View previous topic :: View next topic |
Author |
Message |
hammy
Joined: 15 Feb 2010 Posts: 1876
|
Posted: Sat Nov 27, 2010 4:26 pm Post subject: Security Tool |
|
|
Hi disco!
Mrs H has just had this come up on her netbook and it won't go away. It keeps popping up and saying it is infected with trojans and all sorts.
I ran a Macafee scan and when it got to 88% windows shut down saying there wa a problem with SPCMDCOM.sys.
I googled that and it came up showing that it is malware called 'security tool.'
I printed out how to get rid of it and it came to 8 pages long and I don't understand a word it says.
just wondering if it is an expensive thing to get rid of. |
|
Back to top |
|
|
Discovery Site Admin
Joined: 12 Sep 2006 Posts: 5741 Location: Sol System
|
Posted: Sat Nov 27, 2010 4:51 pm Post subject: |
|
|
I normally have to take the drive out and run it as a slave on another machine. It's not easy to do that with a netbook though because the drive is a special size and can be difficult to get at.
If you did manage to back-up the data, the destination media might get infected too.
You might need to do a restore with the system discs but you would lose the data doing that. I would try downloading ComboFix via the bleepingcomputer dot com link and following the instructions. That can sometimes help. If not, you will most likely have to restore it back to factory settings.
I have done a few of them if you need help with the repair. _________________
Good judgement comes from Experience. Experience comes from bad judgement. |
|
Back to top |
|
|
hammy
Joined: 15 Feb 2010 Posts: 1876
|
Posted: Sat Nov 27, 2010 5:35 pm Post subject: |
|
|
Thanks for that, disco.
I don't think I will touch it at all, what I know about computers you could write on a postage stamp. I think it will have to go to a nice little man my friend knows.
When you say restore back to factory settings, is that a nice easy thing to do? |
|
Back to top |
|
|
Discovery Site Admin
Joined: 12 Sep 2006 Posts: 5741 Location: Sol System
|
Posted: Sat Nov 27, 2010 6:01 pm Post subject: |
|
|
| |
When you say restore back to factory settings, is that a nice easy thing to do? |
It is if you created the restore DVD's when you initially got the machine. They usually go that route rather than giving you restore discs with the machine. They do it to save costs. _________________
Good judgement comes from Experience. Experience comes from bad judgement. |
|
Back to top |
|
|
hammy
Joined: 15 Feb 2010 Posts: 1876
|
Posted: Sat Nov 27, 2010 6:40 pm Post subject: |
|
|
No, she didn't do that.
So how, if she has macafee on the machine did this slip through? |
|
Back to top |
|
|
Discovery Site Admin
Joined: 12 Sep 2006 Posts: 5741 Location: Sol System
|
Posted: Sat Nov 27, 2010 7:02 pm Post subject: |
|
|
A number of ways. It could be a script running on some website, clicking on a suspect link, an attachment from an e-mail, an infection from some device such as a USB stick / other media, a direct attack, etc.
You can cut down the odds of re-infection of scripts on websites by using the Firefox browser and adding add-ons such as Adblock Plus and No-script.
Free anti-spyware programs such as Spybot Search & Destroy and Malwarebytes are well worth getting too.
I personally don't like McAfee or Norton for anti-virus protection. _________________
Good judgement comes from Experience. Experience comes from bad judgement. |
|
Back to top |
|
|
Dax
Joined: 21 May 2007 Posts: 155
|
Posted: Sat Nov 27, 2010 8:20 pm Post subject: |
|
|
Hi Guys I have some success with system restore try restoring your compter to the time before it was infected give it a go nothing to lose as it doesnt touch your data just installed programs, never click on those pop ups that say you have a virus they are just an animation trying to get your credit card details dont go near online banking with that on the computer. hope this helps. |
|
Back to top |
|
|
hammy
Joined: 15 Feb 2010 Posts: 1876
|
Posted: Sat Nov 27, 2010 9:01 pm Post subject: |
|
|
Thanks guys, appreciate it. |
|
Back to top |
|
|
Discovery Site Admin
Joined: 12 Sep 2006 Posts: 5741 Location: Sol System
|
Posted: Sat Nov 27, 2010 10:21 pm Post subject: |
|
|
Unfortunately, some of the latest viruses / spyware prevent you from using system restore. They get more devious and difficult to remove than ever. I've had that on a number of recent customers' machines. _________________
Good judgement comes from Experience. Experience comes from bad judgement. |
|
Back to top |
|
|
hammy
Joined: 15 Feb 2010 Posts: 1876
|
Posted: Sun Nov 28, 2010 11:26 pm Post subject: |
|
|
Think you're right disco, I tried system restore today and it just won't have it.
If you are not supposed to click on these pop ups, how do you get rid of them?
Mrs H said the whole computer just suddenly closed down and the pop up popped up and filled the screen. |
|
Back to top |
|
|
hammy
Joined: 15 Feb 2010 Posts: 1876
|
Posted: Mon Nov 29, 2010 11:08 am Post subject: |
|
|
Her computer has three accounts on it, Mrs H, Me and guest.
This morning I switched on the guest account and did a full system scan.
100% clean.
It seems okay to use on the guest account, so could she continue to use the computer just using that and not touch her account?
Could she send emails and not not infect any one elses computer?
And could it affect my imac which is upstairs? |
|
Back to top |
|
|
Discovery Site Admin
Joined: 12 Sep 2006 Posts: 5741 Location: Sol System
|
Posted: Mon Nov 29, 2010 11:31 am Post subject: |
|
|
Some of these viruses will hide parts of themselves to avoid detection and to enable re-infection. I wouldn't be happy using the machine in that state. If it's on the other account, it will have installed parts of itself to common system files too.
It could possibly sent viruses to other people but you are less likely to get infected on an imac, a Linux machine even less. Windows machines tend to be the most vulnerable.
You will need to check things like USB drives and other media for infection too. It could have been picked up from them or passed on to them if they have been connected to the netbook. _________________
Good judgement comes from Experience. Experience comes from bad judgement. |
|
Back to top |
|
|
hammy
Joined: 15 Feb 2010 Posts: 1876
|
Posted: Mon Nov 29, 2010 12:03 pm Post subject: |
|
|
Thanks disco, sorry to keep bothering you. |
|
Back to top |
|
|
Discovery Site Admin
Joined: 12 Sep 2006 Posts: 5741 Location: Sol System
|
Posted: Mon Nov 29, 2010 12:14 pm Post subject: |
|
|
No problem, hammy. _________________
Good judgement comes from Experience. Experience comes from bad judgement. |
|
Back to top |
|
|
hammy
Joined: 15 Feb 2010 Posts: 1876
|
Posted: Thu Dec 02, 2010 12:09 pm Post subject: |
|
|
Just an update.
Took it into a local shop and he said that there are bits all over the place.
So, he wiped it and re-installed windows for £45.
It seems now to be running much faster than it was.
I noticed this morning a little icon on the desktop that gives you the option of using several other browsers, one of them being safari 5 for windows.
As you know disco, I am a fan of apple stuff. If I did download that, does it replace IE or work alongside it? |
|
Back to top |
|
|
|