What's new
British Ordnance Collectors Network

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Very serious virus WARNING

smle2009

smle2009

Well-Known Member
Hi to all,
yesterday evening I experienced the mother of all viruses.....trawling the net looking for info on a .45-70-500 round I was suddenly blocked by the 'Metropolitan Police' for carrying out terrorist activities,watching illegal pornography ect on the net and demanded that I paid a 100 fine on line or my PC would be seized and I would be taken to court..after my initial WTF!,I noticed that the IP address they gave was not mine...this virus got past AVG2012 and none of the normal 'tricks' with Windows would get rid of it,safe mode,last safe position ect...SO A WARNING GENTS/LADIES...this virus is a killer and nothing can be done about it unless you re-boot with a disc or USB stick which means you lose all your saved information.photos ect...so I highly recommend that those of you who have not already done so back up your system on disc or memory stick until this virus is 'got rid of'....me? I've gone back to virus free Linux:wink:


All the best
Tony
 
VVV Frightening ! god knows how I back up my computer onto disk. Please let us know when / if you hear the virus has been handled and we are safe again !
 
My Gf picked this virus up on her laptop, I managed to cure it with out loseing anything. it's a nasty little git it won't even allow you to open a task manager window and delete it.
It just shows the warning tony described above all the time, and you can't open anything else up.


1. This is what I did turn the computer off.

2. If your connected to the Internet pull the plug on your broadband Then restart your computer.
This I found allowed you to start your computer normally so it did not bring up the warning screen.
I found if I restarted the computer with the broadband on it kept displaying the warning screen it must sence an open connection.

3. I then opened the system restore page and restored the computer to the last restore point before the warning came up let the computer do it's buisness restoring.

4. Turn the computer off and on and turn the broadband back on and don't open any windows etc just update your virus killer so it has the latest updates and carry out a full Scan of your system to make sure there's nothing else lurking and that cured her computer we didn't lose anything.

From bazooka chris
 
Tony do you have a name for this virus so we can look it up?
John
 
Hi Chris,
I tried this route but no luck at my end,also tried safe mode with and without the net,my anti virus was updated every morning...it just didn't pick it up.
Hi John,
no idea mate as I abandoned ship in the end and went back to Linux...I could think of a name for it though!

Cheers
Tony
 
Hi Tony, that sounds very serious, although everybody will understand at once this is a virus -buying off "carrying out terrorist acivities" for 100 pounds would be a joke-, you do not know for shure if hidden parts of the virus remain "asleep" in your computer to wreak havoc in a later stadium.
However, for using linux you have to be quite keen in using computers and programming, as this program is much more difficult to use for a computer dummy -like me- than Windows.
Over here in Holland at the moment we have a "virus" either a "Trojan" wandering around of which I get up to ten E-mails a day (even at my job) reporting me that between 50 and 5000 euro will be withdrawn either placed on my bankaccount. I only have to push the yes or no link to make shure it all proceeds. By now my virusscanner starts to throw them away automatically, but I wonder how many people made the mistake of linking and getting nailed by a virus. Strangely enough the mails on my job came from collegues, the ones at home seemed to be people I mailed in the last year.
 
Last edited:
http://www.enigmasoftware.com/trojanzbotcbcgen-removal/

Trojan.Zbot.CBCGen is a group of Winlockers that have plagued computer users in Europe, particularly in the United Kingdom. Typically, Trojan.Zbot.CBCGen manifests itself by blocking the victim’s access to their own desktop. This kind of malware infection is often known as ransomware, as it takes over the victim’s computer and refuses to return it to the victim until a certain amount of money is paid. ESG security researchers strongly recommend against paying Trojan.Zbot.CBCGen’s ransom. While effective, Winlockers belonging to Trojan.Zbot.CBCGen family are quite simple. Dealing with them is not difficult at all, provided that you can start your operating system in Safe Mode. The most widespread Winlocker associated with Trojan.Zbot.CBCGen is the so-called Metropolitan Police ransomware, a Winlocker that pretends to be a message from law enforcement claiming that the victim’s computer was blocked due to illegal activity. There are variants of Trojan.Zbot.CBCGen Trojan Winlockers corresponding to various law enforcement throughout Europe, displaying messages in English, Spanish, Italian, Dutch, German and Russian.
[h=3]Dealing with a Trojan.Zbot.CBCGen Trojan Infection[/h] The first step in dealing with a Trojan.Zbot.CBCGen Trojan infection is to regain access to your computer system. This can be done by starting up Windows in Safe Mode. This prevents Trojan.Zbot.CBCGen from launching automatically. Once you’ve done this, you can then use a legitimate anti-malware program to remove any traces of Trojan.Zbot.CBCGen. However, if you want to remove Trojan.Zbot.CBCGen manually, this is also possible because of this ransomware’s simplicity. First, you will need to locate Trojan.Zbot.CBCGen’s executable file, usually located in the TEMP directory. This executable file will have the EXE extension and a file name made up of random characters. You will also need to delete Trojan.Zbot.CBCGen’s registry entries. However, ESG security researchers strongly recommend against tampering with the Windows Registry if you do not have experience doing this. In this case, it may be better attempting automatic removal with a legitimate anti-malware program. If you have experience using the Windows Registry, you will need to locate two registry entries associated with Trojan.Zbot.CBCGen. The first of these launches Trojan.Zbot.CBCGen’s ransomware automatically upon start-up. The second of these entries will disable the Windows Task Manager to prevent the victim from forcing the ransomware’s window to close.
 
