formidable malware -- PC_AntiSpyware2010

Yesterday I managed to infect my Vista Ultimate with a very virulent ( new?)
strain of PC_AntiSpyware2010. The battle for control of my computer lasted
5 hours last evening, and a few more hours this morning.

I finally threw in the towel today, and re-imaged my Vista partition with a
backup (a bit old - but oh well). Thank goodness Acronis 10 came thru for
me. The pucker factor was pretty high, considering my hard-drive had
changed considerably as to partition sizes and number.

I'm no slouch as far as peeking under Vista's skirts ... but damn! 2010
took away all my weapons that I could throw at it. Safe mode OR normal
boot. Task Manager worked (slowly, like regedit and everything else on poor
'ol Vista), but stopping rogue entries became a Mallet & Ground Chuck game.

Malware Bytes Anti-Malware
Hi-Jack This
Stubware Scanner
System Internals Auto-Runs (sheesh)
SmitFraudFix

.... the above programs would start and become active -- than would just
quietly shutdown. RegistryFix7 and another registry contestant held up
longer, but also just (poof) vanished after thinking about my problem.

If you happen to get this strain, kiss your buttocks good-bye. And hope you
have a recovery option of sorts. This was a serious bit of malicious
coding.

Net-Link Blue

SuperAntiSpyware has the capability for this PC_AntiSpyware2010. Few people used it
for the same malware and all had success with it.



--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"NetLink_Blue" <PcjTv@cooltoad.com> wrote in message
news:erJCL40KKHA.1492@TK2MSFTNGP03.phx.gbl...
> Yesterday I managed to infect my Vista Ultimate with a very virulent ( new?)
> strain of PC_AntiSpyware2010. The battle for control of my computer lasted 5
> hours last evening, and a few more hours this morning.
>
> I finally threw in the towel today, and re-imaged my Vista partition with a backup
> (a bit old - but oh well). Thank goodness Acronis 10 came thru for me. The
> pucker factor was pretty high, considering my hard-drive had changed considerably
> as to partition sizes and number.
>
> I'm no slouch as far as peeking under Vista's skirts ... but damn! 2010 took away
> all my weapons that I could throw at it. Safe mode OR normal boot. Task Manager
> worked (slowly, like regedit and everything else on poor 'ol Vista), but stopping
> rogue entries became a Mallet & Ground Chuck game.
>
> Malware Bytes Anti-Malware
> Hi-Jack This
> Stubware Scanner
> System Internals Auto-Runs (sheesh)
> SmitFraudFix
>
> ... the above programs would start and become active -- than would just quietly
> shutdown. RegistryFix7 and another registry contestant held up longer, but also
> just (poof) vanished after thinking about my problem.
>
> If you happen to get this strain, kiss your buttocks good-bye. And hope you have
> a recovery option of sorts. This was a serious bit of malicious coding.
>
> Net-Link Blue
>
>

"Peter Foldes" <okf22@hotmail.com> wrote in message
news:uH5BzI1KKHA.5628@TK2MSFTNGP03.phx.gbl...
> SuperAntiSpyware has the capability for this PC_AntiSpyware2010. Few
> people used it for the same malware and all had success with it.
> --
> Peter

I had SuperAntiSpyware installed. I tried to use it. It fared no better
than the other programs mentioned below. SaS also has something called an
"alternate" start link. Using that, I could at least see a startup window.
Seconds after I hit the "scan" button. pffft ...

This new strain is some serious MoJo. What 2010 was doing on these key
program files was changing permissions to a single user named "EveryBody"
( right-click file / security tab / insane rubix-cube of technical poop).
%UserName% (me) was still the "owner" of the file. No help there. As soon
as I would rename the correct users for permissions, and run the file it
would reset back to "Everybody". And I would be locked out again.

In safe mode, the computer would only spin the blue circle after
right-clicking on a file. Nasty.

Net_L :~(


> Please Reply to Newsgroup for the benefit of others
> Requests for assistance by email can not and will not be acknowledged.
>
> "NetLink_Blue" <PcjTv@cooltoad.com> wrote in message
> news:erJCL40KKHA.1492@TK2MSFTNGP03.phx.gbl...
>> Yesterday I managed to infect my Vista Ultimate with a very virulent (
>> new?) strain of PC_AntiSpyware2010. The battle for control of my
>> computer lasted 5 hours last evening, and a few more hours this morning.
>>
>> I finally threw in the towel today, and re-imaged my Vista partition with
>> a backup (a bit old - but oh well). Thank goodness Acronis 10 came thru
>> for me. The pucker factor was pretty high, considering my hard-drive had
>> changed considerably as to partition sizes and number.
>>
>> I'm no slouch as far as peeking under Vista's skirts ... but damn! 2010
>> took away all my weapons that I could throw at it. Safe mode OR normal
>> boot. Task Manager worked (slowly, like regedit and everything else on
>> poor 'ol Vista), but stopping rogue entries became a Mallet & Ground
>> Chuck game.
>>
>> Malware Bytes Anti-Malware
>> Hi-Jack This
>> Stubware Scanner
>> System Internals Auto-Runs (sheesh)
>> SmitFraudFix
>>
>> ... the above programs would start and become active -- than would just
>> quietly shutdown. RegistryFix7 and another registry contestant held up
>> longer, but also just (poof) vanished after thinking about my problem.
>>
>> If you happen to get this strain, kiss your buttocks good-bye. And hope
>> you have a recovery option of sorts. This was a serious bit of malicious
>> coding.
>>
>> Net-Link Blue
>>
>>
>

"NetLink_Blue" <PcjTv@cooltoad.com> wrote in message
news:e3#sOF2KKHA.4608@TK2MSFTNGP02.phx.gbl...
>
> "Peter Foldes" <okf22@hotmail.com> wrote in message
> news:uH5BzI1KKHA.5628@TK2MSFTNGP03.phx.gbl...
>> SuperAntiSpyware has the capability for this PC_AntiSpyware2010. Few
>> people used it for the same malware and all had success with it.
>> --
>> Peter
>
> I had SuperAntiSpyware installed. I tried to use it. It fared no better
> than the other programs mentioned below. SaS also has something called an
> "alternate" start link. Using that, I could at least see a startup
> window. Seconds after I hit the "scan" button. pffft ...
>
> This new strain is some serious MoJo. What 2010 was doing on these key
> program files was changing permissions to a single user named "EveryBody"
> ( right-click file / security tab / insane rubix-cube of technical poop).
> %UserName% (me) was still the "owner" of the file. No help there. As
> soon as I would rename the correct users for permissions, and run the file
> it would reset back to "Everybody". And I would be locked out again.
>
> In safe mode, the computer would only spin the blue circle after
> right-clicking on a file. Nasty.
>
> Net_L :~(
>
>
>> Please Reply to Newsgroup for the benefit of others
>> Requests for assistance by email can not and will not be acknowledged.
>>
>> "NetLink_Blue" <PcjTv@cooltoad.com> wrote in message
>> news:erJCL40KKHA.1492@TK2MSFTNGP03.phx.gbl...
>>> Yesterday I managed to infect my Vista Ultimate with a very virulent (
>>> new?) strain of PC_AntiSpyware2010. The battle for control of my
>>> computer lasted 5 hours last evening, and a few more hours this morning.
>>>
>>> I finally threw in the towel today, and re-imaged my Vista partition
>>> with a backup (a bit old - but oh well). Thank goodness Acronis 10 came
>>> thru for me. The pucker factor was pretty high, considering my
>>> hard-drive had changed considerably as to partition sizes and number.
>>>
>>> I'm no slouch as far as peeking under Vista's skirts ... but damn! 2010
>>> took away all my weapons that I could throw at it. Safe mode OR normal
>>> boot. Task Manager worked (slowly, like regedit and everything else on
>>> poor 'ol Vista), but stopping rogue entries became a Mallet & Ground
>>> Chuck game.
>>>
>>> Malware Bytes Anti-Malware
>>> Hi-Jack This
>>> Stubware Scanner
>>> System Internals Auto-Runs (sheesh)
>>> SmitFraudFix
>>>
>>> ... the above programs would start and become active -- than would just
>>> quietly shutdown. RegistryFix7 and another registry contestant held up
>>> longer, but also just (poof) vanished after thinking about my problem.
>>>
>>> If you happen to get this strain, kiss your buttocks good-bye. And hope
>>> you have a recovery option of sorts. This was a serious bit of
>>> malicious coding.
>>>
>>> Net-Link Blue
>>>
>>>
>>
>

It is unfortunate that malware is good enough to force a full system
recovery. It is even more unfortunate that the majority of home users still
fail to back up their important stuff..

--

Mike Hall - MVP Windows Experience
http://msmvps.com/blogs/mikehall/

It's the nature of a root kit that it can't be stopped or deleted while it's
running. If you boot from the hard drive there is a good chance it is
running. You have to identify the files as best as possible while it's
running then boot from a Linux CD and delete them. This often takes several
iterations and often causes a lot of collateral damage such that Windows
won't boot. The best thing to do with severe infections is to nuke the box
and rebuild.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/


"NetLink_Blue" <PcjTv@cooltoad.com> wrote in message
news:erJCL40KKHA.1492@TK2MSFTNGP03.phx.gbl...
> Yesterday I managed to infect my Vista Ultimate with a very virulent (
> new?) strain of PC_AntiSpyware2010. The battle for control of my computer
> lasted 5 hours last evening, and a few more hours this morning.
>
> I finally threw in the towel today, and re-imaged my Vista partition with
> a backup (a bit old - but oh well). Thank goodness Acronis 10 came thru
> for me. The pucker factor was pretty high, considering my hard-drive had
> changed considerably as to partition sizes and number.
>
> I'm no slouch as far as peeking under Vista's skirts ... but damn! 2010
> took away all my weapons that I could throw at it. Safe mode OR normal
> boot. Task Manager worked (slowly, like regedit and everything else on
> poor 'ol Vista), but stopping rogue entries became a Mallet & Ground Chuck
> game.
>
> Malware Bytes Anti-Malware
> Hi-Jack This
> Stubware Scanner
> System Internals Auto-Runs (sheesh)
> SmitFraudFix
>
> ... the above programs would start and become active -- than would just
> quietly shutdown. RegistryFix7 and another registry contestant held up
> longer, but also just (poof) vanished after thinking about my problem.
>
> If you happen to get this strain, kiss your buttocks good-bye. And hope
> you have a recovery option of sorts. This was a serious bit of malicious
> coding.
>
> Net-Link Blue
>
>