FYI reemergence of a nasty Trojan "deepdive" disguises itself as "System Tool 2011"

Great description on You Tube here

http://www.youtube.com/watch?v=XhUEGHi8AMQ


And it puts this awful background with crappy English on your computer




Malwarebytes removes it in safe mode, then you have to rescan in normal start up mode once it finds the Trojan.

Nasty fuckers. I just burned it out of a critical system here. Hidden in an image in an email, and the sender doesn't even know it was in there.

Malwarebytes in safe mode was the only salvation. It blocks every executable file. Nasty indeed.

"could break your life!" though :).

We had a great laugh at that, but this one was different from the fake anti-virus going around, Iobit 360 and Emco didn't get it which surprised me, but I found the file in safe mode and deleted it. Last time these guys were using files in Application data, now it's moved.

it's in the video for the rest of us geeks.

And talked about 4 more through it on the phone

Linux rules.

but hey, I'm posting from Ubuntu 10.10 dual booted with Crunchbang Statler, and my desktop is always my photos, not some hyped up rogue anti-spyware BS.

And they've all been Windows PC's.

The only time I have to clean anything of the sort is off of other people's machines.

Piece of piss to get rid of - restart in safe mode & delete the folder in the C:\Users\All Users\ folder with the glaringly obvious random string of letters & numbers, reboot & do a full AV scan.

1 guy at work got it on 3 different computers (his, his wife's & his son's), the only thing they all seem to have in common though is that they'd all recently visited facebook, otherwise there were no similarities in their browsing behaviour. I'd guess that it gets dropped by a rogue script or advert on facebook (at least in the cases I've seen).

What's really bad though is that all the computers had antivirus running, none of them were the usual expired OEM install of McAfee or Symantec crap. All the antivirus software was up to date but they still managed to miss the initial infection.

After 'getting rid of it.', I created another user account to make sure. It was a pain.

And when I do these PSA's I get shit most of the time.


I do not understand the lack of information being spread about important shit like this.


Meh meh and meh.

occurs to me to post anything about it here.

Maybe it's the way I feel about Du that makes me care about this shit.

It pretty much shuts everything down, no internet etc...

and don't get to remove this from 4 or 5 computers a week.

I hate these. The really fuck up your system. Kill your admin rights, disable msconfig, disable right clicking, disable system restore, if I weren't a power user trojans like this would have knocked me out a couple of times...

I recommend Combofix.

It is updated pretty much daily and I have yet to encounter something it couldn't clean when used properly.

or MWB in safe mode.


And it amazes me people are unreccing this, DU is certainly pushing my 'end help' button.

Combofix doesnt work on vista or 7 that may have changed though I havent checked in a while. This thing is ridiculously easy to get rid of though Combofox is overkill for this one IMHO.

its freakishly easy to get rid of but thanks for the video I am sure it wil help many. I almost feel bad charging people to remove this thing its so easy.