Zepto Ransomware is a Variant of Locky

Locky Ransomware

Zepto Ransomware appears to be a new variant of Locky.  Had a client hit with it last night and it was very hard to find any information about this.  There appears to be a thread here and there but that is it.  Can’t detect the thing easily.  At first I ran malwarebytes and came up with nothing.  I found a google search hit that said to use spyhunter 4.  Right now that is the only program I have found to detect it.

When you go to the TOR sight it lists it says it costs 2 bitcoin for the ransom.  That is over $1200 as of 6/29.  That’s crazy.

I am going to try a few different programs to see it can detect.  Don’t want to purchase spyhunter right now.

  • Malwarebytes has not detected it
  • ADw cleaner has not detected it
  • Spyhunter 4 HAS detected it
  • ESET Online Scanner has not detected it
  • Kaspersky Internet Security has not detected zepto

Microsoft Angels is a scam

 

If you get a call from someone claiming to be part of Microsoft Angels then it is a scam.  My mother got a call from someone with a heavy accent claiming to be from Microsoft and that her desktop is giving out error messages.  They said they needed to get into the computer in order to fix it.

Obviously, she did know better because she checked with her “computer guy” first.  Computer guy meaning her me.  I have heard of this scam before but am suprised they are continuing it.  Must be enough people falling for it in order to make it worth their while.

If they get access to the computer then they can install whatever they want.  Keylogger to find out your passwords.  Maybe another program to deliver ads or emails.  Yet another program to work with thousands of other infected computers in order to attack a target.

Please be vigilant when online.  Whether it is downloading something or the sites you visit.  If it sounds to good to be true then it is to good to be true.

TDSS strikes again!

Ah yes, TDSS.  Love to hate you.  TDSS is a rootkit.   A rootkit that seems to have at the very least 4 major revisions to it.  Thank heavens for Kapersky.  They have a small little program called TDSKiller.  You use it to get rid of the rootkit.  It is a very small program that they update on a continual basis.  Thank heavens for the constant updates because this last infection wasn’t detected with TDSKiller that was downloaded 2 weeks ago.  A new download allowed me to get the the new variant (V4) removed.

Rootkits are rarely detected by anti-virus programs.  Even my favorite Malwarebytes Anti-malware has not been detecting TDSS.  I’ve used other programs like Appranger and Hitman Pro with  no avail.  I do give Hitman Pro credit for detecting the TDSS rootkit in one of the computers that had it.  It couldn’t remove it but at least I finally had a starting place to research the problem.

So, Kudos to Kapersky!  Thank you so much for the tool.  It is very appreciative.

Malware Byte’s Anti-Malware has helped me on several occasions

Malwarebyte’s Anti-Malware is a godsend for me.  I have had to use it on 4 different computers in the past two weeks.  For whatever reason, Symantic Corporate Antivirus isn’t really doing its job.  I have certainly railed on them in the past so this post will not be about that.

Instead I am just going to state that installing Malwarebyte’s Anti-Malware found the viruses (Vundo virus and a key logger) and removed them without problems.

It’s sad that a free program(for personal use) outshines the program with all the marketing behind it.

Antivirus 360 is NOT an antivirus

I have know experienced Antivirus 360 also known as A360 twice.  The first time was not a hands on experience.  I was told by someone that they had an antivirus program that said they had thousands of viruses.  He brought it to the head IT guy at the local high school.

That person was a complete idiot. He told him he needed a new computer and that the viruses ruined his computer.  What a moron!  So, I never got a chance to help the person because the IT guy kept it for a month and I hadn’t seen him since then.  Hopefully, this IT person loses their job. NE Wisconsin has some very bad teachers.  I’ll leave it at that.

Well, it is actually not that dificult to remove.  I found some excellent instructions on a few websites.  Here is a link to those instructions.  Scroll down to the automated list.  Just follow the simple instructions to download Malwarebytes’ Anti-Malware.

1. Run Anti-Malware

2. Reboot

3. Run it again to make sure it’s gone.

It will probably find the VUNDO virus and will be able to remove it.  If for some reason it doesn’t remove it, reboot into safemode and run it again.  There is also a VUNDO removal tool one can download.

That is all there is too it!  You can also post here if you have any questions.

Random Thunder Noise but No Virus Found?

UPDATED: 12/26/08 The annoying thunderstorm sound is the weather channel gadget that sits in your system tray next to your clock on the lower right of your screen.  I actually need to confirm this with a friend that uses it but it makes perfect sense.  I didn’t realize that one of the users on my parent’s computer was using the weather channel instead of weatherbug.  The account is usually open when other people are on it.  It’s confirmed.

Open question on this one.  My parents are getting a random thunder noise on their computer.  They say it is completely random.  After much searching I found something similar but they didn’t have the files that were listed on the internet.

I uninstalled AVG which I have raved about and installed Avira?  It was that one or another one.  Whichever one was ranked as the best this year.  Still no viruses found.  I’ll be up for christmas and will have to listen to it to figure out what they are talking about.  Very weird occurance.

AVG Updating Issues

AVG is the antivirus that I recommend to everyone.  Ever since Norton Antivirus hosed three of my computers all in the same day I have refused to use them at home.  AVG rarely has given me problems.  Once, I couldn’t install it on my main machine which was running Windows Vista 32 bit.  I ended up installing Vista 64 bit a few months later and then it did work.

I helped a friend a few days ago with an updating problem he was having.  It kept saying the database was out of date.  I had him bring me his laptop and I took a look.  I said the date was wrong on his clock.  It was set for 1 month into the future.  Well, AVG releases a weekly database update so it thought it’s current database was old.  A restart of the computer and everything was back to normal.  It just goes back to the starting with the easy things first when troubleshooting.

Be Careful What you Download!

Maybe this needs to be taught in school.  Don’t open something unless you are certain you know you can trust it.  If you do planon opening something that seems suspicious such as a key generator from your favorite p2p application, then you better have a good antivirus.  Speaking of Antiviruses, I need to write about them soon.  I’m an AVG fan.  It’s free and it does a better job than the big ones out there such as Norton and Symantec.

You can never say never in the world of computers but you can make some very good assumptions on how you can and cannot get a virus.

Ways you cannot get a virus:

  • downloading mp3 files
  • downloading picture files
  • downloading pdf files
  • opening an email but not its attachment
  • opening Microsoft Office files (you will get a warning about macros if it has one and their potential to do bad)

Ways you can get a virus:

  • opening ANY executable file.  These are extensions of .exe and .bat
  • opening an attachment that has an executable file in it. most email programs won’t let you send .exe files
  • opening a zip or RARed file (compressed file) and then double clicking on an executable file

Notice anything familiar about my last three items?  If you answered “they are all executable files” then you win a congrats! from me. 🙂

I will have to go more in depth on how to remove viruses but the main thing to remember is if it does look like it’s gone and it shows up right away again, then you need to run your antivirus program in safe mode.  Some viruses are a pain to remove.