Be careful out there

Posted: Wed Feb 10, 2010 2:49 pm

There's some very nasty Trojans hiding in banner ads on many major sites. I unwisely ignored a McAfee warning about a photobucket page and spent the last 24 hours cleaning some very nasty beasties off this PC. I haven't seen any good news source about this but it's hit many major sites. If you've been hit, look closely at any hidden files in your windows\system32 directory as a start. I had to manually delete a couple there before I could even install this very good cleaning program:

http://www.malwarebytes.org/mbam.php

So, pay attention to your AV warnings and be careful!

Posted: Wed Feb 10, 2010 3:23 pm

Thanks for thhe heads up Dave.
Since my last virus two months ago, my caution level has been at Black.
My geek was in jail and I had to figure it out on my own, that sucked. I mean why keep a geek in your pocket if you can't use him?

Posted: Wed Feb 10, 2010 4:11 pm

While the subject is in play , please allow me to pass this note along . I rec'd this from a friend , yesterday .

READ IMMEDIATELY !!!!!!!!!!!!!!!!!!!!!!!!!!

HI ALL THIS was sent to me by our son who is in charge of the computers for the state of Florida -- whenever he receives anything like this it is a warning to the State as well as all us little people --

VERY IMPORTANT , PLEASE READ THIS

Anyone-using Internet mail such as Yahoo, Hotmail, AOL and so on. This information arrived this morning, Direct from both Microsoft and Norton Please send it to everybody you know who has Access to the Internet.. You may receive an apparently harmless e-mail titled 'MAIL SERVER REPORT' If you open either file, a message will appear on your screen saying: 'It is too late now, your life is no longer beautiful....'

Subsequently you will LOSE EVERYTHING IN YOUR PC, And the person who sent it to you will gain access to your Name, e-mail and password. This is a new virus which started to circulate on Saturday afternoon. AOL has already confirmed the severity, and the anti virus software's are not capable of destroying it..

The virus has been created by a hacker who calls himself 'life owner'.

PLEASE SEND A COPY OF THIS E-MAIL TO ALL YOUR FRIENDS, And ask them to PASS IT ON IMMEDIATELY!

THIS HAS BEEN CONFIRMED BY SNOPES..

http://www.snopes.com/computer/virus/mailserver.asp

Posted: Wed Feb 10, 2010 4:58 pm

Actually it was confirmed by Snopes.....as a hoax:

http://www.snopes.com/computer/virus/lifeisbeautiful.asp

Posted: Wed Feb 10, 2010 5:00 pm

I got hit with the same thing yesterday Dave on photobucket too. I didn't open it and went into immediate run all my spyware mode and cleaned my registries. Damn I wish people had better things to do. I'm so exposed with my multiple e-mail accounts, forums, blogs and web sites that I have to run high security all the time.

Thanks for the heads up Pete, I might not have caught that one, thinking it was just a new message from my website mail server

Posted: Wed Feb 10, 2010 5:05 pm

Dang it ,

That's what I get for being lazy . I didn't and should have checked it out myself . Sorry guys . I really didn't mean to mislead anyone . Embarassed

BTW : Thanks Dave .

Posted: Wed Feb 10, 2010 5:11 pm

I was the lazy one for letting a warning slip by. And I paid for it big time. Good thing you caught it Frank....Still, as always with this stuff I learned a lot and found some better tools that I had been using to deal with it......

Posted: Wed Feb 10, 2010 5:33 pm

A programmer friend of mine just hooked me up with microsofts security program that they came out with last summer. It's free too. I had hell getting it loaded but once I did it even picked up the trojan as a residual piece in a quarantine file.

Microsoft Security Essentials

If you decide to use it and have problems getting it to load hollar at me. You will have to uninstall any other spyware, at least i did

Posted: Wed Feb 10, 2010 5:38 pm

D-Day wrote:

There's some very nasty Trojans hiding in banner ads on many major sites. I unwisely ignored a McAfee warning about a photobucket page and spent the last 24 hours cleaning some very nasty beasties off this PC. I haven't seen any good news source about this but it's hit many major sites. If you've been hit, look closely at any hidden files in your windows\system32 directory as a start. I had to manually delete a couple there before I could even install this very good cleaning program:

http://www.malwarebytes.org/mbam.php

So, pay attention to your AV warnings and be careful!

Yeah I got one this WE called "internet security 2010" relentless pop ups directing you to a scam website. PIA to remove too.

Posted: Wed Feb 10, 2010 6:32 pm

All quiet on the Mac Razz

I don't get banner ads on my photobucket either.

Posted: Wed Feb 10, 2010 6:42 pm

I don't see banner ads because I have a paid pb account.

I found some posts regarding similar problems for the last couple of weeks. You would think that photobucket would have pulled those offensive ads by now. Apparently myspace may also have them. Confused

Posted: Wed Feb 10, 2010 6:52 pm

genesound wrote:

All quiet on the Mac Razz

I don't get banner ads on my photobucket either.

Like wise here in Linux... If you use firefox, i strongly recommend downloading the add-on called "NoScript".

Might seem like a pain in the ass to use and configure at first, but i put it on my girlfriend's Windows PC and even SHE can't figure out how to get a virus.

It blocks all those re-directing scripts and pop ups and advertisements.

JR

Posted: Wed Feb 10, 2010 6:52 pm

And Facebook, Twitter.....all the biggies....

Posted: Wed Feb 10, 2010 7:10 pm

Apparently the trojan does something like pop-up a screen that says you have a trojan, click here to disinfect or for more info, and THAT's when you get it. Then they con you with a fee to get rid of it.

I went through that very thing on one of my Windows boxes a year or so ago. I went through all kinds of hell with Norton (needed an upgrade) and other stuff before I finally was rid of it. Evil or Very Mad

I think I ended up banning Norton AV from that computer before I was done with it too. They pulled some BS with me. Rolling Eyes

Posted: Wed Feb 10, 2010 7:27 pm

I wasn't even on a banner ad, I was just moving a photo. I've been caught before really screwed things up, I try to pay attention to what's going on these days but it just takes that one time in lapse of concentration which I'm not good at anyway

Posted: Wed Feb 10, 2010 7:43 pm

Also this current batch isn't just one Trojan. I counted at least 6. One at least was interfering with the installation of the malware cleaner posted above....even in Safe Mode! It wasn't allowing the creation of the primary executable file! YIKES!

One rule of thumb that works most (but not this) times....if you're downloading anything to help clean up.....don't save it to your default Download directory. Direct it to your Desktop or other new folder and in some cases the Trojans don't see it during installation.

Posted: Wed Feb 10, 2010 8:06 pm

Yeah I fell into the same trap with photobucket. I wasn't sure that I was infected there, but now I believe that is where I got it. The trojan doesn't do damage per se, but it is pesky with popups saying your computer is infected. Then they try to sell you the 'antidote' to the trojan for $59.99.

Posted: Wed Feb 10, 2010 10:27 pm

Here's another symptom: Out at a command prompt (even in Safe Mode), it would return a "incorrect parameter" message to DOS commands. Oh, the command would execute, but you'd still see "incorrect parameter". I'm and old DOS guy and began doubting my own syntax on simple commands.....