Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Operating Systems Security Software Technology

All-Radio 4.27 Portable Can't Be Removed? Then Your PC Is Severely Infected (bleepingcomputer.com) 247

CaptainDork shares a report from Bleeping Computer: Starting yesterday, there have been numerous reports of people's Windows computers being infected with something called "All-Radio 4.27 Portable." After researching this heavily today, it has been determined that seeing this program is a symptom of a much bigger problem on your computer. If your computer is suddenly displaying the above program, then your computer is infected with malware that installs rootkits, miners, information-stealing Trojans, and a program that is using your computer to send send out spam.

Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help. Due to this, if you are infected with this malware, I strongly suggest that you create a malware removal help topic in our Virus Removal forum in order to receive one-on-one help in cleaning your computer. Some of the VirusTotal scans associated with this infection have also indicated that an information stealing Trojan could have been installed by this malware bundle as well. Therefore, it is strongly suggested that you change your passwords using a clean machine if you had logged into any accounts while infected.
6/29/18: The story has been updated to specify that this malware campaign is targeting Windows computers.
This discussion has been archived. No new comments can be posted.

All-Radio 4.27 Portable Can't Be Removed? Then Your PC Is Severely Infected

Comments Filter:
  • Dammit! (Score:5, Funny)

    by Ol Olsoc ( 1175323 ) on Thursday June 28, 2018 @07:20PM (#56862662)
    Windows users get all the cool stuff.
  • by smoothnorman ( 1670542 ) on Thursday June 28, 2018 @07:22PM (#56862680)
    Would it be so difficult to place somewhere in an "Operating System" tagged posting which operating system was affected? Slashdot folks really might have more than one OS in their areas and it would be nice to know which is at risk right at the top.
    • by Black Diamond ( 13751 ) on Thursday June 28, 2018 @07:27PM (#56862702)

      If you don't see an operating system listed, you can rest assured that it's windows.

      • Comment removed based on user account deletion
        • Yes, and the point was in those rare events, they typically do mention the OS. Hence when they don't, again, you can rest assured it's Windows.
      • If you don't see an operating system listed, you can rest assured that it's windows.

        It shouldn't be that way on Slashdot. And, yes, it should have been mentioned in the summary, but doing so would require real editors.

    • Would it be so difficult to place somewhere in an "Operating System" tagged posting which operating system was affected?

      Oh, its Windows alright.

      What I am interested in is the delivery system. The program is a crack of a popular and legit Russian program. But following the links, adware is mentioned once, and an admonition to avoid cracked programs.

      So it's a Windows issue, and probably served up in ads and delivered when people click on them.

      Which everyone should think about the next time they go to a website that won't let them in unless they turn off their ad blocker. Hopefully people her are smart enough to not cl

    • It does say "PC" which I believe stands for "personal computer", as in "My Computer", as in Bill Gates's personal computer.
  • by EvilSS ( 557649 ) on Thursday June 28, 2018 @07:24PM (#56862686)
    From the article

    When malware removal expert, Aura, started helping these victims he noticed a common theme. Most of the users reported being infected after they downloaded and installed game cracks and Windows activation tools such as KMSpico.

    So don't do that.

    • Comment removed based on user account deletion
      • Oh Gawd! LOL, too funny.

        There's no honor among thieves.

        There's plenty of honour among thieves unless you're thieving for dishonourable reasons.

        KMSPico's creators have never shipped malware. Neither have crackers working for reputable groups. There are however hundreds of KMSPico versions out there absolutely infested with shit.

        When someone pirates the pirate things start getting nasty.

    • What's wrong with the neat "Please active Windows" watermark anyway? It's like a friend, always there for you!

      • Last time I installed Windows, I was too lazy to type in the code. I had it right there on my desk, but laziness knows no bounds. The watermark stayed there for years until Win 7 ended.
  • by account_deleted ( 4530225 ) on Thursday June 28, 2018 @07:42PM (#56862780)
    Comment removed based on user account deletion
    • Absolutely you're right the best way to handle a rootkit is restore from a known-good backup. Just like you practiced, last month when you tested it when found and fixed the problem with backup system.

      Unfortunately, 90% of people don't have a proper backup system. Probably over half of systems that are being "backed up" can't actually be restored because the backup media went bad a year ago or whatever.

