Results 1 to 10 of 21

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Knowledgeable and helpful
    Join Date
    Oct 2004
    Location
    Hampshire. Near Basingstoke
    Posts
    653

    Default WIN 32 fakesysdef trojan

    I know that this is not a specialist forum for computing, but that also there are some pretty techno-savvy subscribers who may be interested in the following.

    My wife was surfing legitimate web sites for children's beds when suddenly her PC went mad. All sorts of Windows warnings came up suggesting that the disk was faulty and had faulty segments. It suggested various operations which she tried and the problem got worse. Pretty soon the laptop was unusable and all her files had disappeared in every program. This all happened even though she had Windows Defender and McAfee Anti-Virus up and running. Eventually the latter popped up and advised her that it had detected a trojan called by the above name. So it had detected it late and worse had allowed it through.

    McAfee was unable to mend or remove the trojan and even though after two full days of research and effort she has managed to get some systems back up and running, she seems to have permanently lost some system files and email folders including those provided by the manufacturer.

    Fortunately we have more than one laptop in the house and we were able to use those to research the problem. The trojan simulates Windows warnings so that they look just like the real thing. It also switches the settings to files to "Hidden" so that although many are still there, it appears that they have been wiped out. It suggests that you need to buy a product that fixes the problem. Fortunately we didn't fall for that so I don't know whether they do have a fix or whether they simply want your bank details.

    Despite the fact that she has got some operational ability back again, her laptop does seem to have some permanent damage and whether it has gone completely is not clear. Even some of the programs suggested by Microsoft to remove the trojan don't seem to to be 100% effective.

    This is some scary virus, if it can get through anti-virus defences before they even know that it has done so. Anyone else out there who has suffered or knows about this monster?
    "People will not look forward to posterity who never look backward to their ancestors.” Edmund Burke

  2. #2
    JohnN
    Guest

    Default

    I don't know if it's the same monster, Tony, but both my wife's PC and my MacIntosh have received official-looking warning messages from 'Windows' listing the various viruses detected in our machines, also despite virus protection. In every instance, we've simply dumped the messages and then immediately cleared the Trash file.

    We might have been sucked in by the message on the PC - but a Windows warning on a MacIntosh?

  3. #3
    Knowledgeable and helpful
    Join Date
    Oct 2004
    Location
    Hampshire. Near Basingstoke
    Posts
    653

    Default

    Hi John

    Yes I use a Mac and so far haven't been touched. My wife is using Windows 7. The trojan may have got in through a picture of a bed my wife was looking at via a legitimate but infected retail website. I've never heard of Windows warning getting onto a Mac. Weird or what!
    "People will not look forward to posterity who never look backward to their ancestors.” Edmund Burke

  4. #4
    Mutley
    Guest

    Default

    I think I had a similar one recently, I don't know if it was the same but the symptoms sound alike,
    I was looking for pictures in google images when it happened.
    I really thought I had lost everything and could not even load Windows.

    I went into safe mode and requested a full scan and luckily my antivirus was then able to correct it, though it took nearly a whole day to do so and it really had to work hard.

    I do a full scan daily and I thought I had all the right antivirus defenders in place but it still snuck in.
    As you say..... Scary!!!

  5. #5
    Mutley
    Guest

    Default

    Messages about viruses

    Virus announcements and discussion of viruses is strictly prohibited except in the relevant forum specifically for that purpose.
    Oooops!
    Sorry Graham, I was carried away by a virus, kicking and screaming and did not know where I was, let alone able to move a thread. Apologies for not doing my mod job.

    You don't believe me? I don't blame you... the Mut is in disgrace.

  6. #6
    Richard1955
    Guest

    Default

    Hi Tony
    You might want to try reverting the system back to a date prior to the attack using system restore.

  7. #7
    Knowledgeable and helpful
    Join Date
    Oct 2004
    Location
    Hampshire. Near Basingstoke
    Posts
    653

    Default

    Thanks for the replies so far.

    I didn't realise that there is a forum policy on the discussion of viruses. I'm not sure why this is a problem - unless it it because some strange people like to spread rumours about non-existent viruses - but I am happy that it is now in the right place anyway. Thanks.

    Mutley, my wife had to do the same thing i.e. go into safe mode to even stand a chance of fixing it.

    Richard, I think that she has tried that but inevitably has lost a lot of stuff done recently, including lots of stuff she had prepared, order of service etc. for a funeral we are helping to arrange next week. It has also seemingly trashed a lot of system stuff provided by Toshiba the manufacturers, so restore points aren't a lot of use in dealing with that.

    Her anti-virus software is set up to download new definitions whenever they are available, so it is not as if she had neglected to stay "safe". Clearly the virus writers (who MS state are likely to be Russian) are one step ahead of them.
    "People will not look forward to posterity who never look backward to their ancestors.” Edmund Burke

  8. #8
    Richard1955
    Guest

    Default

    I think using System restore will only restore the system files and not the files you have added and lost
    but you may still find them hidden.

    To help prevent this in the future:
    A good AV that tests the safely of websites and warns of unsafe sites. ie McAfee and Norton. (Site Adviser)
    A pen drive and a backup of 'my docs' every evening. I'll have to start doing that myself !
    Sorry I can't be of any more help.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Select a file: