Virus Warning

[SquareDaff]

Just a quick warning - was trawling the net yesterday for reviews of rear lights when I picked up a virus - the infamous "System Repair" virus.
I believe I got it from the london cyclist website as that's when the 1st of the symptoms manifected itself - however I'm not 100% certain.

Just take care.

I've spent about the last 2 hours getting control of my machine back (i.e. access to task manager / registry). Currently killing all remains of the little bugger now. Fortunately for me- alarm bells went off when the 1st, not quite professsional looking enough, system error screen appeared.

 

[MontyVeda]

what virus protection are you running?

 

[2Loose]

System repair doesn't count as a virus, more along the lines of 'scareware' - to 'catch it, you need to respond to one of the alerts it gives you and then click on one of the false system messages.

Not that the info helps you in any real way. Malware bytes can kill it, but then you have to retrieve your old start menu and unhide your 'my documents'...

I had to deal with a colleagues PC the other day - could be worse, other nasties can truly destroy your info rather than just hide it from you.

 

[MacB]

I think it's quite nasty actually, if you're not sure what's going on and suddenly you're locked out of things like task manager, it does seem like a total system overtake.

Agree on the Malwarebytes though

 

[2Loose]

I think it's quite nasty actually, if you're not sure what's going on and suddenly you're locked out of things like task manager, it does seem like a total system overtake.

Agree on the Malwarebytes though

I think that is the crux of it certainly, the system appears to be compromised and all applications and data appear to be missing, so many people will wipe the computer and start from scratch, if not pay someone to do the same thing for them.

I found it very interesting that it managed to cause so much anguish without destroying any data though, very clever and as you say, nasty.

 

[MacB]

I think that is the crux of it certainly, the system appears to be compromised and all applications and data appear to be missing, so many people will wipe the computer and start from scratch, if not pay someone to do the same thing for them.

I found it very interesting that it managed to cause so much anguish without destroying any data though, very clever and as you say, nasty.

I came very close to doing just that but I was fortunate enough to be able to fire up a laptop next to the computer to investigate. I already new the Bleepingcomputer website and soon found an existing thread around the same problem. So downloaded the fix via laptop to USB stick, fired up main computer in safe mode, uploaded the fix...etc....etc. But that it way beyond most peoples knowledge and was a pretty steep learning curve for me.

 

[Inertia]

I think it's quite nasty actually, if you're not sure what's going on and suddenly you're locked out of things like task manager, it does seem like a total system overtake.

Agree on the Malwarebytes though

Rkill is handy for getting control as it sometimes blocks malwarebytes from running too. You run rkill to kill it and then run malwarebytes to remove it.

 

[ASC1951]

what virus protection are you running?

None, I assume.

Given that MSE - for instance - is free and reasonably comprehensive, there is very little excuse for letting your PC get diseased.

 

[gaz]

Are you certain it was from the London Cyclist website?
Was it just a pop-up which you then clicked?

The sort of issues you describe can not just happen from viewing a website, you would need to download something.

 

[SquareDaff]

None, I assume.

Given that MSE - for instance - is free and reasonably comprehensive, there is very little excuse for letting your PC get diseased.

You'd presume wrong! It's my works PC that got infected. That uses Trend Micro which is supposed to be maintained by the works network team. It's either garbage or it's not being updated regularly. Viruses are always sneaking through. Compare that to my home PC that has Norton 360 on it with updates loaded each week and which has never had a virus!!

 

[SquareDaff]

Are you certain it was from the London Cyclist website?
Was it just a pop-up which you then clicked?

The sort of issues you describe can not just happen from viewing a website, you would need to download something.

I'm not certain - but it was the site I was viewing when the issue started. My warning was just to be careful. I've viewed that site before without problems and I imagine a lot of cyclists are looking for reviews on rear lights at the moment.

You'd only need to reference a link with a javascript "addition" to load on a virus - and most sites contain those.

 

[SquareDaff]

Most of you have mentioned BleepingComputer and RKill.
Used both of those yesterday.

I got control of the Task Manager back and unhid the "destroyed" files. However, the process didn't get rid of the "virus" executable which restarted when the PC was rebooted. Fortunately with Task Manager enabled it was easy to spot and get rid of but if you do get this virus what out for UBhvfHIIGD.exe in your tasks list and delete from your hard drive.

 

[gaz]

You'd only need to reference a link with a javascript "addition" to load on a virus - and most sites contain those.

That still shouldn't do what you described. Been downloading any warez?

 

[2Loose]

Most of you have mentioned BleepingComputer and RKill.
Used both of those yesterday.

I got control of the Task Manager back and unhid the "destroyed" files. However, the process didn't get rid of the "virus" executable which restarted when the PC was rebooted. Fortunately with Task Manager enabled it was easy to spot and get rid of but if you do get this virus what out for UBhvfHIIGD.exe in your tasks list and delete from your hard drive.

You'll find that it will not be called exactly the same things, but will look like a random collection of letters (.exe) which is an attempt to stop people spotting it.