# Virus that's getting through Shaw Secure..



## Saffire (Apr 26, 2010)

and possibly other virus checkers.

It shows up as different things based on the version of windows you're using. Win7 security 2011, XP security 2011, and so on. My step son got it on his computer last week and I was the one tasked with figuring out what was wrong with his computer. I *thought* it was a program that he put on or came with his new system so I decided to purchase it. Dumb move! Had to cancel my credit card and now my CC company won't back me or remove the charge OR even flag this company as a scam. Unreal... but back to the virus...

I suggest everyone read up on it, write down the things you need to do to get rid of it and cross your fingers you don't get it. Once you do it locks your entire system and won't let you run any anti-virus or connect to the internet. If you don't know how to get it off and don't have access to the internet with another computer you're hooped and are going to be spending money for someone else to get rid of it for you.

I even got it on my work computer today and, trust me, I don't download files, music or porn! I have no idea where it came from.

So hopefully no one else will go thru what I did. And a word of warning... apparently CC companies will not fight a charge if you received something for your money.. and yes, I received a virus so in their eyes I DID receive something. What a joke!


----------



## Chronick (Apr 27, 2010)

i hated using shaw secure, i use avast antivirus, rates one of the top antiviruses on cnet


----------



## taureandragon76 (Apr 21, 2010)

I had the same very problem and I couldn't run a damn thing, I called Shaw and the guy remotely worked on my comp for hours and solved the problem at no cost, it's good to not just use Shaw Secure. I run malawarebytes, cc cleaner and super antispy.


----------



## effox (Apr 21, 2010)

I don't trust shaw secure either. I use AVG.


----------



## Chronick (Apr 27, 2010)

effox said:


> I don't trust shaw secure either. I use AVG.


ESET Smart security, AVAST, and AVG are the best antiviruses in my oppinon. Spybot is okay as well


----------



## Grete_J (Oct 5, 2010)

Firewall on all the time & a Mac with the good old PowerPC processor! I've only ever had virus problems with intel/pc based gadgets


----------



## gmachine19 (Apr 21, 2010)

So what is this virus like? What are the characteristics? Can you go in safe mode if this thing happens? Can you possibly put a link for me to read. Thanks, I'm one of the poor folks thats using shaw secure...


----------



## Saffire (Apr 26, 2010)

Do a search for "security 2011". You can add your operating system name before to get the directions for your specific version.

I did a quick search and it looks like it's getting thru McAfee as well. Stoopid viruses!

https://community.mcafee.com/thread/30466


----------



## davefrombc (Apr 21, 2010)

Viruses like that one get by your a/v because you click on a button to install it. It doesn't matter what a/v you have . It is likely a variation of one that's been around for some time.. It disables your a/v and browsers.... but unless the SOB's "fixed"a little error in their garbage , you can still use MSN Messenger , and maybe Yahoo Messenger. I have helped friends who got that nasty , or a version of it .. If you don't have Malwarebytes, get it. If you have the virus blocking your browser, get a friend to download Malwarebytes and send it to you as a file transfer in Messenger. Install and run it. Be sure to get the update. Then after running MB you may be able to use your browser and A/v .. Otherwise you may need to reboot first, then run your a/v with all updates . 
If you can't run MB, boot into Safe Mode and run it from there.
By the way . . if you suddenly get a warning of a virus and sudden "scan" when you go to a website, close your browser, don't click on the red x in the box showing the scan.. Either close the browser with the X box at the top of the browser , or use the ctrl/alt/delete to open task manager and close the browser from there . Clicking the X in the box of that phony virus alert actually installs it .
You can get the free Malwarebytes at Malwarebytes


----------



## gmachine19 (Apr 21, 2010)

Thats what I think Dave. But we can never know. It could be a new coding. I'm really concerned to know more about this virus because I'd rather loose a limb than my computer. So to speak...+

I've never heard of malwarebytes before. Are they reliable and compatible with win7 x64? I don't want it to screw up my comp just like norton (PIECE OF C***) did last year.


----------



## davefrombc (Apr 21, 2010)

Malwarebytes works with all versions of Windows from XP on in both 32 bit and 64 bit machines .. I use it in here .. Win 7 Pro/ 64 bit.


----------



## gmachine19 (Apr 21, 2010)

Thanks for the info dave!


----------



## JUICE (Jan 4, 2020)

hey dave is that site safe to download the free version of malarebytes ? major geeks i think , i would like to try the free version


----------



## CRS Fan (Apr 21, 2010)

Thanks for the tip Dave. Since downloading and running that program, my computer sped up and it found something that Norton did not...... grrrrrrr


----------



## gmachine19 (Apr 21, 2010)

Downloaded and tested Justin. Ran shaw secure and windows defender nothing found. So far my computer is acting normal even after dling it 1 hr ago.


