Need help!...firewall and Norton epic fail.......

So yea to my surprise for the first time yesterday Norton somehow found 5 or 7 Trojan horses on my computer.....I have no idea how they could have gotten there besides my father-in-law just had his computer worked on and connected to the network the day before so somehow Norton didn't block them and it was found in a scan....After fighting with them for about 5 hours i got ride of them and re-scanned this morning and was clear. I start watching netflix and looking at my morning sites like AP, yahoo finance, NBR, and deal sites like amazon and while i was doing that and watching netflix i computer locks and i get this total BS "DOJ" "You have been looking at kiddy po-rn and you must pay a 200 dollar fine. Please get a moneypak(???) from these stores to unlock your computer." AND somehow this **** **** turned on my webcam and snapped a picture of me...!!! I always disable that stuff for this reason....so it override and re enabled my webcam.....why i personally hate laptops. (damn webcams)....just awesome so some dude...or chick has a picture on me shirtless with a beard (just woke up ^^).......looking all retarded too at the screen reading something -_- To make it even worse.....it has some how blocked safe mode. When i log into safe mod it loads and than reloads to regular windows!!!! AHHHH ! So now i pulled out my byte tech usb connector for my hardrive and going to have to manually clean it from my netbook....awesome. Anyone ever seen a group of Trojan horses back door router firewall and Norton?

This is the most ridiculous garbage ever. I need to go and short or remove that webcam since i guess they can just re enable it like it is cool....thanks Norton for being useless!!!!

Any advice on what the hell this is?


for whatever reason Norton isn't on netbook even though i installed it like 3 months ago.... So I am getting kaspersky 2.0 trial :/

R4 OS KO for now :/

 

Sounds like the infamous FBI virus (there are variants of it, though the moneypak one seems most common): FBI MoneyPak Virus - Norton Community

Here is a virus removal guide, if you like: MajorGeeks Support Forums - View Single Post - READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)

Last ditch effort would be to format + reload Windows.

 

thanks man i'll give it a shot....next is Father-in-laws pc.....good god this is garbage. Any details on besides it tried to trick idiots in giving money? Does it try to steal data off PC?


quick question....if i connect it to my netbook will it also infect my netbook or will kaspersky block it? I feel like just salvaging files and re-install would be easier....too many damn steps

 

It doesn't appear to compromise data; it's just a drive-by virus that auto-installs and then demands money for negligence of internet usage or child you-know-what. It's pretty sick... but what really gets me is that it demands payment to the FBI via MoneyPak, and some people have reportedly paid it! Almost makes me wonder if it's inadvertently or coincidentally hit a few guilty victims.

FBI — New Internet Scam

 

i am still wondering how it got on my computer..... :/ Anyways back to my statement above....can i connect it to my netbook and use kaspersky or the malware tools from there? or just remove files and start over?

yea malwarebyte has active protection is i am connecting drive to netbook and scanning with malwarebyte first and than kaspersky....awesome a complete day now will be wasted again going down stairs now to install this crap on his computer. Whatever tech he went to is one shady dude.

 

if that ever happened to me the first thing i would do is Dban boot and nuke it and wipe the whole drive. sadly you would lose everything you had stored but if this is anything like a trojan i tried to remove of a work colleagues laptop then you had no chance as as soon as it was removed it was like a octopus and it auto loaded it again in 8 other places. within 2 hours there was over 400 trojans on his lappy.

Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing

 

yea i had that on my dad's PC back in XP days. It was a fake AV protection that took control even with norton or trencmicro on it...can't remember. Back then trend micro was awesome had the best advance controls and now norton and all these have advance settings lost in a nightmare of navigation...anyways i have digressed. The fake AV was running in safemode too and i couldn't delete it so i ahev to use command prompt safemode because it kept saying it was a system file :/ annoying. Another one someone else had was like your it kept replicating after you deleted it....took like 4 hours to kill.

I remember some idiot made a site on a forum if you visited it it would open and reopen more windows as fast as possible and kill system performance lol. where you could barely get into task manager to do kill all lol


BTW i would just use CCleaner over the DBAN

worse part is i am wasting now two days on this BS......sigh i got 20 things to do. If i was only rich and had all SSDs :/

 

It got on your computer, first and foremost, by you allowing it to get there. I'll bet you're one of those Einsteins that have UAC disabled, too. Right?

