1. Reminder: Please user our affiliate links to get to your favorite stores for holiday shopping!

Computer major virus attack

Discussion in 'Open Discussion' started by Chuck Pike, Oct 22, 2010.

  1. Chuck Pike

    Chuck Pike Mu-43 Veteran

    333
    Apr 3, 2010
    Charlotte, NC.
    I went to the Carolina Renaissance Festival taking several photographs, and someone emailed me about taking a picture of her family. I asked them about how they found me, and they told me that they had found a picture from last years Renaissance Festival looking at Google photos (not sure if that is the exact name). Well, I had added over 100 pictures from the first day of this year festival to my web site, and thought I would see if Google had any of my pictures listed. I saw someone elses photos of some group I hadn't seen at the site, and so l clicked on it, but I didn't open the site that it took me to as it seems different from what I most often see. At once, I couldn't use my computer. I kept hearing my head set say, "you have a virus". I looked, and there on my screen was a notice that I had a very bad virus, and I needed to down load this software in order to protect my system.
    It was using a page that looked like the Microsoft Logo, and tried to make you think is was from them. It told me in about thirty seconds that it had scanned my computer and I had 1,401 files with virus in them. It told me that they would let me on the internet unless I purchased this software. I didn't click any other buttons, but turned off the computer.

    I stopped at once and call my IT person who tried to gain access from his computer to control my computer. And while we have done this in the past, this time it would allow me access to the internet. I ended up having to take my computer over to my IT friend, who has now had it for several days. He isn't sure if he can remove it, and may have to format my whole computer and start over.

    The good news is that I am paranoid about my photo files. I have two externals. One backs up each night, and the other backs up the original files when I download photos to my computer. I also have an archival hard drive that sits in a cabinet and I only back up at the end of each month that months folder. So the worst news is that I may have to rebuild my workstation hard drives. The good news is that I have the original photo files on a archival hard drive, and most of every important shoot backed up to DVD's. He thought I was going over board in my backing up back ups, but not any more.

    I was told that each time that they thought that they had killed the virus, that it had changed its name and would hide in 5 new folders. Neither Norton nor AVG had a fix for this virus. The take away, is that you might not want to go to sites that you don't know about. I tried to contact Google, but don't see where you can do that. Anyway, I hope that this warning helps someone out there. I will be ok, but only because I was keeping my system backed up to several layers, and that was only because I was trying to avoid hard drive failure. I hadn't even thought about a virus being able to do this.

    Follow up to first report.

    My IT person set up a computer that can't be hurt to see where I was picking up this virus. I surfed the web for a few days going to sites like this one to see where I might have been infected. After surfing for several days, I finally was able to find virus after virus on Google images site. I had typed in renaissance festival and 2010 carolina renaissance festival and was able to get virus from both searches. The key for what was hurting me had (grun.lu) at the bottom of the pictures. I went seaching and not looking at the pictures, but for that tag at the bottom of the picture and every time I clicked on an image there came up a report that a virus had been stopped and was placed in the vault.

    I have notified Google Security and my IT person is going to wipe my workstation clean and rebuild the system for me. I have backed up and backed up again and he thought I was going over board, but not any more. I have an archive backup that isn't hooked up to my system for just this sort of thing. I have much of my work that is important to me on DVD's and I am thinking about keeping my memory cards and just buying new ones to replace them, much like we would have done with slides and rolls of film.

    I am going to use my workstation just for my work, and not have it hooked to the internet most of the time, but just for uploading to my web site. It is a shame that someone would like to go around and destroy a good thing for the rest of us.

    Hope that this helps someone else from going through what I have just gone through. My workstation is less than a year old and cost just under $2,000. It really flies when working on files, but I am not a rich man and it would have been hard for me to replace this unit. My laptop is a cheap one, and in the future it would be more cost affective to just toss it than repair it. And remember back up, back up and back up some more, and keep an archival hard drive somewhere other than plugged into your computer.



    Images for books, magazines and calendars | photosbypike
     
    • Like Like x 3
  2. greerd

    greerd Mu-43 Regular

    Do you have the name for it? I know that there is adware that tells you your computer is infected and only it can clean it, also unless you have an empty HDD I think it would take much longer than 30 sec to do a scan.

    Anyway, I'm glad I use Linux, although I run clamav virus scan daemon just so I don't pass anything on
     
  3. feppe

    feppe Mu-43 Regular

    Every single time you get a popup saying you have a virus, it's either virus/trojan itself or an ad, unless it's coming from a program you have already installed. Best solution is to close the browser immediately, unplug internet physically, and run a full virus scan.

    Sorry to hear about the mess. One thing I noticed about your backup setup: you don't have off-site backup. You seem to be covered pretty well, but if you have a fire, theft, water damage, etc. you are likely to lose your photos. I use Mozy for online offsite, and I also have a portable backup HDD I store at work.
     
  4. LisaO

    LisaO Mu-43 Top Veteran

    798
    Mar 18, 2010
    New York Metro Area
    Lisa
    What operating system are you using? Windows XP is a dangerous OS. Windows 7 is better, Mac OS X is safer still. I have never seen a Mac virus.
     
