|
Post by nikko1764 on Feb 22, 2010 21:47:59 GMT
OMG!!! That Malware Is Crazy!!!! Damn Crackers!!!!!!
|
|
|
Post by Aayrl on Feb 23, 2010 2:03:46 GMT
Wait, MalwareBytes does protect against this? You said you have it, and it didn't detect this, so it probably won't keep me safe. Is there one that gives a definite reading on this one? It will protect against any type of javascript attached malware IF YOU ARE RUNNING THE PROGRAM PROPERLY. The only reason I caught the virus was because my antivirus systems were disabled temporarily when I remotely crashed their system processes to overclock my computer. Additionally; Microsoft Security Essentials is a fairly decent program. I would suggest if you were to use it that you have an additional antivirus removal / detection program as well since Microsoft is known to have a lot of false-positive detections. Then again, false positives are well known in several other anti-virus programs, so it wouldn't hurt to use multiple anti-virus programs to double check each other. ~Aayrl
|
|
|
Post by Mkbul on Feb 23, 2010 12:58:46 GMT
I defeated this shit...run in safe mode, find the bastard and destroy him...thats all
|
|
|
Post by westonn on Feb 24, 2010 2:35:11 GMT
Wait. . .I don't get it. So if I visit any website with java or flash, it'll damage my computer. Since when has this been so?
|
|
|
Post by Sporlo on Feb 24, 2010 23:51:00 GMT
Wait. . .I don't get it. So if I visit any website with java or flash, it'll damage my computer. Since when has this been so? No, it means sites with those will be more likely to have viruses. Nothing more. Don't read into it.
|
|
|
Post by ShadowLuigi64 on May 6, 2010 3:06:47 GMT
|
|
|
Post by Don.Gato on May 6, 2010 4:36:12 GMT
ah thank u i got mcafee but this really help thxxx Mcafee sucks. It never seems to find a thing, even when you obviously have a virus. Malaware Bytes seems to work best in my limited experience.
|
|
|
Post by Aayrl on May 19, 2010 22:15:57 GMT
VERY IMPORTANT UPDATE:
A new version of the Antivirus Soft rootkit has been discovered on the web in the past few days. Today, my sister's Tablet PC has fallen victim to the new version of this virus. It is similar in every aspect as the previous version, except for the name and the systems it can infect.
The tablet PC was infected at 3:47 PM EST, when a chunk of coding embedded into an advertisement on DeviantArt.com was picked up by the system and executed (without permission). I discovered this by checking the Task Scheduler for the system, discovering that suspicious filenames (gibberish.dat) had auto-installed themselves into the temp and win32 folders.
As far as I know, the new rootkit is titled, 'Antispyware Soft'. This 'new' version is currently only capable of afflicting systems using the Windows Vista or Windows 7 Operating Systems. Though several cases have been reported of a similar virus (more than likely Antivirus Soft) infecting Windows XP systems.
I would like to remind the community to please keep their systems under regularly scheduled malware and spyware scannings; ensuring that their system is clean.
Make sure you have Spybot Search & Destroy installed, as well as a decent tool for malware detection and removal.
If you are a little hazy about what exactly a rootkit is, or how to properly handle one, please check the first post of this thread. Thank you.
~Aayrl
|
|
|
Post by Perishingflames on May 19, 2010 23:18:41 GMT
Thanks for the warning. But are you sure that's a rootkit? Rootkits are very stealthy I thought.. looking in the scheduled tasks reveals this malware?
|
|
davidjl123
Professional Marbler
davidjl123
Posts: 383
|
Post by davidjl123 on May 19, 2010 23:50:05 GMT
What does the rogue antivirus do?
|
|
|
Post by Aayrl on May 19, 2010 23:50:41 GMT
Its a peculiar virus, I've seen it in many different forms now.
I managed the clean the one off of the Tablet PC a couple minutes ago. This one seemed to act more like a Trojan than a rootkit.
From what I can muster, this series of viruses apparently installs in different stages, and your virus product will be altered depending on the malware strand hidden in the source coding of an ad banner.