----------



## JUICE (Jan 4, 2020)

gmachine19 said:


> Downloaded and tested Justin. Ran shaw secure and windows defender nothing found. So far my computer is acting normal even after dling it 1 hr ago.


did u get the free version ? from that site major geeks ?


----------



## gmachine19 (Apr 21, 2010)

I got the free version from that site yes.


----------



## effox (Apr 21, 2010)

Between AVG and Malware bytes I don't think I could get a virus even if I tried.


----------



## davefrombc (Apr 21, 2010)

You can get infected no matter what protection you are using if you click the wrong button ... Malwarebytes catches and cleans most viruses/trojans/ spyware when you run a scan .. but it does not catch all. You can get a nasty while running any anti-virus if you click the wrong button.. MajorGeeks is a safe place to download programs from .. They offer a lot of free programs and downloads of trial versions of a lot of other software.. The free version of MB only runs when you do a scan with it. It is not an anti-virus program in itself. You need to run a fulltime anti-virus program also . Norton is likely the best pay program. There are several free ones .. I prefer AVG Free or Microsoft's own Security essentials. Others swear by a free one from Avast, or Avira; Truth is , all the major pay and well known free a/v's are good, but not perfect. Shaw Secure now uses F-Secure's anti-virus engine rebranded to Shaw's logos . It is also a decent a/v program. Shaw has changed providers of the a/v a few times .. depends on who offers them the best deal. To best protect yourself, always run an a/v program and make sure it is kept up to date. You can use a pay program like Norton McAfee, or Kaspersky, or free ones from Avast , Avira, AVG or Microsoft .
Personally , I use AVG Free on one pc and Microsofts Security Essentials on this one . Don't click on links in e-mail unless you know the sender, and you are expecting the link. E-mail mailing lists do get compromised and used to spam people in the list with adware and trojans pretending to be pictures or whatever from friends. Scan any downloads you get with your a/v before opening or installing them. If you get a sudden virus warning and what looks like a scan going on when you visit a website , immediately shut down you browser by either clicking the red X at the top of the browser , or better yet , the Ctrl/alt/delete to open task manager and shut it down from there.. Clicking anywhere on that phony scan, including its red X button will install the virus, bypassing your a/v program. Also , keep you Windows updated with all their security updates .. Update Tuesday will be giving us a load of them this month,. There's 12 security updates coming for XP , 11 for Vista and 10 for Win 7.
Be safe, not sorry; think before you click that link or accept the picture or file from a friend in e-mail or a chat unless your friend has told you to expect it. I know there's a couple of people on the forum can vouch for those warnings .. they have been hijacked and had malware sent out to friends on their contact lists before..


----------



## rescuepenguin (Apr 21, 2010)

If you can't access the websites of security software makers, search your computer for a file called hosts.txt you can find it at C:\WINDOWS\SYSTEM32\DRIVERS\ETC. If it actually 
has any entries in it, replace it with a new one from an uninfected computer. You should be able to access the websites after that.


----------



## davefrombc (Apr 21, 2010)

I dropped in on Pinkjell today and tried removing the fake anti-virus infection she had with no success.. It is a particularly nasty one that not only disables browsers and anti-virus programs, but sets up some re-directs in the computer to keep programs from running properly in Safe Mode .. With the name of the piece of crap , I was able to come home and get instructions and a couple of files that will hopefully allow me to end the re-directs and then use Malwarebytes to get rid of the Vista Home Security 2011 virus. That particular malware is one variant of a rogue A/V that goes by several names and hits pcs running XP, Vista and Windows 7. Most often people get hit by it when they visit a website that has been compromised so that visiting it caused the phony virus alert and "scan". 
If you get something similar , do not click on anything on the webpage. Close the webpage by either rebooting the computer or using the Control / Alt / delete to open Task Manager and close the browser application from there. That rogue anti-virus is setup to install itself if you click on it to stop it or accept it .. any click on the webpage starts the install process, so you need to close the browser itself or shut down /reboot the computer to close the browser.
Round 2 will be next week. I'll post whether we were successful or not after the battle .


----------



## Slopster (Mar 14, 2011)

Have you tried SpyBot search and Destroy?


----------



## gmachine19 (Apr 21, 2010)

I remember removing one of those manually about a year ago. They are truly well coded. I had to figure out which program was doing it and manually remove the files from its installed location. Then went into the registry to remove them too. And then when I can access the net, I downloaded pcdoctor ( I can't remember) and deleted the stuff I cant find. Hopefully you're successful Dave.


