'Scan Me and Buy Me' infection MLS computer

Discussions around using and interfacing with the Church MLS program.
stephen500
Member
Posts: 105
Joined: Sun Feb 15, 2009 8:45 am
Location: Chester, England

'Scan Me and Buy Me' infection MLS computer

#1

Post by stephen500 »

Dear Every one,

I just had this e-mail from a branch president who has had the mls (laptop) infected with "scan me and buy".
I have told him how to install Sophos again (still not impressed with Sophos, another infection)
I will print his e-mail below, any suggestions appreciated.
Stephen Sinclair, butt Stake clerk, STS. Chester England Stake.
"Dear Brother Sinclair,

Thank you for the wonderful Branch PC! It has made using MLS so much
easier, as well as Indexing at Youth activities, and more.

We have recently hit upon a problem. Somehow we got infected by a
'Scan Me and Buy Me' that shut down antiviruses, blocked off and hid
the Start menu, and user files and folders. It was most pervasive!

I managed to install Malwarebytes and Hitman Pro, both finding more
and different threats. I thought I'd got rid of it, but then it turned
out that the Internet browser was hijacked to a fixed IP address, and
Google results were being diverted. Annoying! Hitman Pro found that
and fixed it, so I thought.

Anyway, I wanted to be really sure, and not being technically
illiterate, I used msconfig to set Windows to restart in Safe Mode. It
rebooted but never could complete the cycle and start. So then I tried
System Repair, and that tried several times but didn't work - it
reported that the problem could not be fixed automatically. So I tried
System Restore, and tried at least four Restore Points without
success.

I could not get the computer to boot, so put the Installation disc in
and reinstalled Windows. We now have a new Windows folder and a
windows.old folder. Naturally, not all the installed programmes will
easily transfer their settings by merely moving the folder to the new
directory structure. I've reinstalled many, but I have a problem with
two.

MLS.
This I just moved over, and all seemed to be well, but when I started
it up, it seemed to think it was a few weeks ago and prepared for the
last Quarterly Report. Furthermore, some membership record
transactions that we've recently done didn't show up. Plus I don't
have a recent backup, the last being done in April (Guess who's
changing that action in our Branch from now on?!)

Sophos: this won't transfer over, so I need some way to reinstall it.
It's not on the discs that you left us.

Other than that, everything seems fine. Some programmes I don't care
to have reinstalled like the DVD burner....

Any and all advice, including a condescending frown upon your brow
would be welcome. :)

Regards,
President"
russellhltn
Community Administrator
Posts: 34419
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#2

Post by russellhltn »

Backup the data, wipe the machine and install the OS from scratch. That's really the only way you can be sure the problem is really gone.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
stephen500
Member
Posts: 105
Joined: Sun Feb 15, 2009 8:45 am
Location: Chester, England

#3

Post by stephen500 »

Should we use this
Eraser (16 bit) or Eraser (32 bit) (2.7MB or 8.52MB) Utility software for erasing data on hard drive and then do a complete install
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#4

Post by aebrown »

stephen500 wrote:Should we use this
Eraser (16 bit) or Eraser (32 bit) (2.7MB or 8.52MB) Utility software for erasing data on hard drive and then do a complete install
Eraser would do the job just fine, as would any number of other programs. Simply formatting the hard drive would work in this situation as well. You're not trying to securely hide all data on the disk; you just want it deleted. Formatting would accomplish that goal. Then when you install the operating system, there will be no traces left of the virus.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
russellhltn
Community Administrator
Posts: 34419
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#5

Post by russellhltn »

I'm not 100% sure formatting wipes everything - like the MBR or the partition.

I'd feel a little better if I knew everything was wiped. I imagine that if you start the eraser, let it run a minute, and then stopped it and followed it by formatting, that would be sufficient. No need to have it scrub the entire disk.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
RichTurpin
New Member
Posts: 4
Joined: Wed Aug 10, 2011 1:14 pm

advice

#6

Post by RichTurpin »

RussellHltn wrote:I'm not 100% sure formatting wipes everything - like the MBR or the partition.

I'd feel a little better if I knew everything was wiped. I imagine that if you start the eraser, let it run a minute, and then stopped it and followed it by formatting, that would be sufficient. No need to have it scrub the entire disk.

First, the utility does format the whole drive. You need to run it at least three times. Second, any computer with MLS on it should only ever be used behind the church provided firewall. If it is used anywhere else then that is a big problem. Plus Sophos only works properly if your computer has been correctly configured. All of this information is on the clerk website. You may also need to do some extra training with the bishops/branch presidents and their sec's/clerks. This has been very useful and it is part of our calling to do so. You need to audit the systems every now and then and make sure there are no un authorized programs installed. If there is then promptly uninstall them. I've had to do this a few times myself.
stephen500
Member
Posts: 105
Joined: Sun Feb 15, 2009 8:45 am
Location: Chester, England

#7

Post by stephen500 »

It is a Branch President. His branch meets in a non church building, so he can only use it at home. It is a laptop provided by the church for non church buildings.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#8

Post by aebrown »

RichTurpin wrote:First, the utility does format the whole drive. You need to run it at least three times.

That certainly sounds like far more effort than is asked for or is even helpful. Running Eraser once is certainly adequate. There's no need to make up a requirement to "run it at least three times."
Questions that can benefit the larger community should be asked in a public forum, not a private message.
stephen500
Member
Posts: 105
Joined: Sun Feb 15, 2009 8:45 am
Location: Chester, England

#9

Post by stephen500 »

The branch president asked how you run "eraser" as suppiled by the church on http://www.lds.org/mls/ The MLS team are not in till Monday, so are there any tips please on how to run the software. Do you have to save it to cd? etc. Plus on cnet I read some bad comments about it. With one person saying his hard drive was useless afterwards. please tell me this church suppiled software is safe! Any tips welcome, thanks.
lajackson
Community Moderators
Posts: 11460
Joined: Mon Mar 17, 2008 10:27 pm
Location: US

#10

Post by lajackson »

stephen500 wrote:The branch president asked how you run "eraser" as suppiled by the church on http://www.lds.org/mls/ The MLS team are not in till Monday, so are there any tips please on how to run the software. Do you have to save it to cd? etc. Plus on cnet I read some bad comments about it. With one person saying his hard drive was useless afterwards. please tell me this church suppiled software is safe! Any tips welcome, thanks.

Eraser wipes the hard drive clean. It leaves nothing.

You then need to boot from the operating system CD and load the system onto the hard drive. After that come the programs.

In the situation you have described, I would simply reformat the drive and then reload the operating system, followed by the programs.
Locked

Return to “MLS Support, Help, and Feedback”