The Naked Scientists

The Naked Scientists Forum

Author Topic: How did Ransomware get on my machine?  (Read 2874 times)

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3818
  • Thanked: 19 times
    • View Profile
How did Ransomware get on my machine?
« on: 02/12/2013 15:19:44 »
Recently after setting up a new 500Gb drive on my PC I ran "Exterminate It" and was surprised to find two instances of ransomware thrown up that had not been detected by my regular anti virus program (admittedly I had not done a full scan as I had only loaded what I thought to be clean software) .
These were not causing any loss of performance as far as I could see and were removed by "Exterminate It" with no recurrence, I believe they might have been part of some rogue bit coin mining scheme.   
« Last Edit: 02/12/2013 23:43:03 by chris »


 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8125
  • Thanked: 53 times
    • View Profile
Re: Ransomware
« Reply #1 on: 02/12/2013 20:17:19 »
Some free antimalware is malware in disguise ... https://en.wikipedia.org/wiki/Rogue_antivirus

"exterminate-it" has a "very poor" WOT rating ... https://www.mywot.com/en/scorecard/exterminate-it.com

"Exterminate it!" is listed as rogue ... https://en.wikipedia.org/wiki/List_of_rogue_security_software

I use the free version of MBAM as a second opinion,
[ MBAM has an "excellent" rating on WOT ... https://www.mywot.com/en/scorecard/malwarebytes.org ]
« Last Edit: 02/12/2013 20:32:36 by RD »
 

Offline CliffordK

  • Neilep Level Member
  • ******
  • Posts: 6321
  • Thanked: 3 times
  • Site Moderator
    • View Profile
Re: Ransomware
« Reply #2 on: 02/12/2013 20:27:21 »
Ouch,

I wonder if these were False Positives, as it sounds like true ransomeware actually locks access to part of your PC until the "ransom" is paid.  I don't think I've run across that yet, although I've encountered anti-spyware programs that were difficult to remove, and had annoying popups unless one paid to buy the program.

As far as "bitcoin mining", if a virus or worm encountered a bitcoin wallet, it likely could just steal the wallet, or perhaps capture any necessary ID codes, then steal it.  No need for a "ransom".
 

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3818
  • Thanked: 19 times
    • View Profile
Re: How did Ransomware get on my machine?
« Reply #3 on: 03/12/2013 00:09:12 »
I am surprised to see exterminate it listed as rogue I have always thought it was rather good but now it is removed, malwarebytes thru up a few adware malwares but nothing serious.
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8125
  • Thanked: 53 times
    • View Profile
Re: How did Ransomware get on my machine?
« Reply #4 on: 03/12/2013 02:22:22 »
I am surprised to see exterminate it listed as rogue I have always thought it was rather good ...

That can appear to be the case as the rogue-antimalware will find things that legitimate antimalware doesn't find. But it's not more effective : the things it "found" didn't exist before the rogue was installed , i.e. it planted them , (then will offer to remove them for a fee).
 

Offline CliffordK

  • Neilep Level Member
  • ******
  • Posts: 6321
  • Thanked: 3 times
  • Site Moderator
    • View Profile
Re: How did Ransomware get on my machine?
« Reply #5 on: 03/12/2013 06:17:48 »
I will say that even some of the "good" antispyware programs such as Adaware or Spybot will ALWAYS find something wrong the first time the program is run.  Many of the issues are minor.  A few cookies here and there.  Perhaps a few registry issues. 

But, at least they don't make things up.  And, they are FREE for non commercial use.
 

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3818
  • Thanked: 19 times
    • View Profile
Re: How did Ransomware get on my machine?
« Reply #6 on: 06/12/2013 10:44:14 »
I tried the same procedure on another newly formatted drive, no signs of "ransomware" with exterminate or any other antivirus it must have been some scam anti virus that snuk in when I loaded something else from the internet.
 

Offline CliffordK

  • Neilep Level Member
  • ******
  • Posts: 6321
  • Thanked: 3 times
  • Site Moderator
    • View Profile
Re: How did Ransomware get on my machine?
« Reply #7 on: 06/12/2013 19:52:24 »
Did you delete the programs or quarantine them?
Perhaps there is a log that will give you more info about the actual occurrence.
 

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3818
  • Thanked: 19 times
    • View Profile
Re: How did Ransomware get on my machine?
« Reply #8 on: 07/12/2013 08:28:08 »
I quarantined them I will have a hunt, I am having a battle with a Wi-Fi router at the moment that does not like windows 8.1!.
It works OK on Windows 8.1 but one has to use a computer running Win 7 or 8 to configure it. 
« Last Edit: 08/12/2013 10:15:41 by syhprum »
 

The Naked Scientists Forum

Re: How did Ransomware get on my machine?
« Reply #8 on: 07/12/2013 08:28:08 »

 

SMF 2.0.10 | SMF © 2015, Simple Machines
SMFAds for Free Forums
 
Login
Login with username, password and session length