      For the people who don't have a solid backup:

      > some IT professional who sells himself to a client by cl

      • Re: (Score:3, Interesting)

        Huh? What operating system are you using?

        Out of the box, Windows sets you up with OneDrive and points all of your storage stuff to OneDrive. The result is that all your files are backed up.

        Out of the box, Apple sets up iCloud and points all your file storage to iCloud. The result is that all your files are backed up.

        You can use DropBox or a thousand alternatives if you want.

        If you want a better solution, you can use either Windows Backup and Restore or Apple Time Machine which does pretty much the same thin
        • Thank you for post. You've done great job listing things that fool smart, conscientious people into thinking they have a backup. That's why I said a "proper backup", proper being an important word. Those things all LOOK a lot like proper backup, don't they? And yet people who do those things end up asking me to try forensic techniques to recover their data. You seem like you know a few things, so I don't need to tell you exactly how you should do a backup, but let me point out a few common pitfalls to avoi

          • I mentioned before backups must be tested regularly. Backups that haven't been recently tested have a failure rate of about 50%, in my experience.

            What kinds of failures do you see? In the days of tape, 50% (or probably higher) was pretty common, but most people are using the 'cloud' now.

            • In the day of half inch 9-track tape the tape format was able to recover multiple single-track errors, be it NRZI or PE. But I have never seen the actual mini computer controller that could do this recovery. No wonder the success rate was near 50 per cent.

            • Several times I've seen the backup server ran out of space. The ssh key was changed. The list of directories to backup or not backup wasn't up to date. Those are a few things that have broken it after it was setup and running.

              All of these can be detected by occasionally doing a test restore, perhaps to a VM, and checking that the important files are there and important functionality works.

          • by Wolfrider ( 856 )

            > Ransomware reminds us of another requirement - the system being backed up (which may get ransomware) can not have the ability to delete or modify the backups. Sending backups to a network drive just means the ransomware or disgruntled employee will destroy two copies of the data

            --ZFS+Snapshots+Samba works pretty well for this. Keeping a ZFS snapshot every (2) hours for a month (as well as changing file permissions) is pretty easy on a Linux server.

        • Amen.

          Nearly 10 years ago, I suffered from a hard drive crash and I lost a ton of data. Ever since that issue, I’ve been religious about backups. I used Mac OS’s built-in backup software and I copied all my documents and work files to a flash drive daily. I instructed my family to grab the NAS drive on the way out of the house in the event of fire.

          I subscribed to Crashplan cloud backup at some point. They went belly-up but I had already switched to Backlaze. It sounded like it would be a hass
          • Some 15 years ago I worked in some institution. My policy is:

            1) Install the new system on new HDD.
            2) Copy all work files to the new HDD.
            3) Hide the old HDD.
            4) When it's known that everything works then save some critical work files somewhere, test and reuse the HDD.

            I asked the management that I need a new HDD. The institution head told my boss to supply me with HDD. My boss left the resolution "You don't need a new HDD". I copied the work files, erased the HDD and reinstalled the system. Then it appeared th

        • by AmiMoJo ( 196126 )

          SpiderOak is good for Linux. It can only cover your data, apps will need to be reinstalled but at least on Linux that's fairly easy.

          On Windows there is Chocolately for installing and updating apps, but I haven't tried it.

          • > apps will need to be reinstalled but at least on Linux that's fairly easy.

            Re-installing the software is REALLY easy if your data includes the output of rpm -qa.

            Also sometimes very handy when things go wrong -
            cat /proc/mdstat, pvdisplay, lvmbackup, and gdisk -l

            I'm recovering an old customer's data right now. He no longer has backups with me and someone built a new, wmpty raid on his drives, making it "impossible" to recover his data. However, the old copies of mdstat and the partition layout were still

        • Sync isn't backup (Score:5, Informative)

          by swb ( 14022 ) on Friday June 29, 2018 @06:10AM (#56864390)

          Sync to OneDrive, et al, isn't backup.

          Most malware doesn't immediately destroy your computer, it cripples it over days or weeks. I can't tell you the number of people who told me "Yeah, I noticed something last week and it's been flaky since then."

          Meanwhile, you've been syncing your infection up to the cloud the whole time so now your cloud storage is infected, too. You may get some of it back, but I've also seen people just re-infect themselves, too.

