Author Topic: Arrrgh! Trojaned! (Read 721 times)

captain_obvious · « **on:** July 07, 2012, 11:23:21 AM »

As you can tell my rig was somehow hit with a trojan last night. It's a variant of the "police" Ukash ransomware scams.
The one I'm afflicted with is the "West Yorkshire police" variant but for some reason it (thankfully) hasn't encrypted any of my files like almost every other victim has. The bad news is none of the fixes on the net are working as none of the files or registry entries exist and none of the AV or other security software packages are picking it up.

Nonetheless as soon as I boot normally into windows the screen goes black and is replaced with a full-screen warning telling me to pay a ?100 "fine" to receive an unlock code. If I were to enter the wrong code 3 times my computer gets it. Task manager is disabled as is pretty much everything other than ctrl alt delete.

I can boot into safemode ok and I have identified the malware as being a fake "tracert.exe" in my appdata folder.

EDIT

No trojan is a match for me

FarShot · « **Reply #1 on:** July 07, 2012, 02:15:45 PM »

Rule #1 of teh internetz:
Don't download pronz.

captain_obvious · « **Reply #2 on:** July 07, 2012, 03:44:25 PM »

Quote from: FarShot on July 07, 2012, 02:15:45 PM

Rule #1 of teh internetz:
Don't download pronz.

I don't download porn hence the confusion as to how I got infected.

Mario · « **Reply #3 on:** July 07, 2012, 04:37:22 PM »

Few vectors come to mind:
1. You opened an e-mail attachment you shouldn't have\downloaded an infected program
2. Drive by downloads from infected sites which exploit security vulnerabilities in operating systems
3. Infection via Flash Drives, there is malware which infects you as soon as you plugin a device

FarShot · « **Reply #4 on:** July 07, 2012, 05:49:32 PM »

Quote from: captain_obvious on July 07, 2012, 03:44:25 PM

I don't download porn hence the confusion as to how I got infected.

Joking aside, good job annihilating the little bugger.

captain_obvious · « **Reply #5 on:** July 08, 2012, 08:03:10 AM »

Quote from: USS Sovereign on July 07, 2012, 04:37:22 PM

Few vectors come to mind:
1. You opened an e-mail attachment you shouldn't have\downloaded an infected program

Possibly, but I am very careful about opening emails from unknown sources and I never ever open attachments from people I don't know.

Quote

2. Drive by downloads from infected sites which exploit security vulnerabilities in operating systems

This is what I've been thinking. I have an idea as to where I might have picked it up from. I'd downloaded a program to convert my music collection from .ogg to .mp3 so it would work on my cars stereo system. As such I uninstalled that program rather quickly

Quote

3. Infection via Flash Drives, there is malware which infects you as soon as you plugin a device

I'm pretty doubtful about that one. I only use 2 flash drives and both of these were until recently only ever used on my pc and my parents pc. Their pc was entirely unaffected by this infiltrator. The only other thing 1 of these drives has been used on is my car as it now holds my music.

Quote from: FarShot on July 07, 2012, 05:49:32 PM

Joking aside, good job annihilating the little bugger.

Thank you

News:

Author Topic: Arrrgh! Trojaned! (Read 721 times)

captain_obvious

Arrrgh! Trojaned!

FarShot

Re: Arrrgh! Trojaned!

captain_obvious

Re: Arrrgh! Trojaned!

Mario

Re: Arrrgh! Trojaned!

FarShot

Re: Arrrgh! Trojaned!

captain_obvious

Re: Arrrgh! Trojaned!