Computer Infection--Emergency!

Page 4 of 6 FirstFirst ... 23456 LastLast

  1. Posts : 16,325
    W10Prox64
       #31

    Slow down. It's a trojan downloader. It doesn't spread, it downloads other stuff.
    JS_NEMUCOD.MV - Threat Encyclopedia - Trend Micro USA


    I think you caught things in time. This downloader is noturious for bringing in Locky encryption ransomware, of which you don' t have.
      My Computer


  2. Posts : 1,481
    Windows 10 Pro 64bit 20H2 19042.844
    Thread Starter
       #32

    Computer Infection--Emergency!


    Flew, slows down a bit, so no clean install needed of Windows 10 and all other programs? Think I will still do clean install of Windows 10 Pro, just have to finish backing up all the personal pictures, mp3 files, and documents, I think I will feel safer that way, glad I caught it in time though before it got the Encryption ransomware though, that's a relief
    Last edited by AMDMan2016; 23 Sep 2016 at 12:34.
      My Computers


  3. Posts : 16,325
    W10Prox64
       #33

    AMDMan2016 said:
    Flew, slows down a bit, so no clean install needed of Windows 10 and all other programs?
    Really, at this point, I don't think it's necessary. Unless you find any ransom notes in any of your data folders:
    Code:
    _Locky_recover_instructions.txt
    The Locky Ransomware Encrypts Local Files and Unmapped Network Shares
    But if you're up to a clean install, that's always a good thing. :)

    I think you caught it in time. Not many people monitor their CPU usage and processes like you and I do. Those who do, see things as soon as they start to happen. Trojan downloaders need time to phone home, to find a site that's not been shutdown, wait for instructions, download the payload, and then execute. Mind you, all this can happen in a flash, but sometimes we get lucky, and we stop them in their tracks. Defender certainly did its job for you this time.

    It's likely this came in as an email attachment from a phishing email. If you use an email client (Outlook/Thunderbird, WindowsLiveMail, etc.), and have it sent to auto-preview messages, simply previewing a message can be enough to trigger the trojan. Other times you actually have to try to open the attachment for it to start downloading junk.

    If you can, I would use best practice for backups, the 3-2-1 method: 3 rotating backups, 2 taking turns being connected to the machine, and one off-site. The best backup method I have found is Macrium Reflect Free. It can be set to run automatically; images can be mounted and single files pulled off if needed. You can even automatically add Macrium to your boot menu. Plus if your hard drive bites the dust, a new drive can be imaged and you're back in business within a short amount of time. No installing of programs necessary.

    I will make a few suggestions for your computer security, if it's okay:

    You see that this (and most downloaders) download their payload(s) to the appdata/temp file directory and attempt to execute from there, so a program which prevents executable files from executing out of uncommon areas such as these would help. The one I use is:

    CryptoPrevent (free version)

    Firefox browser, with appropriate security settings in place (I can go into that in another post).

    Set your email client so it doesn't auto-preview, and never open attachments you are not expecting.

    Defender is good, and certainly saved your bacon this time. ESET NOD32 (paid) would be a step up, and you can find it a lot on sale at Newegg. They also have a 30-day trial if you want to test it out. It's one of my favs.

    Malwarebytes Antimalware: Free is good, but it's passive. If you can swing it, the Pro (paid) version is active protection, and their beta anti-ransomware module will be rolled into the Pro version as soon as it's out of beta.

    SuperAntiSpyware Free: another passive one, clearing tracking cookies and some malware.

    MBAE Malwarebytes Antiexploit: free version provides protection for exploits against your browsers. The paid version provides protection for all internet-facing applications on the computer.

    Unchecky: prevent those unwanted PUPs and PUMs from installing along with other software.

    A layered approach is required, as each program has its niche/specialty.
      My Computer


  4. Posts : 1,481
    Windows 10 Pro 64bit 20H2 19042.844
    Thread Starter
       #34

    Yes, money wise not much due to being disabled, but i'lll see what I can swing, might try Firefox browser, up for a Clean install, and with 10 it doesn't take that long to do, not sure if I can set Windows 10 Mail app to not preview email messages or not, but i'll check on that as well, I got a lot of files, I spend most of my time gaming, or in Secondlife game, or doing some other tasks at times. So Clean install won't be too much trouble I guess
      My Computers


  5. Posts : 16,325
    W10Prox64
       #35

    Understood. Use the free versions where you can, and set reminders to run scans on a regular basis yourself.

