This morning I had the unpleasant experience of this malware.
I'll describe it's behavior so you'll recognize it if it lands on your
computer.  It operates as a series of pop-up screens which mimic 
the look of Windows Security Center.  I ran a virus scan but nothing
showed up.  Still something just didn't feel right so I compared the
logos which were close, but not the same.  There were 6 or 7 warning
screens which eventually all lead to the pop-up requiring registration
for the latest updated Windows Security Center(?) - your first red
flag.  In the bottom right toolbar you'll see a red circle with a white X
as well as a shield which looks like the Windows Security Center icon.
It's tricky though, because it describes it's own behavior while IT's
happening.  Arrgg!!!  Another screen will start scanning for spyware,
it's bogus as well.  It's very confusing - just stay calm.  I tried going
to Microsoft's website but received a message "Navigation Blocked"
due to unstable internet browsing.  During all this, my system kept
shutting down and restarting.  I think you have enough here to
recognize it if it shows up.  The fix:

I ran Windows Defender 3 times only to have the malware come
back.  It seems it just keeps replicating itself.  I tried to reconfigure
the start-ups in MSCONFIG only to have the icons reappear upon
restarting.  Finally I disabled Windows Defender and downloaded
Computer Associates Anti Spyware which seems to have put an end
to the problem - perhaps!  Here is an example of what you might
see - but the messages I received were only similar in nature.


This trojan can also change your home page, default search engine,
internet security zone settings and enable ActiveX controls.  It's a 
ploy to get you to download it's rogueware and it attaches to the
registry.  It appears Windows Defender was unable to prevent this 
malware from reasserting itself.  A virus scan will not pick this up
because it's not really a virus - it's pop-up malware and requires
anti-spy software to remove it.  I hope this description helps should
you encounter this event.  Feel free to contact me if you have any
questions.

Home Sweet Home Florida Logo

Gail MacMillan Broker-Realtor®
Home Sweet Home Florida Realty, Inc.
At Home With Diversity (AHWD)
Certified Residential Specialist (CRS)
e-PRO Internet Certified (e-PRO)
Graduate Realtor Institute (GRI)
Relocation Specialist
Titusville, Florida
Cell: 321.544.6808

www.HomeSweetHomeFlorida.com   great website - check it out - pass it on
http://activerain.com/blogs/homesweethomeflorida  -  my blog

 
This post has been included in Florida Information Brevard County, FL Information
Post is included in group: Tech Corner
Post is included in group: RealtorsĀ®
Post is included in group: e-PRO Internet Technology
Post is included in group: Diary of a Realtor
Post is included in group: Active Rain Newbies

14 Comments on VIRUS - Trojan.Renos - SIGNS & SYMPTOMS - Not Fun!!!

JUN
17
2008
216,780 Points 1 Featured Post Outside Blog

Thanks for sharing - appreciate the warning & info Gail,

Sincerely,

Grace
10:05pm • #1

The misspelling of the word unauthorized would have sent up a red flag to me.  Spammers seem to be miserable spellers (LOL). Thanks for the heads up. 
11:32pm • #2

Gail,

Thanks for the heads up.  I have lost two hard drives over the years to malicious virus attacks.  I have little patience for anything in my computer other than what I wish to have there.  I appreciate your warning.
11:37pm • #3

Gail

The Windows anti-spyware is not very well respected. I use both ad-aware and Spybot Search and Destroy.
11:39pm • #4
JUN
18
2008
184,597 Points 5 Featured Posts Outside Blog

You're all welcome, thanks for your comments.  Everything seems to be working normally this morning so I'm assuming the little nasty has been removed from the registry as well.  I wish I knew how it got on my system in the first place.  I hadn't downloaded anything and don't open email where I don't know the sender.  I usually check the properties and then the internet.  Much of it is spam, but the kind where they're trying to get us to spend our hard-earned $$$ for their promises of great rewards.

