Disturbing Rogue behaviours of late

Author: cctsterLocation: North Yorkshire PostPosted: Tue Mar 08, 2011 12:41 am    Post subject: Disturbing Rogue behaviours of late

Just got back from a few days of general computer 'wierdness' but all seeming to follow a similar M.O.

Case 1
Friend sent me laptop with 'System Tools' virus on it. The desktop was a blue plaid and in the middle was a window telling the user that it had found many viruses, worms trojans etc. Followed the instructions to remove system tools and took the laptop back and advised my friend to get some anti virus software on the computer because without it she was just asking for something like this. She explained that she had Avast on the computer until this happened and she could not understand what had happened to it as she had not uninstalled it.

Case 2
Lady called up and said that she had seen similar symptoms as in case 1 but they had disappeared. I have not seen this PC yet.

Case 3
Lady rang last week and I looked at her computer this morning. Same symptoms as case 2, (ie rogue window shows up then when computer is restarted it disappears. I ran rkill and then malwarebytes. Malwarebytes found 2 objects which I asked it to remove. REstarted computer and got BSOD in normal and safe mode. Fortunately I was able to back up the data on her hard drive and then re-install windows and restore data. However was quite worried by this turn of events as malwarebytes normally removes stuff without any BSOD.

Case 4
Netbook with same symptoms as cases 2 & 3. Ran malwarebytes and found 50 objects. Set system restore point and removed 50 objects. Restarted system and system BSOD in both normal and safe modes. Reloaded windows.

Case 5
Same symptoms as cases 2, 3 & 4. As PC is old gentleman is going to replace it, so did not do any remedial work on it. Said screen announced itself as 'Spyware' when running it's scan. Also anti virus software had mysteriously 'disappeared'.

So I was just wondering if this was a worrying new trend in the 'Rogue' type trojans?
Has anyone out there seen similar and if they have is there a name for this class of viruses, (Try Googling 'spyware removal'!), and more importantly is there a way of disinfecting systems without rendering them useless because of BSOD?


Neil Harland

