• There seems to be an uptick in Political comments in recent months. Those of us who are long time members of the site know that Political and Religious content has been banned for years. Nothing has changed. Please leave all political and religious comments out of the forums.

    If you recently joined the forums you were not presented with this restriction in the terms of service. This was due to a conversion error when we went from vBulletin to Xenforo. We have updated our terms of service to reflect these corrections.

    Please note any post refering to a politician will be considered political even if it is intended to be humor. Our experience is these topics have a way of dividing the forums and causing deep resentment among members. It is a poison to the community. We appreciate compliance with the rules.

    The Staff of SOH

  • Server side Maintenance is done. We still have an update to the forum software to run but that one will have to wait for a better time.

Virus Alert

aeromed202

aeromed202

SOH-CM-2014
I got whacked by one two days ago. It appeared as the usual pop-up window warning I was infected and that I should scan immediately. The little icon was similar to but not the same as AVG or Microsoft. While I pondered the next move, other balloons popped up with buttons to either purchase brand-x anti-virus software ( some name like "Defender" in the url that was trying to load) or continue to be vulnerable. Of course either option led to more pop-up windows, one showing a scan by brand-x in progress. Worse still was that this virus prevented me from opening any other application from any place on the desktop or file tree.
Lucikly I could still log off ( Win XP Home) or re-start. And more fortunately, the other user account seemed unaffected. I could run anything from there. Revo, AVG, Malware, Adaware, couldn't find anything to uninstall or delete. What seemed to work was to carefully migrate a minimum of known good things and files to the good user account via an external HD and then delete the bad account. The problem was swept away in the process. Another re-install avoided.

ARRG!! Much pain and suffering to all hackers :angryfir: !!
 
I got whacked by the same thing about 3 weeks ago. How and/or why is still a mystery. It overrode every attempt I made to stop it. Even in safe mode it maintained control and thwarted any attempt to activate any cleaners or virus software. It was a bit slow in activating itself and I was finally able to beat it to the punch (timing was everything) by getting into safe mode with internet connectivity. Then I was able to redownload a couple of cleaners and run them. After that, my antivirus (avast), which is usually very good, was able to run and eliminate the final remaining tidbits. All in all, it probably took me six hours of fighting to win the battle.

Needless to say, I have boosted my protection even further.
 
The same thing happened to the wife's laptop a couple of weeks ago, except I couldn't shut down Windows. I had to remove the battery to reboot. Everything loaded just fine and AVG didn't find anything. Fortunately, she's a sharp cookie and didn't click anything. No damage.

Bob
 
i don't know where you guys are going to get these things, but i never see them. i know they're out there, but haven't seen one yet.
 
Same one got me last year, the window popped up with a microsoft logo and said my PC was infected with over 2000 viruses so I was a little suspicious, ran my anti-virus, norton 360 it told me I had a virus and to reboot. Did that and it wrecked my system, had to get a guy in to wipe everything and start from scratch.
Hope that little F###ER and the one that hit Avsim come to a terrifying and agonising end :violent:
 
Right now, reports have it that social networks are the prime targets for this crap.

If you are on Facebook, Myspace, or any other of these social networking traps, there is a better than average chance of you picking up a computer disease from there than anywhere else at this time.
 
My wife's aunt called me yesterday...she had that same thing pop up. I totally rebuilt her system not too long ago...and all has been quiet..until yesterday. I told her what to do, how to update her anti-virus, how to start a full system scan....it came back clean. I have no idea where she goes on the internet, but her system is constantly getting attacked....it won't be long before I get another call from her asking me to come fix her computer.

I got nailed Friday night/Saturday morning....and nailed hard. It was my fault. I was looking for info on a WW2 Ship Identification Training Kit that I have in my collection. One of the search results was from Russia and every early warning system I have installed was telling me that the site was a high risk site...heck they even prevented me from going to the site. I disabled them, went to the site. And paid the price! The nasty punched through my anti-virus, shut down my fire wall, and before I could stand up, reach the router and unplug my system from the net.....nearly 100 viruses were on my system. A full deep format and a reinstall of the OS and everything is good again....but if I had done the smart thing...the thing I knew I should do...and avoid that site my system would not have been hit.

OBIO
 
There seems to be a common theme here with russian sites. Over on the MAIW forums someone got hit by a virus off avsim.ru hidden in an installer that his anti-virus didn't pick up.
 
The wife was on AOL and checking her e-mail. I think the 'culprit' was an attachment. She's in the habit of immediately trashing spam and other messages from sites she doesn't know, so I think it was an attachment a 'friend' sent her, but I don't know which one. I told her to note if one of her friends have been absent since then; perhaps THEY had a 'Gotcha'!! Won't break my heart in the least.

