Announcement

Collapse
No announcement yet.

OT - 'Security Suite' malware

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OT - 'Security Suite' malware

    I am helping a friend try to fix a computer with the 'Security Suite' malware.

    A real pain.

    Anyone here SUCCESSFULLY clean a computer of this malware?

    If so, I would like to hear how you did it.

    Apparently there are a number of versions of it...with each generation getting harder to eliminate.

    And it is successful at getting past anti-virus programs.

    Thanks for any suggestions.

    TMT

  • #2
    Originally posted by Too_Many_Tools
    I am helping a friend try to fix a computer with the 'Security Suite' malware.

    A real pain.

    Anyone here SUCCESSFULLY clean a computer of this malware?

    If so, I would like to hear how you did it.

    Apparently there are a number of versions of it...with each generation getting harder to eliminate.

    And it is successful at getting past anti-virus programs.

    Thanks for any suggestions.

    TMT
    Try Nortons site ,as I had a similar experience a couple of years ago.

    Also try restoring to a point before the malware was loaded , make sure you turn off any automatic restore programs or the malware will copy that point.

    Comment


    • #3
      Originally posted by mike4
      Try Nortons site ,as I had a similar experience a couple of years ago.

      Also try restoring to a point before the malware was loaded , make sure you turn off any automatic restore programs or the malware will copy that point.
      Thanks for the suggestions.

      The machine in question had its restore function turned off..no restore points available.

      FWIW...this malware is rampant on music, video and porn sites according to the discussions I have been reading. This user apparently picked it up by viewing a video on YouTube.

      TMT

      Comment


      • #4
        format c:

        Precision takes time.

        Comment


        • #5
          Originally posted by Too_Many_Tools
          Thanks for the suggestions.

          The machine in question had its restore function turned off..no restore points available.

          FWIW...this malware is rampant on music, video and porn sites according to the discussions I have been reading. This user apparently picked it up by viewing a video on YouTube.

          TMT
          Yeah, sure he did. You are not going to get something off YouTube. Maybe if he clicked link in a spam post that lead off site.

          Good luck. adaware cleans pretty well and I have had pretty decent luck with spybot. But in general when that happens its time to wipe.

          Comment


          • #6
            Originally posted by macona
            Yeah, sure he did. You are not going to get something off YouTube. Maybe if he clicked link in a spam post that lead off site.

            Good luck. adaware cleans pretty well and I have had pretty decent luck with spybot. But in general when that happens its time to wipe.
            That would be my first thought also but...

            The user is a young lady.

            I have verified the infecting site to the time of infection.

            And Youtube WAS the source.

            This malware virus has an ongoing reputation of slipping by antivirus programs.

            In the end I may have to go the "Nuke and Boot" route but it is better to do a surgical extraction.

            During the effort, it has been interesting to see that the malware authors are adapting the virus as fixes are found.

            Here's hoping that they burn in hell.

            TMT

            Comment


            • #7
              Malware bytes works well for most things, free download and doesn't load up or slow down the computer.

              Often though, some of these disable AV progs and prevent installation. Try booting in safe mode and running/installing.
              If that doesn't work, use an old hard drive to install another working copy of the OS, then boot to that drive and run the AV from it.

              I always have a 'spare' os install on an external drive, if something happens I can boot to it and clean everything up or rescue files etc. Many infections aren't sophisticated enough to mess with external drives or non-active operating systems, so it's a pretty safe standby even if you leave the drive on and active for extra storage.

              Comment


              • #8
                Safe mode,
                Malwarebytes
                System restore
                Fresh install, update and full scan of your antivirus software.

                I've been bitten by this one(or similar) like 3 times in the last few years. The last time it also switched my browser to go through a proxy site.

                Comment


                • #9
                  deleted...

                  Comment


                  • #10
                    Originally posted by bobw53
                    Safe mode,
                    Malwarebytes
                    System restore
                    Fresh install, update and full scan of your antivirus software.

                    I've been bitten by this one(or similar) like 3 times in the last few years. The last time it also switched my browser to go through a proxy site.

                    Thanks for the suggestions.

                    Malwarebytes currently does not work.

                    It used to...the virus authors are modifying the virus to neutralize the old methods.

                    I would have used system restore if a restore point was available..the system restore feature had been turned off. When I am done it will be DEFINITELY be turned on.

                    And yes it loves to set the proxy setting.

                    There is also a version that goes after Firefox.
                    TMT

                    Comment


                    • #11
                      I've fixed it before. Do a google search on Combofix. Download it and run it.

                      Comment


                      • #12
                        Another candidate for using a virtual machine.

                        Comment


                        • #13
                          I dont know about your specific malware issue but I found this site very helpful for my issue a while back.

                          http://www.techspot.com/vb/topic58138.html

                          This was a specific thread but the board has good clear instructions on so many software issues.

                          Good luck.
                          rock~
                          Civil engineers build targets, Mechanical engineers build weapons.

                          Comment


                          • #14
                            Those using Combofix, take a moment and read the following post at techspot.

                            Do not run Combofix without our guidance

                            It sounds as though while Combofix does work you may well need to do other things first.

                            I am interested in Combofix and have started to read a bit more on it. Looks as though there are good reasons for using it.

                            rock~
                            Civil engineers build targets, Mechanical engineers build weapons.

                            Comment


                            • #15
                              I picked up that virus awhile back, and it was probably the most evil of any one I've encountered. It blocked all avenues for a system restore, safe mode, registry entry, DOS access, and installation of ANY after the infection antivirus software. It certainly got past my up-to date AVAST. In the end, I had to reformat the hard drive and reinstall Windows XP. I am certainly no computer geek, and I guess if there had been important stuff on it, I would've taken it to pro. Its sad that there are such smart folks coming up with this stuff, seems like that effort could be put to something more positive and productive. I was thinking death penalty there for awhile, for the perpetrators as well as Bill Gates.
                              Last edited by daryl bane; 09-15-2010, 10:54 AM.

                              Comment

                              Working...
                              X