Malware masquerading as Microsoft Security Essentials? - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Malware masquerading as Microsoft Security Essentials?

wrote:

Quoted text here. Click to load it

I don't know about those two, but I had Norton AV and AVG real-time
scanners running together for 2 years or more, with never a problem.

I disabled one for a day or two and figured out which one generated
which message, that is, which one was finding the viruses (because
only one message would appear) but I forget which one it was.  Might
have to do with which one I installed first, I suppose.  

Whichever one it was, it found the virus etc. 98 % of the time.  But
about 1 time out of 50, or maybe 1 out of 15, the other one did, which
I guess means that the first one failed to find something.  That just
made me want to keep them both, despite the warnings I read.

in 2 years the second one found a virus 3 or 4 times, which would mean
that the first one found something 45 or 60 tims.  That might be about
right.

I couldn't draw many conclusions from 3 or 4 examples, but iirc the
*name* of the virus was, all but maybe the first time when I didn't
pay attention, only one word, with no period or extension.  But then
again, those don't reflect anything about the actual file, do they?

Oh, yeah, eventually I had my email program, Eudora, set, and it's
still set, to not dl any email that was greater than 40K, which
allowed almost all the real emails, but very few virus attachments
were small enough to get by.  (When an email is too big, Eudora will
still dl the first thousand bytes or something, mostly the headers. If
I look at the headerss and subject, I decide I want the email, Eudora
allows easy 1 by 1 exceptions, and it gets the whole email. .


Quoted text here. Click to load it

I posted to say that last Thursday, I got the Microsoft security
Essentials virus this thread is about, on a frend's computer.  

I had her computer because after the XP welcome to windows screen, she
got a blue screen with text, and could go no further.

There's a thread here up about a week or less that describes what
happened, but in short, AVG on a flash drive got rid of what it called
CRYPTIC.AZC, and the computer worked for about 10 minutes, when a fake
Microsoft Sec. Ess. told me I had a problem.  

I fell for it and clicked on something, and in the last 16 hours I've
removed 57 instances of 15 or 20 different malware. But I didn't click
on any attachments, I hadn't installed any software, and I don't think
I even opened the web broswer.  So maybe your mother didn't either.

   Did I get them all in the 10 minutes the computer was running
before the new problem started,
   Or in the 10 minutes or so it ran afterwards, though not connected
to the net, a viruses whose files were already present might when
installed themselves
   Or did the computer have it when I got the computer, but AVG didn't
find it all, and it flourished after I started windows to completion?

Quoted text here. Click to load it


Re: Malware masquerading as Microsoft Security Essentials?

mm wrote:

Quoted text here. Click to load it

What is it you do with your computer that you find 50 (or even 15)
viruses in apparently only a few-year period?

I haven't found as many as 50 viruses ever, since I got my first home PC
nearly three decades ago!

--
   -bts
   -Four wheels carry the body; two wheels move the soul

Re: Malware masquerading as Microsoft Security Essentials?

Quoted text here. Click to load it


 I received 70+ emails last Saturday alone which were infected. Granted, it
was an unusual number in a single day but I often get at least one or two a
day that have some sort of bug in them.



--
Don't bother trying to
contact me via email.

Re: Malware masquerading as Microsoft Security Essentials?


Quoted text here. Click to load it

:oD



Re: Malware masquerading as Microsoft Security Essentials?

Per Whoever:
Quoted text here. Click to load it

Spam? or from known sources?
--
PeteCresswell

Re: Malware masquerading as Microsoft Security Essentials?


Quoted text here. Click to load it


Spam. I average around 1,500 emails a day to a couple of addresses that I
monitor. I run spampal which drops all but ~150 before they get to my email
client. Of those ~150, the majority of them are also spam and auto-trashed
by another set of filters in my email client before I have to see them.



--
Don't bother trying to
contact me via email.

Re: Malware masquerading as Microsoft Security Essentials?

Quoted text here. Click to load it


Yes, but perhaps more correctly, which one you installed *last*. :o)

[...]



Re: Malware masquerading as Microsoft Security Essentials?

wrote:

Quoted text here. Click to load it


"The NEW Norton Power Eraser takes on difficult to detect crimeware
known as "scareware" or "rogueware" that cybercriminals use to trick
you into unknowingly downloading threats onto your PC. This growing
form of crimeware uses bogus pop-up alerts or security messages that
scare you into thinking your PC has been infected and needs to be
fixed immediately.

[AS TO YOUR MOTHER, Dennis, ETC. THIS PARAGRAPH ESPECIALLY]
It can be so tricky that it automatically downloads onto your PC even
if you didnít actively click on anything!

The Norton Power Eraser is specially designed to aggressively target
and eliminate this type of crimeware and restore your PC back to
health.

You should use Power Eraser only when nothing else will remove the
threat and you are willing to accept the risk that the scanner may
quarantine a legitimate program.

Norton Power Eraser BETA
Click here to try out the latest BETA version of Norton Power Eraser

http://security.symantec.com/nbrt/overview.asp?lcid=1033# "

I haven't used this and don't plan too, because I'm pretty sure my
problem won't require it.

Re: Malware masquerading as Microsoft Security Essentials?

Quoted text here. Click to load it

Many of the rogue security applications (scareware FakeAV) servers have
the capability to use a list of names and skins to make them look like
products that the intended victim might be familiar with and therefore
trust.

Quoted text here. Click to load it

The pop-up can be ignored (although that might be risky) or closed by
using (ctrl+alt+del) task manager. If it is clicked on, a visit to their
"bad" website results from a script which will run that pretends to be a
scan in progress, and informs you that you are infected with everything
under the sun and that you should do even more clicking to fix the
problem...and you know where that leads.