The one my Desktop caught in February was most certainty a rootkit. However, it started out as a strand of malware that eventually controlled the iexplorer.exe process, which in turn, I'm assuming, installed the rootkit manually.
Perhaps I caught this new version of the virus early enough to stop it before it could control the explorer and re-write registry entries. In my previous encounter with the virus, I was unable to load Safe Mode (Since the virus already altered the safe-mode drivers and caused a fatal error each time you were to load the OS in Safe Mode). This time, on the tablet however, I was able to run in Safe Mode and install the removal tool to whack most of the source files, and then I cleaned up any residue left over in the registry.
Additionally, to reiterate, the rogue antivirus will start by prompting false Windows Network Security pop-ups from your taskbar, followed by false AntiVirus warnings, random spyware threat pop-ups, and eventually the failure to load or maintain any process on the system (since it takes over the iexplorer.exe process).
~Aayrl
|
|
|
Post by ridley^2 on May 20, 2010 1:44:41 GMT
Could you possible recommend some good malware protection programs or whatever they are called? I don't know of a single one.
|
|
|
Post by Seizure22 (Witty Title) on May 20, 2010 4:05:12 GMT
Thanks for the info Aayrl.
Question, does Adblock Plus prevent ads in such a way that this exploit can't be executed?
|
|
|
Post by Aayrl on May 20, 2010 21:02:12 GMT
Some programs I would reccomend for Malware detection and removal;
Spybot Search & Destroy PrevX Kapersky Malwarebyte's Anti-Malware
All of these programs are free (with extended and more user friendly versions, for a small fee).
Yes, Adblock Plus should prevent malicious strands of code from loading on web pages, so long as that code is embedded in the banner or ad.
There's been cases of actual malicious coding being written in the page source of the website itself, but I have yet to see anything along those lines in action.
~Aayrl
|
|
|
Post by Aayrl on Jul 23, 2010 17:25:08 GMT
Bumpity bump. I added a link to Microsoft Security Essentials on the original post.
~Aayrl
|
|
|
Post by MarbleDuck on Jul 23, 2010 19:46:43 GMT
What would happen one of these viruses tried to infect an emulator (Crossover)? Absolutely nothing?
|
|
|
Post by Perishingflames on Jul 23, 2010 20:00:01 GMT
Uh, why would you be emulating an internet browser in the first place? I suppose it would be possible to get infected though it would be contained of course.
|
|
|
Post by Aayrl on Jul 24, 2010 0:27:50 GMT
Well, the smartest and safest step would to be running a Non-Persistant emulator if you wanted to sniff out websites you were unsure about.
That way, the emulator could get pulverized by the malware, and restart clean when you re-initiated the program.
~Aayrl
|
|
MBfan300
Novice Marbler
[ss:Phil'sEmpire Skin]
20%
Posts: 19
|
Post by MBfan300 on Jul 24, 2010 14:20:30 GMT
i have mcaffe and mkbul is rite find that @#4%@#%$@##!#$##$$&*##$##!!!!!! and voldemort him!
|
|
Luke
Intermediate Marbler
<TEXT MISSING>
Posts: 115
|
Post by Luke on Oct 11, 2010 4:16:10 GMT
This kinda thing is exactly why i register at hacking forums, So i can read about what hackers do to get at other people, And to learn about computer security, From what i've learned already, I could disable a keyboard or mouse, Cause your Disk Drive (Or whatever the sliding part of the computer you put CD's into to run them, I forgot becuase i haven't been using the name recently at all) to open and close uncontrollably and lots, lots more, All the way up to completely destroying the OS, Hard Drive and everything on it, I have Kaspersky, Soon after hearing about the Second Strain (Antispyware Soft) i started a quick scan. (BTW no threats detected, yay ) EDIT: Little tip: I got this from a hacking website who's leader was arrested and his forum went down a while ago, If your using a old version of Kaspersky, Update - now, Many hackers know a easy way to bypass this, Old Kaspersky programs detect viruses by scanning the first and last 1000 bytes (1 byte = 1 character) of a file, Easy bypass: Put 1000 useless random letters on the beginning and ending of a virus.