Bob
 
My cousin got nailed on facebook the other day - sent private messages to every one of her friends - me included. I was an idiot and clicked on the link in the message (supposedly from youtube), which took me to some non-website. I heard later that it was downloading viruses onto people's machines, but for some reason didn't do it to mine, or my a/v and firewall blocked it without notifying me.
 
cheezyflier said:
i don't know where you guys are going to get these things, but i never see them. i know they're out there, but haven't seen one yet.
Click to expand...

The last time I saw one like this was at www.palmbeachpost.com it is the local news paper here. It was embeded in an add they had posted on the site. It was part of a rotation of adds so it did not show up all the time only when the web site choose to send that add to the requesting web browser.

I also had some one using my old laptop they were on myspace again it was buried in an add.

Neither time was I infected the key is to not press any of their buttons prompting you to confirm or refect the scan or what ever it is they are asking you to do.

The first thing to do is disconnect from the internet by pulling the network cable or If you are on wireless shut off the wireless card or power down your access point that will stop any pop ups that they may call on next. . Then hit the X in the upper right hand corner and exit the window. Do this for anything else that might pop up.

Because you did not knowingly or unknowingly confirm anything it should have been stopped. That is how it worked for me twice and my wife once.

Now to put yourself at ease run your anti virus and malware software. You should have no infections.
 
When this happens, unplug your computer as fast as you can.... That is the fastest thing you can do to intercept and stop the upload. Switching off your computer will take too much time.

Great thinking on the removeall of the battery. Macs dont do that, if I am correct, the battery is in the case, not removeable like that.. arrgh.

If this happens, pull the cord, wait, then reboot...


I was at a Font site when this happened to me 2 years ago. Its happened a couple of times and I was able to thwart it by unplugging.

Even one of my webpages is presently contaminated. Yahoo says I have to fix it and I cannot even find the bug... arrgh. (Yahoo small business site. Dont you think they should manage it for you since you are 'renting' space from them? crazy.... ).


Bill
 
Yup
My missus pooter and 2 laptops on our network got infected with Instmsx.exe
It was a nasty little hard to kill sucker of a worm,it drops the firewall and hides copys of itself in multiple unrelated
files.The only common factor was all the systems effected had been at some time on facebook,not saying facebook is the problem just that some app or associated app that is used must have been responsible ...as my missus is addicted to farm geto and farm vile :)
Wozza
 
I think I got it from a Rus site by following a link from here. I was looking into a panel or something related to a chap with a veering problem on a beta Russian airliner. Wish I hadn't.

I almost got into trouble at work once. I was looking up bloody trauma pictures for a presentation and four days later was hauled into the office to answer questions about porn sites. Not this boy, I said and promptly marched into the HR office with supervisor in tow. HR showed me a printout of sites I was visiting and I go yep, yep, yep, no, yep, no... Puzzled, I sat down at HR's desk and went to the sites on the list. Well, well, her printout showed she hit same porn sites. Legitimate sites were ghost linking to the porn, showing nothing on the screen but it was captured by the monitoring system. I guess we're done here was my only comment. That was very sweet. So even trusted sites can harbour evil stuff.

Some mentioned quickly pulling the plug, is this the internet or power plug? Anyway, my little problem seems to have been fixed by deleting the user account. Time will tell.
 
stopping the flow of bits ... the fastest way is to break the internet connection if you can. I have T1 running from my puter to my router, the router is within arms reach of the puter ... a quick flip and the T1 is out of the router and all is good. :)
 
.
This stuff is getting beyond bad.

My security systems have been updating with megabytes of new definitions & updates every single day now for weeks. Much greater than usual.

A cyber-war is certainly being presently waged in force, an economic & malicious one. It is getting nearly overwhelming.

.
Snuffy- Good tool, guy, as well as applying it when needed.
.............My DSL modem is connected to a separate surge protection unit.
.............. 1st sign of trouble: *click*
.
 
Yeah, they tried to get me too. It was a software company that was an XP antimalware something or another that altered the registry file so that whenever I went into the security center it redirected me. I used msconfig to disable it and then followed it's path on my HD and deleted it. Then went into the regedit and changed everything back to normal. It shut down Microsoft firewall and MS Security Essentials anti virus programs and redirected to theirs. I never let theirs scan my computer, but it was a bugger to find and shut down and delete.

HiJack This did not find it, but Spybot S&D from Lavasoft did, even after I disabled it and thought I deleted it.

Now all is good. I uninstalled MS Security Essentials and reloaded my Army provided Norton Endpoint firewall and antivirus program.
 
You must log in or register to reply here.
Back
Top