Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Granite Falls, NC
    Posts
    17
    Thanks
    0
    Thanked 2 Times in 2 Posts
    This past week and weekend I was hit multiple times by a fake Anti-virus (AV.EXE) program that's actually a really nasty malware. It mimics the look of Windows security warnings and functions. There are ways to delete it but they are time consuming and require running SafeMode with Networking and up to four different removal tools (MalwareBytes, SurfRight HitManPro, MS Security Essentials and SpyBot S&D).

    My question is I was using the latest version of Firefox and still got nailed even though I was only on the Social Wallpaper site. From what I've read, this menace hijacks the browser. My question then is what must I turn off (JAVA? Flash? ActiveX?) to stop this from every getting me again? Don't tell me to run better protection because I had ESET NOD 32 Active running each time. I now have removed ESET and and using just MS Security Essentials as recommended. I'm loathe to trust just Microsoft but I've read none of the heavily advertised solutions (Symantec, TrenMicro, McAfee, etc) are any better at safeguarding against this attack.

    Suggestions as to how to protect the browser? FYI: Chrome seems to be OK but I only used it to download the removal weapons. I won't use IE since I know it is a sieve. I'd like to be able to trust Firefox if there is some way to make it safe for all surfing again.

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,180
    Thanks
    47
    Thanked 983 Times in 913 Posts
    If you got this as a drive by it's probably because Windows was not patched, not because Firefox had an issue or your AV missed it.
    If you got it because you clicked Yes to a question then there is nothing anyone can do - apart from removing your mouse. ;-))

    cheers, Paul

  3. #3
    5 Star Lounger
    Join Date
    Jan 2010
    Location
    Los Angeles, CA
    Posts
    828
    Thanks
    4
    Thanked 38 Times in 34 Posts
    Are you using the NoScript plugin for Firefox? I have it installed and never allow scripts for any site unless I trust the site implicitly; and I trust very few sites.

    Another things I have found helpful is DropMyRights:
    http://download.cnet.com/DropMyRight...-10722877.html

    I set up my wife's computer to run email and Firefox using DropMyRights and the reduced rights help a lot with preventing bad things from happening.

  4. #4
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,414
    Thanks
    33
    Thanked 195 Times in 175 Posts
    If your problem has anything to do with the rather nasty AntiVir 2010 (or similar names) then this Bleeping Computers guide How to Remove Antivir, Antivir 2010, and Antivir Antivirus might be of interest. It seems to me to be the most definitive procedure I have yet come across...
    BATcher

    Time prevents everything happening all at once...

  5. #5
    New Lounger
    Join Date
    Feb 2010
    Location
    Western Kentucky
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    What version of java are you using. Would recommend the latest version which patches known problems with prior releases, which may preclude the possibly of a java script on a webpage from running and installing the software. You might want to uninstall older versions, also .... just to be safe. Normally, these programs are installed by the user because of a popup saying that their computer maybe compromised and no spyware/malware software has been detected - do you want to fix this? You click on the box and it installs. But, you say I clicked on the red x icon to close the popup or selected the box that said "exit" or "whatever", well these can also be bogus (part of the overall image) and still install the software. The only possible safe way to exit the popup would be to close the browser session, or use the task manager to close it.
    Another freebie program might try.... is Spywareblaster. Works mostly as a preventative program that restrict activex programs, certain dll's from running in IE and firefox.
    http://www.javacoolsoftware.com/spywareblaster.html
    Will have to manually download updates everyso often, and select the enable all protection buttons, then close the program and your done. Just repeat the process once or twice a month, or so.

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    Granite Falls, NC
    Posts
    17
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by P T View Post
    If you got this as a drive by it's probably because Windows was not patched, not because Firefox had an issue or your AV missed it.
    If you got it because you clicked Yes to a question then there is nothing anyone can do - apart from removing your mouse. ;-))

    cheers, Paul

    I have Windows set to keep itself updated. Inasmuch as Microsoft indicates the system is current with all patches, that was not the issue.
    Not clicking Yes to a question might make more sense had I not stated I was on the Social Wallpaper site where clicking just votes an image up/down.
    Perhaps I should have added I've been around computers since 1970 and even know what Doug Englebart did to earn a place at your table. :-)

  7. #7
    New Lounger
    Join Date
    Dec 2009
    Location
    Granite Falls, NC
    Posts
    17
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Peter Johnson2191 View Post
    Are you using the NoScript plugin for Firefox? I have it installed and never allow scripts for any site unless I trust the site implicitly; and I trust very few sites.

    Another things I have found helpful is DropMyRights:
    http://download.cnet.com/DropMyRight...-10722877.html

    I set up my wife's computer to run email and Firefox using DropMyRights and the reduced rights help a lot with preventing bad things from happening.

    Thanks for the tip re Firefox "NoScript" plugin. I'll give that a try. Much appreciated.

