PDA

View Full Version : OT - 'Security Suite' malware



Too_Many_Tools
09-12-2010, 03:27 AM
I am helping a friend try to fix a computer with the 'Security Suite' malware.

A real pain.

Anyone here SUCCESSFULLY clean a computer of this malware?

If so, I would like to hear how you did it.

Apparently there are a number of versions of it...with each generation getting harder to eliminate.

And it is successful at getting past anti-virus programs.

Thanks for any suggestions.

TMT

mike4
09-12-2010, 03:33 AM
I am helping a friend try to fix a computer with the 'Security Suite' malware.

A real pain.

Anyone here SUCCESSFULLY clean a computer of this malware?

If so, I would like to hear how you did it.

Apparently there are a number of versions of it...with each generation getting harder to eliminate.

And it is successful at getting past anti-virus programs.

Thanks for any suggestions.

TMT

Try Nortons site ,as I had a similar experience a couple of years ago.

Also try restoring to a point before the malware was loaded , make sure you turn off any automatic restore programs or the malware will copy that point.

Too_Many_Tools
09-12-2010, 03:54 AM
Try Nortons site ,as I had a similar experience a couple of years ago.

Also try restoring to a point before the malware was loaded , make sure you turn off any automatic restore programs or the malware will copy that point.

Thanks for the suggestions.

The machine in question had its restore function turned off..no restore points available.

FWIW...this malware is rampant on music, video and porn sites according to the discussions I have been reading. This user apparently picked it up by viewing a video on YouTube.

TMT

.RC.
09-12-2010, 05:06 AM
format c:

:)

macona
09-12-2010, 05:47 AM
Thanks for the suggestions.

The machine in question had its restore function turned off..no restore points available.

FWIW...this malware is rampant on music, video and porn sites according to the discussions I have been reading. This user apparently picked it up by viewing a video on YouTube.

TMT

Yeah, sure he did. :rolleyes: You are not going to get something off YouTube. Maybe if he clicked link in a spam post that lead off site.

Good luck. adaware cleans pretty well and I have had pretty decent luck with spybot. But in general when that happens its time to wipe.

Too_Many_Tools
09-12-2010, 10:54 AM
Yeah, sure he did. :rolleyes: You are not going to get something off YouTube. Maybe if he clicked link in a spam post that lead off site.

Good luck. adaware cleans pretty well and I have had pretty decent luck with spybot. But in general when that happens its time to wipe.

That would be my first thought also but...

The user is a young lady.

I have verified the infecting site to the time of infection.

And Youtube WAS the source.

This malware virus has an ongoing reputation of slipping by antivirus programs.

In the end I may have to go the "Nuke and Boot" route but it is better to do a surgical extraction.

During the effort, it has been interesting to see that the malware authors are adapting the virus as fixes are found.

Here's hoping that they burn in hell.

TMT

kendall
09-12-2010, 11:12 AM
Malware bytes works well for most things, free download and doesn't load up or slow down the computer.

Often though, some of these disable AV progs and prevent installation. Try booting in safe mode and running/installing.
If that doesn't work, use an old hard drive to install another working copy of the OS, then boot to that drive and run the AV from it.

I always have a 'spare' os install on an external drive, if something happens I can boot to it and clean everything up or rescue files etc. Many infections aren't sophisticated enough to mess with external drives or non-active operating systems, so it's a pretty safe standby even if you leave the drive on and active for extra storage.

bobw53
09-12-2010, 11:26 AM
Safe mode,
Malwarebytes
System restore
Fresh install, update and full scan of your antivirus software.

I've been bitten by this one(or similar) like 3 times in the last few years. The last time it also switched my browser to go through a proxy site.

lakeside53
09-12-2010, 11:37 AM
deleted...

Too_Many_Tools
09-12-2010, 11:42 AM
Safe mode,
Malwarebytes
System restore
Fresh install, update and full scan of your antivirus software.

I've been bitten by this one(or similar) like 3 times in the last few years. The last time it also switched my browser to go through a proxy site.


Thanks for the suggestions.

Malwarebytes currently does not work.

It used to...the virus authors are modifying the virus to neutralize the old methods.

I would have used system restore if a restore point was available..the system restore feature had been turned off. When I am done it will be DEFINITELY be turned on.

And yes it loves to set the proxy setting.

There is also a version that goes after Firefox.
TMT

ATV
09-15-2010, 12:04 AM
I've fixed it before. Do a google search on Combofix. Download it and run it.

dp
09-15-2010, 02:29 AM
Another candidate for using a virtual machine.

rockrat
09-15-2010, 07:45 AM
I dont know about your specific malware issue but I found this site very helpful for my issue a while back.

http://www.techspot.com/vb/topic58138.html

This was a specific thread but the board has good clear instructions on so many software issues.

Good luck.
rock~

rockrat
09-15-2010, 07:55 AM
Those using Combofix, take a moment and read the following post at techspot.

Do not run Combofix without our guidance (http://www.techspot.com/vb/topic138086.html)

It sounds as though while Combofix does work you may well need to do other things first.

I am interested in Combofix and have started to read a bit more on it. Looks as though there are good reasons for using it.

rock~

daryl bane
09-15-2010, 10:44 AM
I picked up that virus awhile back, and it was probably the most evil of any one I've encountered. It blocked all avenues for a system restore, safe mode, registry entry, DOS access, and installation of ANY after the infection antivirus software. It certainly got past my up-to date AVAST. In the end, I had to reformat the hard drive and reinstall Windows XP. I am certainly no computer geek, and I guess if there had been important stuff on it, I would've taken it to pro. Its sad that there are such smart folks coming up with this stuff, seems like that effort could be put to something more positive and productive. I was thinking death penalty there for awhile, for the perpetrators as well as Bill Gates.:)