Virus - Security

My OS is win 7 Prof 64 bit and I have Mcafee total protection. Also I use office 2007.  I use IE10.  Las tnight I ran a mail merge of emails of about 150 emails, and since it was a one page graphic file, prersumaly it was taking some time, so I left the pc on while Outlook sends all the emails.  And since I had McAfee, thus I was confident of any intrusions.
However, I was wrong, this morning my screen was frozen with a hacker demanding that he was from the FBI, etc and noticed that I was browsing porn sites and thus demanded payment of US$300 unlock my pc.  
Hope one of the Gurus can please advise  rookie how this could happen especially when the pc was on sending the emails thru Outlook.  Is there a security hold in IE10 or anything else that I should know to plug the holes in my pc securitywise.   Should I install additional firewalls like ZoneAlarm or some other.  I usually turn off my pc whenever not in use, except when it is running a virus scan or a program like Outlook.
Hope the Gurus can help to solve this problem.  Thank u.
jegajothyretiredAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aadihCommented:
Okay. The quickest and easiest solution: restore your PC to an earlier time.  Boot up in safe mode with command prompt, and type rstrui.exe to restore.  If this doesn't work, you are in for some rough ride.  Try the system restore.
0
Nick RhodeIT DirectorCommented:
That virus is usually what I call a drive-by virus when surfing the web.  Probably just finally kicked in on your pc.  You can boot the PC into safemode (Press F8 when booting the PC) and do a system restore to a point before getting the infection.  Once the system is restored I usually do the following.

Download these tools

CCleaner: http://www.filehippo.com/download_ccleaner/
TDSSKiller: http://www.bleepingcomputer.com/download/tdsskiller/
RogueKiller: http://www.bleepingcomputer.com/download/roguekiller/
Adwcleaner: http://www.bleepingcomputer.com/download/adwcleaner/
Malwarebytes: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

And run them in that order:

1) CCleaner
2) TDSSKiller
3) RogueKiller (scan, fix host, fix proxy, fix dns)
4) Adwcleaner: (Scan, Clean)
5) Malwarebytes: (download all updates and run a full scan)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
scrabyCommented:
to answer your question.  i've run across this and similar viruses lots of times but have never been able to understand how a seemingly protected system gets infected.  the strange thing is that a lot of the ones that i've run into do not have bad browsing habbits such as visiting malicous sites.

to get rid of it the suggestions above will work.  some of these bugs are easy to get rid of with system restore in safe mode and some really get a hold of your system where safe mode and even your shadow copies are infected (shadow copies is where system restore points are stored).  if you have a tough case you may need to take the drive out of the pc and run scans and work on it from another pc so that you are not booting off of it and bugs are not active.

your setup is not bad with mcafee and you shutting it off when not in use.  conclusion i've come to is that one protection method is not enough and all of these pretection methods such as norton, mcafee, kaspersky are not guaranteed 100%.  remeber these guys look for signs and traces of malicous activity.  they release virus definitions when they become aware of a bug, so sometimes by the time the definition is released it may be too late for some.

if you really want to get crazy you can get a gateway that scans all traffic such as any one of the sonic wall products, but you'll have to pay for this service, basically you replace your exising router with one of these products, purchase a comprehensive security package subscription that you pay for anually, and activate the service on the device, all traffic through your internet connection will then be scanned adding another point of protection on top of what you have installed on your devices.

i am not aware of any holes in outlook or it10 but you did pick up a bug somewhere. make sure your firewall is active, all your products are up to date, stay away from untrustworthy sites, and most importantly do not click on anything before reading what it says.  almost always these bugs need your permission to launch on your system and usually sneak in through a prompt or software install

you can also look into opendns.org, they do a good job of blocking traffic to funny places, it's free, just get an account, point your dns to them, pick the service level and how much control you want to have.

good luck
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

jegajothyretiredAuthor Commented:
Thank u everyone for your responses.  In response to Rhode, when I click on the links, there are so many bundled junk that I do not need wants to download also and it is a challenge trying to navigate and thwart all these unwanted programs.  I there any location, where they are just there all alone, plain vanilla.
0
aadihCommented:
Qs: Did you try system restore?  What happened?
0
Nick RhodeIT DirectorCommented:
There is a big blue button that says download exe in the middle :P

As for CCleaner, in the topright corner it will say download latest version.

Some malware/viruses will redirect you, so it just pops up to save or run, if it redirects you to a page, most likely its not the software.  Did you do the system restore yet?
0
jegajothyretiredAuthor Commented:
In response to NRode and Aadih, I did a system restore, to an earlier version, but the rogue program does come up sometimes locking my IE.  I also did a CCleaner of the latest version, and that did not help, but ran into problems of getting the exact softwares for the other suggestions, as there were so many redirects that it was a challenge trying to down load and install them, eg 2, 3, and 4.  I wonder if there any sites that will allow me to do a clean download without any redirects.  Thank u.
0
jegajothyretiredAuthor Commented:
In response to Scraby, can u please share with me the link to the site where it protects the connection, as u said in "a gateway that scans all traffic such as any one of the sonic wall products, ".  As I use so much of the internet, it gets scary for me that this could have happened to me, despite all the precautions that I take.  So an added prevention is better than a disaster.  Thank u.
0
scrabyCommented:
SonicWall is now owned by dell.  most of their devices are hardware firewalls.  their customre base is smb or soho all the way up to enterprise.  their starting point appliance is the tz105:

http://www.sonicwall.com/us/en/products/TZ_105.html

but remeber that thsi is not a $50 linksys router but a powerfull gateway with a full feature set of tools that allow you to do a lot.  it also includes subscription services for web filtering, av and anti-malware at the application level.  you will have to pay for these services anually and need to activate them in your device after purchase.  looks like the starting point for the device only is around $500 plus services that your select which the best choice is the comprehensive package which is about $230.

i wouldn't say sonicwall is exactly setup for home use but if you're willing to pay that much then this is a comprehensive solution that will work very well for you.

i found some better prices at firewalls.com, check out this link

http://www.firewalls.com/firewall/sonicwall-firewall/sonicwall-tz/sonicwall-tz-105/sonicwall-tz-105-wireless-n-totalsecure-1-yr.html

just remember that this device requires some knowledge to setup so you may want to pay support for help in setting up if you don't feel comfortable with it

i don't know of any other solutions but i'm sure their are plent out there.

you can also open an account at opendns.org, point your dns to them, and that will provide some protection against malware since they scan all dns entries and the sites they point at for malicous content and they will not let you visit sites that have been deemed unsafe by them.  this is a nice service that can be free and will protect all of your devices on your gateway.
0
jegajothyretiredAuthor Commented:
In response to scraby, thank u so much for taking time to answer my Q, and from the response I salute u for your technical knowledge just like all the others who responded.  I stand back in awe when I see such responses of the Experts and Gurus.  
Thank u also for the responses of all the other Gurus and Experts, thank u.
I did a system restore, but the problem persisted intermittently.  Then I tried the steps by NRhode.  It did take some time but it eliminated the problem,  although I have yet to run the last 2 on the list to complete the complete cure for this problem.
To NRhode, my humble obeisances for your solution.  Thank u.
0
jegajothyretiredAuthor Commented:
Thank u this solution worked.  Even without running the last 2 suggestions on the list, though I intend to run them all.  Thank u and I salute u for your expertise.
0
aadihCommented:
Great.  You got it nailed. :-(
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.