This would never have happened had you taken care of the security of your system, rather than relied on some antivirus or other. The simple truth (that nobody wants to hear) is that you installed the malware, and that's all there is to it. Unless you slept through the recent warnings to update your Java, which had a really nasty security hole that was patched last Thursday. Even then, had you run the machine as a Standard User, rather than as an admin, and had you not disabled UAC, none of that would have happened.

 

Quite helpful advise there

My best suggestion is to just nuke the drive and start over. If you have an image backup, I would use that and scan it first. I havn't dealt with a trojan in a long time and when my brother got a ton of them, I just wiped the drive.

 

Don't hold back now, Pirx.

All criticism aside, there is always an "epic success" virus in that manages to find a crack or hole in security it can compromise. If my sources have been correct, then Kaspersky has done it, RealPlayer has done it, Java and Internet Explorer have had security holes people exploited and played on, etc.

If your realtime malware prevention fails you, then at least learn proper/thorough removal techniques. DBAN is a bit extreme - a format will suffice, rather than wiping the drive, which is really only meant so that sensitive data cannot be recovered.

 

As a matter of fact, it is. You know the "teach a man to fish"-thing. Fact is, any kind of anti-virus software is near-useless compared to the benefits of a proper security approach. Of course, anybody is free to do whatever they like with their computer, but with the kind of attitude to system security I highlighted in my post, you're asking to get your system trashed by malware. But to each their own, I guess.

 

dude who the heck uses UAC.....i run and install so many programs daily that thing is a pain in the . It is the most intrusive garbage ever. 90% of the programs i open has that damn thing pop up. Before i turned it off i would like ok on that thing probably 50-80 times a day. screw that i'll take my chances.

yeah i'll keep my chances of first problem in over 15 years and still leave that UAC crap off

you know after i clean the drive and turn it back on i'll run UAC for 24 hours and count how many times i have to click that stupid thing. I will put my money some where from 50-100 times easy

 

Anyone who knows anything at all about operating system security.

That would then be because 90% of the programs you run are crap, written by incompetents who are unable to write code for the operating systems of this decade, and rather cobble together primitive garbage written for the DOS systems of the 1980s.

Looks like you're quite successful with that philosophy.

Like I said, you're free to do whatever you like. On my end, I have no patience for the kind of person who wantonly manipulates their systems so they're wide open to any attack, and then comes crying for mama when they get hit, as is almost inevitable.

Good luck.

 

oh yea just turning off UAC is wantonly manipulates my system psh whatever pirx. i remember everytime i open GPUz, CPUz, FRAPs, and so on and anything of that nature the stupid thing pops up and there is no way to favorite them or if there way it never works

 

Those are excellent examples of the kind of crapware I was referring to. In this case we are talking about free software cobbled together by hobbyists, who couldn't be bothered to code the system-level parts of their software as a service, with secure interfaces for user interaction. I remember one of these types of programs even offered a premium, paid version that did properly rely on a service so that it could be run without a UAC prompt. I re-iterate, no properly coded user-mode Windows program from within the last two decades or so should throw up a UAC prompt, ever.

Like I said, you do what you like to do, and take your chances. It's your computer, after all.

 

Norton - at least in my opinion - is far more obtrusive than the UAC, with how egregiously it bogs the system down (not to mention it's heuristics didn't pick up your virus). You can continue to pay for it if it's all the same to you, but I have to agree with Pirx on this one and enable the UAC. What's more inconvenient to you: virus removal/format + reload your OS? Or clicking "Allow" once in awhile? (Or submitting $200 with your bearded morning photo? )

 

^^^^^^ This. And then some.

 

if i clciked on it couple times a day that would be one thing but i'll give it a shot again for a 24 hours period but if it is like last time i have to stop and click on it 50-100 times a day it is going by by. kaspersky is almost done and found 1 threat so far. (useing kaspersky first on R4 hardrive and malware removal on netbook and then rotate them and see how much kaspersky misses. The fact norton misses this no matter how it got on my PC is pathetic. I already didn't liek norton because it can't even stop a usb drive from loading an autorun virus :/ .....virpre ever has that feature -_- kaspersky seems to ask to do an auto scan but not sure if it blocks auto run viruses or other things from usb drives. That is an important feature for me because my wife uses flash drives and i honestly don't trust her works network (It is a school) School IT people are fairly bad.


