Computer Attacked

[glee]

If I do a search on "generic28.bvlh", it still seems to be leading me
in the direction of W32/Reveton. And one poster here offers the same
advice, of looking for the .lnk in Startup that launches it on boot.

http://forums.avg.com/gb-en/avg-forums?sec=thread&act=show&id=211354

The link I posted with instructions from bleepingcomputer.com IS for
removing W32/Reveton.... that's what this is.

 

[glee]

Yes, I tried saving that entire page along with downloading the
Emsisoft Emergency Kit. I'll know if I got it when I return home.

BTW. Here are some of the result of my previous AVG scan:
http://i290.photobucket.com/albums/ll257/Statenislander/Computer/AVGInfected.jpg
http://i290.photobucket.com/albums/ll257/Statenislander/Computer/AVGLocked.jpg

Thanks.

Yes, you have Reveton ransomware, which is what the instructions I
linked to is supposed to remove. There is another Trojan also listed in
your screenshot, which may be a separate infection invited along by the
original ransomware.

After following all the instructions at Bleeping Computer, reboot and
install the free version of Malwarebytes Anti-Malware (MBAM), update it,
then run a full scan from normal mode Windows, and remove whatever it
finds. Reboot if prompted, then run a full scan with your anti-virus.
I would run a scan from a bootable rescue disc like Kaspersky Rescue CD
from outside Windows, as a last step, if it were here.

 

[(PeteCresswell)]

Per Searcher7:

And yes, re-installing XP, which I do periodically, would have been
quicker. Nevertheless, I'm still going to first try some of what is
said here.

When I had a teenager banging on my PC for a couple hours a day,
I learned the comfort and joy of a good imaging utility.

Takes about 15 minutes max go create an image of the system when
you know it's good.

Takes about the same time to restore from that image as soon as
you even suspect something's amiss.

The critical point is developing the discipline of keeping
nothing in the way of "Data" on the system drive. It all goes
on a separate "D:" partition. Once you get that nailed - and
settle on a good anti-virus utility (I use Avast), peace of mind
goes waaaaay up.

 

[Flasherly]

How have I been a "silly boy"?

I have AVG and Malwarebytes on my system, for all the good that's done
me. No Firewall outside of what came with Windows XP. I also have
Avast! which is un-installed. (And I can't update these apps for
obvious reasons).

ClamWin is pretty well regarded for SourceForge fodder. Rudimentary
check on what's allowed in. Crude but effective, like anything in the
hands of the right artesian. No decent Firewall is, yes, a NoNo.
Without filters and firewalls how you honestly expect computers that
didn't look exactly like television commercials? Obama wants
computers ID chipped, but, OTH, there's more and more VPNs [for
encrypting oneself behind] opening everyday. Safe driving, I suppose,
would appear according to which side of the road is right. Baring all
else, backpack neutron and precision smart bombs, there's the ditch
concept closely allied to FireWalls and $75-$150 store CheckerUppers
-- "Hardening the Computer System." Good material to read up on.
And, lastly, most important since Evil, Eve, and God deified and
defied, is binary 1-to-0 precision image copies from digital media
made prior to any communications deployment, whatsoever, with
forethought and emphatic quality control incorporated rigorously both
by stricture over structure. But, then, this isn't necessarily a
CompUSA build, and you did, after all, cross-post in the first place,
silly boy.

 

[(PeteCresswell)]

Per Bill in Co:

I'd rather keep it all on the same partition, and just image or restore the
whole enchilada - which still only takes me about 15 minutes. Why keep
data on a separate partition?

Because, when you re-image, the data gets replaced with old data
from the time when the image was taken.

My Rationale: I don't want to image every day - only occasionally
when I am pretty much sure the system is clean. If I image
every day, I could be backing up an infected or
otherwise-compromised system.

 

[Loren Pechtel]

Thye problem with using a pc at the New York Public Library is that so
many basic functions of the OS that you take for granted are turned
off on these PCs. If I download an app I can't be sure I really have
it until I get home. I can't even copy the text in this thread and put
it on my flash drive. (Or edit text already on my flash drive).

I know how you feel. When we are visiting her folks I have to use
public computers. To add to the hassle everything's in bird tracks.

 

[Loren Pechtel]

finds. Reboot if prompted, then run a full scan with your anti-virus.
I would run a scan from a bootable rescue disc like Kaspersky Rescue CD
from outside Windows, as a last step, if it were here.

