Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > Miscellaneous > Lounge

Notices

Reply
 
Thread Tools Search this Thread
Old 03-09-2010, 09:22 PM   #1
poohbear_nc
Feliz Fowlidad!
poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.
 
poohbear_nc's Avatar
 
Posts: 30,160
Karma: 50924609
Join Date: Feb 2009
Location: Durham, NC
Device: Every Kindle Ever Made & To Be Made + Kobo Aura + Nexus7.2!
Dr. Guard virus

OK - as if today couldn't become any worse. My boss - who has absolutely NO concept of safe internet surfing and demanded to be exempt from our firewall - today called me in - his PC now has Dr. Guard virus - it has taken over ALL of XP - hijacked the browser, blocked access to Admin functions, disabled all the antivirus & antispyware software, is active even in Safe Mode, blocks access to the CD ports and USB ports so you can't load anything to clean it out ... And it keeps dumping porn site shortcuts onto the desktop and has endless pop-up windows demanding you download more "Protective software".

1. Anyone have experience with this one yet?
2. If so, how do I get rid of it short of wiping the drive & reloading XP?
3. Any job openings for me? (My boss's last words - after I had disconnected him from our network and shut his PC down was: Can I still send email? - I fear I'm going to kill him.

I didn't find much info on Google and I'm a bit hesitant to click on links - apparently this thing loads by masquerading as a "Free Scan to Rid your PC of Viruses" - I'm afraid any removal tool might be more of it. Symantec, TrendMicro, ZDNet, etc didn't have any info as of this afternoon.

Help!
poohbear_nc is offline   Reply With Quote
Old 03-09-2010, 09:39 PM   #2
Nate the great
Sir Penguin of Edinburgh
Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.
 
Nate the great's Avatar
 
Posts: 10,607
Karma: 3586209
Join Date: Apr 2007
Location: DC Metro area
Device: Shake a stick plus 1
If it's allowing even some access to the desktop, then I would reboot the computer, open Windows, and _immediately_ open Task Manager. Make a note of any process you don't recognize. Google them. Force end the ones that you aren't sure are safe, and then search for it and delete it.

The above is what I try before wiping and reinstalling the OS.
Nate the great is offline   Reply With Quote
Old 03-09-2010, 09:44 PM   #3
Moejoe
Banned
Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.
 
Posts: 5,110
Karma: 72193
Join Date: Feb 2009
Location: South of the Border
Device: Coffin
What this programs does:

Dr. Guard is a rogue anti-spyware program from the same family as Paladin Antivirus. This rogue is promoted and installed through the use of fake alert Trojans that advertise the program on your desktop. This rogue is also known to be bundled with the TDSS, or TDL3, rootkit. As MBAM is not capable of removing this rootkit, you may need to request further assistance in our Virus, Trojan, Spyware, and Malware Removal Logs forum to remove all of the malware on your computer.

Once downloaded and installed, Dr. Guard will attempt to uninstall various security applications in order to protect itself from being removed. The anti-malware programs that it tries to uninstall include:

Malwarebytes' Anti-Malware
F-Secure
NOD32
Norton Internet Security
Avira AntiVir
Agnitum Outpost Security Suite
AVG8
avast!
AntiVir

The program will then load and start to scan your computer for infections. Once the scan is finished it will state that there are numerous infections on your computer, but will not allow you to remove them until you purchase the program. In reality, the infections that it shows are all fake and do not actually exist on your computer. Therefore, please do not purchase this program based upon any of the scan results it shows.


From http://www.bleepingcomputer.com/viru...emove-dr-guard

Includes a full removal guide using malwarebytes software. Hope it's some help.
Moejoe is offline   Reply With Quote
Old 03-09-2010, 09:44 PM   #4
daffy4u
I'm Super Kindle-icious
daffy4u ought to be getting tired of karma fortunes by now.daffy4u ought to be getting tired of karma fortunes by now.daffy4u ought to be getting tired of karma fortunes by now.daffy4u ought to be getting tired of karma fortunes by now.daffy4u ought to be getting tired of karma fortunes by now.daffy4u ought to be getting tired of karma fortunes by now.daffy4u ought to be getting tired of karma fortunes by now.daffy4u ought to be getting tired of karma fortunes by now.daffy4u ought to be getting tired of karma fortunes by now.daffy4u ought to be getting tired of karma fortunes by now.daffy4u ought to be getting tired of karma fortunes by now.
 