BTW Pirx. I only started using AV and other stuff since i lived in a "dorm" several years ago and with my wife using my computer when i moved home. Before i relied on nothing but house call from trend micro and from doing that for ~6-8 years from Windows 2000-XP and never got one virus or had an issue. 2000-2012 i had Norton and trendmicro for a couple of years because my dad bought it. I think i'll get malware removal pro if it works. If it has active blocking feature cool but i'll have to look into it. I'll look into kaspersky again a debate if norton is worth it. Norton is cheaper since i got 3 keys for like 15 bucks lol. I am looking forward to see how often UAC pops up lol

@prostar I never notice Norton minus when they pop up the stupid notification for F@H using high resources. I need to change that feature. Other wise the resources it uses i never notice. (I know it uses a lot but never bogs down my system.)

The one other feature that pisses me off that no one had is the fact of scanning multiple drives at once....common it is not like P3/P4 days when AV/spyware removal software used 100% utilization


EDIT: while we are at it....what are your guy's opinion is the best software firewall? I used zone alarms in the past but i tried to reinstall it and it went all haywire on me and made my computer super slow so i got ride of it. After that i checked online and people said zone alarms has gone down the tube


Update: kaspersky killed one trojan that good ole norton missed :/ now lets see what kaspersky missed with using malware byte removal program. Should i run two malware programs?


Also what is up with AV softwares having total crap GUIs? trying to see what they scanned where it was and what it was is nearly impossible. Also trying to find advance features are a pain. They renamed all this stuff using stupid names like sonar, safe run, and so on

 

Let's keep in mind that things can be worse, much worse, than this. This poster seems to use his machine mostly for gaming, but imagine somebody doing their online banking on such a computer. Keystroke loggers are among the most popular Trojans. In that case the potential damage can run from "just" a banking account cleared out, to having your credit, and pretty much your life destroyed. People might want to think about these kinds of consequences, versus the "inconvenience" of clicking on a UAC prompt in order to run some childish toy software.

 

true very true. but wwhats your opinion on my statement above

 

There's no need for any third-party firewall. In fact, on a properly maintained system, free anti-virus (such as MSE, or one of the other free offerings) will be entirely sufficient. The incremental gain in security from paid AV software, if any, is negligible compared to the security benefits of running a Windows system the way it is intended to be run.

 

update well kaspersky missed a malware but found it after it tried to activate lol when malware byte was trying to clean it :/

 

HopelesslyFaithful - did you refer to the malware removal guide I posted? Running AV software from a normal or even slightly modified boot .ini is not going to pick everything up. And on the same token - if you have Norton AND Kaspersky installed - that is a no-no. 1 AV program is enough, and as Pirx mentioned, paid subscription versions do not offer a substantial security bonus over free counterparts.

Kaspersky tdsskiller is decent, though.

 

no my R4 has norton and the netbook i installed kaspersky. I pulled out the hardrive and was cleaning it with kaspersky and hitman pro and malware byte. interestingly enough kaspersky got it all and the other two got nothing. I am on R4 now and it appears to be fixed but installing malware byte and hitman pro to doubel check

UPDATE: well while running R4 i ran hitman pro found nothing and ran malware byte removal and it found the thing that kaspersky deleted again. skype.dat in the same folder :/ wont stop until system is clean lol already cleaned registry and other stuff with ccleaner once already will do again once i get the green with malware byte

alright so everything seems to be clean on the R4 but rougekiller keeps showing up "HJNAME" "HJ POL" "HJ DESK" and i ran it on my netbook which was never affected and it gets similar stuff. They all seem to get registry files that keep coming back. Are these fake positives? Some where else online a guy said they were false positives but just double checking


kaspersky PURE 2.0 shows nothing now (DID* find zero access but didn't seem to delete it because see next line)
malware byte shows nothing (Now) (DID* only caught one thing which was zero access)
MGtools found nothing
JRT found nothing except text files.....?
kaskeysky TDSS killer with its advance mod after boot and it shows nothing
Rogue killer found zero access and finally deleted it even though all others "said they deleted it"


UAC is activated for now....at 5 times so far in 30 mins :/

 

I don't know about you guys but the best firewall for me is the one built into Windows.
Been using that since windows 7 with custom rules set up and blocking anything that's not in those rules. But if you don't want to mess around with that then give Comodo a try. I'm not going to document my other security settings/programs here, don't want to write a book.

