Koobface Virus

Earlier today my computer got completely jammed.
I had a notice on the screen telling me not to close my browser or restart.
It gave me a toll free number to call.
I called it and ended up going through a series of clicks, as instructed by a guy with a very peculiar accent which I could not identify.
He pronounced his v's as w's like freakin' Dracula.
He asked me for a few numbers, which I gave him.
He asked if this was a personal or business computer and what I use this computer for.
I told him it is a personal laptop and I use it primarily for watching Mexican midget porn.
Do you use it for any banking transactions, he asks.
I tell him no.
I give him access to my computer and for several minutes I see screens of code flashing by.
He asks me if I am communicating with anyone in Russia or Afghanistan.
I tell him no.
He tells me I have a virus called "koobface."
I ask him how do we fix the problem.
He gives me a pitch. Long story short, it's going to cost 200 bucks.
I say sorry, Charlie. I'll just have to go without a computer.
Have a good day.
Now my computer is working fine.
Whiskey Tango Foxtrot just happened?

originally posted by: skunkape23
Earlier today my computer got completely jammed.
I had a notice on the screen telling me not to close my browser or restart.
It gave me a toll free number to call.
I called it and ended up going through a series of clicks, as instructed by a guy with a very peculiar accent which I could not identify.
He pronounced his v's as w's like freakin' Dracula.
He asked me for a few numbers, which I gave him.
He asked if this was a personal or business computer and what I use this computer for.
I told him it is a personal laptop and I use it primarily for watching Mexican midget porn.
Do you use it for any banking transactions, he asks.
I tell him no.
I give him access to my computer and for several minutes I see screens of code flashing by.
He asks me if I am communicating with anyone in Russia or Afghanistan.
I tell him no.
He tells me I have a virus called "koobface."
I ask him how do we fix the problem.
He gives me a pitch. Long story short, it's going to cost 200 bucks.
I say sorry, Charlie. I'll just have to go without a computer.
Have a good day.
Now my computer is working fine.
Whiskey Tango Foxtrot just happened?

One of the new scams.There is basically nothing wrong with the PC . It was planted on your PC then you are asked to contact the exact group that put it on your PC. No telling what the script did.Might want to load an antivrus program and keep it active and updated. A free internet security suite is Comodo.

You are infected with some very weak and old school ransomware. You're sort of lucky that your computer didn't encrypt and lock you out - as that what more modern versions do. It's an epidemic currently and even police departments in the US will pay, rather than having their databases forever encrypted. ( Despite the paranoia in the conspiracy community, modern encryption is enough that it would take longer than the lifespan of the Universe to crack strong encryption with the tech of today.

The best thing you can do is wipe the drive and reinstall your O/S from scratch. Do a hard format - an overwrite. Do not use the "quick format". That should fix things.

Again, be thankful. The more modern variants also prevent you from doing a hard wipe.

a reply to: Gothmog
He did comment that my processor is working very well and asked what "anti-wirus" software I was using.
I told him Malwarebytes and Avira.
He told me those did not block "koobface."
I would have to buy his "Windows" security to fix the problem.

a reply to: skunkape23

Just get a good (free) antivirus if you don't have one. The avast free antivirus is probably OK.

The guy you spoke to may also be the person who infected your machine. If you installed any software that gave him access, uninstall it.

Update all your antivirus software and scan your PC.

If it is a Windows PC, then get these programs from BleepingComputer website and run them in the sequence given:

RKill
TDSScleaner (from Kaspersky)
ADWcleaner
JRT (Junkware Removal Tool)
SuperAntiSpyware

After running them, you can uninstall them, once you know your system is clean. You can download a program called DelFix from BleepingComputer that will clean up/uninstall them for you.

There is also a powerful anti-malware program called ComboFix on the site but I would advise against using it if you are new to the malware removal business. Please checkout the forums on BleepingComputer and get advice before running it (It can stuff up your PC in some instances).

originally posted by: skunkape23
I give him access to my computer and for several minutes I see screens of code flashing by.

WHAT were you thinking!?

Seriously mate?

All he has to do is upload some kiddie pr0n to your PC, then he can blackmail you for as much as you've got.

If he's good, it'll be next to impossible to detect whether you yourself didn't download the kiddie pr0n yourself.

Dear oh dear. *shakes head*

EDIT TO ADD: (So that it sinks in)

Worst case senario is you get jailed for downloadin indecent images of children - and you know how all inmates love child molesters. Please be more CAREFUL.

originally posted by: socketdude

originally posted by: skunkape23
I give him access to my computer and for several minutes I see screens of code flashing by.

WHAT were you thinking!?

Seriously mate?

All he has to do is upload some kiddie pr0n to your PC, then he can blackmail you for as much as you've got.