  5. grebeman

    grebeman Mu-43 All-Pro

    Mar 13, 2010
    South Brent, south Devon (UK)
    Barrie
    Lets not forget Linux, as secure as Mac and a lot cheaper, another system that is not targeted by people writing malware and the like.

    Barrie
     
  6. Chuck Pike

    Chuck Pike Mu-43 Veteran

    333
    Apr 3, 2010
    Charlotte, NC.
    My O.S. is XP Professional.

    I just about had to get XP as I was afraid my Nikon scanner wouldn't work with a later version of windows. I had to use my first scanner as a door stop because Nikon doesn't care to update its programs to newer O.S. systems. I didn't write down the name of the bug so I can't share that with you. And yes, if you have ever watched a computer scan your hard drives you would know that it wouldn't be able to scan your computer in 30 secs. My IT person runs a business that keeps several companies system running and he has a program that he hopes will be his retirement. He said that he had never run into anything like this.

    He told me I might want to stay away from photo sites, and I told him that it was part of my business and that wasn't an option. I will stay with sites that I trust, and this is one of them, along with DPreview and Nikonian.

    My daughter in law had an interesting take on all of this. I had bought my workstation to be my photo digital darkroom. She said, "Take it off the net, and when I need to upload to my account at PhotoShelter, to use a thumb drive and transfer the files from my server to my laptop to send out work." I have worked with my digital darkroom for several years and this is the first time a virus got through the fire wall and past my software protecting me. I have upgraded the version of software from free to a purchased version hoping for better protection.

    Images for books, magazines and calendars | photosbypike
     
  7. grebeman

    grebeman Mu-43 All-Pro

    Mar 13, 2010
    South Brent, south Devon (UK)
    Barrie
    I would suggest your daughter in law has a very valid point. For some time I have used Puppy Linux to access the internet. This can be configured to run from a live DVD which has all configuration changes saved back to it and the system runs entirely in ram. Once that process has been gone through there is no need to save anything back to the DVD, indeed when finished with the computer can be just powered down, thus any viruses written to the system will be lost since they were in the ram. There is still the possibility of something nasty being in a downloaded file saved to your pen drive or whatever but these could be separately virus scanned, nothing can get into your computer system.
    If I was using windows I would use a different pc or a laptop exclusively to access the internet and thus keep my main photography pc divorced from the internet.

    Barrie

    Barrie
     
  8. greerd

    greerd Mu-43 Regular

    Ok, the reason I asked about the adware was that IT is an all encompassing term and didn't know that you guy was into security. Often IT people are thought of as computer wizards, which is seldom the case.

    Looks like your luckily in good hands. Hopefully you have a recovery point set that isn't to old.
     
  9. isabel95

    isabel95 Mu-43 Top Veteran

    CNET'S post about popups today

    Worth reading.


     
  10. Djarum

    Djarum Super Moderator

    Dec 15, 2009
    Huntsville, AL, USA
    Jason
    Ran into this problem at work. 5 different AV programs couldn't find it. Ended up using MALWARE Bytes. Worked like a charm.
     
  11. Fiddler

    Fiddler Mu-43 Veteran

    I have two computers - a mac and another running Ubuntu Linux 10.10. I keep a copy of all my photos on each machine. The chances of either getting a virus or trojan are so remote as to be effectively zero. I'm just not willing to waste my time on Windows anymore...

    Ubuntu homepage | Ubuntu
     
    • Like Like x 2
  12. grebeman

    grebeman Mu-43 All-Pro

    Mar 13, 2010
    South Brent, south Devon (UK)
    Barrie
    I still use Windows 2000 on one computer to run Photoshop 7 which I use for my printing and scanning work, it has NO connection to the internet. I guess I'll have to rethink this if and when I have to get a new printer or scanner and they have no Windows 2000 drivers.
    All other work including RAW editing and internet connection is on computers using Linux.

    Barrie
     
  13. mick / Lumix

    mick / Lumix Guest

    169
    Oct 3, 2010
    When I think back to the PC laptop it seems like something from the dark ages : virus or trojan problems, vast amount of time spent on updates, crashes, photos that change brightness / contrast every time I looked slightly up or down, no photo detail, ages to switch on or off. Now have Mac Book Pro, no problems, life is worth living !! Thank you Mr Apple.
     
    • Like Like x 2
  14. Fiddler

    Fiddler Mu-43 Veteran

    You said it all :thumbup:

    QUOTE=mick / Lumix;59237]When I think back to the PC laptop it seems like something from the dark ages : virus or trojan problems, vast amount of time spent on updates, crashes, photos that change brightness / contrast every time I looked slightly up or down, no photo detail, ages to switch on or off. Now have Mac Book Pro, no problems, life is worth living !! Thank you Mr Apple.[/QUOTE]
     
  15. juno

    juno Mu-43 Regular

    33
    Sep 20, 2010
    Only problem with Macs is that as more people use them, the more likely it is that the virus writers will attack. It'll happen one day for sure.
     