daffy4u's Avatar
 
Posts: 6,732
Karma: 2429021
Join Date: Apr 2008
Location: Long Drive, Calinadia Candafornia
Device: K1, KTSO, KFHD7, KPW1
Via Google, I found manual removal instructions (seems to be a very tedious process) and several references to some software called Malwarebytes.
daffy4u is offline   Reply With Quote
Old 03-09-2010, 09:57 PM   #5
poohbear_nc
Feliz Fowlidad!
poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.
 
poohbear_nc's Avatar
 
Posts: 30,160
Karma: 50924609
Join Date: Feb 2009
Location: Durham, NC
Device: Every Kindle Ever Made & To Be Made + Kobo Aura + Nexus7.2!
Quote:
Originally Posted by Nate the great View Post
If it's allowing even some access to the desktop, then I would reboot the computer, open Windows, and _immediately_ open Task Manager. Make a note of any process you don't recognize. Google them. Force end the ones that you aren't sure are safe, and then search for it and delete it.

The above is what I try before wiping and reinstalling the OS.
It blocks access to Task Manager! Even in Safe Mode.
poohbear_nc is offline   Reply With Quote
Old 03-09-2010, 10:00 PM   #6
poohbear_nc
Feliz Fowlidad!
poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.
 
poohbear_nc's Avatar
 
Posts: 30,160
Karma: 50924609
Join Date: Feb 2009
Location: Durham, NC
Device: Every Kindle Ever Made & To Be Made + Kobo Aura + Nexus7.2!
Thank you all for your suggestions & links. I will try the instructions from the bleepingcomputer site tomorrow (close to collapse tonight). I have Malwarebytes but no way to get it on to the PC - access to USB & CD drives blocked.



Last edited by poohbear_nc; 03-09-2010 at 10:03 PM.
poohbear_nc is offline   Reply With Quote
Old 03-09-2010, 10:07 PM   #7
Nate the great
Sir Penguin of Edinburgh
Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.Nate the great ought to be getting tired of karma fortunes by now.
 
Nate the great's Avatar
 
Posts: 10,607
Karma: 3586209
Join Date: Apr 2007
Location: DC Metro area
Device: Shake a stick plus 1
Quote:
Originally Posted by poohbear_nc View Post
It blocks access to Task Manager! Even in Safe Mode.
I've encountered something similar, and I can open Task manager while Windows is still loading everything. Try it, and see.
Nate the great is offline   Reply With Quote
Old 03-09-2010, 10:09 PM   #8
poohbear_nc
Feliz Fowlidad!
poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.
 
poohbear_nc's Avatar
 
Posts: 30,160
Karma: 50924609
Join Date: Feb 2009
Location: Durham, NC
Device: Every Kindle Ever Made & To Be Made + Kobo Aura + Nexus7.2!
Quote:
Originally Posted by Nate the great View Post
I've encountered something similar, and I can open Task manager while Windows is still loading everything. Try it, and see.
Will do - thanks!
poohbear_nc is offline   Reply With Quote
Old 03-09-2010, 10:29 PM   #9
Moejoe
Banned
Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.Moejoe did not drink the Kool Aid.
 
Posts: 5,110
Karma: 72193
Join Date: Feb 2009
Location: South of the Border
Device: Coffin
Quote:
Originally Posted by poohbear_nc View Post
Thank you all for your suggestions & links. I will try the instructions from the bleepingcomputer site tomorrow (close to collapse tonight). I have Malwarebytes but no way to get it on to the PC - access to USB & CD drives blocked.


Boot from a linux live cd/usb stick and delete program folders associated with Dr.Guard (list of them in original article). Reboot into safe mode, install malwarebytes there. That should work. In the end though, it's probably going to be a reformat, reinstall situation.
Moejoe is offline   Reply With Quote
Old 03-10-2010, 11:41 AM   #10
poohbear_nc
Feliz Fowlidad!
poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.
 
poohbear_nc's Avatar
 
Posts: 30,160
Karma: 50924609
Join Date: Feb 2009
Location: Durham, NC
Device: Every Kindle Ever Made & To Be Made + Kobo Aura + Nexus7.2!
Thanks guys for all your suggestions! The infected PC is being wiped and reloaded - the browser was SO hijacked I couldn't try the bleepingcomputer solution at all. I did forward the fix to our tech support company who will test it.

