Class Action Lawsuit, Anyone

Elspode · 02-14-2004, 11:03 AM

Yesterday, my wife was trying to send an electronic greeting card from some site with which she was not familiar. A few minutes afterward, her computer began exploding with popup ads, and the whole system ground to a virtual halt (pun intended).

That was at about 11:00 yesterday morning. 24 hours later, we are *still* trying to rid her system of the malware, spyware and adware which is apparently self-regenerating. I spent approximately five hours last night, until five o'clock this morning, trying to manually delete all the components involved in the six or seven separate pieces of offending software on her computer.

I have used five different spyware/malware scanners-eradicators(one of these things shows up as a fucking trojan, according to her virus scanner! Research on another reveals it to be a keylogger-transmission program). Some of it can be uninstalled through XP's Add/Remove Software function, but then you are forced to go through five or six "are you sure you want to uninstall this? Are you *really* sure you want to uninstall this? You don't want to uninstall this, right? Leave this program installed yes/no?" popups...and after you reboot, the same fucking program is still there, along with four or five others.

So now, we have disconnected her system from the network to isolate it, and are re-scanning and re-removing things. I am then going to again sit and go through all the information on each individual piece of malware, and uninstall it bit by bit.

The main culprit is a program called Favoriteman (and several other variations). This program is virtually impossible to identify and eradicate, and it is the one responsible for downloading all the other shit.

This has rendered my wife unable to do her job because her system performance is nonexistant right now...there's so much stuff, it brings her system to its knees, covering her screen with as many as fifteen to twenty popup windows at a time.

This shit *cannot* be legal. It is costing me my entire weekend, and costing my wife her income. If she doesn't get her transcription done *right fucking now*, she could lose her job.

So...two questions. First, does anyone know how to, without a doubt, get rid of Favoriteman (and don't say reformat the drive)? Second, how can I sue the cocksuckers that are responsible for this? This program was loaded on her computer without her knowledge, it stealths itself, it resists removal and it "reinfects" her system every time it is rebooted.

I want someone's balls...

juju · 02-14-2004, 11:35 AM

I always use Spybot Search and Destroy, and AdAware. Apart from that, I also do google searches for techies discussing whatever program I'm having a problem with. Inevitably I'll find many sites with information on how to remove it.

But I've never found anything the first two programs wouldn't remove. AdAware's forums might be a good place to start, if not.

Elspode · 02-14-2004, 11:43 AM

Used 'em both. They don't work on this one. I have just paid $40 for software that claims to specifically remove Favoriteman, because my wife is losing three times that much money per day right now due to her inability to use her computer.

This is bad, bad shit...I've never seen anything like it. Evil. If I could get my hands on the sons of bitches that are responsible for it, I'd throttle them.

juju · 02-14-2004, 11:54 AM

Don't you have another computer she can use in the meantime?

Elspode · 02-14-2004, 11:59 AM

She would have to transfer her transcription equipment (or my computer) from one desk to the other for starters, then she'd have to get all of her transcription-specific Wordperfect macros, dictionaries and stored files to the other computer, and there is *no* way she's moving anything off of her computer to another one until I know it is clean, after which time it will no longer be necessary for her to use another computer.

Unfortunately, transcription entails a lot more than just sitting down and typing in exactly what you hear, at least in terms of infrastructure.

Slartibartfast · 02-14-2004, 06:44 PM

And what website was it that did all this shit?

Sometimes it makes me wish retributive denial of service attacks were legal...

Happy Monkey · 02-14-2004, 07:10 PM

DO NOT USE ELECTRONIC GREETING CARDS.
Almost all of them are only there to collect addresses for spam. The rest also infect your computer.

Scopulus Argentarius · 02-14-2004, 09:56 PM

CWShredder might get the components that persist in reinfecting. Spybot Search and Destroy will get the other ones...

Had something similar happen to someone's machine at work. Couldn't really control the damn thing until I ran 'ROUTE DELETE 0.0.0.0' at a command prompt. That effectively killed TCPIP routing (temporarily -until reboot(s)). Put STINGER and the above 2 programs on the computer via a Netbios Network connection...and successfully got the shit off of the machine.

It took all three. CWShredder found the nuked the way that it re-infected the system.

Scopulus Argentarius · 02-14-2004, 10:27 PM

the nasty reinfected itself through a few inventive ways....

1. a js function exploit in an "assability' style sheet it configured for internet exploder. (internet options - accessability options-somewhere in there..one of the bottom buttons). Starting up ie would re-infect...(or at least partially boot the nasty so it could finish setting itself)

2. a hook into the default action for an exe file (would launcgh it whenever someone launched an exe).. running any program would re-infect/launch (if not already running)

3. an old time "run=something.exe" in the system.ini file along with reg entries in HKLM [& HKLU]\Software\Microsoft\Windows\Current\run ... system eboot would start it

Has anyone else found bugs that infect in suprising ways....?????

Elspode · 02-15-2004, 12:43 AM

I have finally finished fixing the disaster...over 24 hours after I started, and I worked on it for (no exaggeration) 16 of those 24 hours.

We purchased a product called Pest Patrol, specifically because it stated it would remove the aforementioned Favoriteman, which it did...along with *88* other malware/spyware entries in various locations of her system.

After all that was done, we discovered that her Winsock was corrupted. Unfortunately, I didn't know what that was all about until I spent another slug of hours doing everything I could think of, including swapping CAT 5 cables, rebooting the router, uninstalling the network card, replacing the network card, and FINALLY...deleting her Winsock Registry entries and importing the ones off of my system, per a clue I found online.

Now, the damn thing needs a good scandisk and defrag...and I need a fifth of bourbon.

02-14-2004, 11:03 AM	#1
Elspode When Do I Get Virtual Unreality? Join Date: Dec 2002 Location: Raytown, Missouri Posts: 12,719	Class Action Lawsuit, Anyone Yesterday, my wife was trying to send an electronic greeting card from some site with which she was not familiar. A few minutes afterward, her computer began exploding with popup ads, and the whole system ground to a virtual halt (pun intended). That was at about 11:00 yesterday morning. 24 hours later, we are still trying to rid her system of the malware, spyware and adware which is apparently self-regenerating. I spent approximately five hours last night, until five o'clock this morning, trying to manually delete all the components involved in the six or seven separate pieces of offending software on her computer. I have used five different spyware/malware scanners-eradicators(one of these things shows up as a fucking trojan, according to her virus scanner! Research on another reveals it to be a keylogger-transmission program). Some of it can be uninstalled through XP's Add/Remove Software function, but then you are forced to go through five or six "are you sure you want to uninstall this? Are you really sure you want to uninstall this? You don't want to uninstall this, right? Leave this program installed yes/no?" popups...and after you reboot, the same fucking program is still there, along with four or five others. So now, we have disconnected her system from the network to isolate it, and are re-scanning and re-removing things. I am then going to again sit and go through all the information on each individual piece of malware, and uninstall it bit by bit. The main culprit is a program called Favoriteman (and several other variations). This program is virtually impossible to identify and eradicate, and it is the one responsible for downloading all the other shit. This has rendered my wife unable to do her job because her system performance is nonexistant right now...there's so much stuff, it brings her system to its knees, covering her screen with as many as fifteen to twenty popup windows at a time. This shit cannot be legal. It is costing me my entire weekend, and costing my wife her income. If she doesn't get her transcription done right fucking now, she could lose her job. So...two questions. First, does anyone know how to, without a doubt, get rid of Favoriteman (and don't say reformat the drive)? Second, how can I sue the cocksuckers that are responsible for this? This program was loaded on her computer without her knowledge, it stealths itself, it resists removal and it "reinfects" her system every time it is rebooted. I want someone's balls... __________________ "To those of you who are wearing ties, I think my dad would appreciate it if you took them off." - Robert Moog

02-14-2004, 11:43 AM	#3
Elspode When Do I Get Virtual Unreality? Join Date: Dec 2002 Location: Raytown, Missouri Posts: 12,719	Used 'em both. They don't work on this one. I have just paid $40 for software that claims to specifically remove Favoriteman, because my wife is losing three times that much money per day right now due to her inability to use her computer. This is bad, bad shit...I've never seen anything like it. Evil. If I could get my hands on the sons of bitches that are responsible for it, I'd throttle them. __________________ "To those of you who are wearing ties, I think my dad would appreciate it if you took them off." - Robert Moog

02-14-2004, 11:59 AM	#5
Elspode When Do I Get Virtual Unreality? Join Date: Dec 2002 Location: Raytown, Missouri Posts: 12,719	She would have to transfer her transcription equipment (or my computer) from one desk to the other for starters, then she'd have to get all of her transcription-specific Wordperfect macros, dictionaries and stored files to the other computer, and there is no way she's moving anything off of her computer to another one until I know it is clean, after which time it will no longer be necessary for her to use another computer. Unfortunately, transcription entails a lot more than just sitting down and typing in exactly what you hear, at least in terms of infrastructure. __________________ "To those of you who are wearing ties, I think my dad would appreciate it if you took them off." - Robert Moog

02-14-2004, 07:10 PM	#7
Happy Monkey I think this line's mostly filler. Join Date: Jan 2003 Location: DC Posts: 13,575	DO NOT USE ELECTRONIC GREETING CARDS. Almost all of them are only there to collect addresses for spam. The rest also infect your computer. __________________ _________________ \|...............\| We live in the nick of times. \| Len 17, Wid 3 \| \|_______________\| [pics]

02-14-2004, 10:27 PM	#9
Scopulus Argentarius Your current user title is: Join Date: Oct 2001 Location: BTR Posts: 301	coninuted from above the nasty reinfected itself through a few inventive ways.... 1. a js function exploit in an "assability' style sheet it configured for internet exploder. (internet options - accessability options-somewhere in there..one of the bottom buttons). Starting up ie would re-infect...(or at least partially boot the nasty so it could finish setting itself) 2. a hook into the default action for an exe file (would launcgh it whenever someone launched an exe).. running any program would re-infect/launch (if not already running) 3. an old time "run=something.exe" in the system.ini file along with reg entries in HKLM [& HKLU]\Software\Microsoft\Windows\Current\run ... system eboot would start it Has anyone else found bugs that infect in suprising ways....?????

02-14-2004, 11:35 AM	#2
juju no one of consequence Join Date: Jun 2001 Location: Arkansas Posts: 2,839	I always use Spybot Search and Destroy, and AdAware. Apart from that, I also do google searches for techies discussing whatever program I'm having a problem with. Inevitably I'll find many sites with information on how to remove it. But I've never found anything the first two programs wouldn't remove. AdAware's forums might be a good place to start, if not.

02-14-2004, 11:54 AM	#4
juju no one of consequence Join Date: Jun 2001 Location: Arkansas Posts: 2,839	Don't you have another computer she can use in the meantime?

02-14-2004, 06:44 PM	#6
Slartibartfast \|-0-\| <-0-> \|-0-\| Join Date: Dec 2003 Location: New Jersey Posts: 516	And what website was it that did all this shit? Sometimes it makes me wish retributive denial of service attacks were legal...

02-14-2004, 09:56 PM	#8
Scopulus Argentarius Your current user title is: Join Date: Oct 2001 Location: BTR Posts: 301	CWShredder might get the components that persist in reinfecting. Spybot Search and Destroy will get the other ones... Had something similar happen to someone's machine at work. Couldn't really control the damn thing until I ran 'ROUTE DELETE 0.0.0.0' at a command prompt. That effectively killed TCPIP routing (temporarily -until reboot(s)). Put STINGER and the above 2 programs on the computer via a Netbios Network connection...and successfully got the shit off of the machine. It took all three. CWShredder found the nuked the way that it re-infected the system.

02-15-2004, 12:43 AM	#10
Elspode When Do I Get Virtual Unreality? Join Date: Dec 2002 Location: Raytown, Missouri Posts: 12,719	I have finally finished fixing the disaster...over 24 hours after I started, and I worked on it for (no exaggeration) 16 of those 24 hours. We purchased a product called Pest Patrol, specifically because it stated it would remove the aforementioned Favoriteman, which it did...along with 88 other malware/spyware entries in various locations of her system. After all that was done, we discovered that her Winsock was corrupted. Unfortunately, I didn't know what that was all about until I spent another slug of hours doing everything I could think of, including swapping CAT 5 cables, rebooting the router, uninstalling the network card, replacing the network card, and FINALLY...deleting her Winsock Registry entries and importing the ones off of my system, per a clue I found online. Now, the damn thing needs a good scandisk and defrag...and I need a fifth of bourbon. __________________ "To those of you who are wearing ties, I think my dad would appreciate it if you took them off." - Robert Moog

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)