Posted 09 December 2011 - 05:32 PM
I am using Win 7 Home Premium 64-bit, Firefox and Chrome. This computer acts as a server and has MS SQL Server 2008 setup on it. I normally just use MS Security Essentials and Windows Firewall for security. Approximately one month ago after participating in an short online class a variant of the “Win 7 2012 Security” scareware showed up and was doing it’s thing. I found a guide on Bleeping Computer to get rid of it using rkill.exe and Malwarebytes to get rid of it and it seems to work. Unfortunately I unwittingly selected to try Malwarebytes 30 day trial so about 3 days ago it got uninstalled from this computer. Two days ago while browsing Reddit suddenly up pops “Win 7 2012 Security” warnings along with problems in browser connectivity. Having had this before I take the same steps again which seems to rid me of “Win 7 2012 Security”. However when Malwarebytes is running MS Security Essentials (yes I neglected to turn it off) finds more infections. In fact almost every time Malwarebytes runs MSE finds something new.
Some examples are: Alureon.TK, vdf.exe, Kwrd.dll, PUP.BitMiner, Sirefef.J
I let MSE get rid of them and Mal fins a few also. My internet connection seems to get worse as browser performance decreases however if I run a speed check the DSL connection is fine. Yesterday (the 8th) I made sure everything was up to date (java, flash, windows) and got rid of everything that was extraneous to speed up scans.
At 4:36 PM MSE found: TrojanDownloader:Java/OpenConnection.OS
At 6:21 PM MSE found: TrojanDownloader:Java/OpenConnection.OU
I left it for the night after disconnecting the internet. This morning (9th) scanned with Mal, MSE and AVG and nothing showed up. I continue to have browser problems as flash and Java as well as images do not always work, sometimes they do. I had to go to another computer to create a Bleeping Comp account as my browser would not show me the “confirm you’re a human/capuchin box”. I tried using Chrome and it does not have the formatting problems and is a little faster but images/adds do not work. We have a third party software package which we need to access via the internet (we have a static IP) however that has not been working since this started (the 7th). We can still use it via Intranet strangely enough but really need remote access.
Nothing has shown up today (the 9th) on any virus scan however I am still having slow/poor browser problems and cannot connect to the server via the internet.
Sorry for the wall of text but instructions said be complete!