seth1066
Content Type
Profiles
Forums
Events
Posts posted by seth1066
-
-
Did you tried booting in safe mode ?
Most of those fake anti-virus exe usually are stored in the user profile, so booting into safe mode shouldn't allow them to run and there you should able to create a new account. Then you'll need to try it in normal mode. If everything is ok, all you have to do is to backup only the needed files from the old profile.
I did that, but I don't know what other malware may have been installed. Currently, it has blocked MSSE from being implemented from any account, which leads me to believe there is something else on there. Before I deleted the infected user account, I ran the Kaspersky Rescue disk with fresh updates, which is a CD loaded O/S that scans the hard disk. It found nothing
0 -
http://www.bleepingcomputer.com/virus-removal/remove-windows-activity-inspector
http://www.remove-virus.net/windows-activity-inspector/
Google search seems to be throwing out plenty of hits. It goes without saying I can't verify if they are true, since I haven't had/seen the infection, but most of these sites are dated 16 May 2011.
My client got it on 16 May 2011 which leads me to the conclusion that, for now, google reflects websites created by the authors of the malware. I tried the second one that you listed, it's pay-to-fix.
It's only day 3, so none of the major anti-virus software players have anything on this, yet.
0 -
Anyone hit with this one? This incarnation calls itself, "Windows
Activity Inspector." Looks very slick and comes complete with Microsoft
logo.
Client had me out to fix it, but I'm more hardware than software. A
Google of "windows activity inspector" turned up zero hits from any
recognizable website, but plenty of ones I never heard of offering a
free scanning tool. The tool allegedly finds the threats, but doesn't
remove them with out a payment. Very slick operation, build the fake
anti-virus and have already googled to the top a bunch of sites that are
likely authored by the same people.
I guess I'm going to have to wait a few days to get a solution, since
this thing is only 48 hours old. The client wanted to just pay until I
told him his credit card will be charged in a former eastern block
country for a much larger amount and then sold.
If anyone has a solution, please post!
0 -
This scenario has worked also on 1 other machine before "Box A." But I'm a believer and I'll start over with an XP sandbox or PC. Good excuse for trying out VirtualBox which just won a poll in LifeHacker's HiveFive:Your problem is that you are using Windows 7 to slipstream SP3. You need to do it under XP. You can run XP using a Virtual Machine running in Windows 7 for this.
Why it worked on computer A was a fluke. It is well known that you cant integrate a service pack under Vista or Windows 7 due to it "breaking" the key.
http://lifehacker.com/5715803/best-virtual-machine-application-virtualbox
Thanks, -X-, much, much appreciated.
0 -
The OS is XP Pro SP2 with SP3 slipstreamed into nLite.
Which OS are you referring too? The one you you used to add SP3 or the ISO made?
Please attach your last session.ini to avoid any confusion.
XP Pro and a stand alone SP3 file.
0 -
I installed direct from the OEM disk to make sure it was not an incompatible key problem on the 2nd box which came from a different source
Not sure what you mean by this. Try to be a bit more specific. Step by step.
Let me see if I got your problem straight...
You made an ISO with key A and installed in on box A with no problems.
You then used PowerISO to edit winnt.sif (changing the CD key) in ISO above. Burned this ISO and attempted to install on box B. It stopped at the CD key screen of setup and said invalid key.
Am I describing your problem properly?
What happens if you try to use key A when you are at the invalid screen key of box B?
Maybe it's what Ponch said that "not all OEM keys work with all OEM cds". Try different keys, you have 4 I presume, at the enter key screen.
Finally, under what OS did you create the original ISO? XP, Vista, or Windows 7? Vista and Windows 7 "break" the key. I doubt you didn't use XP since you said the ISO worked on box A but I gotta ask just in case we have a fluke.
The OS is XP Pro SP2 with SP3 slipstreamed into nLite.
"You then used PowerISO to edit winnt.sif (changing the CD key) in ISO above. Burned this ISO and attempted to install on box B. It stopped at the CD key screen of setup and said invalid key." Correct. Didn't try key code "A" at that point in the install.
Then I used the OEM disk (without nLite) and did a successful fresh install from scratch on Box B using B key code just to verify that it wasn't a CD key compatibility issue, so key code "B" is good for my nLite XP Pro source CD.
0 -
Invalid key code (not sure this is the exact wording because, post nLite install failure, I installed direct from the OEM disk to make sure it was not an incompatible key problem on the 2nd box which came from a different source).That's what I said 6 posts ago
What exactly is the error you are getting when you rebuild/burn the ISO and try to install Windows?
0 -
What 2 files are you referring too?
LAST SESSION_U.INI & winnt.sif
I'm thinking what the real solution suggested is in the XP Pro file, change the CD Key in LAST SESSION_U.INI, which will use be used by nLite with the new CD Key when it burns the iso image.
0 -
was thinking I could change the "CDKey =" entry in LAST SESSION_U.INI to the next PC's key code, burn that CD and repeat for the rest. This didn't work for the second PC.
Please confirm that you restart with the original MS-XP files and load "modified" Last Session.ini, and not
take your resulting files and re-run nLite loading modified ini file.
+ not all OEM keys work with all OEM cds.
Didn't re-run nLite, I modified the two files within the first iso produced which you can do with the PowerISO burning software.
0 -
I'm using PowerISO so I just copied those two files to a different directory and in PowerISO deleted them from the .iso file list (the one shown before burning) and replaced each of them with the new ones with that boxes designated CD Key. Still got an invalid error. Thinking maybe it was a key that was for a retail install. I loaded the straight OEM disk and it installed fine.Just go into i386\winnt.sif and change the key there then rebuild the ISO.
I'd like to get this to work so each box will have its own key code specific "recovery" disk. Where am I going wrong? Rereading your suggestion, where whould I plug these new key values in prior to rebuilding the ISO, with nLite?
0 -
I recently acquired four PC's from a local government surplus sale to upgrade the family's aging W2K boxes. Two were missing hard drives and the other two had the drives wiped clean. All four have legitimate XP Pro COA stickers with key. I have a factory MS OEM XP Pro CD.
Is there some way to modify the setup files in the nLite .iso to reflect the key for each computer without having to go through the entire nLite process? IOW, I set up the first PC and was thinking I could change the "CDKey =" entry in LAST SESSION_U.INI to the next PC's key code, burn that CD and repeat for the rest. This didn't work for the second PC. Is there a way to accomplish this?
0
"New" Fake Anti-Virus "windows activity inspector"
in Malware Prevention and Security
Posted
Same thing here, locks out the normal desktop, hides the user settings, blocks task mgr. Client bought the machine second hand and didn't want me to reinstall the O/S because it came with some good software (no disks, of course). I'm going to reinstall the O/S from scratch, unless he wants his credit card data to end up in East Beserkistan the next time he buys something online.