Hello. Anyone else had this? My young daughter's laptop has been taken over by "Security Suite" warning messages and pop-ups. Fortunately she was savvy enough to not click on anything, recognising it as a scam. Unfortunately it seems to have disabled just about everything. Googling the problem has brought up a number of solutions, but they all appear to be very complex. Looks like quite a nasty. :mad:

It managed to get past Norton completely undetected, too, which has left me rather unimpressed!

I have started the laptop in safe mode and am currently runing a Windows System Restore...I don't know if this will help....

Any ideas anyone?? If system restore appears to sort it out, is there anything else I need to check/delete/change manaully?

EDIT: System Restore has stopped the popups, the Security Suite icon has disappeared, but Norton isn't working. Having said that, Norton has stopped working before, so I'll try re-installing it before I do anything else. That'll be tomorrow! I'm off to bed in a bad mood...:(

Thanks

B&t

Hmmmmmm I think I'd be dumping Norton and find one that worked.

B&T - the pitfall with System Restore is that if you pick a date for restore where the infection was already lurking, you do not achieve anything.

Have a look at this
How to remove AV Security Suite (Removal guide) | My Anti Spyware (http://www.myantispyware.com/2010/06/03/how-to-remove-av-security-suite-removal-guide/)

currently runing a Windows System Restore

The rule of thumb is once malware infected, System Restore and the like are not to be trusted and should be deleted immediately on detection of malware for both your own and others sanity.


Furthermore, you should introduce your daughter to the joys of not doing your day to day Facebooking and emailing under a Windows account with Administrator rights.

Download the free version of MBAM (http://www.malwarebytes.org/), install it to the sick computer, update it, run a quick scan, have it delete anything found.
If it prompts to reboot the computer, do so promptly.

If unable to install or run MBAM on the computer, post back. I know tricks. They may even work!

I know quite a few tricks too, and if you're near the Berkshire (UK) area then drop me a PM and i'll try and fix it for you.

Your best form of defence is to keep your machine 100% up to date in terms of Windows updates and use the LinkScanner feature of a free AV product such as AVG (this will physically block infected webpages from being loaded by your browser). I had an XP machine that was out by only 8 patches. I got so badly infected it took me 3 solid hours to fix. Tried 3 of the best anti-spyware/malware programs all which found something and deleted it, but they were not clever enough as this piece of malware kept on reinstating itself. Only after a lot of manual deleting did I fix the problem.

System Restore is not what most people think it is and Norton/McAfee products deserve to be burned.

Try the above suggestion of MBAM

B&T - I repeat - work your way through my link - just running MBAM may not clear this. You need to run hijack this as well and the rest. NB MBAM is part of 'the rest'

Your best form of defence is........

and ..... NOT TO RUN AS ADMINISTRATOR

I can't begin to stress how many problems you can avoid simply by doing your day to day computing as a non-administrative user.

My daughter caught this one, aswell. Vista on PC world pc. It evaded a fully up to date AVG and both the BT modem router firewall and MS's firewall on the pc.
It was a "Trojan downloader" and it had downloded 3 other "severe" nasties.
It probably came in via one of those music file sharing apps that teenagers love. ("Life wire riddem" comes to mind.)

I ran avg, and installed McAfee, and whilst those two found "bits" of whatever the thing had invited on to the pc, they did not kill it all.................so, machine went to nice local techie man for complete wipe, copy and serious security grilling of music, piccies and doc.s, and the re-install of Vista, followed by re-copy of docs etc.. Seems OK now, but I do run manual McAfee scans aswell as the scheduled ones just in case.....................bolting door after...........??

Oh, yeah - I'd set her up as a non-admin, but she often went on as admin to download new dodgy file sharing stuff..................

but she often went on as admin :eek: - why did you give her the admin password?

<snip>
I had an XP machine that was out by only 8 patches. I got so badly infected it took me 3 solid hours to fix.
<snip>


Would take less than that to reinstall Windows... Of course the other software might take a bit longer.

