A malware threat I've just found

[Bill69]

A recent malware concern: "Cyber Security".

Looks and feels just like real AV software.
Installs and does a scan to show "apparent" virus files on your PC.
however some of these files are installed by this software itself.

Then you need to pay money in order to fix the so called virus files it
found.

Also if you try to delete it, you need to activate it (pay money) to
uninstall.

VERY BOGUS.

Note it slipped in while other AV software was active and they didn't pick
it up
as a virus. Also a scan by the "real" AV software did not pick up the
files
Cyber Security said were virus's.

I removed it by dropping to "safe mode with cmd prompt" and deleting the
folders and files listed...
Used folders:
* C:\Program Files\CS\
* C:\Program Files\Common Files\CSUninstall\
* C:\Documents and Settings\All Users\Start Menu\CS\
* C:\Windows\system32\

Used files:

* C:\Documents and Settings\All Users\Start Menu\CS\Cyber Security.lnk
[642 Bytes] Shortcut
* C:\Documents and Settings\All Users\Start Menu\CS\Help.lnk
[1456 Bytes] Shortcut
* C:\Documents and Settings\All Users\Start Menu\CS\Registration.lnk
[1500 Bytes] Shortcut
* C:\Documents and Settings\All Users\Start Menu\CS\Security Center.lnk
[652 Bytes] Shortcut
* C:\Documents and Settings\All Users\Start Menu\CS\Settings.lnk
[1492 Bytes] Shortcut
* C:\Documents and Settings\All Users\Start Menu\CS\Update.lnk
[1488 Bytes] Shortcut
* C:\Documents and Settings\Virus Demo\Application
Data\Microsoft\Internet
Explorer\Quick Launch\CS.lnk
[654 Bytes] Shortcut
* C:\Documents and Settings\[USER]\Desktop\Cyber Security.lnk
[636 Bytes] Shortcut
* C:\Program Files\Common Files\CSUninstall\Uninstall.lnk
[644 Bytes] Shortcut
* C:\Program Files\CS\cs.exe
[1218560 Bytes] Executable
* C:\Windows\system32\iehelpmod.dll
[351774 Bytes] DLL File
* C:\Documents and Settings\All Users\Start Menu\CS\Computer Scan.lnk
[1504 Bytes] Shortcut

Cheers,
Bill69.

 

[norfolksouthern37]

hm, somehow i dont think you should tell people to delete system32... not that it owuld be easy, but easy enough to remove files that should not be removed.

 

[Bill69]

I am NOT telling them to delete system 32. some of the files affect system 32. I have deleted all the files mentioned with no ill effects.

Bill69

 

[worthless]

Without proper instructions, this can be very difficult to remove. I have had to do it for a couple of people and found the following link very useful.
http://www.2-spyware.com/remove-cyber-security.html

Hope this helps some others.

Peter

 

[zuluking]

try Malwarebytes' Anti-Malware.
This program is usefull and has one 2 occassions picked up trojans.

 

[Johnk]

I always think that manually removing any malware is very dangerous indeed. The idiots who write this stuff are much smarter than you or I, so I suggest you follow Worthless Pete's not so worthless advice and see what others have done to resolve the problem before you try to reinvent the wheel. Many of the malware, virus and Trojan nasties have been around for years and others before us have had to deal with the problem long before it hits us. As Peter has shown, this little nasty is no different. There are already methods in place to deal with it, and as a professional, they're the ones I'd be following.

Good luck.

 

[airtime]

I would recomend Malware Bytes, it's free and you can get the entire program and other virus programs from the filehippo website, free of charge.

AVG, avast and spybot are all very good at cleaning your computer system of viruses. All available from filehippo...

Don't tinker with system files, you can do more damage to your computer than the virus does.

Hope this helps

Joe Airtime

 

[Johnk]

Sorry Joe. This I can guarantee you . . .

