SD PC Support Blog! July 20th, 2017



Posts in the ‘Uncategorized’ Category

December 30 th

0

Government Warning in Browser -> FBI Virus

If you are receiving a “Government Warning” in your browser, especially if the warning asks you to pay money, you are likely a victim of the new “FBI Virus.” To this day the technicians at San Diego Virus Removal have never seen an official U.S. Government wanting like this, so you can be nearly positive this is in fact a virus.

In most instances we find the warning to ask users to pay money via “Moneypak”, a money-transfer system similar to pre-paid debit cards. Because the warning so commonly references Moneypak, the virus is sometimes called the Moneypak virus as well.

Warning: We highly suggest you do not pay this fine. If you do, you will lose your money and the virus will not be removed.

San Diego Virus Removal can remove the FBI virus, rid your laptop of the fake government warning, and restore your computer to working order. The service generally takes one hour, although this can vary significantly from computer to computer, depending on a variety of factors. If you have questions about these factors, please feel free to contact a San Diego Virus Removal technician here: Contact Us 

What does it look like?

Below are some images of the virus as we’ve seen it recently:

FBI Virus / Moneypak Virus, version 1

FBI Virus / Moneypak Virus, version 2

FBI Virus / Moneypak Virus, version 3

FBI Virus / Moneypak Virus, version 4

December 3 rd

0

How to Remove: VBS Autorun Worm (VBS/Autorun.worm.aadd!lnk)

In the first installment of our new series “How to Remove” we’ll be talking about one of the most common computer viruses in San Diego today; the VBS Autorun worm. This is a very interesting virus because it infects removal drives such as USB sticks, flash drives, and external (portable) hard drives.

The first important thing to understand about this virus is how it spreads. By infecting removable media, it spreads from computer to computer by you, the user. It does this by replacing one of your files with a shortcut file of the same name. The shortcut is actually a command which will run in the background, execute the actual virus, then open your file as you originally thought you were doing. By acting in this way, the user will almost never notice that they just infected the computer. Sound complicated? It’s not. Here’s an example that will help.

Let’s say you have a portable hard drive with a Word document on it named “MyResume.doc” and this drive gets infected by the VBS Autorun Worm. What the virus does is the following:

  1. Makes your actual doc “hidden” and a “system file”. This makes the file invisible to you.
  2. Creates a new file called “MyResume.lnk” which will be visible to you, and look very similar to your original one.
  3. Creates a hidden script file called “help.vbs”

Now, when you go to open your file, you will actually be double-clicking on the “MyResume.lnk file, which will perform the following task: C:\WINDOWS\system32\cmd.exe /c START help.vbs & start MyResume.doc & exit.

In plain english, it opens a command promp, opens the virus file (help.vbs), opens your document, then closes the command prompt window. It does this so quickly that you probably wont even notice the black command prompt box opening and closing.

 

So, how do we remove this nasty virus? Well, the easiest way to clean your removable media is to format the entire drive using a clean computer. This will permanently delete all of the files on the drive, and it requires a clean computer.  To clean the now-infected computer we have to take a few more steps.

How to remove VBS/Autorun.worm.aadd!lnk from your computer

  1. Delete all of your temporary files, looking specifically for the following:  %Temp%\Servieca.vbs
  2. Delete the following file: %AppData%\oguscovbpx.vbs
  3. Delete the viral file from your user’s startup folder: %UserProfile%\Start Menu\Programs\Startup\Servieca.vbs
  4. Repeat step 2 for all users on the computer
  5. Delete this registry key: HKEY_LOCAL_MACHINE\software\Filename
  6. Delete this registry key: HKEY_CURRENT_USER\S-1-[varies]\ njq8 = “n”
  7. Delete this registry key: HKEY_LOCAL_MACHINE \SOFTWARE\FileName\ = “false – Date of Execution”
  8. Clean your removable media, such as thumb drives, portable hard drives, flash drives, etc.

 

April 3 rd

1

Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1 preload1
Real Time Analytics