Virus Alert

[p.risboy]

Hi folks,

Got a PC virus monday, and had get my whole PC's hardrive wiped, and start again.
It was a very, very convincing 'Windows' security download, and my dear wife allowed access, to update. It was that good.(or should it be 'that bad').

It totally froze out internet access, to troubleshoot it. It also disabled my anti-virus software.

I long for the day, when I can this sort of stuff, straight back to the sender of it.

So be aware please.

Steve.

 

[gibbo]

Thanks for the warning Steve. Glad you got it sorted and back on line.

 

[duckweed]

Yes I've seen it. Fortunately I didn't take notice of it as my husband already had trouble with it on his computer. Fortunately his anti virus cleared it out. It is very convincing but if you think of it Microsoft doesn't usually appear like that just. Best thing to do if it appears is shut down browser and restart.

 

[davelambert271]

Hi Steve
thanks for the warning.
I hope you didn't loose all your precious files.

Davw

 

[p.risboy]

Hi All,

Luckily it didn't affect my files and photo's.

My dear wife was beside herself, when she 'enabled' it access.

I would have noticed the so called 'alert', but my dear wife usually lets me...... "do that stuff".
She is scared of going on the internet again, in case she makes that mistake again.
Still, one internet mistake in 10yrs is good going.......I've made far more than that.:biggrin:

Steve.

 

[Karen Strother]

Hi All,

Luckily it didn't affect my files and photo's.

My dear wife was beside herself, when she 'enabled' it access.

I would have noticed the so called 'alert', but my dear wife usually lets me...... "do that stuff".
She is scared of going on the internet again, in case she makes that mistake again.
Still, one internet mistake in 10yrs is good going.......I've made far more than that.:biggrin:

Steve.

Hi Steve
I just had the IT guy from my work doing some stuff on my computer and the first thing he did was to turn off the automatic updates from microsoft (and others that appear to be microsoft )for that reason. He said alot of rubbish gets downloaded including spyware and as you found out - viruses. He reckons they look very genuine notifications. It had also loaded a program on mine called Dr Watson that was running in the background causing loads of problems. He had a jolly old time trying to delete the thing too - everytime we re-started it came back again. Just can't trust anyone hey. I agree with you - If I was really savvy I'd work out a way to send them right back. It amazes me why people would want to be so malicious to create these things - my Trend Micro just blocked 2 Trojans last week.
Cheers

 

[b00kie]

Hi,
We had the same thing hit one of our computers - it too said it was from Internet Explorer. When you tried to "x" out of it, it would immediately go into a scan. We kept "xing" out of it until it was gone. My anti virsus kept picking it up but it didn't stop it. We finally had to go to system tools & restore to an earlier date & that got rid of it!
There's always someone of there trying to damage a good thing.
Stay safe!
b00kie

 

[p.risboy]

I've just found out that most of my 'favorites' have been lost.:'( :'(

A lot of FH associated sites that I had kept.

Steve.

 

[dave6023]

About 18 months ago a friend of mine got something on his PC called 'Windows Security Centre'. It certainly looked like a genuine Microsoft product. It took me over 4 hours to get rid of it. It defeated most spyware removal tools I tried, turned off his AV program. I eventually found and downloaded a program called Spy Hunter (£30 for a yearly subscription!) which detected it and removed 95% of it. I could then detect the rest of it with his AV program and kill it off.

Very recently (within the last month) my boss has had his laptop hacked into and his internet banking details acquired and two attempts were had to send money to Greece, fortunately to bank blocked both attacks. My guess is he responded to one of those dodgy emails that starts 'Dear xxxx Bank customer' as he is not very IT literate. A Bank will always write to you by name and will NOT ask for personal details.
I've got to run an AV/spyware scan on it for him but he doesn't seem to be in too much of a hurry for me to do it despite the bank asking him to get it done. He had a letter over 2 weeks ago from the bank asking for it to be done. Until this is done they will not re-instate his online account.

Though I am employed as a printer, I also have to deal with nearly all of the PC problems at work.

 

[davelambert271]

It had also loaded a program on mine called Dr Watson that was running in the background causing loads of problems. Cheers

Hi Karen
what problems did this programme cause? I did a search for Dr Watson and found 3 x files with that name, 1 c\doc & settings 2 c\1386 and C\windows\system 32. It has something to do with Microsoft

dave

 

[dave6023]

This will tell you all about Dr. Watson, it's part of the Windows OS

Dr. Watson is an application debugger included with the Microsoft Windows operating system. It is usually named drwatson.exe, drwtsn32.exe or dwwin.exe depending on the version of Windows. It is named after Doctor Watson of Sherlock Holmes fame, with the idea being that it would collect error information (symptoms) following the problem. The use of the word "Watson" has since been expanded to include general end user feedback services.