  16. Iconindustries

    Iconindustries Mu-43 Hall of Famer

    Talking about linux, I found this pretty interesting. I was looking on wiki and according to them Linux has a lower market share as OSX. The OS that has the biggest share in mainframes is IBM System-z who have a 90-95% share. But in Supercomputers the June 2010 figures show linux in the lead at 91.0% as opposed to Microsoft which run at only 1.0%.

    I thought it was interesting that on desktops and laptops Linux is a fairly small proportion but they dominate the Supercomputer OS.

    It made smile when one night I had a popup that looked exactly like what would come up on a windows computer and it said 'Microsoft has found a malicious virus on your system' The thing that made me laugh was that I run OSX Snow Leopard. I deleted the Tab in Safari and kept going, but I really wonder how many people get sucked into these things, thinking it's real.

    When we used to have our old PC running XP we had no end of trouble with it. In the end I think the whole cause was the Antivirus itself. I don't want to judge any antivirus companies but I have a bad feeling that Norton (Symantic) Antivirus is a bit dodgy. I have talked with various IT guys and they told us to stay clear of Norton.



    But now we run only OSX we haven't got any problems. Why is it that OSX is better at resisting viruses? I was just surprised to read that Google is changing over to OSX and Linux because of the Big China Google Hack.
     
  17. greerd

    greerd Mu-43 Regular

    Linux has been flirting with the 1% desktop usage for some time now, thats according to marketing numbers. But how does one count or keep track of open source that is free to down load and distribute. I have two desktops and a laptop all with dual boot win/lin on all of them, with my windows included with the purchase so I have marked up three ticks for windows but none for linux. I only boot into windows once a year and thats for taxes.

    Mac is making a charge lately and good for them, but even though Mac and Linux are from similar roots, Mac is closed tight while Linux is wide open, opposite ends of the spectrum.

    They say desktop OS's will be pretty much a thing of the past in a few years with 'the cloud' taking over, our desktops will be nothing more than a glorified web browser. This is what Google, Microsoft and Oracle are now fighting over, can you say chrome?
     
  18. DDG

    DDG Mu-43 Regular

    83
    Jul 15, 2010
    It was using a page that looked like the Microsoft Logo, and tried to make you think is was from them. It told me in about thirty seconds that it had scanned my computer and I had 1,401 files with virus in them. It told me that they would let me on the internet unless I purchased this software. I didn't click any other buttons, but turned off the computer.

    I ran into the same kind of problem. I don't remember what website I was trying to surf to, but instead of the expected page, I got one that, as you say, looked very "official". I didn't click any of the links on that page, but when I tried to close it, I got popups informing me that my computer was being attacked by...whatever trojans, and I needed to buy something called "Security Tool" to get rid of them.

    Although the malware didn't prevent me from opening web pages, it would almost continually generate popups. When I tried to run an antivirus scan (Avast), the scan would start, run for a few minutes, then would be aborted. I did a Google search on "remove security tool", and got quite a few relevant hits. The first link I clicked took me to a page that said the malware could be deactivated (although not removed) by typing ctrl+alt+delete to bring up the Windows running processes display, then stopping any processes that have names consisting solely of numeric characters. I tried to do that, but every time I tried, the malware would put up a popup and prevent the running processes box from displaying. I clicked on another of the Google links, and found out that if I rebooted and held down ctrl+shift+esc as soon as I logged into the computer, the running processes box wouldn't be prevented from displaying. I did this, and it worked. I stopped the process and ran another scan, but nothing was detected. Since I now knew how to at least deactivate the malware, I decided to reboot without stopping its process, just to see what would happen. Well, when I did that, Avast detected and neutralized it as soon as it started running (I presume).
     
  19. Chuck Pike

    Chuck Pike Mu-43 Veteran

    333
    Apr 3, 2010
    Charlotte, NC.
    May have fixed it.

    My IT person said if he knew how long it was going to take, he would have reformatted the drives and rebuilt the computer as that would have taken less time. I am working off my laptop for now, and the workstation is just being used for my photowork. I would have had grey hair by now, but I am mostly bald. Just going to be glad to get back to real work. I have been running one scan after another, and the first one picked up 15 threats, after that they have all come up clean.

    Someone asked the name of the Trojan it is: Trojan Horse Generic19.BMDD
    and one ending in FZ. It kept renaming itself and seemed to attach itself to Adobe files the most. I guess the best news is that it has come up clean in the last three scans. I will keep you informed if it comes back.

    Images for books, magazines and calendars | photosbypike
     
  20. grebeman

    grebeman Mu-43 All-Pro

    Mar 13, 2010
    South Brent, south Devon (UK)
    Barrie
    One of the main features of Linux is its networking ability that was built into it from the beginning, and along with that went security. I think many of the supercomputers are actually a network of many smaller computers all co-operating on the same task.

    With regard to market share, for personal desktops Microsoft is a large corporation with marketing clout, as to a lesser extent is Apple, Linux is essentially a concept that is embraced by amateurs or a spin off from larger corporations who market Linux to other large corporations making money by setting up servicing contracts.

    Barrie