Alyce - I thought about the misspelling and even though I didn't get that particular warning, I'm not sure with all that was happening, pop-ups coming and going, each with it's intended scare tactic, that I would have caught it anyways.  I was working really had to stay calm and remain solution oriented.
Hopefully it won't happen again, but if it does, I'll be ready(er)  :-)  Hey, maybe their spell check stopped working, just like this one on A|R  :-(
6:35am • #5
535,454 Points 11 Featured Posts Outside Blog

Gail, thanks for sharing this issue with us. For what's it worth, I dropped Defender long ago. I been using Grisoft AVG for a couple of years and really haven't had any issues.
1:19pm • #6
184,597 Points 5 Featured Posts Outside Blog

Thanks Steve - I've used AVG several years ago and always found it to be a very good program.  My internet connection is with Brighthouse cable and they have a partnership with Computer Associates which is free for their bandwidth subscribers.  It did quite well yesterday - after purging the trojan, it alerted me to another spyware on my system - one I did not choose to give up - StatCounter!  Did anyone here know StatCounter was considered spyware?  I'm curious because I dropped them once when I felt something odd about the ads I started getting.  I contacted them and they categorically stated no spyware from them!!!  Maybe it's 'cause they sorta spy on others ;-)
3:05pm • #7
309,644 Points 11 Featured Posts Localism Sponsor Outside Blog Hit Router

Thanks, Gail for the warning!  I have tons of programs like AVG, Norton, Spy Doctor, and so many more and they STILL find a way to sneak in.  Happy to hear it didn't do too much damage to you other than frustration!
6:52pm • #8
JUN
19
2008
184,597 Points 5 Featured Posts Outside Blog

Hi Leesa - I also blogged this on Reliberation and a member commented that he uses several ant-spy programs at the same time.  I'm curious about potential conflicts........any thoughts!
11:03am • #9
NOV
14
2008

I got this infection yesterday. It blocked AVG and Spybot from opening. Cox provides free Mcafee, so I went to the Cox site and when they re-directed me to the Mcafee site it would not open.  It kept rebooting me. Fortunatly I had recently cloned my disk. I installed the infected disk under my clone and AVG found the Renos trojan.  Deleting it did not fix the problem. I read on one site that this trojan probably originated in Russia. I had been Google searching for MP3s of a Russian singer I found on YouTube that I liked. This is when the trouble started.  I never click on any pop-up so I thought I was safe from this kind of attack.  Can anyone tell me if just clicking on a site from a Google search infect you?

 
John
10:23pm • #10
NOV
15
2008
184,597 Points 5 Featured Posts Outside Blog

John, I do think you can get infected by opening certain sites.  I was doing a search for a store called White House/Black Market.  I couldn't remember the name so I just put in White and Black...oh my...what I got was very unpleasant!!! This porn site that would not close down no matter how many times I hit the X button.  I was freaking out.  Had to shut down immediately, delete all cookies, history, run a scan, etc. to come back clean.  So, that's why I think we can get infected by opening certain sites.  Good luck!
8:12am • #11
123,511 Points

Thank you for your information.  Computer viruses are a real pain and sometimes are difficult to eradicate.  I run my anti-virus software often and find that it cleans several files each time (even in the same day).
9:26am • #12
184,597 Points 5 Featured Posts Outside Blog

Hi Jon - The weird thing about this Trojan is that the anti-virus programs I run didn't catch it.  It showed up on the Spyware check.  It was a hard one to eradicate and kinda spooky since it mimicked what you might see when you do get a virus, yet it was the virus.  There seems to be a differentiation between virus and malware and how they behave on your system. You would think if these people are so smart, they would be more productive than this and go earn a good living!  Strange bunch of people.  I went to the trouble of downloading Hijack This, ran their check, but by then the thing had been eradicated.  Thanks for stopping by...have a super weekend.
9:42am • #13
OCT
12

Ive used Avast for 9 years its free and has caught everything thrown at it
7:57am • #14

This blog does not allow anonymous comments
 
Arpic600px Rainmaker_large

Gail MacMillan - CRS, e-PRO, GRI ~ Titusville FL Real Estate Brevard County

Titusville, FL

More about me…

Home Sweet Home Florida Realty

Address: Titusville, FL, 32780

Office Phone: (321) 544-6808

Cell Phone: (321) 544-6808

Email Me

Living in Titusville is like living in the center of a perfect triangle. Close to the BIG CITY without the traffic. The excitement of the NASA SPACE PROGRAM right in your own backyard. The warm, exotic NATURAL BEAUTY which is the FLORIDA everyone wants to own a piece of - Welcome To My Florida World. I can help you find your HOME SWEET HOME in FLORIDA!



Links

Archives

RSS 2.0 Feed for this blog

Find FL real estate agents and Titusville real estate on ActiveRain.