just close down the windows to get back out again.
7. If not look to the left and you will see an option that says “Turn Windows Firewall on or off”
8. At the next menu you will see the heading ‘Home or work (private) network location settings’ and below this will be two shields, one with a Green tick mark and the other with a Red cross on it, just click your mouse in the small circle next to the Green Ticked shield to turn the firewall back on again.
9. Also put a tick in the box that says “Notify me when Windows firewall blocks a new program”
10. Do the same in the other two options below where it says ‘Public Network Location Settings’
11. Click OK and then shut down all of the open windows.

Your final window will look like this:
4980
Image
User avatar
Kiya
Egyptian Pharaoh
Egyptian Pharaoh
Posts: 4286
Joined: Fri Dec 05, 2008 2:15 am
Location: Peterhead Scotland
Has thanked: 1575 times
Been thanked: 537 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Kiya »

Just done a check & yes it was on & how you show it..........Thanks :)
User avatar
Grandad
Egyptian Pharaoh
Egyptian Pharaoh
Posts: 6924
Joined: Fri Dec 05, 2008 2:15 am
Location: South East UK
Has thanked: 797 times
Been thanked: 2254 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Grandad »

Kiya, 05.31 in the morning and you are worrying about your computer, can't you sleep lass??? :lol:

Glad you have it all sorted. :up My computer is slightly slower since I raised my security level but I pay £2 a month for it so should make use of it. What I am finding is that my system is now completely clean and even a full scan finds nothing.....so I'm a happy bunny ;) :lol:

Just need to remember to change passwords more frequently now but I have so many it is a bit of a chore :(
:gg:
User avatar
Horus
Egypt4u God
Egypt4u God
Posts: 12363
Joined: Fri Dec 05, 2008 2:15 am
Location: UK
Has thanked: 1658 times
Been thanked: 2213 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Horus »

UPDATE ON VIRUS WARNING

The Government site that I gave the link to above is now up and running again so I strongly advise you all to go to the site via my link and click on the window that is telling you about the imminent threat.

After reading it, go to the bottom of the page and you will see a list of links to various security software scanners, all these links should be free and seem to be provided by the leading security companies (I cannot check them all) and all of them have been especially developed to search and destroy this particular threat.

I have given you a pictorial list of how it all should go, after the download starts you will see a very small progress bar moving across to the right and located just below the ‘Downward’ pointing arrow on your top toolbar, clicking on this will bring up a larger view of the progress bar.

When you have finished down loading and the progress bar stops, you will see a file displayed (in the same place) with .exe at the end, I used the Microsoft link from the list so mine says (msert.exe).

Double left click on the .exe file and you should get several small warning windows asking if you trust this site and if you should proceed or cancel, so long as it says Microsoft Corp (or another recognised companies) just click the proceed option. (Theoretically all should be safe links)

Ignore any other bits that may be on the screen about web browsers etc and wait until the Microsoft “ accept terms” (or other providers) own window pops up and then tick the ‘acceptance’ box to run the scan.

You will get the option of a ‘Quick’ scan or a ‘Full’ scan, I would choose the ‘Full’ scan although it may take several hours to complete. I will set mine running and go and do my shopping.

Please note that these scanners should also work with Win XP

Enter Website
4981

Next choose one from the list at the bottom of this page
4982

Then > 4983 Then > 4984

The File is Downloading
4985

File has Downloaded
4986

after clicking the .exe file the scan is running 4987
Image
User avatar
Kiya
Egyptian Pharaoh
Egyptian Pharaoh
Posts: 4286
Joined: Fri Dec 05, 2008 2:15 am
Location: Peterhead Scotland
Has thanked: 1575 times
Been thanked: 537 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Kiya »

Grandad......No not that worried about my computer.......till something goes wrong :o

I was actually up at 4.00 am just to make sure Roy was up for his 5.00 am pick-up to the heliport , he's off shore for a couple of weeks.......yeh!!! peace from that new sound surround he got for his bedroom.

Horus I have your update printed out so will try & follow that, hopefully I'll do it ok..........Thanks again :) :)
User avatar
Jayway
Royal V.I.P
Royal V.I.P
Posts: 1617
Joined: Mon Jan 18, 2010 12:47 am
Location: Portugal
Has thanked: 1234 times
Been thanked: 107 times
Portugal

Re: Another Virus Warning

Post by Jayway »

THANKYOU Horus. Its chuntering along now, looks like it will take a couple of hours. Now I know I have XP 32 bits ! This lasts for a month so I will hopefullly remember to do it again next month. Off to the games --- :up
User avatar
Kiya
Egyptian Pharaoh
Egyptian Pharaoh
Posts: 4286
Joined: Fri Dec 05, 2008 2:15 am
Location: Peterhead Scotland
Has thanked: 1575 times
Been thanked: 537 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Kiya »

Ok got it done with the same Microsoft as you used Horus, happy to say computer got the all clear. :) :)
User avatar
Jayway
Royal V.I.P
Royal V.I.P
Posts: 1617
Joined: Mon Jan 18, 2010 12:47 am
Location: Portugal
Has thanked: 1234 times
Been thanked: 107 times
Portugal

Re: Another Virus Warning

Post by Jayway »

I only had one, that it removed , a Trojan ...something .... and it took 2 hours 2o mins, but I was still doing my stuff online, it didnt seem to mind .. THANKYOU HORUS. :up
User avatar
Horus
Egypt4u God
Egypt4u God
Posts: 12363
Joined: Fri Dec 05, 2008 2:15 am
Location: UK
Has thanked: 1658 times
Been thanked: 2213 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Horus »

Great stuff, I reckon that is is fairly safe to assume you are all as well protected as you can be now :up
I ran a full scan myself and it found nothing, so another happy bunny, but as I said it is very important that you keep your firewall on and any virus scanners you have updated and run them often. ;)
Image
User avatar
Grandad
Egyptian Pharaoh
Egyptian Pharaoh
Posts: 6924
Joined: Fri Dec 05, 2008 2:15 am
Location: South East UK
Has thanked: 797 times
Been thanked: 2254 times
Gender:
United Kingdom

Re: Another Virus Warning

Post by Grandad »

Just for the hell of it I left mine to do a full scan when we went out this morning.

It did find one item, Trojan Generic 6562718 (virus) at this address
C:\Program Files\Photomatix\HDRSoft.Photomatix.4.2.5.x86.zip\HDRSoft.Photomatix.4.2.5.x86\Keymaker-CORE\keygen.exe

Any thoughts H? Apparently F-secure couldn't remove it???

Should I uninstall photomatix?
Cheers
:gg:
Post Reply
  • Similar Topics
    Replies
    Views
    Last post
  • Virus warning
    by Horus » » in General Discussions and Rants
    5 Replies
    1014 Views
    Last post by LovelyLadyLux
  • New Flu Virus
    by Horus » » in General Discussions and Rants
    7 Replies
    1223 Views
    Last post by LovelyLadyLux
  • AVG anti virus
    by Goddess » » in Suggestions and Help Enquiries
    5 Replies
    3328 Views
    Last post by BBLUX
  • ANTI-VIRUS
    by Kiya » » in Suggestions and Help Enquiries
    6 Replies
    11266 Views
    Last post by Kiya
  • Zika Virus
    by LovelyLadyLux » » in General Discussions and Rants
    7 Replies
    4654 Views
    Last post by LovelyLadyLux