How would he burn it?

 

[Paul]

How would he burn it?

At the library.

The staff at the library are very helpful.

Paul

 

[Flasherly]

I'd rather keep it all on the same partition, and just image or restore the
whole enchilada - which still only takes me about 15 minutes. Why keep
data on a separate partition? That means there's two things to backup (and
or restore). (The only "data" I keep on separate partitions is audio and
video, since it is so large; not really any personal stuff.)

Not really. And where are you guys getting off on 20 minutes ... I
start getting hot under the collar when a C: restore imaging routine
takes longer than 2 minutes!

Keeping data on [the singular instance] separate partition(s):
Nooo...not really. Most CVV, Common Variety Vomit, perpetuating
itself over the Internet occurs at the C: OS level. Programs most of
all directly associated with the Internet are integral within the OS
laying, by means, ipso facto, therein and thereby prima facie to
permit Internet access;-- Although, to including anything, regardless
where it's physically located, whether attempting to "Call Home,"
within better reason, may be FireWalled with Extreme Prejudice.

Similarly, many, if not most, CVPV, Common Variety Puking Vomits, will
attach themselves by dint of their extreme stupidity, lacking any
other purpose, or reason, conceptually not to slit their own throat
and end their silly selfsame, miserable existence.

Lastly, many programs (excluding those with an aforementioned clause,
within observance and propensity to expand upon themselves, so to
"Check Home," for bigger, better, newer reasons, ostensibly, involving
checking directly otherwise for your Credit Card account balance),
simply, may no real need for actually working on the Internet. A gist
and implication that infection to an adequately, already "Hardened
Software Build," is a factor of greater remoteness once and
additionally physically removed. Consequently, the need to restore
the Data/Program/Binary, insular partition is one of a respective
lower-order imperative. In practise, a need perhaps as often directly
related to an enduser's ineptitude, malfeasance being by chance a
migrating Vomit Clause off the Internet is within improper identity
techniques or outright piss-poor "surfing" habits.

What a separate DATA partition does however involve, is manually
having to keep in sync Binary Data program revisions, updates and
omissions, in-program changes to settings and functions linked to the
OS, or anything generally not already logged and incorporated into the
OS images and any subsequent layering of compounded, redundant
iterations over further OS images.

Personally, I keep a three-layered backlog of the OS, proper, one of
the DATA, even should the latter seldom come to play. (Backups,
really, especially in the DATA sense are becoming increasingly
abstractions of their own right when considering an increased
bandwidth and permissible storage facilities.)

 

[GMAN]

At the library.

The staff at the library are very helpful.

Paul

The staff at the library are usually VERY old and wouldnt have a clue as to
how to burn a CD

 

[Paul]

The staff at the library are usually VERY old and wouldnt have a clue as to
how to burn a CD

The staff at my library, spend most of their time doing the
"computer help person routine". I don't think they do much with
books any more. They fill the printer with paper for patrons,
collect the $0.05 per printed page, and answer computer questions.
At the main library, there's a queue for computers, and a room with
30 seats or so in it. So it hardly seems like a library any more.
More like an Internet Cafe, in a library setting.

I even thought the machines would be crusty Pentium 100's, but
a quick check showed the one I used, had a Core2.

Paul

 

[glee]

How would he burn it?

On the library computer he is posting from, at friend's computer, even
ask someone in an Internet cafe to do a favor and burn it. There's
always a way, unless you're too busy looking for ways to fail.

 

[RJK]

???

After casting my eye through this thread, and earlier in it, I was wondering
if the OP had a FULL version of AVG with real-time scanner running, or just
the free AV scanner, which I thought does not include the TSR real-time
scanner ?

....anyhoo http://www.prevx.com/blog/163/Ransomware-lands-on-the-MBR.html is
interesting,

regards, Richard

 

[(PeteCresswell)]

Per Bill in Co:

Why keep
data on a separate partition?

Another reason: to minimize the size of the System partition.

Smaller partition, faster images/restores.

 

[(PeteCresswell)]

Per Flasherly:

And where are you guys getting off on 20 minutes ... I
start getting hot under the collar when a C: restore imaging routine
takes longer than 2 minutes!

I was trying tb conservative.

