I downloaded some interesting viruses today

[Tailplane]

Looking on Photobucket today a popup warned me that Java needed updating in order to view the images and so I downloaded it.
This produced a flood of mall-ware, mainly registry checking freeware but more sinister were some intrusive viruses.

VuuPC. This produces a continuous invite to download a toolbar and you can't uninstall it by the usual method.

Freecom Pro. This highlights words in your forum texts and invites you to join a 2014 survey. Unremoved, at best it will double your forum text loading time.

You can't remove either of these by usual methods and it took me about 3 hours to get rid of them. ( Don't use free removal tools, they might be worse than the virus).

The good news is, I removed them all.

Regards.

[Mike]

Which anti-virus do you use

[Tailplane]

Which anti-virus do you use

I use Avast.

This warned me of viruses and removed some files but it didn't stop the programs working.

[Andy_99]

To Be doubly sure download something like kaspersky rescue disk 10 from here onto a bootable USB/CD/DVD

http://support.kaspersky.co.uk/4162

When your machine boots from the disk it creates a totally self contained environment so that no nasties can load into memory.
Use it quite frequently to disinfect a machine that may have active infections that a standard AV install may not be able to remove.

Most Anti-Virus vendors also have standalone scanners that you can download.

[FAlcons]

Are you sure your pc is clean?

If your usual anti-virus can't delete a virus or toolbar, try Malwarebytes Anti-Malware: https://www.malwarebytes.org. You can take the free version. HitmanPro is very effective too, and free for 30 days: http://www.surfright.nl/en/

And, indeed, if this doesn't work, try booting your pc in safe mode. and then run these programmes. All but the nastiest malware won't run in safe mode.

Rob

[Tailplane]

The good news is, I removed them all.

Regards.[/quote]

The bad news is. I found today 1 piece I can't get rid of and nobody seems to know what it is ( might be a key logger). It must be bad as it has the same timestamp as the other baddies.

Anti viruses don't recognize it. ( buuoujqmrk64 ) It can't be deleted. You will see it in Task Manager as running.

You will find it in program files under something like 003 file. Hitman Pro doesn't see it.

I'm still working on the problem.

[Andy_99]

Kaspersky option I mentioned will spot it if the file is seen as a virus (In the Signature DB).

I'll have a search on the threat at lunchtime.

Andy

[Andy_99]

Had a quick look & it seems like it could be Adware, here's the issue most AV vendors don't see Adware as a virus but a potentially unwnted program (PUP) the bane of my life.
Try Kaspersky option 1st if no joy with that a case of finding the .EXE that's associated with the process & removing it manually.

McAfee AV (Enterprise Version) will spot & remove PUP's not 100% sure on the home version but I'd assume it does.

[Tailplane]

Had a quick look & it seems like it could be Adware, here's the issue most AV vendors don't see Adware as a virus but a potentially unwnted program (PUP) the bane of my life.
Try Kaspersky option 1st if no joy with that a case of finding the .EXE that's associated with the process & removing it manually.

McAfee AV (Enterprise Version) will spot & remove PUP's not 100% sure on the home version but I'd assume it does.

Hello Andy. I had the exe located but it couldn't be deleted manually and I'm reluctant to download "free" removal tools as I've had trouble with them in the past.

So I went on a file deletion rampage and got rid of files, after looking up what they were, programs that have been installed by whoever and you just don't need them.

To my amazement the thing actually deleted and I am now "clean". My Firefox load time is the best its ever been.

Great fun.

[Andy_99]

I know what you mean about some of the free AV software.

The Kaspersky stuff I can vouch for, the download link I posted is to the companies download site & the tool uses the same tech as their enterprise products.
McAfee have some free tools available but they are targeted more at specific detections.

One helpful hint to everyone on here is never ever click on a link that offers to clean your machine for free, speed you up etc.... old adage if the deal seems to be too good to be true it nearly always is.

Products such as AVG, AVAST etc... do work but you get what you pay for, malwarebytes is also useful.

A reliable properly configured On-Access Scanner together with a firewall will help protect you from most nasties, however always use common sense before clicking on any links in suspicious emails etc..

[Tailplane]

Here are some of the other useless unwanted programs I removed whilst looking for the main virus pieces.


Viewpoint media player
Trymedia
NCH Software
Volatile
Babylon
Conduit
Trolltech (still not sure about this one)
And others I can't remember.

All the above pieces of programs and registry entries removed by me.
These aren't viruses, but programs, eg toolbars etc, quietly doing there jobs (spyware) in the background and slowing your pc down, entered maybe by freeware, scanners etc.

I've also removed the original Java prog, where the problem started in the first place, which is used to run AI Carriers in FSX.

Lightning fast load times and no downside.

Regards.

[Tailplane]

When you get an e-mail, for example from Adobe with updates, how can you tell if it's genuine or not ? It's about time the authorties were able to nick these computer criminals and do some testicular stomping.
pawlee

It might be safest to ignore the update popup and go direct to their site and download it from there, although I've never had any trouble in the past.

Java (they make applets to enhance your browsing experience) are one of many legit sites known to be used to carry malware. I made the mistake of updating while in another site.
They also give the last and next update, date on their site. I can't find anything like that on Adobe.

Regards.

[Andy_99]

Agree on that one, I always do adobe updates direct from site.
Far too many fakes out there to respond to updates via email.