AVG Free edition - Viruses and Trojans only

Spybot - Malware and Spyware only (It does not remove viruses and Trojans)
Adaware Free edition - As above
Malware Bytes free edition - As above but does make reference to Trojan helpers.

cNet.com now considers Spybot and Adaware over the hill. It recommends MalwareBytes but only for Malware and Spyware removal. If you doubt my word on any of the above, just read the cNet editor's reviews at http:www.Download.com. They've been around for years and they're considered gurus in their field. I for one listen to what they have to say.

 

[jadebullet]

Run Malwarebytes to get rid of the malware, then crap cleaner to get rid of the residue, then get Avast! antivirus to stop it from happening again.

 

[airtime]

Sorry Joe. This I can guarantee you . . .

AVG Free edition - Viruses and Trojans only

Spybot - Malware and Spyware only (It does not remove viruses and Trojans)
Adaware Free edition - As above
Malware Bytes free edition - As above but does make reference to Trojan helpers.

cNet.com now considers Spybot and Adaware over the hill. It recommends MalwareBytes but only for Malware and Spyware removal. If you doubt my word on any of the above, just read the cNet editor's reviews at http:www.Download.com. They've been around for years and they're considered gurus in their field. I for one listen to what they have to say.

Thanks for the update and the top tips and for the usefull information, regarding all of the above, I use AVG, Malware bytes, Spybot and Avast, I've found AVAST is the best, as it runs a virus check without windows running, so nothing can hide.

Many thanks Johnk for the useful information

Joe Airtime

 

[UP5521]

I hate having viruses and other annoying computer issues, and it is because it is always someone is creating new ones everyday and it infected mine and I lost everything I downloaded for trainz and had to start over again. this time though I am not taking any chances so in that case if they think they are going to get away with this, then they are going to be the ones,in my mind to pay for computer repair, and I'm not going to sit around here suffering and paying alot of money to have my computer fixed when I could be using it to buy steam engines for a railroad at home!

 

[norfolksouthern37]

I am NOT telling them to delete system 32. some of the files affect system 32. I have deleted all the files mentioned with no ill effects.

Bill69

ok sorry Bill, im just saying your post says delete the folders, i know its silly, but people will do silly things if they are not told they shouldnt do them specifically.

they always blame someone else for it too.

 

[backyard]

....payware(or is it called "shareware"....?)

My mom clicked on a hot one a couple of months ago...her business software would not even allow her to log into their website....

But, I had installed Norton 360 into her computer...

To make a long story short, it took three complete scans including registry scans to snipe the bugger...

I am not knocking freeware AV, but every one mentioned above offer full protection for a price...

Mom clicked, because she was not familiar with the colors, icons, etc indicating Symantec software, but because Symantec & others are global, the solution came within about 3 days without having to manually do anything...except scan, scan, gosh then scan a third time...she called me to tell me not only that the problem had disintegrated(after I had all but given up), but her computer worked so much better!

The most wrong thing to do with computers is to act quickly...the only thing to do quickly with computer problems, is unplug the dude...

These heavy hitters like Symantec protect millions of clients, select one & stay with them!

 

[Bill69]

ok sorry Bill, im just saying your post says delete the folders, i know its silly, but people will do silly things if they are not told they shouldnt do them specifically.

they always blame someone else for it too.

Hi norfolksouthern,

I was not intending to tell anyone to delete anthing, only showing what I have done to get rid of it. I have been running computers profesionally since 1977 until I retired in 2000, from TRS80s through IBM mainframes, Wang computers and others.
I would not intentionaly tell anyone to delete files unless they know exactly what they are doing.

Cheers,
Bill69

 

[norfolksouthern37]

yep thats my point, you didnt intend to, but it does say that, and people will blame you. i mean you and i know better, but what about other people who dont know anything about the computers they use? they far outnumber us.

I removed it by dropping to "safe mode with cmd prompt" and deleting the
folders and files listed...
Used folders:
* C:\Program Files\CS\
* C:\Program Files\Common Files\CSUninstall\
* C:\Documents and Settings\All Users\Start Menu\CS\
* C:\Windows\system32\

point is kindof dull now.

