Page 4 of 6 FirstFirst ... 23456 LastLast

  1. Joined : Apr 2015
    Posts : 9,150
    W10Prox64
       23 Sep 2016 #31

    Slow down. It's a trojan downloader. It doesn't spread, it downloads other stuff.
    JS_NEMUCOD.MV - Threat Encyclopedia - Trend Micro USA


    I think you caught things in time. This downloader is noturious for bringing in Locky encryption ransomware, of which you don' t have.
      My System SpecsSystem Spec


  2. Joined : Jan 2016
    Gibraltar
    Posts : 150
    Windows 10 Pro 64bit 1607 14393.693
       23 Sep 2016 #32

    Computer Infection--Emergency!


    Flew, slows down a bit, so no clean install needed of Windows 10 and all other programs? Think I will still do clean install of Windows 10 Pro, just have to finish backing up all the personal pictures, mp3 files, and documents, I think I will feel safer that way, glad I caught it in time though before it got the Encryption ransomware though, that's a relief
    Last edited by AMDMan2016; 23 Sep 2016 at 12:34.
      My System SpecsSystem Spec


  3. Joined : Apr 2015
    Posts : 9,150
    W10Prox64
       23 Sep 2016 #33

    AMDMan2016 said: View Post
    Flew, slows down a bit, so no clean install needed of Windows 10 and all other programs?
    Really, at this point, I don't think it's necessary. Unless you find any ransom notes in any of your data folders:
    Code:
    _Locky_recover_instructions.txt
    The Locky Ransomware Encrypts Local Files and Unmapped Network Shares
    But if you're up to a clean install, that's always a good thing.

    I think you caught it in time. Not many people monitor their CPU usage and processes like you and I do. Those who do, see things as soon as they start to happen. Trojan downloaders need time to phone home, to find a site that's not been shutdown, wait for instructions, download the payload, and then execute. Mind you, all this can happen in a flash, but sometimes we get lucky, and we stop them in their tracks. Defender certainly did its job for you this time.

    It's likely this came in as an email attachment from a phishing email. If you use an email client (Outlook/Thunderbird, WindowsLiveMail, etc.), and have it sent to auto-preview messages, simply previewing a message can be enough to trigger the trojan. Other times you actually have to try to open the attachment for it to start downloading junk.

    If you can, I would use best practice for backups, the 3-2-1 method: 3 rotating backups, 2 taking turns being connected to the machine, and one off-site. The best backup method I have found is Macrium Reflect Free. It can be set to run automatically; images can be mounted and single files pulled off if needed. You can even automatically add Macrium to your boot menu. Plus if your hard drive bites the dust, a new drive can be imaged and you're back in business within a short amount of time. No installing of programs necessary.

    I will make a few suggestions for your computer security, if it's okay:

    You see that this (and most downloaders) download their payload(s) to the appdata/temp file directory and attempt to execute from there, so a program which prevents executable files from executing out of uncommon areas such as these would help. The one I use is:

    CryptoPrevent (free version)

    Firefox browser, with appropriate security settings in place (I can go into that in another post).

    Set your email client so it doesn't auto-preview, and never open attachments you are not expecting.

    Defender is good, and certainly saved your bacon this time. ESET NOD32 (paid) would be a step up, and you can find it a lot on sale at Newegg. They also have a 30-day trial if you want to test it out. It's one of my favs.

    Malwarebytes Antimalware: Free is good, but it's passive. If you can swing it, the Pro (paid) version is active protection, and their beta anti-ransomware module will be rolled into the Pro version as soon as it's out of beta.

    SuperAntiSpyware Free: another passive one, clearing tracking cookies and some malware.

    MBAE Malwarebytes Antiexploit: free version provides protection for exploits against your browsers. The paid version provides protection for all internet-facing applications on the computer.

    Unchecky: prevent those unwanted PUPs and PUMs from installing along with other software.

    A layered approach is required, as each program has its niche/specialty.
      My System SpecsSystem Spec


  4. Joined : Jan 2016
    Gibraltar
    Posts : 150
    Windows 10 Pro 64bit 1607 14393.693
       23 Sep 2016 #34

    Yes, money wise not much due to being disabled, but i'lll see what I can swing, might try Firefox browser, up for a Clean install, and with 10 it doesn't take that long to do, not sure if I can set Windows 10 Mail app to not preview email messages or not, but i'll check on that as well, I got a lot of files, I spend most of my time gaming, or in Secondlife game, or doing some other tasks at times. So Clean install won't be too much trouble I guess
      My System SpecsSystem Spec


  5. Joined : Apr 2015
    Posts : 9,150
    W10Prox64
       23 Sep 2016 #35

    Understood. Use the free versions where you can, and set reminders to run scans on a regular basis yourself.

    It's unfortunate that we're not able to get the flagged items form the ESET online scan. Reading here:
    JS/Nemucod
    The Nemucod family also try to download password stealers and information grabbers. Might want to keep an eye on your email addresses at these 2 sites:
    Find the source of your leaks
    Have I been pwned? Check if your email has been compromised in a data breach
    And, if you use yahoo mail, be sure to change your password now. Their 2-year-old hack has been put up for sale on the dark web.

    Also, make sure you do not re-use passwords. A password manager like LastPass will help you with that.