          Some cloud storage often at higher tiers will offer some kind of versioning and let you restore pre-infected files, but for most people this isn't the default or isn't even a feature they have.

          The only way cloud sync really works as a backup is if you have a spare computer you only bring online periodically that syncs itself and that you then take offline again, but now all you've done is add a complex network transaction to what amounts to a local backup.

        • by Wolfrider ( 856 )

          >to be honest, I have absolutely no idea how to maintain good backups of my Linux systems

          --Tar and fsarchiver. Send me a private email and I can send you my root admin scripts, complete with bare-metal restore ability.

        • That said, to be honest, I have absolutely no idea how to maintain good backups of my Linux systems.

          I don't mean to be rude, but you should turn in your geek card. Maintaining good backups is even easier in Linux than any other operating system.

          Everything unique will be under /home/username. You can back this up with rsync, cp, tar, or even dd if it is a partition. There is no hand holding, but then, it really shouldn't be necessary when the design itself is so elegantly simple. What is even cooler is that this knowledge of backing up carries across to the various BSDs and other Unix-like operating system

      • by GuB-42 ( 2483988 )

        Absolutely you're right the best way to handle a rootkit is restore from a known-good backup.

        What is a "known-good" backup? A rootkit is here to conceal its existence. You don't really know when the infection started, and which backups are good.

        • That's a very good question. You can use diff to see what the differences are between different backups. That normally makes it pretty obvious. You pretty much know which files were supposed to change and which weren't. This can even give you good hints as to HOW you got infected.

          There are even faster ways to tell because rootkits tend to re-send the same components. I can normally see a rootkit on a Linux system in seconds, without even actively looking for it. I'm not going to post the trick here because

    • No, no, no. If you are infected with deep malware, you do not go whining to some dude's Internet forum with a request for help. You run DBAN on your system's disks. Then you enter the combination to your fireproof safe, extract your OS and backup media, and start from scratch.

      That's what my Grandma does.

      There are two problems with your approach.

      Most users will read what you wrote and ask "What the hell is he talking about?"

      Second is that most everyone who does what you demand isn't likely to have the problem in the first place.

      My backups are similar to yours, except I have multiple. I take the added measure that anything critical is not on my Windows machines. No personal information, or cards, and even the emails on it are throwaway accounts.

      I check my Wireshark lo

      • I check my Wireshark logs a lot too. Probably 1 out of every 500 users will do that sort of thing.

        I would bet that's closer to one in every 500,000 users. Even security researchers don't do that (of course some do).

        • I check my Wireshark logs a lot too. Probably 1 out of every 500 users will do that sort of thing.

          I would bet that's closer to one in every 500,000 users. Even security researchers don't do that (of course some do).

          I suppose some would call me paranoid, but I just kind of enjoy it. And people would be surprised at what they find.

          It all started when I was having issues with brittle networking software coupled with bad documentation. Then I got hooked.

  • by phantomfive ( 622387 ) on Thursday June 28, 2018 @08:15PM (#56862904) Journal
    Yet another reason to not waste your money on "virus protection." Use the free Windows Defender if you must, and make sure you have good backups.
    • Yet another reason to not waste your money on "virus protection." Use the free Windows Defender if you must, and make sure you have good backups.

      I stopped using AV about 10 years ago after numerous performance issues with flaky AV products. 10 years on and no issues! Sensible browsing/downloading/email behaviour is 99% of the battle

  • Comment removed based on user account deletion
  • Donâ(TM)t look now, but this All-Radio Trojan seems to have control of your DNS server!

  • In other news... (Score:4, Insightful)

    by nuckfuts ( 690967 ) on Friday June 29, 2018 @01:23AM (#56863748)

    Some viruses are hard to remove

    Spending one day looking into something is now called "researching heavily".

    On the serious side, I've often been annoyed by Windows 10 aggressively pushing updates, but there have been some interesting security features added to recent builds. Microsoft has a demo website [microsoft.com] with some good information, along with some tools for testing [msft.net] your configuration.

    There is also a video [youtube.com] online that details the new features.

  • Comment removed based on user account deletion
  • by cshark ( 673578 )

    Phishing by means of slashdot post.
    Fascinating.

My sister opened a computer store in Hawaii. She sells C shells down by the seashore.

Working...