If *you* see the pop-up, You can use task manager to locate the (Message
from Webpage/Internet Explorer) entry which when right-clicked gives you
the option to "maximize" the window where the rogue's IP address or name
can be found in the address bar.

A real security program pop-up will *not* be a webpage made to look like
a security program pop-up.

If she has actually executed the malware, then you will need to attempt
removal.



Re: Malware masquerading as Microsoft Security Essentials?


| Does anyone know of malware that might masquerade as Microsoft Security
| Essentials? My mother, who is 80+ years old, has a PC that I gave her
| several years ago. I configured it for her and update it every time she
| visits (she lives 500 miles from me). I never installed Microsoft
| Security Essentials. Suddenly she is getting a popup claiming to be from
| Microsoft Security Essentials saying it has detected a severe threat.
| Not being there to actually see what is going on, I am suspicious that
| she inadvertently downloaded some malware.

YES !

http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Malware masquerading as Microsoft Security Essentials?

On Wed, 6 Oct 2010 16:55:15 -0400, "David H. Lipman"

Quoted text here. Click to load it

BINGO! Sounds like the problem! I just called my mom and told her to
FedEx the pc to me so I can fix it.

I wonder how new this malware is and how she got it. She claims she
didn't visit any unusual websites nor open any attachments. But who
knows...

Thanks David!

--

Dennis

Re: Malware masquerading as Microsoft Security Essentials?


| On Wed, 6 Oct 2010 16:55:15 -0400, "David H. Lipman"


Quoted text here. Click to load it



| BINGO! Sounds like the problem! I just called my mom and told her to
| FedEx the pc to me so I can fix it.

| I wonder how new this malware is and how she got it. She claims she
| didn't visit any unusual websites nor open any attachments. But who
| knows...

| Thanks David!

Malwarebytes' personnel and Grinler (BleepingComputer) have been tracking it for
2~3
weeks.

Malwarebytes' Anti Malware (MBAM) should be effective on it.

There are chances she mistakenly clicked on something.  It may have been dormant
for a
period.

There is also a chance it was installed through the vulnerability/exploit vector
without
her knowledge.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Malware masquerading as Microsoft Security Essentials?

On 10/6/2010 5:08 PM, Dennis wrote:
Quoted text here. Click to load it

LOL!  FedEx it to me, I do call saying that too many times to my mom
when she had a laptop computer I gave her. :) I am glad that phase with
her ended when the laptop bit the dust and was tossed in the trash-can.
Now she has a cellular phone, and she needs help to understand that
sometimes bless her soul.

Re: Malware masquerading as Microsoft Security Essentials?

On Thu, 07 Oct 2010 03:18:07 -0400, Steel

Quoted text here. Click to load it

I actually said "FedEx your PC to me." She replied "What's a PC?"

No wonder I'm losing my hair!

--

Dennis

Re: Malware masquerading as Microsoft Security Essentials?

Per Dennis:
Quoted text here. Click to load it

That's where I am with all my extended family users.

Then I have to go to work an interact with really-sophisticated
users who, I fear, sometimes think I am patronizing them when I
forget who I'm working with.
--
PeteCresswell

Re: Malware masquerading as Microsoft Security Essentials?


| On Thu, 07 Oct 2010 03:18:07 -0400, Steel

Quoted text here. Click to load it

| I actually said "FedEx your PC to me." She replied "What's a PC?"

| No wonder I'm losing my hair!

I was just given a PC that is purported to the have malcious "Microsoft
Essential
Security" infection.

After I do my email and Usenet bit, I will be examining it.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Malware masquerading as Microsoft Security Essentials?

On Thu, 7 Oct 2010 17:15:11 -0400, "David H. Lipman"

Quoted text here. Click to load it

Please let us know how the removal goes...

--

Dennis

Re: Malware masquerading as Microsoft Security Essentials?


| On Thu, 7 Oct 2010 17:15:11 -0400, "David H. Lipman"

Quoted text here. Click to load it


| Please let us know how the removal goes...

Roger that !


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Malware masquerading as Microsoft Security Essentials?

On Thu, 7 Oct 2010 19:53:10 -0400, "David H. Lipman"

Quoted text here. Click to load it

Sounds like what I will be dealing with.

Quoted text here. Click to load it

Are the Jar & .CLASS problems related to the fake MSE window? Or are
they unrelated?

--

Dennis

Re: Malware masquerading as Microsoft Security Essentials?


| On Thu, 7 Oct 2010 19:53:10 -0400, "David H. Lipman"

Quoted text here. Click to load it

| Sounds like what I will be dealing with.

Quoted text here. Click to load it

| Are the Jar & .CLASS problems related to the fake MSE window? Or are
| they unrelated?

Good questions.  It is still being scanned.  Noted were malicious HTML files in
the IE
cache as well as malicious PDF files.

When I view the total report I'll make an assessment but I presume we have a
case the
vulnerability/exploitation coupled with a malcious website.

It could be the vulnerability/exploitation of the PDF or the malicious Java
Scripts.

BTW:  The was also an Alureon hit on a TMP file in the TEMP folder wihich hints
at a TDL3
RootKit.  It is still in Program Files so it will take a little while before it
hits
.\windows

It took a while before I could even scan it because the chassis was blanketed
with dust
and the CPU cooling fan was choked.  I always like to do a little PM before I
power-up a
platform I'm given to work on.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline