I foolishly clicked on that link, and the site appears to have given me a virus – the first I've had. Quite an interesting experience.

It started off by popping up a fake antivirus scan window (I didn't have any AV software at the time) and giving me all sorts of weird messages telling me I had a problem and I had to click there to fix it… I got a few windows taskbar popups saying that task manager had been infected but I didn't know if they were real windows ones or the virus.

Anyway, I downloaded Kaspersky and cleaned out the virus fine, but then I couldn't access the web despite apparently connecting fine to the internet. Turns out the virus had set up a fake proxy server on my machine and pointed my browsers at it.

Weird.

I downloaded Kaspersky and cleaned out the virus fine

No disrespect to either Kaspersky or your good self, but I suspect that this isn't wholly true. I'd suggest running Malwarebytes to double-check that.

Firefox and then Noscript plug-in for those accidental clicks.

Incidentally, am I misremembering, or didn't we have an "I don't need antivirus because I know how to use a computer" debate a couple of weeks ago?

(-:

I think it got in because the Chrome default script settings are too slack – I've noticed it seems less fussy than IE by default.

What does malwarebytes do that windows defender and kaspersky doesn't?

Kaspersky was free from my bank btw which is why I have it.

I don't need antivirus because I know how to use a computer

That wasn't me! I didn't have AV because I am too lazy to sort it out… I trialled a load of them but had unresolved issues with ESET and my IMAP mail, then never got round to installing or trialling anything else…

What does malwarebytes do that windows defender and kaspersky doesn't?

a) Scan for malware that isn't a virus
b) Work properly post-infection

That wasn't me!

Wasn't sure who it was – nice practical example to them, though. (-:

(Besides, even if Malwarebytes does nothing, can it hurt to double-check?)

oh i got it from here?

frackin bstards! i was trying to figure out where the **** it came from!

im going to use this procedure
http://www.howtogeek.com/howto/8693/how-to-remove-antivirus-live-and-other-roguefake-antivirus-malware/

when i get home to try and fix it
is this gonna work?

edit

Firefox and then Noscript plug-in for those accidental clicks.

i have firefox and noscript!!

is this gonna work?

Yep, that's all good advice there.

I do wonder howtf it got onto my system tho. Some specific Chrome exploit?

Currently doing a full Windows Defender scan, will do malwarebytes next. BTW Kaspersky seems to scan for malware besides viruses…

ive currently got a virus that actually stops even the mightly malwarebytes from running. ive renamed the program files, scan underway, but not been able to update so this could be quite a saga…

Btw, reading that link it looks like shutting down or logging off can cause problems. When I saw the fake anti-virus window come up, I killed the power within 5 or 10 seconds since I knew what was up – without logging off.

It seemed to cause the virus a few problems since it let me log on and install AV afterwards.

Yar, use Malwarebytes and Combofix. We had to sort Mr Toast's sister's PC after she'd managed to install Malware – she fell hook line and sinker for a "virus detected, click here for a free scan!" pop up, screwed up her PC so much that we had to go into safe mode to get it sorted.

the site appears to have given me a virus – the first I've had.

(I didn't have any AV software at the time)

I hear this all the time, how do you know it's the first?

A properly written rootkit/bot etc will have no noticeable affect on the PC at all. Even to the extent of hiding processes from task monitor/top, hiding network connection from lsof etc.
Some UNIX kits will even patch things like md5sum so that if you try and compare your binaries to some known good ones, it will appear that they are the same, but the data on disk is actually different.

Most modern AV will scan for Malware, or claim to. I've yet to see one that's a tenth as good as a dedicated product.

I do wonder howtf it got onto my system tho

Could be any number of injection points. Old versions of Flash and Java are very common exploits at the moment. Have a look at Secunia when you've finished disinfecting. It's a bit of a drama queen but will tell you what's on your system that can be patched.

Badnewz – After the first pass you might be able to update, if nothing else its findings should give you an insight as you what you're dealing with at least. Might be worth running rkill first.

A properly written rootkit/bot etc will have no noticeable affect on the PC at all.