The key to preventing infections is to block ALL pop-ups - some ask you to click Yes to download antivirus software, and sometimes a pop-up window will appear with no means to close it - this one seems to be embedded in some Yahoo sites - the only recourse is to shut down your PC immediately before it loads. Some folk here who do online gaming using Yahoo have encountered these aggressive pop-ups that load without requiring you to click on anything.

Again:
You guys rock!
poohbear_nc is offline   Reply With Quote
Old 03-10-2010, 11:53 AM   #11
JSWolf
Resident Curmudgeon
JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.
 
JSWolf's Avatar
 
Posts: 38,535
Karma: 19637653
Join Date: Nov 2006
Location: Roslindale, Massachusetts
Device: Kobo Aura H2O, Sony PRS-650, Sony PRS-T1, nook STR, iPad 1, iPhone 5
Also, on your bosses computer, install Firefox and block is access to MSIE. Firefox is a lot more safe and secure then MSIE. Plus you have addons like flashblock and adblock plus you can install and configure.
JSWolf is online now   Reply With Quote
Old 03-10-2010, 11:58 AM   #12
poohbear_nc
Feliz Fowlidad!
poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.
 
poohbear_nc's Avatar
 
Posts: 30,160
Karma: 50924609
Join Date: Feb 2009
Location: Durham, NC
Device: Every Kindle Ever Made & To Be Made + Kobo Aura + Nexus7.2!
Quote:
Originally Posted by JSWolf View Post
Also, on your bosses computer, install Firefox and block is access to MSIE. Firefox is a lot more safe and secure then MSIE. Plus you have addons like flashblock and adblock plus you can install and configure.
Tragically he was running Firefox - he is just too naive to know better than trust those messages claiming to help him. Plus he lets his kids use the company PC (Yeah - the joys of working in a family-owned business).


But - thanks - I will double check his Firefox settings and include the "block" addons.
poohbear_nc is offline   Reply With Quote
Old 03-10-2010, 12:11 PM   #13
dsvick
Wizard
dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.
 
dsvick's Avatar
 
Posts: 2,737
Karma: 635747
Join Date: Nov 2009
Location: Northeast Ohio, USA
Device: PRS-900
I had a bad one here a while ago that sounds very similar, minus the porn links unfortunately , I ended up using http://combofix.net/ to take care of the problem - worked like a charm.
dsvick is offline   Reply With Quote
Old 03-10-2010, 12:15 PM   #14
poohbear_nc
Feliz Fowlidad!
poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.poohbear_nc ought to be getting tired of karma fortunes by now.
 
poohbear_nc's Avatar
 
Posts: 30,160
Karma: 50924609
Join Date: Feb 2009
Location: Durham, NC
Device: Every Kindle Ever Made & To Be Made + Kobo Aura + Nexus7.2!
Quote:
Originally Posted by dsvick View Post
I had a bad one here a while ago that sounds very similar, minus the porn links unfortunately , I ended up using http://combofix.net/ to take care of the problem - worked like a charm.
Thanks for the link - I'll probably be needing it soon!
poohbear_nc is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Historical Fiction Parker, Gilbert: The March of the White Guard. V1. 19 Mar 2010 crutledge Kindle Books 0 03-19-2010 07:38 AM
Historical Fiction Merriman, Henry Seton: Barlasch of the Guard. V1. 17 Aug 2009 crutledge IMP Books 0 08-17-2009 11:05 AM
Historical Fiction Merriman, Henry Seton: Barlasch of the Guard. V1. 17 Aug 2009 crutledge ePub Books 0 08-17-2009 11:02 AM
Devil's Guard charlieperry Reading Recommendations 1 07-02-2008 09:22 PM
Fantasy Mundy, Talbot: The Devil's Guard. v1, 03 May 07 Dr. Drib BBeB/LRF Books 0 05-03-2007 10:34 PM


All times are GMT -4. The time now is 11:07 PM.


MobileRead.com is a privately owned, operated and funded community.