  8. #8
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    South of the North Pole
    Posts
    919
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If you got it because you clicked Yes to a question then there is nothing anyone can do - apart from removing your mouse. ;-))
    And, even the red X or cancel button is not safe to click on since it may have been reprogrammed to mean yes in any case. Safest when prompted unexpectedly is to go into task manager and kill the browser (or whatever the vector is) there.

  9. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    Granite Falls, NC
    Posts
    17
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Freeloader45 View Post
    What version of java are you using. Would recommend the latest version which patches known problems with prior releases, which may preclude the possibly of a java script on a webpage from running and installing the software. You might want to uninstall older versions, also .... just to be safe. Normally, these programs are installed by the user because of a popup saying that their computer maybe compromised and no spyware/malware software has been detected - do you want to fix this? You click on the box and it installs. But, you say I clicked on the red x icon to close the popup or selected the box that said "exit" or "whatever", well these can also be bogus (part of the overall image) and still install the software. The only possible safe way to exit the popup would be to close the browser session, or use the task manager to close it.
    Another freebie program might try.... is Spywareblaster. Works mostly as a preventative program that restrict activex programs, certain dll's from running in IE and firefox.
    http://www.javacoolsoftware.com/spywareblaster.html
    Will have to manually download updates everyso often, and select the enable all protection buttons, then close the program and your done. Just repeat the process once or twice a month, or so.

    I now have Java switched off just as a prophylactic measure. That was the first step after getting the system back up. Thanks for the confirmation Java may be a problem.

    FYI: Closing the AV.EXE program via Task Manager doesn't help. As soon as I saw the first sign of trouble I killed everything that truly wasn't critical via Task Manager.

  10. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    Granite Falls, NC
    Posts
    17
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Byron Tarbox View Post
    And, even the red X or cancel button is not safe to click on since it may have been reprogrammed to mean yes in any case. Safest when prompted unexpectedly is to go into task manager and kill the browser (or whatever the vector is) there.
    Unfortunately Task Manager doesn't kill it either. While malicious, this is a carefully crafted bit of of code in that it convincingly mimics the look and feel of Windows' warnings and circumvents the prudent steps a user employs to avoid infection.

    I'm not lauding the programmer as s/he is despicable. They should earn an living using their talents more intelligently.

  11. #11
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    South of the North Pole
    Posts
    919
    Thanks
    0
    Thanked 0 Times in 0 Posts
    And, even the red X or cancel button is not safe to click on since it may have been reprogrammed to mean yes in any case. Safest when prompted unexpectedly is to go into task manager and kill the browser (or whatever the vector is) there.


    Unfortunately Task Manager doesn't kill it either. While malicious, this is a carefully crafted bit of of code in that it convincingly mimics the look and feel of Windows' warnings and circumvents the prudent steps a user employs to avoid infection.

    I was refering the task manager method to a period prior to the aquirement of the malware--when the initial prompt displayed, if any were made, then use task manager to kill Firefox without any further interaction with the browser. You've progress beyond that point, if that was the path, and task manager is subsequently not a useful tool in that respect.

  12. #12
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Quote Originally Posted by Peter Johnson2191 View Post
    Are you using the NoScript plugin for Firefox? I have it installed and never allow scripts for any site unless I trust the site implicitly; and I trust very few sites.

    I just added Noscript, thanks for the info.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  13. #13
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I just found this reference It may be too late but perhaps it will help others.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  14. #14
    New Lounger
    Join Date
    Dec 2009
    Location
    Granite Falls, NC
    Posts
    17
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Post

    Quote Originally Posted by Ted Myers View Post
    I just found this reference It may be too late but perhaps it will help others.
    Thank You --- They recommend a variation on what I did.

    The inference in the article that a user has to be technically naive to get infected by this one is both condescending and misleading. The reason I posted here was I executed all the right steps... never clicked anything except right mouse on the task bar to access TaskManger. I proceeded to kill everything and then rebooted. 99.9% of the time that approach is sufficient to thwart any attack as the "message" is a screen display until it tricks the user into inadvertently installing it. However, as I have since learned, this bit of code seems to hijack via java and the browser. Running the NoScripts add-on to Firefox seems to work although I am not about to visit Social Wallpaper (a heretofore benign website) to press my luck.

    Unless the definition of porn has changed, desktop images of landscapes are not usually considered erotic. That said, I never got the full story on 'the birds and the bees' so perhaps mountains, sunsets, oceans and rivers are hardcore for some creatures.

  15. #15
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    South of the North Pole
    Posts
    919
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It's been my observation, as a red-blooded North American male of single and unattached status (harrumph harrumph!!), that while there certainly are many threats on the dark side of the Internet street, far and away, or at least equally as much, social networking sites are the real pot of potential ill-gotten gains. There was a recent story of a person's facebook account being hacked and so access to that person's friend network was established and I'm sure its pretty obvous how successful malware can be spread then with contextually pertinent content between "friends." Facebook, Twitter, MySpace, YouTube...hackers are going to go where the richest feeding grounds are. We have to recognize it from that perspective and not from a site content perspective.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •