I gave my husband my buddy key. I sent him the email with the key and the link to download the game client. He downloaded it and installed it this morning and now he's got a malicious virus on the computer! :eek:
He can't browse, he can't do anything at all.
Anyone else experience this issue? I really need some help here!
What files are marked infected, what AV program, what are the symptoms, what virus does the AV program think it is. Thats a start at least.
We use Sophos Anti-Virus. He performed a complete scand and It does not find any infections on the computer at all.
When he attempts to browse, the window gets diverted to a page stating the computer is infected with Vista Guardian 2010 and will not let him do anything else. While running a different program like windows media player, pop ups will appear stating that his computer is infected and will not let him do anything else. These windows will them disable and reroute pages, and programs running on his computer taking him to a page stating he has Vista Gaurdian 2010.
Ahh, so not an actual virus, just some fake "buy our scanner" crudware. I would run a Windows Defender scan, and maybe something like Spybot S&D if that doesn't find it.
Ahh, so not an actual virus, just some fake "buy our scanner" crudware. I would run a Windows Defender scan, and maybe something like Spybot S&D if that doesn't find it.
Wonderful. We use Spybot as well. I will let him know that is most likely what it is and have him run that.
This is a nasty malware program and it is linked to some pretty awful Trojans. I know this because I was the person at work that had to remove this from users computers.
Facts: The buddy key nor STO infected that computer. This infection is a mult-malware style infection. It contains: A hijacker, downloader and a keylogger at the very least. It probably already has the self replicating issue.
What you need to do in order to remove the infection from this computer completely. (How I did it .)
Disclaimer: I am NOT recommending ANY software or sites. Please use Google and track them down yourself. I am NOT responsible for the destruction of any equipment or data caused by following these steps. If you are unsure what you are doing or are uncomfortable at any point jump to alternate method 2. Back up anything that is important to you!!!!!!
Method 1:
Step 1: Understand how to delete your system restore files. You will need to use the method that you have to give yourself access to the super secret file. Download the following software: Ccleaner, Spybot S&D, MBAM (Malware Bytes Anti Malware) install them and update them but do not run any scans yet.
Step 2: Back up anything important to you. It may be infected but at least it is backed up. Do this on a different drive or place than the infected drive.
Step 3: Remove the computer from the internet. (unplug it or disable the NIC.)
Step 4: Run Ccleaner and clean both the Cleaner and Registry until nothing or near nothing is left.
Step 5: Run Spybot S&D 1 time and write down what it finds. My money is it is a virtumonde style infection. then delete the files.
Step 6: Run the MBAM program and have it clean all known infections. (Be careful this tool is VERY powerful and can TRIBBLE up your computer!)
Step 7: Delete the system restore files then run Ccleaner until nothing remains and finally 1 last Spybot scan.
HINT: do not make a "back up" of anything from the scanners, why back up a virus/infection?
The above method should give you a 90% chance to resolve this issue!
Method 2:
This method will give you a 100% removal rate. All you need to do is back up your data and then Format the drive. This will destroy everything friendly and foe on the drive. You will then have to reinstall all of your software including the OS and personal data.
Why/How did this happen and how to prevent this from reoccurring:
90% of infections require user intervention! There was a pop up window that was clicked on, or you plugged in an infected jump drive. There are some infections that directly inject themselves through a web browser but they are pretty rare.
1: NEVER CLICK ANYWHERE ON A POP UP WINDOW! NOT EVEN THE RED [X] button in the corner of the screen! Any suspected window should be closed using ALT + F4. This closes the nearest window. All pop ups are 1 giant button, clicking anywhere on them is the same as pressing "Yes, please infect my computer!"
2. Try to not use IE web browsers. While I can not prove it, I believe that it is a Virus disguised as a web browser. I like Firefox but there are others out there, make up your own mind!
3. NEVER EVER trust ANY pop up! you see a small "click here to update your java/flash player." Do NOT click on it. Go to the site directly and compare versions yourself, it only takes 3 extra seconds.
Good luck! Also, the very last thing that you should do is report back on what worked so others can know!
Vista Guardian 2010 is a rogue antivirus that wants your credit card number.
What are you actually infected with does vary. If you are lucky its just a single file that can be easily removed or might be much more serious like rootkit, downloader and other trojans.
Its is unlikely that you got infected by Cryptic. It can lie dormant for a while (days) so you can not pinpoint the time of infection. Even thou someone can make infected website that then links you to the download page. But Cryptic could not protect you from those.
That is the best piece of software out there for removing these rouge anti-virus programs. I work in IT as a network security specialist in a local hospital and I swear by malwarebytes.
