Ad Popups, Viruses, Malware

[Rick]

Spammers come and spammers go but occasionally one will be particularly ugly by including ad popups, viruses or malware or spyware within the link they post. If you don't have the necessary software to counter these threats then they can easily hose your computer.

When you see a web site link within the body of the post from a brand new member or someone you do not know DO NOT click on it. The forum does not allow members to post links to their web sites within the body of the post. This is just one more reason for that. You can certainly report the post but allow one of the mods to review it before you click on it. Chances are, we'll either remove the link because it violates forum policy or remove the entire post because it is spam.

Anyone can link to another site that they have no financial interest in and there is a lot of great information out there to share by doing so. I'm only talking about links from brand new members or folks you don't know.

This very situation occurred yesterday and a member is battling with repairing their machine today.

Here are some helpful tools that you probably want to have installed so you don't run into problems anywhere. There are a number of good programs out there but I'll list a few here that are free.

Malicious Software Removal: Microsoft

http://www.microsoft.com/security/ma...e/default.aspx

Ad Blockers: Ad Aware

http://www.lavasoft.com/

Spyware: Spybot Search and Destroy

http://www.safer-networking.org/en/index.html

Free AntiVirus: Microsoft:

http://www.microsoft.com/Security_Essentials/

[Ole WV Coot]

AVG anti-virus seems to work better for me and free of course. Ad-Aware works for me and the AVG on mine is set to run a full scan each day as is Ad-Aware. Slows the computer a little but seems to work. CCleaner ain't bad either. Just my not so humble opinion.

[pgvoutdoors]

Thanks for the update Rick. The ugly side of the internet is a big problem. PGV

[Rick]

I agree, CCleaner is very good. But it's design is a bit different. From their web site:

"CCleaner is a freeware system optimization, privacy and cleaning tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it's fast (normally taking less than a second to run) and contains NO Spyware or Adware! "

http://www.piriform.com/ccleaner/download

[Byte Me]

i do computer work for a living. CC cleaner is good. Some of the ones i commonly use are.

avast antivirus free www.avast.com
superantispyware http://www.superantispyware.com/
malwarebytes http://malwarebytes.org/

you have to usually run more than one program to completly remove the spyware infection. If you cant get rid of it let me know and i can log in to your computer with logmein technician console. I use it daily for my clients.

[pocomoonskyeyes]

My 2¢ worth. I have malwarebytes from iYogi, super antispyware, AVG,and ccleaner. Malwarebytes is a program that you have to pay for(at least I did with my iYogi services) Yet some stuff (mostly adware and such) still manages to get through. I try to run most if not all daily. Still for some reason (probably due to the age of my PC) i have problems.

One advantage (for me) is that with my iYogi account,I have tech support on call 24/7/365. If there is something I can't figure out or handle there is someone I can call or message to correct the problem. I have already used there services enough to more than enough to justify the price,as I am not all that "techy".They have saved my PC 2 or 3 times now. They may still have work to do yet.

Some programs pick up things that others miss. Most notably super anti-spyware. It picks up stuff the others miss(adware and junk).

Just last week AVG saved me from opening the latest Virus going around. "UPS Delivery,Tracking number XXXXXX" that came in an e-mail.I was expecting packages too,at the time,and thought it was a valid E-mail.When I tried opening it AVG told me it was a virus and would not let me open it. (Thank Goodness)

OK so there are many "Freeware" and "Shareware" programs out there that can help you save your PC. What are you waiting for? If someone offered you Free Total coverage on your Car insurance I'll bet you would jump all over the opportunity. Yet some of us use our PC more than our vehicle, and don't get protection. Why? I certainly use my PC more than my truck, yet I was one of those that had to learn the hard way. All I'm saying is don't make the same mistake I did. Do a little research,and get protection NOW! I think my PC may have suffered some permanent damage and got protection too late...well better late than never. Otherwise y'all would have never got to know me, or I, you. I can't say y'all would have missed much not having me,But I know I would have missed a LOT not having y'all.

[Winnie]

Thanks for the heads up Rick, I'm a bit careful about where things have come from and Dr Kaspersky is very vigilant!

Another word of warning, be careful where you get these "free" security programmes from, some have allsorts embedded in them.

[rwc1969]

Nothing is free these days. But, the above mentioned ones are good for removing stuff and I've heard AVAST is good, but don't know first hand. I see an awful lot of posts on the malware forums I visit from people using AVAST and such though, so it must not be too good.

AVG8? let's all kinds of stuff thru. The old AVG was good, AVG7?, it's been so long I forgot, but I actually got a virus from their update server so I sent em a nasty letter and quit using it. Many people got viruses from AVG's update server.

Kaspersky, McCaffee and Norton let some stuff thru, and Norton or "symantec" causes apps to hang. But, Kaspersky is by far the best and rated so by many. I like Kaspersky, but I back up all important stuff and only use one machine for surfing. I also accept the slow downs and inability to view certain material on the net which comes with Kaspersky. Basically, if your anti virus isn't slowing you down it's not working or you have an extremely fast machine. Honestly, I think most viruses come from people watching free porn on the net, MySpace and places like that. Cybersex can get you a virus too, who'da thunk it? LOL! If I were gonna do that I'd get a cheap Linux machine and use it for only that one purpose.