But 2 minutes? That's really impressive.

Takes me 2 minutes just to fish out the restore CD and boot from
it.

 

[glee]

snip
After casting my eye through this thread, and earlier in it, I was
wondering if the OP had a FULL version of AVG with real-time scanner
running, or just the free AV scanner, which I thought does not include
the TSR real-time scanner ?

AVG's free AV has always included a real-time resident scanner.

...anyhoo
http://www.prevx.com/blog/163/Ransomware-lands-on-the-MBR.html is
interesting,

Thanks for the link.

 

[Loren Pechtel]

At the library.

The staff at the library are very helpful.

Paul

Libraries are set up to let you burn? I didn't realize you had that
much control of the system.

 

[Searcher7]

Libraries are set up to let you burn? I didn't realize you had that

much control of the system.

Not at the NYPL. You can't even create a text file or copy and paste anything at my neighborhood library because useful functions like this have been disabled. I was lucky to figure out how to download anything to a flash drive.

Anyway, I tired Emisoft only to find that when running in safe mode my PC'sscreen resolution changes making it impossible to to see the entire graphical user interface of the app so I could click the correct buttons.

I manged to run AVG and Malwarebytes Anti-Malware again. and the problem was corrected. (I can't really say what actually worked though).

Now yesterday my PC was attacked by "Live Security Platinum" which also tried to extort money from me. I booted into safe mode and ran Malwarebytes Anti-Malware and AVG twice and it appeared to correct the problem.

But this week a lot of pages I've opened have underlined/highlighted text that are actually pop-up ads.(Which is a pain if you move your cursor arounda lot). I'm not sure if it is still something devious on my system or if everyone decided at the same time kill the already crappy internet experience by putting commercial ads in everything at every page you go to.

Thanks.

Darren Harris
Staten Island, New York.

 

[Paul]

Not at the NYPL. You can't even create a text file or copy and paste anything
at my neighborhood library because useful functions like this have been disabled.
I was lucky to figure out how to download anything to a flash drive.

Anyway, I tired Emisoft only to find that when running in safe mode my PC's
screen resolution changes making it impossible to to see the entire graphical
user interface of the app so I could click the correct buttons.

I manged to run AVG and Malwarebytes Anti-Malware again. and the problem was
corrected. (I can't really say what actually worked though).

Now yesterday my PC was attacked by "Live Security Platinum" which also tried
to extort money from me. I booted into safe mode and ran Malwarebytes Anti-Malware
and AVG twice and it appeared to correct the problem.

But this week a lot of pages I've opened have underlined/highlighted text that
are actually pop-up ads.(Which is a pain if you move your cursor around a lot).
I'm not sure if it is still something devious on my system or if everyone decided
at the same time kill the already crappy internet experience by putting commercial
ads in everything at every page you go to.

Thanks.

Darren Harris
Staten Island, New York.

I'd check for "Add-Ons" in the browser first. In case that's how they're underlining
things. You've probably been hijacked... somehow.

It's also possible to do stuff like that, by meddling with the DNS (so people end
up on your server, rather than going to their originally intended web site). It's possible
to inject adverts, and you can make a lot of money doing that.

In terms of anti-malware software, you need fresh definition files for them
to continue to help you. So just because you have a copy of MBAM, it still
needs to be maintained. Either you need to get a fresh copy of MBAM, before
using it the next time, or, find out how to get just the definitions file
to keep the thing up to date. (When I use the Kaspersky scanner CD, that
connects to Kaspersky and downloads megabytes of update files. So that's
one way they can do it.) Which is great, as long as your networking is
still operational.

Paul

 

[Flasherly]

Per Flasherly:


I was trying tb conservative.

But 2 minutes? That's really impressive.

Takes me 2 minutes just to fish out the restore CD and boot from
it.

If the DVD/CD's in: 1) 15-2-m/sec, 2) a quad-channel, Class 10 USB
flash stick for 30m/sec, 3) HD<>HD 50m/sec when excellent rates
between disparate physical drives or same-platter partitions.

The restoration image is 6-800meg if only C:\Windows and there's a
little selectivity about programs that take themselves and their
residuals somewhere else. After doing it for years, life, I guess,
becomes more bitchy when it's less impressive than redundant and taken
for granted, i.e., never owned a SSDrive, so somebody else can do the
damn math for factoring seconds on that.