Rules
Terms of Use

Topic Options
#957981 - Sat Dec 29 2012 02:19 AM PCeU ransomware
romeomikegolf Offline
Multiloquent

Registered: Wed Apr 07 2004
Posts: 4875
Loc: Rothwell Northants England†UK†
Got hit by this yesterday. It locks your machine so you can do nothing and asks for a fee of £100 to unlock. It's not easy to remove but if you Google PCeU (before you are infected) you will find instructions. I got rid by logging on as my wife and doing a Malware scan. Antivirus will not pick it up.
_________________________
Reality is an illusion brought about by lack of alcohol

Would the last person to leave the planet please turn off the lights.

Top
#957986 - Sat Dec 29 2012 04:47 AM Re: PCeU ransomware [Re: romeomikegolf]
tellywellies Offline
Forum Champion

Registered: Sat Apr 13 2002
Posts: 5383
Loc: South of England
Hello RMG - I'm glad you got that cleared up. It seems it might be best to print out some removal instructions and keep them handy, just in case the worst happens.

Do you know how and where the infection was picked up? If it was a drive-by infection (happens without any interaction from the user), then a program like Sandboxie would likely have prevented it from automatically installing. If it was invited onto the computer by way of trickery, or it came hidden in free software, then this program wouldn't help.

Under those circumstances, it would be hoped that the AV program would step in and give a warning and/or prevent infection. I note that it didn't. I have read of other cases where it wasn't picked up by the AV program. Since this infection seems fairly common at present, I wonder why AV programs don't seem to do so well at detecting it.

I have a looked at removal methods since your post and note that not all sites are rated as safe according to WOT (Web Of Trust), so I thought I might just put a link to a page that gets the WOT green safety icon. A few different ways of removing PCeU are described.

http://malwaretips.com/blogs/pceu-virus/
_________________________
Error: Keyboard not attached. Press any key to continue..

Top
#957987 - Sat Dec 29 2012 05:02 AM Re: PCeU ransomware [Re: tellywellies]
romeomikegolf Offline
Multiloquent

Registered: Wed Apr 07 2004
Posts: 4875
Loc: Rothwell Northants England†UK†
Got no idea where it came from. I haven't visited any but my usual sites. It seems to be UK specific at the moment. I can only assume it was picked up from a site I visit every day, but not this one. Possibly Runescape as I noticed my connection was dropped a couple of times before the big hit.
_________________________
Reality is an illusion brought about by lack of alcohol

Would the last person to leave the planet please turn off the lights.

Top
#957989 - Sat Dec 29 2012 05:28 AM Re: PCeU ransomware [Re: romeomikegolf]
tellywellies Offline
Forum Champion

Registered: Sat Apr 13 2002
Posts: 5383
Loc: South of England
I know that sites that are usually safe can get hacked and have malware put on them. Have you heard of or tried Sandboxie? If there was no user interaction needed for the malware to install, I feel sure it would have stopped the nasty becoming installed on the system. It might have installed inside the sandbox but all that has to be done to get rid of it completely is to empty the sandbox (a couple of clicks).

The program has free and paid versions, Here's what it does and how it works:

http://www.sandboxie.com/index.php?FrequentlyAskedQuestions

A top-rated program when it comes to computer security.


Edited by tellywellies (Sat Dec 29 2012 05:29 AM)
_________________________
Error: Keyboard not attached. Press any key to continue..

Top
#958005 - Sat Dec 29 2012 07:28 AM Re: PCeU ransomware [Re: tellywellies]
romeomikegolf Offline
Multiloquent

Registered: Wed Apr 07 2004
Posts: 4875
Loc: Rothwell Northants England†UK†
I'll have a look at that. Thanks.
_________________________
Reality is an illusion brought about by lack of alcohol

Would the last person to leave the planet please turn off the lights.

Top
#958011 - Sat Dec 29 2012 08:26 AM Re: PCeU ransomware [Re: romeomikegolf]
dsimpy Offline
Enthusiast

Registered: Sun Jan 24 2010
Posts: 474
Loc: Belfast Ireland
One of my CM/M team mates got hit by what seems to be the same virus (locked computer, 100 Euros demand to unlock it) two weeks ago in Holland. It seems at that stage that computers in Holland and Germany were being affected. He believes he got the virus from clicking on a link in a bogus email from his 'bank'.
_________________________
Exegi monumentum aere perennius regalique situ pyramidum altius - and that was before breakfast!

Top
#958161 - Sun Dec 30 2012 04:16 AM Re: PCeU ransomware [Re: dsimpy]
romeomikegolf Offline
Multiloquent

Registered: Wed Apr 07 2004
Posts: 4875
Loc: Rothwell Northants England†UK†
It could lurk anywhere as it's classed as a Trojan. I'm certain I didn't get infected via email as I'm very careful about which one's I open, and even then think twice about attachments. I wish we could track where these things come from and then forward details to somewhere that can stop them.
_________________________
Reality is an illusion brought about by lack of alcohol

Would the last person to leave the planet please turn off the lights.

Top

Moderator:  flopsymopsy, ladymacb29