Help with anti malware
 

Hi All
The "Windows" people rang my Mum and convinced her to download their crap.
How can I get rid of it? Where can I get the free version of mbam?

Ta
Squiddly

Download and run the Microsoft Malicious Software Removal Tool first. Microsoft make some attempts to keep up with these things.

Malwarebytes can be downloaded from MajorGeeks

Install and let it launch - it will ask to update - let it do so.

Unfortunately these scam artists often install some serious nasties so it may not be enough.

Post the MBAM log so we can have a look at it.

If she provided credit card or bank details - the bank should be notified immediately.

Many thanks ilago.

I'll have to find the notes I took when I was playing with one of them when I get unpacked- It had quite a list of trojans and keyloggers Mbam found and had the IP address of the website it was phoning home to...

They aren't running call centres for peanuts - they expect it to be a money making enterprise. If one way doesn't work, they give themselves options for something else. The trouble is that the most vulnerable people are the ones who are most easily duped by their calls http://www.discussworldissues.com/fo...lies/frown.png I love it that most malware resolves to Russian (Eastern bloc) countries or China so there's not much anyone can do. Even reinstalling Windows doesn't remove the MBR bootkits that are often installed.

Thats one thing I actually didnt check- whether a full format and reinstall would clean out everything- I `think' I still have the hdd lying around, when I unpack I'll see if I have and what happens (MBam and combofix seemed to clean it out on xp, but as it was only a 10gb hdd, I wasnt too concerned about playing about with it)- I was just interested to see what it did

A major contributing factor to continued spread of lots of this malware is Windows XP. It was around for so long that it became "easy" for the evildoers to infect and takeover. Windows XP still accounts for 30% of systems out there. In September 2010 it was still more than 50%. So currently 30% of machines on line are using an operating system that is 11 years old. Yes, it's comfortable, but it's old and insecure and was never designed for the sort of internet use that exploded after it was released. Vista and Windows 7 are both much better systems but acceptance of change has taken a long time - Vista was released in 2007 and that is 5 years ago. This graph demonstrates why Windows XP is still such a problem - it is the % of "reported" infected computers.

http://static.arstechnica.net/2012/0...33c3-intro.jpg

OK I got my hands on Mum's computer ran the Microsoft Malicious Software Removal Tool and mbam. Both came up with nothing.
The "windows" people got Mum to install some software - http://www.iobit.com/advancedsystemcareper.html - which had to be paid for (naturally) before it could install the full version.
I uninstalled the software and re ran the Microsoft Software Removal Tool and mbam again and once again came up with nothing.
Can I assume the computer is now free of malware?

If you got to the removal quickly, it may be OK in terms of malware infection. They may just be phone selling as opposed to the seriously nasty stuff. As long as they didn't install anything like Logmein which is remote control software or activate Windows Remote Desktop or something like that. Might be a good idea to check those sort of things. The software is legitimate, if pointless. Windows doesn't need all these "optimisation" utilities. More than half of them simply use Windows built-in functions and the rest do the same thing as free utilities like ccleaner.

You haven't said what she paid. Should only be $19.95. I'd be more concerned about the credit card details being with some dodgy call centre. Did you contact the bank? They may even cancel the transaction if they are advised that it was a phone scam.

Mum didn't pay anything she got the free version and was required to pay for the full version, which thankfully she didn't do so no credit card details were provided.
How do I check for Logmein?

It would be listed in "All Programs" or under Programs on the c:\ drive, depending on which version of Windows. They would have had to ask to install Windows Remote Desktop and any other remote applications would need to be downloaded.

You can check if any are running by opening Task Manager > right click on an empty space in the task bar and select "Task Manager". In Windows XP all processes are listed on the process tab. In Vista and windows 7, you need to click on the "Show processes from all users" to get the full listing.

OK I checked for Logmein and can't find it. Considering that I can't find any malware on Mums computer with the windows tool or mbam should it be safe to resume online banking with this computer?
Thanks heaps for your help ilago it is much appreciated

Squiddly

Well - although I don't have the computer in front of me - I'm willing to trust MBAM and MMSRT in this instance http://www.discussworldissues.com/fo...lies/smile.png Given that the software installed is out there in the real world and that the caller doesn't seem to have asked for very much - not even money. Most of these calls involve the caller demanding credit card details and directly downloading software and giving heaps of instructions for installing.

I still don't know which version of Windows it is - but if it's Windows XP give some thought to upgrading in the near future. See the graph in my post earlier in this thread. If it's already Windows 7 or even Vista it's a bit more secure anyway - not perfect, but much better.

oops cancel that I typed Logmein into the windows 7 search bar and came up with a reference to Logmein. It says
Support-Logmeinrescue could this cause a problem?

Well at least I know it's Windows 7 http://www.discussworldissues.com/fo...lies/smile.png

Logmein is legitimate and widely used software. It should be listed in Control Panel > Programs and Features > Uninstall. Just uninstall it. It is sometimes installed by OEM computer suppliers as a trial or to provide the manufacturer's on-line "assistance". In this case I find it suspicious unless it came with the computer which is doubtful.

Uninstall it if you don't know why it's there.

I had vista for a while but ended up going back to xp, it plain just sucked- half my old programs didnt work, most my hardware didnt work

My work laptop when I still had that we had the same issues- win7 just plain didnt work with half of the old hardware, so it was rolled back to xp petty much as an only option (replacing the old hardware was never going to happen)

My mum has win7, but we still have issues with some hardware, and given the retired pension options, replacing cameras, scanners etc is pretty much not an option for her (especially the digi camera- its not cheap to replace, being worth over a grand just for the camera `back', so at present she has my old tower with xp so they can still use the bits they want to and have `workarounds' for the camera when on holidays etc (pulling cards and using adapters instead of the more familiar plug and dump using the cameras programs they are used to)

its probably one of the reasons that many xp machines are still being used- mum has learned what to click in xp, and win7 is just too dammed different- it looks different, it does things differently and she has no interest in learning a new O/S at this point in time (it only took me a decade to learn enough about xp that she's not ringing twice a week asking how to do something

its actually one of my pet peeves with microsoft- they change things around, often for no apparent reason- and many users quite simply have no interest in `learning something new'- they use a computer as a tool and once they have learnt how to do something-they dont want to have to change just for the sake of a `flashy new desktop with 3d buttons and stuff'...

Most hardware manufacturers have issued firmware/software updates for their old equipment so that they interface with Win 7. Might be worth doing a check at manufacturers web sites for updates. You could be doing your Mum a favour.

neither their printer (old brother) or their camera (cant remember the brand, just know it was mega expensive) have issued updates as yet for win7, the brother is probably never going to get an update as it was bought back in 95 and was one of the best for photo work at the time, they have a cheap canon for the laptop with win7
I just set it up so they can aces the win7 folders from the camera straight from the tower, so all she does is just turns the laptop on and then basically accesses it as an external drive from the xp tower like she knows how to do

teaching old dogs new tricks can be extremely trying unfortunately :-(