 

[Bill69]

Hi norfolksouthern,

Point taken. It does start by saying "I removed it by....." maybe I should have put a note in like, do not try this unless you are sure you know what you are doing.

Cheers,
Bill69

 

[backyard]

...centralized thinking...

Bill, you can tear out tons of entries in the registry, but they will be rebuilt by the invader.

Been there, no difference made....

The total advice of the thread is posted...

 

[Johnk]

They do indeed and they get very rich as a result.

Nortons and macAphee were all free in the old dyas, but both saw a quick buck and went for it. When they were free, they weren't any better than the other free stuff surrounding them, and in all fairnness, little has changed. Both are memory and CPU sucking leeches that do little more that AVG and others except make you cough up with (AU) $100 every year. You can pay half that for the Pro version of AVG and get the same, if not better protection without the CPU usage.

Having removed Nortons from hundreds of machines, I can assure you that the performance difference is very noticible, yet after installing free AVG, the intrusions have been zilch.

It's a known fact that governments and business refuse to use free software. When you have a budget, you always spend it! But this does not have to apply to us mere mortals. If we're prepared to accept a few less bells and whistles, the recognised free stuff works just as well.

If you snoop around SourceForge, you may be surprised to see many free offerings are actually incorportated into commercial packages. One that comes to mind is Open Office, but another is osCommerce. This is the most powerful shopping cart on earth other than custom written stuff, yet it's free. You can also go to a hundred sites and pay up to $5,000 dollars for it if you wish. In my opinion, and I can't say too much, Nortons is no different.

I'm hanging on to my money,

 

[backyard]

...stuck slam in the middle...what can I do?

Ah come on John! I have to debate you of all folks?

I split the cost of a $60 dollar purchase of Norton 2009 between three machines, so it cost me 20.

As I said, without becoming a programmer or group admin, 360, albeit after 3 scans totally removed a bug that prevented even this website from presenting!

Darn, I mean Auran Trainz charged me more than that for TS2009 & I put up with a ton of wait(sometimes), shutdowns, error reports, etc....happily.

Now, I'm not advertising for Symantec, Kaspersky is a beautiful Internet Security Software. I went that way for two years & liked Norton's interface better....sue me....!

But if you are talking to people that will actually attempt deleting registry files, with no training on programing whatsoever, how's about letting them actually subscribe to an aggressive Global Internet Security Software?

After all, the 10,000 people that write attacks whilst sitting on their toilets wiping their ass mean hard business against folks that have not a clue.

Just because Windows, the choice of Auran Trainz Proprietary LTD, selected a user friendly OS...

Norton 360 was a hard choice for me because of exactly what you say....slow performance from a software working independently.

Not so.

I can, close unnecessary programs using Windows Task Manager, then put Mr. Norton on "Silent mode" for 6hrs...a software that updates un-noticed, every 15 minutes, from a company that says they update virus definitions every 5 minutes.

I use Vista Prem. Mom is still in the dark-ages with WindowsXP...I have no problems with anything...

Regardless of the OS, Mom simply made a mistake by allowing a scan from a predator...but Norton 360, and yes eventually, did it's job & her computer even worked better than before the problem even happened!

I don't care what software anyone subscribes to, you get better performance by giving back to them what they ask...

You know John, money talks....you know the rest!

 

[Johnk]

I'm not trying to start a debate. It's just horses for courses. Some people like me find (AU) $100 a year excessive. Nortons is given away with every computer sold through major electrical and homeware retailers in Australia. It's a con. The customers use it, but many don't realise they have to repurchase a licence annually so their computer eventually becomes vulnerable. Most who do update, do so because they don't know of any other way to get protection or they're told that the free scanners are worthless or not up to scratch. That's not the case. AVG and others work jut fine.

I always encourage people to support open source because it makes the commercial dudes work harder. If you can afford to travel first class, then by all means do so. However, an economy ticket will get you to the same airport at the same time.