Had a similar problem with the GF's laptop several months back. I went the 'safe mode' 'system restore' route. However, one suggestion was to 'pay' . The purpose of the particular Trojan I was dealing with and indeed many others is to obtain the victim's credit card details for use elsewhere. The details you enter can't be verified - so enter details approximating your card - this will give you control back to allow use of 'system restore' or anti virus software etc.

The Met' is all but bankrupt - might be genuine after all.


TimG
 
Same scam here in US except it is the FBI that the threat allegedly comes from.Bazzoka Chris has the drill down pat.
 
pzgr40 said:
Hi Tony, that sounds very serious, although everybody will understand at once this is a virus -buying off "carrying out terrorist acivities" for 100 pounds would be a joke-, you do not know for shure if hidden parts of the virus remain "asleep" in your computer to wreak havoc in a later stadium.
However, for using linux you have to be quite keen in using computers and programming, as this program is much more difficult to use for a computer dummy -like me- than Windows.
Over here in Holland at the moment we have a "virus" either a "Trojan" wandering around of which I get up to ten E-mails a day (even at my job) reporting me that between 50 and 5000 euro will be withdrawn either placed on my bankaccount. I only have to push the yes or no link to make shure it all proceeds. By now my virusscanner starts to throw them away automatically, but I wonder how many people made the mistake of linking and getting nailed by a virus. Strangely enough the mails on my job came from collegues, the ones at home seemed to be people I mailed in the last year.
Click to expand...

Hi pzgr40,
I find it a bit odd that you find Linux 'harder' to use than Windows.I'm using the Ubuntu version which is so much more user friendly than any Windows program I have ever tried and you can do so much more with it than Windows.....yes,also experienced the e-mail virus that supposedly has been sent by a friend also,which they do not,...again with microsofts 'hotmail' system.

Hi LCPLCOMBAT,
I'm sure this trojan has been modified, as stated above it would not let me into safe mode,the nearest I could get was my screen saver but without any side bar or short cuts. The thing that I find disturbing is that it got in undetected by AVG2012,which so I have been told is the dogs gonads of anti virus programs...pfffft

Hi Tim G,
This one was not asking for credit card details but gave a code to go and pay at a pay point ect.

Cheers
Tony
 
Thanks guys. I've pasted the relevant info onto a Word document and printed it off so it's to hand even if I can't use my computer.

I haven't suffered anything like this (so far) but I do get spam emails from my own email address - or from variations of it which don't exist. What's going on?
 
Joys of the internet Tony,the moment you go on it other people know all about you and some muppets try to take advantage of it:tinysmile_cry_t:.

Cheers
Tony
 
bazooka chris said:
3. I then opened the system restore page and restored the computer to the last restore point before the warning came up let the computer do it's buisness restoring.
Click to expand...

Yep, has to be one of the fastest way to remove a virus - basically the "restore" resets your PC Registry (what basically controls your PC) back to a point prior to the infestion.

Much better than spending hours following AV removing procedures that the AV company post - that's if you can ID the right virus in the first place.

"Spybot" is free and very good for detecting nasties that can slip through mainstream AVs - so effective that AV companies detect it as a "virus" (because it's free!)

Cheers
Drew
 
I recently had a couple of emails from a trusted friend. The most recent warned me that the earlier one marked `personal message' was some kind of bogus infection. Thankfully I don't get time to check emails often, maybe once a week, otherwise I might have opened the earlier one thinking it was ok. My friend always gives his emails a relevant title but I hadn't suspected the `personal message'.
 
You must log in or register to reply here.
Top