If he's good, it'll be next to impossible to detect whether you yourself didn't download the kiddie pr0n yourself.

Dear oh dear. *shakes head*

I appreciate your concern.
I took steps to cover my ass on that one.
The telephone conversation is recorded and I captured screen video of the whole thing.
My guess is the guy on the other end saw that I was a dead hit and was cool enough to remove the bug.
Everything seems to be ticking along fine now.

a reply to: skunkape23

Well that's a start.

Although, I'd say with the scripts being executed on your computer, I'd say it's safe to assume your PC is part of a botnet now. I'd follow the previous posters advice on deinfecting your PC....

But after that, I probably wouldn't feel comfortable using your PC unless the whole HDD is reformatted, with a fresh install.

Never call that number. Never give anyone you don't know access to your computer. It's possible they have software on your computer right now that can give them information on everything you do, including any online banking.

Honestly, reformat the whole drive. ASAP.

a reply to: OccamsRazor04
I only bank online with a prepaid Visa and I only charge it with the amount I am going to spend.
There is no account for anyone to loot.

a reply to: skunkape23

Even if identity theft is not an issue, reformat. A very small executable could connect your computer to a botnet and then be used, without you even noticing, in any number of attacks on other systems or as a proxy ( middleman ) for illegal purposes.

IE... some jerk hijacks your machine, sets up a proxy and maybe DDoS attacks the Pentagon, or sets up a kiddie porn server... and it all comes back to YOUR address.

These are just two very real and very potential dangers. The list is much longer. Best practice would be to hard reformat your HD - without backing up any software - and, if it were me, I'd actually do a full overwrite of the drive at least twice before using it again.

originally posted by: skunkape23
a reply to: OccamsRazor04
I only bank online with a prepaid Visa and I only charge it with the amount I am going to spend.
There is no account for anyone to loot.

Well, I offered my advice, what you do with it is out of my control You gave access to your computer to someone who is a criminal. I would format.

a reply to: skunkape23

A similar scam happened to my mom. Just find the best rated computer repair guy in your area, and explain what happened. They can scan your computer and probably make sure there's no hidden malware or whatever on you computer, or they can get rid of it if there is. Whether or not they will give you a strange look when they find all of your files of Mexican midget porn, though, I'm not certain!

Dang, not cool. Could be a hacker or just a college kid getting paid under the table to create problems for a company to fix. Sounds like the latter.

I would second the nuclear reformat option at this point.

The crappy thing about viruses and Anti-virus, is the program only knows what to look for if it has been reported to their servers, then they update definitions for your program to find.

They can find worm1 by name, but then someone writes worm2 and it gets through scans.

I would pull any docs you wanna keep off and reformat asap. I would not log on anywhere. I would disconnect from the internet asap to be safe.

If you ever get a website try and lock out closing, don't click anything, even if it's asking you to close. Close doesn't always close in dialog pop-ups, it might just install garbage instead.

If you right-click your taskbar, open task manager, kill the browser from there, you will usually be safe.

You are asking for more trouble in the future.
I conclude you´re not that dumb and just messed with him.
But leaving your machine with corrupted software...
And trusting that the guy removed everything...
...is asking for trouble.

ive had these before ,,when the window pops up that displays the number to call press alt,ctrl, and delete then start task manager.
task manager will show you what applications are running, you can right mouse click and end task (but before ending task see if it gives you file location as option as this will point you directly to the file)

if you did not have a file location option (some hide well)
then a systematic check of your files in usual download places like downloads,documents, BUT USE THE DATE OPTION
so you can browse the files by the date installed ,this will take time i think it took me 3 days once .

but im sorry op you allowed them access ,your system is compromised ..i would advise a new hard drive

Op, why exactly did you call this number, this couldn't have possibly seemed legitimate?

a reply to: stuthealien

Many of these viruses include basic self-replication. In the easiest cases it simply means that there is a hidden file, somewhere in your Windows system that simply reinstalls the virus .exe every time you reboot your system. In the worst case scenario these files can change their names, write their code into ( or outright replace ) vital O/S files, masquerade as .dll files in your Win86 directories, and so on.

Malwarebytes ( free version ) in chameleon mode is really good at rooting out most things. If the OP is more tech savvy a program like GMER also would help to try and clean.

BUT... the OP has already given remote access to his system to a black hat hacker. One with an accent, if I recall, was potentially Russian or Ukrainian. That area of the world ( including China, India, and Pakistan ) are the current hot beds for this sort of infection. Those Nations tend to be fairly liberal toward allowing highly illegal cybercrimes to occur on their soil ( China doesn't care if one of their citizens jacks up a few Americans - but if a Chinese citizen unleashes a virus that causes China hassle also? Well they did put the author of the Melissa virus to death ).

The second the op allowed the remote access - almost all options other than total wipe became pointless.