Despite my almost paranoid approach to internet security, I've managed to come a cropper.
On the PC I've just had the dreaded "Illegal activity detected on your computer" thing. I can't get past it, as it has taken over the desktop. Re-starting the computer normally has no effect - the thing is still there. I've re-started in Safe Mode and have started a Super Anti-Spyware scan, but I'm not hopeful, as memory and registry have finished being scanned and nothing has turned up.
Don't know if I can get Avast! to do a boot-time scan, or if it would achieve anything.
Any ides, please? I'm getting seriously worried, as I have college work in progress and deadlines looming. Any help would be much appreciated.
(Sent from my laptop, in case you're wondering how it got here!)
|
|
Is it the one that purports to be from the Met police and asks you to Paypal (or similar) a "fine" to get the PC released?
|
|
Yes, it is. The very same.
|
Thanks for the link, Smokie, but as I can't do anything in Normal Mode, how do I download a removal program? Can I do this in Safe Mode?
Sorry if I'm being inept here - I'm in uncharted territory and if someone can give me an idiot's guide that would be good.
|
|
Using another computer download it onto a memory stick.
|
|
Thanks, Mark. I've done this, and the scan is in progress. Three instances of the Ukash Virus are reported so far.
|
|
Malwarebytes run in "safe-mode" in thorough scan mode has shifted the versions of this that I`ve come across, tho I have heard there is a more stubbon version!!
|
|
I have Malwarebytes and can try that. Thanks.
|
>> I have Malwarebytes and can try that. Thanks.
>>
My son had this virus on his laptop - running Malwarebytes (update to the latest version and run a full scan) in safe mode did get rid of it.
|
I've done the SpyHunter scan as suggested above (thanks, Smokie), paid my €36 and got rid of Ukash. Maybe I didn't need SpyHunter, but I'll never know.
Sorted, anyway - huge sigh of relief - just a bit of a waste of time and a few quid lighter. Could have been worse. Thanks to all for prompt support.
|
>> I've done the SpyHunter scan as suggested above (thanks, Smokie), paid my €36 and got
>> rid of Ukash. Maybe I didn't need SpyHunter, but I'll never know.
>>
Spyhunter?
Search "spyhunter scam".
|
Stop it!
(SpyHunter came up from Smokie's link.)
|
Nor can I now. I don't understand how it came up before, but it did. Maybe I clicked on a link on that page. D'oh!
It worked, though. A subsequent scan by Avast! has revealed nothing.
|
>> Nor can I now. I don't understand how it came up before, but it did.
>> Maybe I clicked on a link on that page. D'oh!
>>
>> It worked, though. A subsequent scan by Avast! has revealed nothing.
>>
Classic bait and trap.
The original problem may have come from the same cookie that brought up the SpyHunter scam - sorry - scan. I do not know how good SpyHunter is, for all I knowthe internet stories about it might be true/false, and so I'll let you do your own research.
Last edited by: John H on Mon 26 Nov 12 at 23:05
|
|
SpyHunter is part of Enigma Software, which looks OK, as far as I can tell.
|
>> SpyHunter is part of Enigma Software, >>
True. All I can reply is:
search: spyhunter fake scam
Pay attention to any results linked to ripoffreport.com and antivirus.about.com
search: spyhunter ukash police ransomeware
see any results by www.wiki-security.com?
Look at the bottom of that page. See who publishes it? Is it Blue Phantom Marketing?
search: Blue Phantom Marketing
look out for a link to ask.metafilter.com
Make what you will of those results.
|
>>It worked, though. A subsequent scan by Avast! has revealed nothing.
I think I might be ditching Avast!! ;-)
|
FP,
In a perfect world you would regularily backup your data and keep all installation disks. And also once have done a full image of the system when it was working how you wish it to work.
That way should you ever get yourself in a pickle, you can simply zap the thing and replace it.
Now, I'm not saying you're in a pickle now. You may have resolved all your issues. But could you the entire disk without losing anything you cared about?