Theoretically perhaps. I've yet to find a real-world infection that fits this description.

I've yet to find a real-world infection that fits this description.

Precisely!

(-:

Are you a Christian?

Cougar – Member

(-:

Are you a Christian?

Certainly not! And there are numerous pieces of malware on Windows/*nix and OSX which meet this description, hence the existence of things like this:

http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

I hear this all the time, how do you know it's the first?

Well the AV reported just one infection. Plus I've often had AV (just not recently on this PC, since it's relatively new) and it's never come up with anything.

fool me for ever doubting the mighty malwarebytes. it picked up a couple of trojans just at the last moment of a quick scan. legend!

I'm not saying they don't exist, I'm saying that getting such an infection in isolation is massively, massively unlikely.

Most spyware isn't undetectable, as it has a negative impact on your system's performance, stability or functionality. Generally it doesn't care what you need to do, just what it needs to do.

A single malware infection is relatively rare. Either the infection itself downloads other malware, the delivery method dowmloads other malware, or the point of injection is exploited by more than one infection.

Rootkits in and of themselves are difficult to detect and remove, I agree. Typically though, their actions and behaviour aren't.

I've worked on computers professionally and as a hobby for quite a while now, and I don't think I've ever come across a completely undetectable infection. And whilst I take your point of 'how would you know', I've had plenty of patients where I've run various countermeasure tools against them just to be sure – it's my standard practice before I connect anything foreign to my LAN for a start.

Oops, just spotted this,

Yar, use Malwarebytes and Combofix.

You really don't want to be running Combofix under your own steam. It's a complex program with the capacity to do real damage, and doesn't clean up after itself unless you tell it to. Only ever go anywhere near Combofix under the guided instruction of someone who knows what they're doing with it.

Blimey this is getting detailed.

AV – check
Defender – check
Malwarebytes – downloaded
Superantispyware – downloaded
RootkitRevealer – downloaded

If that lot doesn't sort it, Kapersky do a small FREE program,

Tdss Killer

I had a very similar problem, playing havoc with hosting, unable to do windows updates, led off to 'AVsoft' bogus sites etc.

Quick and easy to use and worked immediately.
Good luck

shouldnt this be a sticky?!

aaaarrgghh well malwarebytes and superantispyware have removed most of the crap but there are still a few haninging in

i think its coz i dont have the latest versions and i still cant connect to the web!

You really don't want to be running Combofix under your own steam. It's a complex program with the capacity to do real damage, and doesn't clean up after itself unless you tell it to. Only ever go anywhere near Combofix under the guided instruction of someone who knows what they're doing with it.

Pfft, according to Urban Dictionary, all users on this forum are IT professionals! 😛

aaaarrgghh well malwarebytes and superantispyware have removed most of the crap but there are still a few haninging in

i think its coz i dont have the latest versions and i still cant connect to the web!

I'd throw everything you need off to another drive then do a format!

Kaspersky was free from my bank btw which is why I have it.

You are aware that your bank now has access to your entire computer, grot and all, and is giving the information to the CI and FBI AS WE SPEAK????

Just saying, like…

buy a mac, remove the problem 🙂

buy a mac, remove the problem

And get a load more 🙂

Kimbers – the virus pointed your browser at a fake proxy server on your computer. Anti-virus won't fix this.

Go to internet options then connections, and click on LAN settings. Un-check the 'use a proxy server' settting. Should work then.

cheers molgrips

have done that but i didnt figure that out till after id
tried to uninstall and reinstall the drivers for my modem thinking this would fix it and now cant get the modem working again so bt are sending me a new one!

As usual, the buy cheap (or free), buy twice applies here also.

All our PC's are covered by subscription AV, not a problem.

Lol!

I figured it out when I could connect to MSN messenger and ping stuff, but still couldn't browse any web pages.

Btw Malwarebytes found one item of malware which appears to be a registry key from this same fake AV virus.

As usual, the buy cheap (or free), buy twice applies here also.

Not convinced actually, mate. Free AV is fairly highly regarded I think.