    Let me know when you're ready to setup Firefox, and we'll detail that out.
      My System SpecsSystem Spec


  6. Joined : Jan 2016
    Gibraltar
    Posts : 150
    Windows 10 Pro 64bit 1607 14393.693
       23 Sep 2016 #36

    Yeah will change all the passwords after the clean install I think might be best option right now, I don't reuse any passwords, mine are usually 8-10 characters or more long, or longer---remembering them is hard part at times, but I do pretty well so far with most of the passwords.

    Will let know when i'm ready to setup firefox and see if I like it, I might, but not sure yet, never used any other browser except IE, but for now just make sure I got the files I can't lose backed up, then find WIndows 10 Pro 64bit flash drive, and proceed with clean install, then should be feeling safer, and install the suggested security items, and hopefully all good
      My System SpecsSystem Spec


  7. Joined : Apr 2015
    Posts : 9,150
    W10Prox64
       23 Sep 2016 #37

    Get the latest one here:
    Windows 10 ISO

    Listen (don't tell anyone, but) I was a die-hard IE user for many years.
      My System SpecsSystem Spec


  8. Joined : Jul 2016
    Posts : 264
    Windows 10
       23 Sep 2016 #38

    simrick said: View Post
    Get the latest one here:
    Windows 10 ISO

    Listen (don't tell anyone, but) I was a die-hard IE user for many years.
    Click image for larger version. 

Name:	tumblr_nis415HK8o1u5bhboo4_1280.jpg 
Views:	39 
Size:	107.3 KB 
ID:	102864
      My System SpecsSystem Spec


  9. Joined : Aug 2016
    Posts : 157
    Windows 10 64 bit, 1607
       24 Sep 2016 #39

    simrick said: View Post
    Therein lies your problem.

    I use Firefox for my main browser, as it is the most customizable and therefore safest browser. I have browser add-ons (like Flash and Java) set to "ask to activate", I have another add-on which shall remain unnamed (per forum rules), I use WOT to evaluate web-searched sites for safety, I use OpenDNS DNS Servers on my NICs to prevent navigating to known bad sites, I use LastPass Password Manager and only log into it when needed, I do not login to the browser to "sync" anything, and I have MBAE for zero-day browser exploit mitigation. All this, plus anti-virus, anti-malware, anti-spyware and CryptoPrevent. Knock wood, I have never had anything my system yet, (save one worm from an infected computer I was cleaning for someone, and forgot to turn my system off at the time - an image restoration solved that problem quickly), and I do a lot of searching in order to answer threads on this forum.
    Sorry to hijack, but is CryptoPrevent a good all round AV supplement? It can apparently protect against viruses other AV's can't...

    I see that you don't use EMET. I'm trying to find the answer as to whether I should move it on and use MBAE premium instead. Apparently EMET in use with Windows 10 has a secondary login vulnerability but I don't fully understand what that is.

    EMET can protect any app on your machine, can MBAE premium do close to that?
      My System SpecsSystem Spec


  10. Joined : Apr 2015
    Posts : 9,150
    W10Prox64
       24 Sep 2016 #40

    Kol12 said: View Post
    Sorry to hijack, but is CryptoPrevent a good all round AV supplement? It can apparently protect against viruses other AV's can't...
    CryptoPrevent: Does it work? - Anti-Virus, Anti-Malware, and Privacy Software
    Wouldn't be without this program.

    Kol12 said: View Post
    I see that you don't use EMET. I'm trying to find the answer as to whether I should move it on and use MBAE premium instead. Apparently EMET in use with Windows 10 has a secondary login vulnerability but I don't fully understand what that is.
    Seems MS patched that vulnerability in February.
    Attackers can turn Microsoft's exploit defense tool EMET against itself | PCWorld
    Still, I prefer MBAE.

    Kol12 said: View Post
    EMET can protect any app on your machine, can MBAE premium do close to that?
    From what I understand, MBAE Pro can be configured to protect all internet-facing applications on the machine.

    Frequently Asked Questions - Malwarebytes Anti-Exploit - Malwarebytes Forums

    How to verify that MBAE is working correctly - Malwarebytes Anti-Exploit - Malwarebytes Forums

    And here's an interesting thread to read:
    MBAE and EMET - Anti-Virus, Anti-Malware, and Privacy Software


    .
      My System SpecsSystem Spec


 
Page 4 of 6 FirstFirst ... 23456 LastLast


Similar Threads
Thread Forum
Solved Expert Network advice needed
He is what I have, three computer's on home network,they are hardwired to a Linksys Router. I can share files between them without problems. Have no cable where I live,use a Verizon Hotspot from my phone for internet. I use a Netgear WNDA3100...
Network and Sharing
Help and or advice needed
I am running Windows 10. I currently attach a hdmi cable from laptop to tv. Is it possible to stream one thing from laptop onto tv screen and simultaneously surf the net using laptop monitor? Thanks
General Support
Solved New memory advice needed
Since I'm going to install a new SSD in my lappy, I want to increase the memory also. I want to install 16GB, it has two slots. One has 8GB in it now. I looked on Crucial and there are four choices for 16GB kits. Which would be the best...
Drivers and Hardware
Complete newbie advice needed for win10 to go!
Hi guys please have paitence with me on the installation of Win10 on the go environment! I've been reading alot and have not yet put it into practice yet. Waiting for a USB3.0 Scandisk Extreme 32GB to be delivered I want to use on win10. I've...
Installation and Setup
backup tutorial/advice needed
i need to backup my complete pc as i am going to install the windows 10 preview. the trouble is that i havent got a usb hard drive. so how do i do this and what software do i use to do this?
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:42.
Find Us
Twitter Facebook Google+



Windows 10 Forums