Just had a run-in with the 'System Security 2009' Trojan

santamargarita

(1000+ posts) Send PM | Profile | Ignore

Sun Jul-12-09 10:30 PM
Original message

Just had a run-in with the 'System Security 2009' Trojan

This thing hijacks your computer and starts scanning for Trojans. You have to start up in safe mode then follow the directions: http://www.411-spyware.com/remove-system-security-2009. I fairly certain I got it from a free CD ripper I downloaded - which is gone now.

It's about like George Bush wanting Henry Kissinger in investigate 911.

Refresh | 0 Recommendations

Printer Friendly | Permalink | Reply | Top

Why Syzygy

(1000+ posts) Send PM | Profile | Ignore

Sun Jul-12-09 11:48 PM
Response to Original message

1. Was it "audiograbber"

do you know? I've always safely used it. But just downloaded it yesterday on my clean system and haven't installed yet. Or do you know what ripper it was?

Printer Friendly | Permalink | Reply | Top

santamargarita

(1000+ posts) Send PM | Profile | Ignore

Mon Jul-13-09 07:59 AM
Response to Reply #1

2. I can't prove it, but it always wanted me to check for an update

Here is where I got it: http://www.innosetup.com

Printer Friendly | Permalink | Reply | Top

EvolveOrConvolve

(1000+ posts) Send PM | Profile | Ignore

Mon Jul-13-09 05:00 PM
Response to Reply #2

3. I've been using JR's software for years

and never run into any sort of problem. And, I'd never heard of him releasing an audio ripping application, and a quick perusal of his site shows that he doesn't offer one. His applications are used by us uber-nerds that are software developers to make our lives easier.

Are you sure that you haven't had your hosts file hijacked, or some other nasty thing that is causing your problem?

Printer Friendly | Permalink | Reply | Top

Why Syzygy

(1000+ posts) Send PM | Profile | Ignore

Mon Jul-13-09 05:15 PM
Response to Reply #2

4. Have you used any new malware removers

Edited on Mon Jul-13-09 05:17 PM by Why Syzygy

or free scanners lately? Still looking, but ...

In March 2009, we notified our customers on a new variant of the infamous Vundo trojan family which we detected as Ransom-F and raised its risk assessment to a Low-Profiled threat. It was possibly the first indicators of a shift in the FakeAlert criminal model from instilling fear, to holding information technology resources for ransom but certainly not the last.

Last week, we came across to a new variant of a rogue security program branded by its creators as “System Security 2009″ and detected them as FakeAlert-CO, and some of its past similarly branded cousins as FakeAlert-SystemSecurity.

The updated variants were discovered from a web page hosted on trustedw{blocked}security.com.As most other rogue security programs to date, FakeAlert-CO displays spurious alerts and making fraudulent claims of infections that requires the user to pay a fee to “repair”. Following the trend of Ransom-F, we noticed “new features” in FakeAlert-COthat resembles some common characteristics of ransomware trojans.

Once installed, FakeAlert-CO may either terminates all running user process or prompts the user to reboot. (...)

http://www.avertlabs.com/research/blog/index.php/2009/05/12/fakealert-trojan-holds-systems-for-ransom/

Printer Friendly | Permalink | Reply | Top

DU AdBot (1000+ posts)

Mon Jan 06th 2025, 08:44 PM
Response to Original message

Advertisements [?]

Top

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.