Howards Inc., Coudersport, PA

www.howardsinc.net

J&J Auto Of Coudersport

J&J Auto Of Coudersport

J&J Auto Of Coudersport

J&J Auto Of Coudersport

Gleason Motors Coudersport

Northern Tier Trading Company

Northern Tier Trading Company

Coudersport Town-Wide Yard Sales

Coudersport Town-Wide Yard Sales

Elaine's Casual Cuts

Elaine's Casual Cuts

Vintage Bi-Plane Rides

Vintage Bi-Plane Rides

Do You Know: You can buy this marquee ad on Solomon's words for the wise for your business or event for only $10. per day! It's just one of the low cost advertising options available. Your ad is viewed 20,000 to 50,000 times every day. Email us for information on other ad locations.

Auction & Yard Sale Page

Saturday, January 19, 2013

Ransom Computer Virus Infection Spreading

Ransom Computer Virus Infection Spreading

There has been a recent computer virus outbreak that has been infecting an increasing number of computers.  This virus is installed through java by visiting an infected website.  The website may be a legitimate website and normally trustworthy but has been illegally modified to distribute the virus.

When a computer becomes infected by the Ransom Virus (aka: Police Virus and FBI Virus), the hard drive becomes encrypted by the virus.  The activities of the virus take affect after the computer has been restarted.  After you login (if your computer requires a login) you will be prompted with a screen notifying you that your PC has been blocked due to one of the reasons in a list it supplies.  The message states that you must pay a fine in order to regain access to your computer (usually $100, but has been seen as high as $500).  Your computer will become locked until the virus has been removed.  The information on the computer is at risk of being downloaded and used by the developers of the virus (including financial and personal information, usernames, and passwords).

The most common transmission methods of this virus include Software/Media Pirating Sites and software, P2P (Peer-to-Peer) Software, sites with streaming videos and music, social media websites, and gaming websites.  There is no set list of sites that are infected with the virus and once webmasters (or website owners) are aware of an infection, measures are taken to remove the virus to prevent further spread.

At the time of this post, the only known methods of removing the virus is to connect the hard drive to a 2nd computer that is not infected with the virus and scanning the hard drive using up-to-date virus scanners and malware scanners.  There have been some reports where even this option does not resolve the issue, resulting in the hard drive having to be erased and reinstalling windows.

Oracle (the creators of Java) have released an update to block the exploit being used by the virus.  The update is available from http://www.java.com/download.  To read the report from Oracle, please visit http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html.

If you have any questions or need assistance in removing this virus, please contact Nate Taylor at Hendo Computers by calling (814) 558-8170.

6 comments :

compuwizard said...

Another option and something that people should do anyways s to make an antivirus boot disk for there PC along with doing some sort of PC backup. If you get this virus or any other boot sector type bug, you cab use the boot disk to clean your hard drive prior to windows booting up. A good way to prevent getting these types of bugs is to make sure you update your operating system and have a good, updated anti virus program.

Anonymous said...

I just got my new dell laptop through QVC.They already have the latest versions of Java on them.And four years free anti-virus from trend micro.Tried to download it.Didn't realize I already had it.

Anonymous said...

Glad you shared that tidbit with us 12:51pm. What color sock sar eyou wearing today?

Anonymous said...

don't be a hater 1:22..

Eddie Orlowski said...

The files associated with this virus are 1.bmp, 1.jpg, cscrsss.exe Using windows 7 you can find these files in the following folders, My Computer/Local C/User's/Computer Name/AppData/Roaming

My Computer/Local C/User's/Computer Name/AppData/Local Now

My Computer/Local C/User's/Computer Name/Desktop

You may also find it in the registry under HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Run

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Run

Eddie O said...

First step in Avoiding being infected by this Virus is Disable Java From Startup, and running while Ones Internet Browser is open. You can do that by simply following these instructions below.

Turn Java Platform Off:

Turning Off Java by using, "MSCONFIG":

1.) Goto Start/Run/Msconfig2.) A Box will appear with options click Startup Tab.3.) Find Java, or JRe File Uncheck it click apply, and restart computer to take changes.

Turning Off Java using, "Internet Options":

1.) Click Tool's on Your Internet Browser.2.) A Menu will appear then click, Internet Option's.3.) The Internet Options Form will appear with options, Here you can adjust your security settings, and privacy settings also.4.) Click on the Advanced Tab. Here one will se a bunch of options to be checked, or unchecked. Scroll the list till one finds the Java, or Jre Name; and uncheck these options.

Turning Off Java using, "Registry":

1.) HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Run2.) HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Run3.) HKEY_LOCAL_MACHINE/Software/Microsoft/Java VM4.) HKEY_CURRENT_USER/Software/Microsoft/Java VM

Under this advanced tab you can also uncheck Enable Third Party Browsing Cookies, which will help with security on ones internet surfing. This tab also offers various security features, Use best of knowledge when editing any computer settings; and create a Backup.

Anyone with other information to add to this would be appreciated.

This is alil more info on the removal of this such Virus.

Department of Justice - Dialog Page Virus

Virus Inheritence - Virus Infects ones computer by executing through a Java Exploit/Bug, the Desktop will be taken over by a Dialog Page saying Department of Justice. It claims the computer has been monitored, and is now in the federal database, and that if one shall shut computer down; it will format the Hard drive. However that is not true at all, if you can find the files associated; and locations.

Files Associated with this Virus:

1.) 1.bmp 2.) 1.jpg or 1.Jpeg 3.) csrsss.exe

File Locations:

1.) My Computer/Local C/User's/Computer's Name/Desktop 2.) My Computer/Local C/User's/Computer's Name/APPData/Roaming 3.) My Computer/Local C/User's/Computer's Name/Local Now 4.) My Computer/Local C/Program Files

Registry Location:

1.) HKEY_CURRENT_USER/Software 2.) HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Run 3.) HKEY_LOCAL_MACHINE/Software 4.) HKEY_LOCAL_MACHINE/SoftwareMicrosoft/Windows/Current Version/Run

An alternative way to search these files is goto

Start/Run/1.bmp, Start/Run/1.jpg or 1.jpeg, Start/Run/csrsss.exe