YouTube Compromised?

[DQuaN]

I've had four calls from customers in the last two days who have had the 'Metropolitan Police' virus. When I asked each of them what they were doing when they got this virus, they all replied that they were watching YouTube.

Hackers normally try to inject malicious code into badly written or unsecured websites but I can't believe that they've managed to compromise YouTube!

Has anyone else had any issues?

 

[LMSCorvetteGT2]

I've had four calls from customers in the last two days who have had the 'Metropolitan Police' virus. When I asked each of them what they were doing when they got this virus, they all replied that they were watching YouTube.

Hackers normally try to inject malicious code into badly written or unsecured websites but I can't believe that they've managed to compromise YouTube!

Has anyone else had any issues?

What is the Virus exactly, I watched youtube the past three nights don't seem to have issues.

 

[Eks]

No, I have not had any problems, thankfully.

What is the Virus exactly?

Apparently, it freezes the computer with messages like "Your Personal Computer has been blocked due to unauthorized activity" and such, asking you to pay a fine via Ukash within 48 hours. I've also read some posts on the Norton Antivirus forums saying it is very hard to get rid of, even in safe mode.
Luckily, I haven't had to find out.

This link explains what it is and what it does fairly well: Link.

Metropolitan Police Virus (also called Your Personal Computer has been blocked Virus ) is another variant of infamous Ukash virus that blocks targeted computer systems and tries to get money from their users. Don’t be fooled by this virus. It is a scam that uses the name of Metropolitan Police and blames you for breaking the law by watching and distributing pornographic content files. Just like other ransomware, it tries its best to scare innocent users and extort money from them. Once installed, it changes your Windows registry and adds its malicious files to run at start-up, thus whenever you try to log on into your Windows operating system or even in safe mode, you will get a virus page instead of your desktop icons saying that “Your Personal Computer has been blocked” and “THE WORK OF YOUR COMPUTER HAS BEEN SUSPENDED ON THE GROUNDS OF Unauthorized Cyberactivity.” It also shows some screenshots from the webcam on the virus page and makes users into thinking their actions can be recorded and transferred to the Police database. However, please don’t believe in that because it is a hoax and none of official institutions will use such methods as blocking computer’s screen remotely.

 

[Grayfox]

What is the Virus exactly, I watched youtube the past three nights don't seem to have issues.

It is also known as the FBI scam, NSA scam, AFP(australian Federal Police) scam.

Basicly it says you were doing something illegal and your PC is now locked and you need to pay $100 or so to unlock it.

I have seen alot of PCs being infected lately with this thing.

It is not youtube that is the issue.

I run my PC with no Antivirus or anti spyware and i have never been infected.

Why?

I keep Java, Flash or any other plug in up to date while making sure I have no old versions on my PC.

I also run adblock plus so I get no ads that can give you this crap.

The average person does not really update flash or java and they wonder why they get infected with scamware.

Here are some pics of this virus

Only way to remove this thing is to start in "Safe mode with command prompt"
Things to know, the explorer.exe process is infected with the virus so even safe mode does not work, you will need a program like combofix to remove it and you need to know some command line commands.

 

[DQuaN]

I'm guessing there are some links in descriptions that are causing it. There is no way they could have infected YouTube.

The current version is great as it uses the webcam to take a picture of the user and displays it to them! It really freaks people out!

 

[LMSCorvetteGT2]

Oh I should have know this is like the FBI Moneypak Virus. I've dealt with it before and removed it.

 

[Luminis]

This sort of stuff has been going around in Germany as well. Caught that virus on my old laptop, too, about a year or so ago. I don't think it's caught by just watching videos on YouTube. There are dozens upon dozens of comments containing suspicious links that will surely cause some sort of virus to infiltrate your system.

Back then, my laptop got infected because my ex-girlfriend accepted a link that was sent via AIM or whatever. Thought it was another ex of mine and, distrustful as she was, clicked the link Hard to get rid of that thing indeed. I don't even know how I did it eventually, to be quite honest.

 

[TB]

Figures. I read this thread and not 5 minutes later I have a user with this sumbitch.

Can't get it to boot into SafeMode to even begin to remove it, either. Would slaving it to another machine be a wise course of action?

 

[Carlos]

This is happening in the Netherlands too. People get a warning saying they have downloaded something illegal, and they have to pay atleast 100 Euros with a debit card to pay their fine otherwise they'll get caught (or something). It's in name of 'BREIN'.

My mother talks a lot to people who fell for it, she works in a store where those debit cards are sold.

 

[Grayfox]

Figures. I read this thread and not 5 minutes later I have a user with this sumbitch.