PS: you could scan with MBAR? I got no clue how good it is but being from the same guys as MBAM it can't be that bad.
~Aeny

 

Truth be told, only common sense (not so common) will keep your system clean. Shady sites, software from untrusted sources, opening emails that you don't expect, clicking links in emails are all good ways to infect your system. If you don't know where it came from, don't click it! and know what your plugging into your system.

UAC is next to useless, somone whos is going to run untrusted software is still going to run it whether or not UAC prompts you to double check or not. Being extra cautious from the get go is the only effective defense.

 

OP - are you running all these AV programs from a normal Windows boot? Detection rate is much better in Safe Mode (w/ networking) with non-Microsoft services and startup entries disabled.

 

interesting no one said that i'll give it a shot Prostar. but it seems to be fixed. all 5 tests done twice find nothing but i'll give it a shot later today

 

well did everything again in safe mode. Note to yourself you can't do loaded modules in safemode for kaspersky TDSS. Everything is the same nothing shows up but those "false positives" HJ name HJPOL HJ whatever delete them and pop back up a little later. rogue killer must be deleting something windows or one of my programs needs because it repops up in safe mode so it must be a windows thing since safe mod should have any loaded programs really


UPDATE: BTW i think i figured it out how i got it. I was thinking on what i was doing that morning and i was searching tech and news info by googling. When i google or research stuff i ctrl click on all the pages that look promising so i must have clicked on a bad page or something because it happened while watching netflix and researching stuff. I still don't understand how malware can auto load on your computer by opening a page. I was reading up on the ransom ware stuff and malware sites said it can get loaded by just clicking on a website. How does a website able to auto download something to your computer? I get downloading stuff but i never download random --- er stuff.

EDIT: also the thing i hate most about UAC is that damn beep....gets under my skin....if i could disable the damn beep i would leave it with no issue but it is so damn annoying and load....pirx you know of a way?

EDIT: figured out how to turn off UAC sound woot.

Also i just remembered yesterday.....java updated -_- I remember Tuesday trying to find java to see if it updated (tuesday was update released right?) but it wasn't in the bottom of the task bar so i didn't think much of it and i rebooted and it loaded yesterday and it updated lol. I guess that was either the source fo the problem or it dicided to glitch and never update. Well anyways whatever doesn't matter everything is fixed after 2-3 days of nothing ^^

 

Safe mode with all non-Microsoft services disabled and all start up entries disabled (I think that's outlined in the virus removal guide linked earlier). Malware will often latch onto running applications or processes and hide behind them, which causes scans to not pick them up, depending on the heuristics. Hopefully you got it removed.

My recommendation to you (for a lot of people, really) is to take better preventative measures; use the WOT add on if you're using a browser other than IE, and if you're using Firefox or a browser that supports the NoScript add-on - although NoScript can seem really obtrusive - use that as well.

 

What is the WOT add on? I havn't had a virus or trojan in forever, and like to keep it that way.

@Hopelesslyfaithful, Instead of using CTL+click, I use the mouse wheel. If you use the mouse wheel as a button to click a hyperlink, it automatically opens that link in a new tab.

 

opera default is left click + control is open new tab....

anyways no found out the issue....damn java. I guess norton decided to not inform me that it has been blocking ip intrusions and deleting trojans......for the last 7 plus days.....? Hidtory only goes back 3 pages and the last day is the 11th and that is as far as i can see IP blocks and torjans poping up. I have been malware free and java is updated but a new malware poped up today...!!! I have been malware free and lastest java and newest malware was from java folder.....i am just nuking it. I know for sure it all has been caused by java loop hole far before it ever hit the news so i am definitely one of the first hit by this and no it is not my fault with "bad" user skills....just a java loop whole and norton decided to not tell me until nearly 7 days later that i have a trojan horse.....awesome! Saving files and nuking

 

W.O.T. = Web of Trust. It is a site screening tool that provides feedback and reliability ratings: Safe Browsing Tool | WOT (Web of Trust)

You can also use the site to screen your sites/links.