If you could not, then may I suggest putting yourself in a position where you could once this current problem is dealt with.
|
|
Now, what were you doing to catch it? Note to self, dont do that again.
|
Oh well it's sorted now... hopefully.
We've had it twice on the laptop, the second time where the scam screen switched on the webcam and inset my image into the wording as is the "met" could see you. Quite unnerving for a few seconds.
I took advice from the net on another PC in the house and a combination of safe mode, system restore and the free Malwarebytes did the trick... but I found it took two or three scans before every example of the malware cleared.
I'd give some thought to deleting Spyhunter and running a Malwarebytes scan afterwards... Spyhunter doe not have a good reputation on the web.
|
"I'd give some thought to deleting Spyhunter and running a Malwarebytes scan afterwards... Spyhunter doe not have a good reputation on the web."
I may well do that.
|
>>>Now, what were you doing to catch it? Note to self, dont do that again.
Just seen the above comment. As a matter of interest ours was first "caught" while youngest daughter was looking for a youtube to mp3 convertor... second time I was looking to download a free manual for our old gas boiler.
|
>>"caught" while youngest daughter was looking for a youtube to mp3 convertor...
so she doesn`t "give" it to you again!! - works very well!
www.vidtomp3.com/
|
"In a perfect world you would regularily backup your data and keep all installation disks. And also once have done a full image of the system when it was working how you wish it to work.
That way should you ever get yourself in a pickle, you can simply zap the thing and replace it.
Now, I'm not saying you're in a pickle now. You may have resolved all your issues. But could you the entire disk without losing anything you cared about?"
Point taken, though I don't understand about images of my system. Never done one of those. Wouldn't know how to, wouldn't know what they're for.
I do regularly make a backup of all documents, photos and musical scores (which represent hundreds of hours of work) to an external hard drive.
Last edited by: FocalPoint on Mon 26 Nov 12 at 23:22
|
>> Point taken, though I don't understand about images of my system. Never done one of
>> those. Wouldn't know how to, wouldn't know what they're for.
>>
www.car4play.com/forum/post/index.htm?v=e&t=11389&m=253460
www.car4play.com/forum/post/index.htm?v=e&t=11628&m=259421
Last edited by: John H on Mon 26 Nov 12 at 23:42
|
If this was me... I'd now secure all files that matter. Then as a backup archive use a Linux based disk cloning utility like CloneZilla (live bootable) and then wipe the machine and reinstall.
Sounds like FP was duped into installing and paying for a tool to say all is fine. When in fact all was probably fine in reality anyway... or was it. The smokie link was even hijacked to make you think someone on here had suggested you install something to fix the problem (for free).
So can you be sure the problem won't resurface in a few weeks as it was programmed to?
|
OK - trying to get to grips with this imaging thing.
How much space does a hard drive image take up? My Drive C: at the moment has 127 GB on it - does that mean the image is that size? Sorry if it's a stupid question.
|
Its not a stupid question.
Firstly the point of an image is just that. If you can imagine it takes a snapshot of your system at that moment in time. At any point in the future you can therefore delete the hard disk contents, put in a new hard disk, or whatever, and all you do is copy that image back to the hard disk and you are back exactly where you were on that original date.
Clearly, over time, a system changes. You will install new appplications, change things, move things and the like. You need to judge how much the system has changed to know when its worthwhile doing another image.
When I refer to "system" I am talking about applications, operating system and configuration items. Of course an image backs up copies your data at that point also, but data changes quickly.
So even though you have an image backup, you should do periodic data backups. Its difficult to advise you how often to do this, but here is my measure;
If it would be a disaster for you to lose 1 days work, then you should back up data more frequently than once per day. If your system is less active, then perhaps you'd be ok to lose up to 1 months data, then back up once per month etc etc.