The original name of this diagnostic tool was "Sherlock"

The information obtained and logged by Dr. Watson is the information needed by technical support personnel to diagnose a program error for a computer running Windows. A text file (Drwtsn32.log) is created whenever an error is detected, and can be delivered to support personnel by the method they prefer. A crash dump file can also be created, which is a binary file that a programmer can load into a debugger. Dr. Watson can be made to generate more exacting information for debugging purposes if the appropriate symbol files are installed and the symbol search path (environment variable) is set.

When a program error occurs in Windows, the system searches for a program error handler. A program error handler deals with errors as they arise during the running of a program. If the system does not find a program error handler, the system verifies that the program is not currently being debugged and considers the error to be unhandled. The system then processes unhandled errors by looking in the registry for a program error debugger for which Dr. Watson is the default. A third-party debugger can also be used in place of Dr. Watson. The Watcom C compiler includes a similar crash-analysis tool named "Dr. Watcom".

Starting with Windows Vista, Dr. Watson has been replaced with "Problem Reports and Solutions". It is still available in Windows Vista and Windows 7 though by typing 'drwatson.exe,' into the command prompt box.

 

[davelambert271]

Hi
thanks for that explanation Dave - that makes me a lot happier.

dave

 

[dave6023]

Hi
thanks for that explanation Dave - that makes me a lot happier.

dave

Your welcome.

Sometimes hoax virus alerts can be more annoying, as quite often you'll get an email saying 'such & such' file is a virus that can wipe your hard disk. The email usually says search your hard drive for the file and if found delete it. Quite often the file you've been asked to search for is an essential OS file. When you delete it and try to restart the PC it won't boot because that file is now missing. If you know what you are doing it is possible to replace the file. If not you'll need a Tec Guy (and I don't mean one of those in PC World).

 

[Karen Strother]

Your welcome.

Sometimes hoax virus alerts can be more annoying, as quite often you'll get an email saying 'such & such' file is a virus that can wipe your hard disk. The email usually says search your hard drive for the file and if found delete it. Quite often the file you've been asked to search for is an essential OS file. When you delete it and try to restart the PC it won't boot because that file is now missing. If you know what you are doing it is possible to replace the file. If not you'll need a Tec Guy (and I don't mean one of those in PC World).

Hi Dave
So does this mean my IT man needn't have deleted Dr Watson? It was running in the background and programmes were jamming up and my internet access took ages to load pages up.
In respect to the other about false notices - I got one yesterday on my virus scanner telling me it detected a "warning' from Microsoft about my
Office 2007. It was a high risk alert about an office update and I am not sure if it means it is a virus that was stopped or I really need to open the page and download an add on for the Office programme?? I am confused
Cheers
Karen

 

[p.risboy]

Hi Dave
So does this mean my IT man needn't have deleted Dr Watson? It was running in the background and programmes were jamming up and my internet access took ages to load pages up.
In respect to the other about false notices - I got one yesterday on my virus scanner telling me it detected a "warning' from Microsoft about my
Office 2007. It was a high risk alert about an office update and I am not sure if it means it is a virus that was stopped or I really need to open the page and download an add on for the Office programme?? I am confused
Cheers
Karen

Log into Windows Homepage for Genuine updates Karen. A real pain, but safer, (for me anyway.redf) ).

Steve.

 

[Karen Strother]

Log into Windows Homepage for Genuine updates Karen. A real pain, but safer, (for me anyway.redf) ).

Steve.

Thanks Steve

 

[Karen Strother]

Just had a gander on the Microsoft site and there are no security updates for Office 2007 I could see - thanks so much for the advice Steve
:biggrin:

 

[dave6023]

Hi Dave
So does this mean my IT man needn't have deleted Dr Watson? It was running in the background and programmes were jamming up and my internet access took ages to load pages up.
In respect to the other about false notices - I got one yesterday on my virus scanner telling me it detected a "warning' from Microsoft about my
Office 2007. It was a high risk alert about an office update and I am not sure if it means it is a virus that was stopped or I really need to open the page and download an add on for the Office programme?? I am confused
Cheers
Karen

Hi Karen

Microsoft do not email individuals with security warnings. Just think for a second - have you given Microsoft your email address?
The automatic updates via the Windows OS handle all the security updates.

With regards Dr Watson,
When a program error occurs in Windows, the system searches for a program error handler. A program error handler deals with errors as they arise during the running of a program. If the system does not find a program error handler, the system verifies that the program is not currently being debugged and considers the error to be unhandled. The system then processes unhandled errors by looking in the registry for a program error debugger for which Dr. Watson is the default.
So unless you have a lot of programs causing errors, I can think of no reason why Dr Watson would be constantly running and slowing things down.
A slowing down system is more usually caused by spyware/malware, do you have Spybot S&D or some other spyware removal tool installed? If not I suggest you download Spybot S&D from www.safer-networking.org It is a Freeware program so it won't cost you anything.

Regards
Dave