I think I've just been invaded by something like this.

Got a much-too-fast-to-read message about java being updated. Then got another much-too-fast-to-read message mentioning windows security.

That was enough for my personal alarm system so, having updated MBAM, it found five nasties which have been removed and a restart carried out.

First time I can recall anything getting past Avast.

Hi, Thanks for all the replies....my daughter doesn't have an admin account. I read on one of the links that this particular nasty didn't need admin rights to do its work. Apparently a message from Norton did appear, saying that a high risk infection attempt was blocked, so I don't know what happened for sure after that..... System Restore has stopped the messages and repeated connections to 'adult' sites, but I will work through some of the solutions suggested to make sure there aren't bits and pieces left.

BOAC - can MBAM be installed/run while Norton is running? I'm not familiar at all with clearing infections...I've never (knowingly!!!) had a problem before.

Mike Bracknell - thanks, I am local to you, so may avail myself of your offer if I get stuck.

Oh, the fun of it.

I had an issue like this a while back. It might not work for your problem but on the advice of someone here I downloaded "SuperAntispyware" free edition and it removed it where other programs had failed.

Norton re-installed, updated and running. Have downloaded, updated and run MBAM - no malicious stuff found, laptop appears to be working fine....for the moment....:uhoh:

The reason for my infection (above) was due to an unpatched Java client on my machine. I tell you this, cos it happened again!

It turns out that a particular version released just 5 months ago is so easy to exploit that even lame-ass hackers are taking advantage: Java zero-day flaw under active attack | ZDNet (http://www.zdnet.com/blog/security/java-zero-day-flaw-under-active-attack/6161)

Lesson: Ensure automatic updates for Java and accept when prompted!

The infection probably arrived as a web popup that saud something like " An infection has been found , click here to remove". Clicking immediately installs the crap you have seen. its an easy trap to fall for.

Does not running as an Admin make any practical difference?

Most windoze hacks involve running the code of the attacker's choice (usually achieved by overflowing some data buffer which is on the stack, so the buffer data contents gets executed as opcodes when the program returns from the function call) and such code is more than capable of elevating itself to any privilege level. Especially at the next reboot :)

On top of that, many programs do not run properly unless under Admin rights.

I have had to deal with the "kids' PC getting trashed" issue a number of times, and IMHO the best way is to have a dedicated kids' PC, make an image backup (Trueimage, etc) and every so often just restore the image. Sometimes one has to restore the image anyway because the PC is so badly trashed it won't boot. My son once trashed the PC by installing some FSX aircraft model. I have Kaspersky AV on it anyway, not that AV software stops trojans which seem to be well capable of disabling such software.

The rule of thumb is once malware infected, System Restore and the like are not to be trusted and should be deleted immediately on detection of malware for both your own and others sanity.


Is there any way to delete all of the restore points?
I know when doing a system clean up you only get the option to delete all but the most recent restore point, (on XP Pro) and if there was anything lurking on the PC, surely it would make sense to wipe all previous stored points.

Is there any way to delete all of the restore points?
I know when doing a system clean up you only get the option to delete all but the most recent restore point, (on XP Pro) and if there was anything lurking on the PC, surely it would make sense to wipe all previous stored points.

Clear System Restore Points for Performance (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)

SD

Thanks Saab.:ok:
Just what I was looking for.

Hi Blues & Two's,

Trash Norton and install NOD32 also Microsoft's very good "Security Essentials". However this kind of infection comes from visiting infected sites and the security suite may not pick it up. The first thing that happens, as you have seen is that things are disabled. Another favourite way of infection is from an infected memory stick.

You may have been lucky with the restore because the last restore point was made before the infection occurred. Often the restore will restore everything including the virus.

Good luck - Nedrover

Thanks Nedrover - I made sure the restore point was a good long time before we noticed the infection.

I shall be canvassing opinion from friends/relatives/the IT dept at work/the internet/complete strangers/wild animals etc etc before I go for my next antivirus software application!