|
|
|
Post by Stal on Oct 11, 2010 10:39:19 GMT
Can it kill you if you delete iexplorer.exe? Sorry for the seconded-bump.
|
|
|
Post by Aayrl on Oct 11, 2010 10:44:28 GMT
iexplorer.exe is part of the windows operating system. Sometimes malware will disguise itself as iexplorer.exe, but you have to be extremely careful if you think this is the case. Most anti-virus and anti-malware programs will pick it up if it's something out of the ordinary.
If you kill the process, most likely your taskbar and different windows will become temporarily disabled until iexplorer.exe restarts itself. If your toolbars do not come back within a few minutes, you'll have to manually restart the computer.
~Aayrl
|
|
|
Post by MarbleDuck on Oct 11, 2010 16:08:31 GMT
Im thinking of partitioning my computer so that I can run Windows and Leopard, would a virus be able to affect both partitions?
Also, I'm terrible at using windows, is there any antivirus-related things I should know (other than what is already stated)?
|
|
|
Post by Lonestar on Oct 11, 2010 18:01:21 GMT
It is unheard of for a virus to effect both partitions on a mac running bootcamp. If you install windows, the mac side of your disk won't be at risk.
As for anti-virus things, I could recommend using OS X for internet browsing, since windows won't be your only operating system you won't need it for everything. Aaryl gave a decent list of things to have to avoid viruses. Not that I am downplaying the significance of the virus issue, but I have never actually used antivirus software in windows and have never gotten a virus, so I'm inclined to think you should be fine with the information presented in this thread.
|
|
|
Post by Perishingflames on Oct 11, 2010 22:22:35 GMT
Pretty much what lonestar said unless it somehow destroyed your partition table (which is almost certainly not going to happen, lol). I set my parents up with avast free antivirus- it's working fine and updates itself.
|
|
Sim Nine
Advanced Marbler
Mr. Random Task[ss:Prolassic]
The world is open source.
Posts: 348
|
Post by Sim Nine on Jan 13, 2011 22:22:28 GMT
If you aren't running Windows, disregard this entire thread. I know I should have posted this a month ago, when it happened, but here's the story: I was doing something (I dunno what) when I googled something (I dunno, some Terragen stuff) and when I clicked on the link, I was redirected to a website that (thankfully) was blocked by my internet security program (Trend Micro). I did some research, and figured that my computer was infected with a virus known as TDSServ, TDSS, or "Google Redirect Virus". I looked around some more, and found a little utility that was specifically designed to remove it here (Kapersky Lab): support.kaspersky.com/viruses/solutions?qid=208280684A few symptoms of this virus are: -Google searches redirecting you to malware/spyware websites -Tabs and links in Internet Explorer failing to load -Internet Explorer itself failing to start -Windows explorer failing to start -Wireless network failure I highly recommend anyone that has a computer with any of these symptoms (running Windows) to run the utility through the link above, which takes about 30 seconds to run anyway.
|
|
|
Post by [DWARF] RDs.empire on Jan 15, 2011 10:45:51 GMT
Dude you saved my life. Since i have wireless internet it looked weird why it disconected many times and sometimes pages didnt load on first try. I runned that program found that bastard and deleted it and it worked. THANKS -RDs.empire
|
|
|
Post by Aayrl on Feb 1, 2011 11:44:03 GMT
|
|
Threefolder
Advanced Marbler
Master Procrastinator[ss:Default Skin]
Posts: 310
|
Post by Threefolder on Feb 2, 2011 1:49:17 GMT
THANKS! My mom is worried that I'll download some kind of malware, so she "checks" my downloads... So, yea, THANKS!
|
|
|
Post by Perishingflames on Feb 2, 2011 2:01:45 GMT
That's why it's always smart to have a partitioned drive, the second being encrypted... if you get my drift
|
|