Can't get it to boot into SafeMode to even begin to remove it, either. Would slaving it to another machine be a wise course of action?

Use safe mode with command prompt.

Only way

And do not start the explorer.exe process.

You must navigate with the CLI.

 

[DQuaN]

Figures. I read this thread and not 5 minutes later I have a user with this sumbitch.

Can't get it to boot into SafeMode to even begin to remove it, either. Would slaving it to another machine be a wise course of action?

It seems to be isolated to the users profile.

Log on as a local administrator and run Malwarebytes and SuperAntiSpyware. Run CCleaner when finished.

Did the trick for me.

 

[Grayfox]

The thing is in C:\programdata\


from what I have seen.

 

[TB]

Use safe mode with command prompt.

Tried that. It just kept rebooting back to the boot options.

It seems to be isolated to the users profile.

Log on as a local administrator

Tried that, too. As soon as the desktop showed up, there it was!

Persistent little bastard!

 

[Furinkazen]

System Restore could do the trick? Worked for me against 3 trojan horse attacks.

 

[LMSCorvetteGT2]

System Restore could do the trick? Worked for me against 3 trojan horse attacks.

It does but you still should run malwarebytes or do the necessary command prompt and check the registry. That's what I did.

 

[DQuaN]

Tried that. It just kept rebooting back to the boot options.

Tried that, too. As soon as the desktop showed up, there it was!

Persistent little bastard!

Recreate the users profile then.

 

[G.T.Ace]

Or use a Linux Live CD and remove it from within this system (just in case nothing else works).

 

[Grayfox]

System restore will not work.

These things either disable system restore or infect system restore points.

 

[Darren.]

Wouldn't a factory reset work?

 

[Grayfox]

Factory restores will work as they wipe the C: partition and then reload windows.

That wipes all data off that partition though

 

[LMSCorvetteGT2]

System restore will not work.

These things either disable system restore or infect system restore points.

Worked for me twice, unless it's been advanced further from last time. The first time I encountered it was start of 2012, and earlier this year. I'd also suggest combofix but you can find many ways to fix it on microsoft website.

 

[dice1998]

Is Hijackthis any good in this situation?

 

[Grayfox]

Not really.

Way I get rid of it is the following

Download combofix on a flash drive.
Install spybot S&D on a PC and update it fully
copy the spybot S&D folder from C:\program files <x86>\ to the flash drive, there by making it a fully updated portable version.
I boot the infected machine into "Safe mode with command Prompt"
Using the command prompt I run combofix, then I run spybot.

 

[Tesla]

I run my PC with no Antivirus or anti spyware and i have never been infected.

Why?

I keep Java, Flash or any other plug in up to date while making sure I have no old versions on my PC.

I also run adblock plus so I get no ads that can give you this crap.

The average person does not really update flash or java and they wonder why they get infected with scamware.

The same Java that regularly has day zero or day one exploits? It's not smart to run without an anti-virus, regardless of your e-bravado. It's the same mentality that sees most people infected with something.

 

[nick09]

I seen someone with the same mentality as Grayfox(No offense) and his computer was infected with so many viruses. The viruses deleted some system files and caused problems with boot up. Guy was an idiot despite me telling him to use his school copy of Win 7 to start over. He found some guide online about editing the registry to fix it. It fixed his computer for a month(Still using no anti-virus) and then it was dead!

 

[mp10]

I've seen this before, twice on a friends computer, and he got it from Movie streaming sites. My brother cleaned his PC, think he used Hitman pro, not entirely sure though.

 

[AlvaroF]

I had that in my PC. First I was scared to death but then I realized it was a virus. I went for a system restore and it has worked.

 

[Luminis]

The same Java that regularly has day zero or day one exploits? It's not smart to run without an anti-virus, regardless of your e-bravado. It's the same mentality that sees most people infected with something.

Best way to avoid virus is to just not click random links and stick to somewhat trustworthy websites, in my opinion 👍 Wouldn't roll without a firewall and some anti virus software, though. There are so many decent, free ones around... Why wouldn't one use these?

 

[Furinkazen]

Adblocker + AVG + Microsoft Security Essentials do the trick for me.

 

[Grayfox]

The same Java that regularly has day zero or day one exploits? It's not smart to run without an anti-virus, regardless of your e-bravado. It's the same mentality that sees most people infected with something.

Thing is i have a pop up blocker so i do not get infected from them.
I do not go downloading the "YOU'RE PC IS RUNNING SLOW FIX IT FOR FREE" things.

Adblocker + AVG + Microsoft Security Essentials do the trick for me.

Never run 2 anti viruses at the same time, they will not only slow your PC down, but it may not stop viruses coming on your machine.