I know how to back up, restore from backup and re-install my OS so I'm covered. Unless you back up and know how to restore your data or know someone who will do it for you you are risking a whole lot. Especially if you use that machine for banking, business and such. Considering the high cost and lost time of having a virus removed or paying for data recovery which could be hundreds or thousands of dollars this is the best plan.

If you get a virus you can just re-install your OS and recover all your data in just a couple hours or less with no cost. Even if you pay someone to do it it's much less than having a virus removed and you don't run as high a risk of losing data. There's guys on Craigslist that will do it for 40 or 50 bucks. Besides, you should re-format and re-install your OS annually anyhoo, because of all the junk that gets loaded into it from God knows where.

Also, I store all my important stuff on external drives so if my system crashes I can use any computer to still access my data, pictures, documents and such. But, you have to be very careful about using public computers to view or transmit personal data. Actually you shouldn't use public computers for that.

I'd be real careful using CCleaner or any other registry cleaner as I've seen people ruin their setup trying to clean the registry. Even the most experienced people advise against using registry cleaners. The only right way to clean the registry is to go in and manually remove stuff, but that requires a little know how. Basically, if your registry is overloaded with crap it's time to re-install and get a fresh start. It would probably take less time and you would end up with a much better result.

I've not had a virus since I started paying for Kaspersky, but last year I had a virus stuffed on my flash drive from school, a public computer, along with many other students. It was actually hundreds of viruses and malware all set to look like your documents and settings. When I plugged the flash drive in at home Kaspersky slammed the hell out of it and wiped it out. All I had to do was say yes when Kaspersky asked me if I wanted to remove the viruses and such. KIS actually went into the system behind the scenes after restart and removed everything 100%. All I had to do was click the mouse button two or three times.

I get KIS, Kaspersky Internet Security, through Amazon for about 30 bucks a year and it's the only protection I have other than me personally keeping up on things. A little over 50 cents a week is a bargain to me and I'm a very fruegal kinda guy.

After saying all that though, , I did just upgrade my OS, because my OS's HDD was getting overloaded. Now it makes me wonder if it was actually a virus I got here that KIS overlooked. No biggee if it was because my system was due for an overhaul and I got Windows 7 pro for 30 bucks thru school. The whole process took 40 minutes and I basically have a brand new machine. I loaded all my docs, pics, programs and such back on in another couple hours.

If you get an original OS install/ setup disk with your computer or OS and you make a back up before making any changes, performing a complete re-install is easy. And Windows 7 makes the whole process much easier. It automates most everything and has a good back up program built into it that will import all your settings and such from your old setup. All you have to do is click the mouse button. It will do automatic back ups and create a system disk and a restore disk if you want it to.

I'm no fan of paying for OS's or AV protection, but Windows 7 and Kaspersky are well worth the $$.

[your_comforting_company]

bitdefender offers a free online scanner and malware cleaner as well.. I must say that the program has let a few through when they were brand new.. I should update more often, but AVG is a butt-saver!

When this one expires, I'll be replacing it with Kaspersthingymabob. Thanks for the reviews.

[pocomoonskyeyes]

Well a "Worm" managed to do my old PC in. Even though the programs I had and was using detected it, they could not defeat it. So we ended up getting a newer PC. We are now using "Trend" I think it is called, from "The Geek Squad". I just thought I would mention it as I don't recall seeing anyone else listing it.

[Rick]

Neither PC Net nor CNET seem to rate them very favorably. Frankly, I've never heard of them.

http://download.cnet.com/Trend-Micro...-10440657.html

http://www.pcworld.com/reviews/produ...ware_2010.html

[Winnie]

Everything what RWC said. I've used Kaspersky for years and never had a problem. It's worth every single penny of it's asking price and quietly works away behind the scenes. I don't use registry cleaners, I tried C-cleaner on my old laptop and it messed it up. I would imagine they're OK if you know what you're doing, I don't.

[your_comforting_company]

I guess I'll go ahead and fess up.. I got the virus on my KIDS computer... I thought I had it gone, but there was a hidden startup file under the same/similar name as my bitdefender files.. That computer is trashed... gonna have to reformat it to remove the virus, apparently. I have tried every single AVscan listed here, and one or two from other places. Either I gotta come off $70 for new software, or reformat.. the latter of which is the most affordable right now.

Bitdefender is junk. I called their 24/7/365 tech support and the number for the US is disconnected.. so I tried the canada hotline and it now goes to some Petrol cleanup team like 1-800-Got-Junk.... well, thats what I got.. junk. once a week it seems to need reinstalling / repairing, then there's patches needed to even get it to update..
Stay away from BitDefender, you're throwing your money away.

