Booby trapped ads...

[breadfan]

Tweet

It happened to me...

[37408]

ahhh the trojan fake alert. usually these have to be executed to do damage, say you visit a site then guids you to a online scan page and up crops a popup box to download supposed AV software.....in reality it screws your PC to bits by infecting it and telling you a load of bull by claiming PC is infected with stuff that aint really there.
this is unusual, these seen auto executed from what is said cauesed by a "drive by".
i cant understand how this virus is executed automaticly from a driveby.......and are ther SURE its the ads.
after my recent issues with a busted HDD, i think im gonna a block ALL ads if this is the case

[breadfan]

I was browsing a Google search list when the pop up happened, nothing was executed or even rolled over. It also happened to two colleagues at work at the same time as me on Saturday night (not Sunday). Never seen anything like this before, it really got hold of my friends PC and he reckons it put a hidden partition on his HDD and redirected his browser and blocked his AVG even in safe mode.

[37408]

dont think they can do hidden partition without formatting, might be wrong though.
STD issue....these things block most antiviruses....AVG, kaspersky, norton + others.....however doesnt block malwarebytes.
the thing i do is manually delete without the aid of antivirus, is on XP, CTRL ALT DEL (task man), end any susipious task/process i dont recognize then do a windows search on that .exe file and delete it. but make sure its recently created for example....look on properties and see when file was created...last thing you want to do is nack your own OS installation yourself, 9 times out of 10 its in your (again on XP) windows\system32 folder.
ALSO in addition, i hope TVC isnt infected as its ad run.

[blueorange]

Happened to my mum, took a good hour of googling/doing stuff to get rid of it.

[37408]

i once spent 3hrs...yes THREE hrs on phone to my mate telling him how to manually get rid of it as it had buggered in norton and did somthing so he couldnt stay on a web page long enough before being redirected to fake sites or search pages....kind of 2 viruses in one, the trojan fake aleart and a redirector.
if youve spare time when NOT infected, take some time to study some youtube vids.....http://www.youtube.com/results?searc...ake+alert&aq=f

also this explains a few things...using either win7 or vista...may even work for xp too http://www.youtube.com/watch?v=ntfTAsbQC5o

[breadfan]

Thanks for the advice 37408, but I am an experienced user.

This particular infection blocked task manager, AV software, Malwarebytes, Superantispyware and CCleaner (the apps I tried anyway.)
It was only in safe mode (without networking) that I could run anything at all. This was not your usual fake trojan and re-director.
My friend (a very experienced user) said at work today he had tried again to re-build windows but it still remained on start-up.
I used a removal tool from Kaspersky (heard there's one at bleepingcomputers as well) which worked for me but hasn't worked for him. Thinks he may have to use another HDD.

[tartist]

It happened to me...

On the BBC's coverage of this story I found this screen shot, which is the same as I saw on a friend's PC a couple of weeks ago caused by rogue security program "Security Tools". I was able to fix it for him:

Attachment 760

There's a lot of info on the net about removing the Security Tools trojan. Frustratingly I can't remember exactly how I fixed it, I think it may have been along the lines of: safe mode... deleted directory named with a string of numbers... reboot.. and then in his case I deleted his C-drive and reformatted it, then re-installed Windows after first saving his documents, photos etc which he had on his C-drive (pillock!).
Finally, I made a disk image to avoid the hassle the next time...