I have run across viruses that wont allow the anti-malware program to run. Ive gotten around that by renameing the anti-malware .EXE to somthing else, any thing else and it runs fine.
For some reason Norton ISS 2010 thinks CrypticError.exe is some kind of malware. I put a exclusion on the whole Cryptic Studios folder. Maybe you should check on this.
For some reason Norton ISS 2010 thinks CrypticError.exe is some kind of malware. I put a exclusion on the whole Cryptic Studios folder. Maybe you should check on this.
Its one of their heuristic systems, since CrypticError's job is to connect to another process and create a memory dump it uses the same APIs that viruses and other malware use to do the same. Just that in our case it is safe and intended :-)
Comments
What sort of details do you require?
We use Sophos Anti-Virus. He performed a complete scand and It does not find any infections on the computer at all.
When he attempts to browse, the window gets diverted to a page stating the computer is infected with Vista Guardian 2010 and will not let him do anything else. While running a different program like windows media player, pop ups will appear stating that his computer is infected and will not let him do anything else. These windows will them disable and reroute pages, and programs running on his computer taking him to a page stating he has Vista Gaurdian 2010.
That's all it does now.
Does that help?
Wonderful. We use Spybot as well. I will let him know that is most likely what it is and have him run that.
Thank you for the assistance.
Facts: The buddy key nor STO infected that computer. This infection is a mult-malware style infection. It contains: A hijacker, downloader and a keylogger at the very least. It probably already has the self replicating issue.
What you need to do in order to remove the infection from this computer completely. (How I did it .)
Disclaimer: I am NOT recommending ANY software or sites. Please use Google and track them down yourself. I am NOT responsible for the destruction of any equipment or data caused by following these steps. If you are unsure what you are doing or are uncomfortable at any point jump to alternate method 2. Back up anything that is important to you!!!!!!
Method 1:
Step 1: Understand how to delete your system restore files. You will need to use the method that you have to give yourself access to the super secret file. Download the following software: Ccleaner, Spybot S&D, MBAM (Malware Bytes Anti Malware) install them and update them but do not run any scans yet.
Step 2: Back up anything important to you. It may be infected but at least it is backed up. Do this on a different drive or place than the infected drive.
Step 3: Remove the computer from the internet. (unplug it or disable the NIC.)
Step 4: Run Ccleaner and clean both the Cleaner and Registry until nothing or near nothing is left.
Step 5: Run Spybot S&D 1 time and write down what it finds. My money is it is a virtumonde style infection. then delete the files.
Step 6: Run the MBAM program and have it clean all known infections. (Be careful this tool is VERY powerful and can TRIBBLE up your computer!)
Step 7: Delete the system restore files then run Ccleaner until nothing remains and finally 1 last Spybot scan.
HINT: do not make a "back up" of anything from the scanners, why back up a virus/infection?
The above method should give you a 90% chance to resolve this issue!
Method 2:
This method will give you a 100% removal rate. All you need to do is back up your data and then Format the drive. This will destroy everything friendly and foe on the drive. You will then have to reinstall all of your software including the OS and personal data.
Why/How did this happen and how to prevent this from reoccurring:
90% of infections require user intervention! There was a pop up window that was clicked on, or you plugged in an infected jump drive. There are some infections that directly inject themselves through a web browser but they are pretty rare.
1: NEVER CLICK ANYWHERE ON A POP UP WINDOW! NOT EVEN THE RED [X] button in the corner of the screen! Any suspected window should be closed using ALT + F4. This closes the nearest window. All pop ups are 1 giant button, clicking anywhere on them is the same as pressing "Yes, please infect my computer!"
2. Try to not use IE web browsers. While I can not prove it, I believe that it is a Virus disguised as a web browser. I like Firefox but there are others out there, make up your own mind!
3. NEVER EVER trust ANY pop up! you see a small "click here to update your java/flash player." Do NOT click on it. Go to the site directly and compare versions yourself, it only takes 3 extra seconds.
Good luck! Also, the very last thing that you should do is report back on what worked so others can know!
What are you actually infected with does vary. If you are lucky its just a single file that can be easily removed or might be much more serious like rootkit, downloader and other trojans.
Its is unlikely that you got infected by Cryptic. It can lie dormant for a while (days) so you can not pinpoint the time of infection. Even thou someone can make infected website that then links you to the download page. But Cryptic could not protect you from those.
I would give www.malwarebytes.org a try.
That is the best piece of software out there for removing these rouge anti-virus programs. I work in IT as a network security specialist in a local hospital and I swear by malwarebytes.
I have run across viruses that wont allow the anti-malware program to run. Ive gotten around that by renameing the anti-malware .EXE to somthing else, any thing else and it runs fine.