Work is picking up and I'm getting back to financial stability (slowly) so hopefully AVG will hold me until I can afford Kaspersky (BTW, their online scanner is broken).. now I gotta go reformat the kids pc

[pocomoonskyeyes]

For those who use "Photobucket", it seems that it has a virus there(this from another Forum I am on) If you click on the x or "close" box on the ad pop ups you will download a virus on your PC. To avoid this, click on any place OTHER than the pop up(like if you wanted it to go into the background).

Also, there is an "Anti virus" program that will download on your PC. It is not an antivirus program!! It is the virus. This is what happened to me. It is only is the first wave in an attack that will kill your PC,it ends up with a worm and several Trojans, etc. It is an attack that does NOT stop, it just gets worse!! Eventually you can not even go into "Safe mode", or log on to your PC at all!!

[canid]

had to reinstall winxp on my lady's notebook yesterday.

there have been a lot of browser vulnerabilities published recently, so it was only a matter of time before some new malware was deployed to exploit it.

long story short; she doesn't like to run an internet security suite or av because it interferes with her browsing; and learned a lesson after visiting a lyrics site and ended up with a rootkit which killed spybot s&d, hijacked her browser and quite persistently advertised a fake antivirus in response to any page request.

i didn't attempt to do any forensics, since she needed the box restored ASAP [i would have loved to], but i suspect it implemented one of the several remote vulnerabilities reported for IE in january, which effect numerous versions from IE 6 through 8 [addressed KB-978207] and which allow arbitrary code execution.

a hotfix for these vulnerabilities was released on the first of this month; 4 days before the incident.

moral: keep up wtih your updates, particularly if you forgo hardening your browsing and everyday computing environment. this is why my windows box is virtualized in a VM sandbox, and can be restored to it's post install state with the push of a button [even this can not be relied upon concretely as, for examble, another major guest isolation vulnerability was recently published for VMWare. i don't use VMWare atm, but it again proves that there is no guarantee]

these days; you do not have to open a funny email, or follow a spoofed link to have your box owned by e-criminals. they can opperate seemingly legitimate sites, anonymize their domain registration through rouge, criminal registrars and hosting services like the RBN, and operate from countries where it's not even considerd a crime to steal foreign [read: your] identities for resale.

[canid]

For those who use "Photobucket", it seems that it has a virus there(this from another Forum I am on) If you click on the x or "close" box on the ad pop ups you will download a virus on your PC. To avoid this, click on any place OTHER than the pop up(like if you wanted it to go into the background).

Also, there is an "Anti virus" program that will download on your PC. It is not an antivirus program!! It is the virus. This is what happened to me. It is only is the first wave in an attack that will kill your PC,it ends up with a worm and several Trojans, etc. It is an attack that does NOT stop, it just gets worse!! Eventually you can not even go into "Safe mode", or log on to your PC at all!!

the photobucket incident you are referring to is most likely an XSS/man in the middle attack, where the victim is manipulated to view photobucket through an illegitimate site transparently. this is often done with browser redirection, or host file manipulation. these have been around for years but are becomming increasingly more sophisticated. it could also be a simpler form of site spoofing.

the fake antivirus scam has been around at least as long.

what these attacks have in common is the set of methodologies employed, which are adopted every time a breakthrough is made by the perpetrators of every kind of data-mining scam.

i don't like to be as 'doom and gloom' as some others, or as paranoid, but in the field of internet security and cyber-crime, the threat is real. we are lucky that such a bulk as is is being applied to advertising and marketing manipulation. it's far better than some of the other applications which are on the rise.

[Rick]

http://www.fbi.gov/pressrel/pressrel...fing072103.htm

[canid]

another fine stop-gap, which can never be complete or current, but can help immensely for known malicious hosts, is one of the many DNS blacklists on the net.

evne spybot uses a [relatively] small blacklist as a part of it's immunization proccess. this is a set of domains and ip addresses which are added to the hosts file, and directed to your loopback [localhost], effectively telling your computer to look at itself and give up, rather than try to find those sites.

[canid]

the FBI's pr writers wouldn't know a url spoof from an xss/xshm from an arp cache poisoning attack.

luckily, their cybercrime investigative division does.

[your_comforting_company]

the anti-spyware spoof is exactly the virus I got. It is a real mess.. not sure if even reformatting will help. but I notice every time I reboot the computer, it takes longer and longer to shut down. Luckily all my data was backed up before we got the virus, so it's not a big deal to me, but the kids data... well, I just hope they put it on a cd lol. no telling what is infected by the worm so there's no use backing it up now.

It is an xss hack. here's a fix that is supposed to work, but I haven't tried it yet. got stuff to do today so maybe later (sons birthday )http://siri.urz.free.fr/Fix/SmitfraudFix.exe

the virus is carried by the confinker.e worm and uses the "sysguard" facade, which is the virus itself.. do not under any circumstance buy the software.. you will give them your credit card number... it's apparently a redirect and image-executer virus. it has been known for a long time that myspace has redirect bugs that allow hijackers to pick up and implant.

bad stuff. luckily this computer is okay.. just old and slow like me