Sound like the malware we got. Re-emphasizing my original post, System Restore made the removal easy.
---------------------- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com _____ From: Ziots, Edward [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Thu, 26 May 2011 06:53:25 -0500 Subject: RE: System Restore and Scareware Yep already seen that one in action here, a bugger to clean up. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Mike Gill [mailto:[email protected]] Sent: Tuesday, May 24, 2011 7:57 PM To: NT System Admin Issues Subject: RE: System Restore and Scareware Saw this the other day: http://tech.slashdot.org/story/11/05/20/2334259/New-Malware-Simulates-Hard-Drive-Failure -- Mike Gill From: Bob Hartung [mailto:[email protected]] Sent: Friday, May 20, 2011 12:47 PM To: NT System Admin Issues Subject: System Restore and Scareware I've had a couple of recent cases of scareware infecting some Windows XP Pro systems here. One reported lots of virus infestations and prevented the user from accessing the internet and, for a low price, would fix all. The other reported that the hard drive had tons of errors and the boot sector was gone, etc. And for a small fee, their utility could fix it. This system was unusable. Maybe this is pretty basic but I haven't seen mention of it but in both cases, Window's System Restore easily removed both. I've seen descriptions of fixing infected systems involving fairly complex procedures and multiple utilities. I guess I just wanted to recommend giving System Restore a try first before resorting to the heavy artillery. On the system that had the failed hard drive scareware, it was impossible to access System Restore in normal windows. I figured Safe Mode was the way to go but I discovered System Restore is not available in Safe Mode. I did learn that you can run System Restore in Safe Mode with Command Prompt. Just enter "%systemroot%\system32\restore\rstrui.exe" at the command prompt and you're in System Restore. Not sure why regular Safe Mode wouldn't have that command available. Hope that's of help to someone else. ---------------------- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
