Heads Up! Christmas Day Virus Attack, from Facebook and TMZ. | |
DanfromtheHills (OP) User ID: 945238 United States 12/25/2010 10:43 AM Report Abusive Post Report Copyright Violation | |
DanfromtheHills (OP) User ID: 945238 United States 12/25/2010 10:53 AM Report Abusive Post Report Copyright Violation | Some info on mike148... [link to www.threatexpert.com] "Nothing to see here, go back to sheep..." --- AC 1251379 |
DanfromtheHills (OP) User ID: 945238 United States 12/25/2010 10:55 AM Report Abusive Post Report Copyright Violation | |
DanfromtheHills (OP) User ID: 945238 United States 12/25/2010 10:58 AM Report Abusive Post Report Copyright Violation | Maybe someone with some tech savvy can try to decipher this link... [link to www.antivirus365.org] I can tell from glancing at it that it mentions mike148 in association with facebook... "Nothing to see here, go back to sheep..." --- AC 1251379 |
Mia User ID: 1185622 United States 12/25/2010 11:32 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 966567 United States 12/25/2010 11:34 AM Report Abusive Post Report Copyright Violation | |
DanfromtheHills (OP) User ID: 945238 United States 12/25/2010 12:04 PM Report Abusive Post Report Copyright Violation | This worked fixing my mom's computer... Ok, here are the offending files... tmzyc.exe, and mike148.exe. These were most likely attached to a video from the tmz website. The removal has a few steps but isn't too tricky... Restart your computer. Start Task Manager: press (ctrl, alt, delete, at the same time). Select the Applications tab, if you see Security Shield running, then slect it, and choose end task. Sometimes the virus will have a couple of small pop-up windows that get in the way of the confirmation box for Task Manager, either minimize them or move them out of the way to uncover the confirmation prompot/box. This should remove the pop windows from the desktop, and prevent the virus from starting up. Now you can delete the two files. Use search for both mike148, and tmzyc, and delete any copies you find. You do this by slecting any of these offending files, right click, open containing folder, and delete the file that appears in that folder Remove these copies from the recycle bin, select empty recycle bin. Also... Goto Start ---> Run ---> type "msconfig" in the box, hit enter. This will bring up the system configuration program. Select the start-up tab. If you see a copy of mike148, tmzyc, or simply a blank entry, then unselect any of those, and close the configuration program. You are ready to restart, and your computer should clean and ready to go. Last Edited by DanfromtheHills on 12/25/2010 12:19 PM "Nothing to see here, go back to sheep..." --- AC 1251379 |
DanfromtheHills (OP) User ID: 945238 United States 12/25/2010 12:06 PM Report Abusive Post Report Copyright Violation | |
DanfromtheHills (OP) User ID: 945238 United States 12/25/2010 12:19 PM Report Abusive Post Report Copyright Violation | |
DanfromtheHills (OP) User ID: 945238 United States 12/25/2010 12:28 PM Report Abusive Post Report Copyright Violation | |
martayers User ID: 886047 Puerto Rico 12/28/2010 12:45 AM Report Abusive Post Report Copyright Violation | Malware Bytes Antimalware software removed the "Grinch" Trojan files from my computer infected on Facebook on Christmas Day, and found the following: Final scan by Malbytes showed nine infected files, including PUM HKEY Local, koobface, TrojanFile, PUB.Fbsearch, Trojan Agent: file, registry, value and memory. All were successfully deleted. Thanks to Dan in the Hills for making the public aware of the attack. The Facebook Help Team was on vacation from Christmas Eve until Thursday December 30, 2010 and could not help Facebook users. |
Anonymous Coward User ID: 969642 Puerto Rico 12/28/2010 09:05 AM Report Abusive Post Report Copyright Violation | |
martayers User ID: 969642 Puerto Rico 12/28/2010 09:07 AM Report Abusive Post Report Copyright Violation | Four more infected files were identified by an additional full search by Malbytes AntiMalware software: all had the designation Pap FB Search. These infected files were all successfully removed by Malbytes. [Sorry I did not manually enter my name the first time: I am new to your excellent site.] |
DanfromtheHills (OP) User ID: 945238 United States 12/28/2010 09:11 AM Report Abusive Post Report Copyright Violation | Malware Bytes Antimalware software removed the "Grinch" Trojan files from my computer infected on Facebook on Christmas Day, and found the following: Final scan by Malbytes showed nine infected files, including PUM HKEY Local, koobface, TrojanFile, PUB.Fbsearch, Trojan Agent: file, registry, value and memory. All were successfully deleted. Thanks to Dan in the Hills for making the public aware of the attack. The Facebook Help Team was on vacation from Christmas Eve until Thursday December 30, 2010 and could not help Facebook users. Quoting: martayersRight, the whole thing seems to be a malware/adware scheme. She wound up downloading malware bites, ran it, and found 93 separate files! Alot of them are the same as your list. EDIT: Facebook offers a fix at their site if you have wound up with this junk. Last Edited by DanfromtheHills on 12/28/2010 09:12 AM "Nothing to see here, go back to sheep..." --- AC 1251379 |