----------



## davefrombc (Apr 21, 2010)

That piece of crap disables installing or running it or any other exe type program. I grabbed a couple of tools to run to re-enable installations and programs to run properly . Malwarebytes will kill it once we can run it. I don't doubt Spybot or SuperAntispyware would too.... but they have to be able to be downloaded and run. Spybot used to be my fav tool, but after having some trouble with it a couple of years ago , I've used other programs. I will be visiting with my own laptop so if I need other tools , I'll be able to access the net to get them and put on USB drive to move to hers.
There is a long list of files to search for and remove if one goes to do it manually ; and a serious danger of blowing the Windows if I kill the wrong registry entry .. That will be an absolute last resort .

This piece of crap is a lot more sophisticated than the versions I helped remove last year. I went over today thinking I could kill this one the same way but it's a "new and improved" piece of nasty that needs new and improved methods and tools to kill.


----------



## `GhostDogg´ (Apr 22, 2010)

Chronick said:


> ESET Smart security, AVAST, and AVG are the best antiviruses in my oppinon. Spybot is okay as well


I've used all 3, avast is 1 of my faves.
I'm currenly using ESET Smart security & it's always updating like every 30-45 mins automatically.
I've had no probs so far.
*Knocking on wood...


----------



## rescuepenguin (Apr 21, 2010)

Here is another tip for you, most people I know use their computer for day to day computing with an administrator account. The writers of this malware know that and take advantage of it. 

I very strongly recommend people create a non administrator account on their computers for day to day use. This will trigger a second warning asking for an administrator password (Vista and Win 7). If you don't supply a password, the software will not get installed. 

This is a safety feature microsoft installed, the same one that a certain competitor made fun of in some ads they ran.

Steve


----------



## Morainy (Apr 21, 2010)

Davefrombc, it's really good of you to help Pinkjell that way. I'm very interested in knowing how you get her computer up and running again. My laptop has been closed down since it was infected more than a month ago (maybe 6 weeks or so). It's got 4 in-progress novels on it! 

I was not able to install Malwarebytes on it using a flash stick because it wouldn't load from the USB. It wouldn't run from a CD, either. And although Malwarebytes was installed on it, it wouldn't run Malwarebytes, it would redirect to the download of doom. Pressing Control+Alt+Delete wouldn't stop the download of doom for more than a few seconds.

I'm probably going to wipe the hard drive and reinstall my operating system early next week, but obviously not only is that time consuming but it's going to come at a big cost in terms of data. So, any tips that you figure out from your experience with Piinkjell will be helpful!

RescuePenguin -- your tip about admin accounts is excellent. Thanks.


----------



## rescuepenguin (Apr 21, 2010)

I'm looking for someone to email me a copy of the hosts.txt file from a computer that has been infected. I suspect that the malware is installing entries into it to cause the redirects, but I need to see one first. If that is the case replacing the infected file with a non infected one should stop the redirects.

The file can be found at C:\WINDOWS\SYSTEM32\DRIVERS\ETC.

Steve


----------



## davefrombc (Apr 21, 2010)

Google Vista ( XP or Windows7) Home Security 2011 for all sorts of information on that malware. It is the same poison with 3 different labels, and it does have a re-direct in it to keep A/V's and utilities from running to remove it. Try to run any exe file and it gets directed to the phony a/v to run it again. I have a couple of small files that are supposed to fix that that I got from one windows help forum I visit occasionally. Mo.. Don't wipe your laptop. Your data is saveable . Be patient and give me a chance to come in there with some toys. We can either get the garbage out and recover the OS , or we can pull your data off before you reload the system.


----------



## davefrombc (Apr 21, 2010)

Got that fake a/v out this evening
Those two files I got disabled it and then we were able to load Malwarebytes and clean out the garbage .


----------



## gmachine19 (Apr 21, 2010)

One tough virus eh dave?


----------



## effox (Apr 21, 2010)

Thank god for safe mode. I really appreciate it not loading all the services and programs in the registry or start up folder.


----------



## davefrombc (Apr 21, 2010)

One nasty one .. Took more than Safe Mode to get rid of it.
It used a re-direct to stop programs from running by re-directing their start files to itself so when you tried to run an a/v or most other programs it instead started the fake a/v scan .... even in Safe Mode .. Took two files to fix the re-direct and stop the fake .. then Malwarebytes could be run to clean it out .


----------



## effox (Apr 21, 2010)

davefrombc said:


> One nasty one .. Took more than Safe Mode to get rid of it.
> It used a re-direct to stop programs from running by re-directing their start files to itself so when you tried to run an a/v or most other programs it instead started the fake a/v scan .... even in Safe Mode .. Took two files to fix the re-direct and stop the fake .. then Malwarebytes could be run to clean it out .


So it specifically targeted your AV prog? Wow, that seems really nasty in my books.


----------



## davefrombc (Apr 21, 2010)

Nope.. Not just a/v programs. Re-directs all .exe files, and possibly some other extensions to itself.


----------