All backups reorganise the data for storage, and a consequence of that reorganisation is that it takes up less space. Its very difficult to say how much less since it depends on many things. But if you have 127GB, then you'll probably end up somewhere between 50GB & 80GB in the storage file.
I apologise if I am teaching you to suck eggs.
Last edited by: No FM2R on Tue 27 Nov 12 at 01:25
|
"I apologise if I am teaching you to suck eggs."
No, no - no apology needed. I take the points you're making.
I've tried to understand this "imaging" thing, but I gather there's "imaging", "ghosting" and "cloning". Are they the same?
I'm thinking of getting another external hard drive just to save the system information you're talking about, as the one I'm using for data has a capacity of 250 GB and is getting quite full, what with RAW files for photos and so on.
And presumably I need software. Macrium Reflect is free and recommended by some.
(As a follow-up to yesterday's shenanigans, I've now scanned the PC with Malwarebytes and have done a boot scan with Avast!, neither of which showed anything untoward.)
|
>>gather there's "imaging", "ghosting" and "cloning".
No, not really the same although the effect is similar. It is to do with the level that the copy is made at - anywhere from a byte to byte copy of the disk with no interpretation of the information itself up to a backup copy where the information is interpreted, reorganised and stored.
You want imaging, although it would not be the end of the day if you got something else.
You do need software, and you can use windows or a Third Party. I would use a TP. I have never used Macrium Reflect but it is frequently recommended by people who I think know what they're talking about.
You could ask someone else who knows what they're talking about, or you could ask Zero. But I'd reckon on just going with Macrium.
|
>> >>gather there's "imaging", "ghosting" and "cloning".
To all intents and purposes they are the same. The term Ghosting came about because Norton Utilities had a program called Ghost that could be used to clone a disk. Along the way it could do some clever things etc and even compress the backup image. And when restoring a Ghost image you could restore to different sized disks and it handled the partition stuff.
When cloning/imaging/whatever you want to call it, you can backup the entire disk byte for byte including all partitions on the disk. Then it can be restored exactly as it is. Or you can just copy a particular partition. To be sure you can restore the system to exactly how it is I'd do the whole disk. That way any boot loaders and system partitions are also backed up. It partly depends if this is an old style bootable hard drive or using the newer boot manager (especially if it's an EFI motherboard).
I've successfully used the Linux based LiveCD called CloneZilla to backup an entire system so I could figure out how to fix it without losing someone's setup. I even converted the files to a virtual machine for VMware.
The 'problem' with CloneZilla is it's a text based GUI and might confuse some.
|
>>text based GUI
Neither fish not fowl by the sound of it!
|
>> (As a follow-up to yesterday's shenanigans, I've now scanned the PC with Malwarebytes and have
>> done a boot scan with Avast!, neither of which showed anything untoward.)
>>
I take it you read my post at Mon 26 Nov 12 23:34
If so, i presume you have taken steps to ensure that your payment to Enigma was a one-off, and that you have not unintentionally given them the right to take money from your account every 6 or 12 months through a "continuous authority".
re. imaging, ghosting, cloning:
sometimes the terms are used to mean the same thing, but technically they can refer to different procedures.
Think of it like this. Say you have handwritten a longhand life diary. You can either: copy it exactly as it is with all the crossed out text, ripped out pages, blank pages, ink blots, etc.; or copy only the good text leaving out the crud and blank pages; or copy the good text in shorthand to save space; or .... (you get the idea). Then say six months later, you can add to the backup copy either a copy of the new 6 months worth of diary, or make another full image of your full life story up to the new date.
All you need to know:
choose macrium options:
www.macrium.com/uploads/gallery/defaults.jpg
other screenshots and video guide:
www.macrium.com/gallery.aspx
( I have two images of my system rebuilt from a few months ago, one that contains only the Windows OS fully updated to that point and another image with all my other software added to the OS and also fully updated to that point. My data - photos, videos, music, documents - is all on other separate backups ).
|
|
Very helpful, John H - thank you.
|
Looks like I've been caught - Fenlander