    It's unfortunate that we're not able to get the flagged items form the ESET online scan. Reading here:
    JS/Nemucod
    The Nemucod family also try to download password stealers and information grabbers. Might want to keep an eye on your email addresses at these 2 sites:
    Find the source of your leaks
    Have I been pwned? Check if your email has been compromised in a data breach
    And, if you use yahoo mail, be sure to change your password now. Their 2-year-old hack has been put up for sale on the dark web.

    Also, make sure you do not re-use passwords. A password manager like LastPass will help you with that.

    Let me know when you're ready to setup Firefox, and we'll detail that out.
      My Computer


  6. Posts : 1,481
    Windows 10 Pro 64bit 20H2 19042.844
    Thread Starter
       #36

    Yeah will change all the passwords after the clean install I think might be best option right now, I don't reuse any passwords, mine are usually 8-10 characters or more long, or longer---remembering them is hard part at times, but I do pretty well so far with most of the passwords.

    Will let know when i'm ready to setup firefox and see if I like it, I might, but not sure yet, never used any other browser except IE, but for now just make sure I got the files I can't lose backed up, then find WIndows 10 Pro 64bit flash drive, and proceed with clean install, then should be feeling safer, and install the suggested security items, and hopefully all good
      My Computers


  7. Posts : 16,325
    W10Prox64
       #37

    Get the latest one here:
    Windows 10 ISO

    Listen (don't tell anyone, but) I was a die-hard IE user for many years.
      My Computer


  8. Posts : 258
    Windows 10
       #38

    simrick said:
    Get the latest one here:
    Windows 10 ISO

    Listen (don't tell anyone, but) I was a die-hard IE user for many years.
    Computer Infection--Emergency!-tumblr_nis415hk8o1u5bhboo4_1280.jpg
      My Computer


  9. Posts : 2,979
    Windows 11
       #39

    simrick said:
    Therein lies your problem.

    I use Firefox for my main browser, as it is the most customizable and therefore safest browser. I have browser add-ons (like Flash and Java) set to "ask to activate", I have another add-on which shall remain unnamed (per forum rules), I use WOT to evaluate web-searched sites for safety, I use OpenDNS DNS Servers on my NICs to prevent navigating to known bad sites, I use LastPass Password Manager and only log into it when needed, I do not login to the browser to "sync" anything, and I have MBAE for zero-day browser exploit mitigation. All this, plus anti-virus, anti-malware, anti-spyware and CryptoPrevent. Knock wood, I have never had anything my system yet, (save one worm from an infected computer I was cleaning for someone, and forgot to turn my system off at the time - an image restoration solved that problem quickly), and I do a lot of searching in order to answer threads on this forum.
    Sorry to hijack, but is CryptoPrevent a good all round AV supplement? It can apparently protect against viruses other AV's can't...

    I see that you don't use EMET. I'm trying to find the answer as to whether I should move it on and use MBAE premium instead. Apparently EMET in use with Windows 10 has a secondary login vulnerability but I don't fully understand what that is.

    EMET can protect any app on your machine, can MBAE premium do close to that?
      My Computer


  10. Posts : 16,325
    W10Prox64
       #40

    Kol12 said:
    Sorry to hijack, but is CryptoPrevent a good all round AV supplement? It can apparently protect against viruses other AV's can't...
    CryptoPrevent: Does it work? - Anti-Virus, Anti-Malware, and Privacy Software
    Wouldn't be without this program.

    Kol12 said:
    I see that you don't use EMET. I'm trying to find the answer as to whether I should move it on and use MBAE premium instead. Apparently EMET in use with Windows 10 has a secondary login vulnerability but I don't fully understand what that is.
    Seems MS patched that vulnerability in February.
    Attackers can turn Microsoft's exploit defense tool EMET against itself | PCWorld
    Still, I prefer MBAE.

    Kol12 said:
    EMET can protect any app on your machine, can MBAE premium do close to that?
    From what I understand, MBAE Pro can be configured to protect all internet-facing applications on the machine.

    Frequently Asked Questions - Malwarebytes Anti-Exploit - Malwarebytes Forums

    How to verify that MBAE is working correctly - Malwarebytes Anti-Exploit - Malwarebytes Forums

    And here's an interesting thread to read:
    MBAE and EMET - Anti-Virus, Anti-Malware, and Privacy Software


    .
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:47.
Find Us




Windows 10 Forums