Virus alert!

[BenE]

I was looking at a local newspaper website, when a a popup appeared, and indicated is was .... "MS Removal Tool".

A scan started , so I immediately unplugged. Then I logged back on, and
Googleed MS removal tool. There are a lot of sites that state it is a fake virus removal software tool.

I could not even stay online long enough to bookmark a link, and would not want to post one anyway, in case it is one for the fake virus protection.

So far this is what I did. Shut down, rebooted, did a system restore point to Monday. After the system had fully loaded and before the fake tool could stop my virus program, I started that.

Not sure if this will solve the problem. I wanted to post about the fake software. Since it pops up as "MS Removal Tool", the intent is to fool you in to believing it is a Microsoft Product, which is is not.

I am online now from another computer, so I will not know the results for a while.

[texkam]

What browser were you using?

[BenE]

Firefox

[texkam]

Yikes!
Using Ad Block Plus?

[BenE]

Quote:

Originally Posted by texkam

Yikes!
Using Ad Block Plus?

From the little I could learn not much stops this. I am still researching some sites, but want to be sure I don't go to the fake virus site.

[texkam]

Wonder if researching this on my Linux box would be helpful?

[BenE]

I found this on Yahoo answers (that should be a safe url) ... I believe the restore is the way to go, but they recommend the process be done in safe mode.

How to remove fake MS Removal Tool.? - Yahoo! Answers

[SJHester]

get a copy of malwarebytes (the free version). install it, update it and then run a complete scan. if you have the name of the "virus" (I call this ransom ware, they give you the virus and charge you to remove it) the malwarebytes page will have instructions on a free tool to remove it from memory as well.

The guys at malwarebytes seem to be the only ones fighting this ransomware, i have licensed a copy as i seem to be the local resident on removing these. My wife works at a homeless shelter and many of the residents seem to get this type of virus, i cant/wont charge them to remove it (they are homeless, spending money on virus removal before feeding their kids does not seem right). so this is my donation.

Good luck, and PM me if you need help

[SJHester]

oh, you should download the malwarebytes from the computer you are on, use a flash drive to move it to your machine, and probably need to run your machine is safe mode (F8 at start up) to actually do much.

[Rson]

That is not a virus, it is a Malware. Traditionally the are injected into your computer from a compromised website. If you get it you might have a chance to roll back to a previous known good point. Otherwise you have to remove it manually using Hijackthis, MalwareBytes, and turning off your system restore.

[LinuxRacr]

Also if using Firefox I highly recommend getting a plugin called, "No Script". Look it up.


Sent from my iPhone using Tapatalk

[daveb]

Quote:

Originally Posted by texkam

Wonder if researching this on my Linux box would be helpful?

funny thing is that I see the "scans" on my Ubuntu box - i watch it hitting c:\windows and doing it's thing It is a html5 animation it is not actually doing anything.

Like was said before get a copy of malware bytes and scan the machine.
If that does not work PM me and I will give you a tech solution ...

But malwarebytes works well for these things.

[revjvegas]

Quote:

Originally Posted by LinuxRacr

Also if using Firefox I highly recommend getting a plugin called, "No Script". Look it up.


Sent from my iPhone using Tapatalk

Very cool add-on. Thanks for that pointer.

[Murph]

Added No Script to Firefox. Thanks, lets see if it works.

[Redneck]

The same happened to my son. We got rid of it by starting the computer in safe mode with networking and we then had the BitDefender online scan/removal running.
Free Online Virus Scan - BitDefender Online Scanner