Any idea which bug this is?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I worked on a system today where the task manager, regedit, ctrl-alt-del,
Internet Explorer, and Safe mode were all disabled.  This PC has the Verizon
Security Suite installed and updated, though it appeared the malware had
turned off the AV component (so much for the VSS).  I was able to install,
update and scan with both MBAM and SuperAntiSpyware.  They found and removed
a quite a bit, but the PC was still crippled.  All of the disabled features
remained broken, and Firefox and Opera could only browse sporadically.

Is there a particular malware responsible for the above, or has this become
the norm?


Re: Any idea which bug this is?




| I worked on a system today where the task manager, regedit, ctrl-alt-del,
| Internet Explorer, and Safe mode were all disabled.  This PC has the Verizon
| Security Suite installed and updated, though it appeared the malware had
| turned off the AV component (so much for the VSS).  I was able to install,
| update and scan with both MBAM and SuperAntiSpyware.  They found and removed
| a quite a bit, but the PC was still crippled.  All of the disabled features
| remained broken, and Firefox and Opera could only browse sporadically.

| Is there a particular malware responsible for the above, or has this become
| the norm?


Just about the norm.  Each new piece of malware gains from the "benefits"
learned from its
predeccessors.

Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Then post the contents of the HJT log in your post in one of the below expert
forums...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security /
http://forums.security-central.us/forumdisplay.php?f=13

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Any idea which bug this is?



Victek wrote:
Quoted text here. Click to load it

do your reading, the download link is at the top of the page.
what your going to do is goto the policies button scan and remove
restrictions there.
http://wiki.lunarsoft.net/wiki/Dial-a-fix

Great tool to have
Clark...
--
Don't you have Google in your part of the world?



Re: Any idea which bug this is?





Quoted text here. Click to load it
Thanks for the info and link to Dial-a-fix.  Much appreciated!

 


Re: Any idea which bug this is?




Quoted text here. Click to load it

smitfraudfix is also pretty good at repairing any malicious policy
changes..... Dial a fix is an essential tool though, its magic for fixing
windows updates.

Gaz



Re: Any idea which bug this is?




Quoted text here. Click to load it

Sure is, glad I could recommend it to you. :)

If you ever need any help, just ask. I don't even hold your assine posts
(that you didn't read obviously) about me. Anything to better educate you
so your customers don't needlessly suffer.


--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: Any idea which bug this is?



Clark wrote:
Quoted text here. Click to load it

That's a very useful application for system performance too.
It was able to remove the majority of the contents of the
SoftwareDistribution folders and speed up my shutdown time considerably.
They're still there, but have shrunk from over three hundred MB down to
about two.

Re: Any idea which bug this is?




Quoted text here. Click to load it

It's a series of policy keys which lock you out of various things.

You can use dial a fix, just google it to undo most of those.


--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Site Timeline