Bad Virus Making the Rounds - Heads Up -
Posted Mon May 20, 2013 02:28 PM
It's spreading like WILDFIRE. It's called a "reveton." Whatever you do, DON'T fork over any money, it's a TOTAL
scam although it may "look legit." This thing will TOTALLY LOCK your computer. In some versions it's difficult
to re-start it even in safe mode. Even the best of virus scanners are NOT catching it before it wreaks havoc.
There's an easy fix though; if anybody runs into trouble pm me and I'll help out.
(There's no catch; 100% free; nothing to buy. This isn't an ad and I'm not trying to sell anything.)
Long story short: Restart your computer in Safe Mode with Command Prompt; type "cd restore";
type rstrui.exe ; let the "Restore" program run; pick a restore point from before your computer
got infected; re-start, run a good virus scanner, delete the virus(es) and you're good to go.
Folks: "Let's be careful out there." This thing is NASTY.
Posted Mon May 20, 2013 02:45 PM
plus, i dont go on dodgy sites
Posted Tue May 28, 2013 10:44 PM
Posted Fri Jun 07, 2013 08:46 PM
Didn't see this until just now. Yes, it's exactly that one. I did some digging recently and it turns out the group who created this "monster" was actually arrested in March. (The group's leader was arrested in December but they "kept it quiet" because they didn't want to "spook" the others and cause them to go into hiding.) But the Trojan itself is still "running rampant," and yes, imo its capabilities are "spooky." I read an article by somebody in the field and he said exactly what I was thinking, "It's not just what it does, it's what it MEANS."
(Concerning how these Trojan viruses are becoming more and more sophisticated and harder to defeat.)
I think eventually they're going to make these things so that they make copies of themselves which fragment into pieces that "hide" in various locations, and then re-assemble "once the coast is clear." If that happens I think the ball game's over. At least for awhile. At the least I think it would mean that virus protection programs would have to be very sophisticated and large and therefore expensive.
I think the take-home message is "this is not your Windows 95's viruses." They're getting REALLY good at this.
This post has been edited by Ghost_Tracker: Fri Jun 07, 2013 08:49 PM
Posted Fri Jun 07, 2013 10:48 PM
Posted Thu Jun 13, 2013 04:49 PM
Yes I picked up this virus a week ago.
Another way to get rid of it is to run Malware Bytes. Run a quick scan first to get the virus under control then run a full scan to get rid of any remaining files.
If you don't have it, start up in safe mode with a network connection and download it.
This post has been edited by clooney: Thu Jun 13, 2013 04:50 PM
Posted Thu Jun 13, 2013 07:53 PM
thanks for the heads up, I'll watch out for it.
Posted Thu Jun 13, 2013 08:13 PM
Posted Thu Jun 13, 2013 11:03 PM
The developers of Reveton have expanded that ransomware’s repertoire with a password stealing functionality, according to new research.
Ransomware, sometimes called scareware, is a type of malware that locks down infected machines, offering to unlock them only after a fee has been paid. Oftentimes, the malware will presents a message on the screens of its victims, claiming that the user has committed some sort of infraction, and that a fine must be paid in order to unlock the machine. Of course, paying the fee generally accomplishes nothing.
Reveton is among the best-known ransomware strains. Microsoft first took note of the virus in January of last year. Oddly, Reveton started out as a password-stealer but quickly evolved into a piece of ransomware in May 2012, when we first wrote about it masquerading as a Justice Department violation in an attempt to extort $100 from victims, eventually prompting an FBI warning.
Those responsible for Reveton don’t develop their own exploits, but rather deploy kits like Blackhole and others in order to compromise target machines. Once the chosen exploit kit infiltrates its target, it installs the Reveton malware, which then phones home to its command and control server and begins extracting information about that system’s IP address, its Internet provider, country, and city, according to an analysis by Stefan Sellmer at the Microsoft Malware Protection Center
It also downloads a dynamic link library (DLL) in order to display lock screens on infected machines. Sellmer writes that once the screen is locked and the ransom note is displayed, the malware continues working in the background, requesting and installing a password stealer from its C&C.
The password stealer in the Reveton variant analyzed by Sellmer was capable of stealing passwords from “a comprehensive selection of file downloaders, remote control applications, FTP, poker, chat and e-mail clients, as well as passwords stored by browsers and in protected storage.”
Reveton also has a built-in portable executable loader, which means that it can easily upload almost any DLL installed on its C&C server.
If you have been infected with this trojan, I can help you remove it.