• There seems to be an uptick in Political comments in recent months. Those of us who are long time members of the site know that Political and Religious content has been banned for years. Nothing has changed. Please leave all political and religious comments out of the forums.

    If you recently joined the forums you were not presented with this restriction in the terms of service. This was due to a conversion error when we went from vBulletin to Xenforo. We have updated our terms of service to reflect these corrections.

    Please note any post refering to a politician will be considered political even if it is intended to be humor. Our experience is these topics have a way of dividing the forums and causing deep resentment among members. It is a poison to the community. We appreciate compliance with the rules.

    The Staff of SOH

  • Server side Maintenance is done. We still have an update to the forum software to run but that one will have to wait for a better time.

Virus Alert

OOPS Spybot S&D from Safer Networking in Ireland, not Adaware from Lavasoft.

I used to have Adaware, but the program seemed to want to take over my computer resources.
 
I got whacked by one two days ago. It appeared as the usual pop-up window warning I was infected and that I should scan immediately. The little icon was similar to but not the same as AVG or Microsoft. While I pondered the next move, other balloons popped up with buttons to either purchase brand-x anti-virus software ( some name like "Defender" in the url that was trying to load) or continue to be vulnerable. Of course either option led to more pop-up windows, one showing a scan by brand-x in progress. Worse still was that this virus prevented me from opening any other application from any place on the desktop or file tree.
Lucikly I could still log off ( Win XP Home) or re-start. And more fortunately, the other user account seemed unaffected. I could run anything from there. Revo, AVG, Malware, Adaware, couldn't find anything to uninstall or delete. What seemed to work was to carefully migrate a minimum of known good things and files to the good user account via an external HD and then delete the bad account. The problem was swept away in the process. Another re-install avoided.

ARRG!! Much pain and suffering to all hackers :angryfir: !!

What you got was the winworm32.netsky virus. Distribution of this virus for the last year has been traced to North Korea. It attacks via random surf, through email, and is most prevalent in porn sites. It's been around for a while, and many virus scanners can't detect it as it's easily modified. This is the first and only virus I've ever had in over ten years on the web. There is no way to "clean" this virus, you have to rebuild your OS from the bottom up with HD format.

Bones
 
I got whacked by one two days ago. It appeared as the usual pop-up window warning I was infected and that I should scan immediately. The little icon was similar to but not the same as AVG or Microsoft. While I pondered the next move, other balloons popped up with buttons to either purchase brand-x anti-virus software ( some name like "Defender" in the url that was trying to load) or continue to be vulnerable. Of course either option led to more pop-up windows, one showing a scan by brand-x in progress. Worse still was that this virus prevented me from opening any other application from any place on the desktop or file tree.
Lucikly I could still log off ( Win XP Home) or re-start. And more fortunately, the other user account seemed unaffected. I could run anything from there. Revo, AVG, Malware, Adaware, couldn't find anything to uninstall or delete. What seemed to work was to carefully migrate a minimum of known good things and files to the good user account via an external HD and then delete the bad account. The problem was swept away in the process. Another re-install avoided.

ARRG!! Much pain and suffering to all hackers :angryfir: !!


I had the same one back in October , had to re-install to get everything.
 
Now I've got persistent DEP windows knocking me off from about every site including this one. Never even heard of it until as part of the hack I had to re-verify I had genuine Windows. For cripe sake they know all about me, so they must have know I paid through the nose to put XP on this thing! So after I did that I suppose some NEW thing was pushed down my rigs gullet from MS, to make me safer don't you know. Now this fool DEP thing is on the prowl. I followed the steps to turn it off for IE8 without success. Now I'm trying other browsers. At least I can still fly in relative peace.
I think it is high time we bribed some ace hackers for ourselves. They could invent a barrier that also sends out destructive pulses or software automatically back to the villian's PC, or maybe just reflecting the hack back to the source would be enough. :pop4: :jump: Oops, just got another DEP window...

Could this feature be tripping up on active-x things, Adobe, Flash Player, or other things that automatically kick in to show a page?
 
Okay guys, don't reinstall your OS.

It is resident in your windows/prefetch folder and is AVE.EXE-(numbers).pf

Just run a search on your HDs for AVE.EXE it is usually two files.
Once you delete these two files, it stops.

DD73
 
I got nailed three weeks ago by the same thing. Blew through my Firewall from an embedded ad on a site I go to all the time. (Had it happen a year ago from another site I frequent via the same procedure)

First time, Malware Bytes fixed things. Last time I got hit, none of my AV programs would run. I was able to get a new copy of Bit Defender to download and run after killing the virus with End it all (I usually use this to clear resources after running Game Booster before I fly) This gave Bit Defender time to start it's scan before the virus could reboot.

All has been good since.


Brian
 
One of our company computers got this one a few weeks ago, Norton tech support spent 7 hours helping me remove it, they claim they can immunize against this one as it's a 'chameleon' virus and advised we keep a registry backup on removal media if we need to restore again. They got it removed, and have our logs, their guys are working on a solution. Their corporatate support is amazing, I can't complain about them anymore.
 
Yup
My missus pooter and 2 laptops on our network got infected with Instmsx.exe
It was a nasty little hard to kill sucker of a worm,it drops the firewall and hides copys of itself in multiple unrelated
files.The only common factor was all the systems effected had been at some time on facebook,not saying facebook is the problem just that some app or associated app that is used must have been responsible ...as my missus is addicted to farm geto and farm vile :)
Wozza

Farmville is said to be really addictive... The game is a 'online' game, which means its running virtually. I think they are usually Java programs.

I keep hearing that if you get an 'update' in the Facebook website, dont do it... I have one in que and I'm not touching it, lol..

The wierd thing is that when you read about these, you find that they usually always have 3 types of files related to them, their primary 3 program files. But, they deposit them in several locations. Further, when you think you have deleted them all, you boot up your computer and its back again.

Some tricks for deleting them when they refuse to be deleted, is to rename them a TXT file, etc. Then you can delete them, (if they have set themselves as being 'non-deleteable' and this is only sometimes that you can do this).

A self healing virus.. grim.... Take these bad guys out and drop them off in a north korean prison!


Bill
 
.
Was offline for 7 hours, updating my security suite software just before going to bed. When clicking on the update link again 2.31 megabytes of new definitions & updates were downloaded... in just 7 hours. My assertion above continues.

Anyone else happen to have noticed this increased size of daily security/antivirus/anti'pooter-crud downloads these last couple of weeks?
.
 
.
Was offline for 7 hours, updating my security suite software just before going to bed. When clicking on the update link again 2.31 megabytes of new definitions & updates were downloaded... in just 7 hours. My assertion above continues.

Anyone else happen to have noticed this increased size of daily security/antivirus/anti'pooter-crud downloads these last couple of weeks?
.


http://www.washingtontimes.com/news/2010/mar/24/cyber-attack-on-us-firms-google-traced-to-chinese/
 
Well the search for AVE.EXE turned up nothing. Is it gone? That BitDefender looks pricey, same as McAffee which I used to have. Wonder if it would have caught this thing. I only dropped it because AVG seemed just as good for free. It certainly has worked for 2 years until this.

The crap just keeps pouring down so a leak or two is inevitable.
 
The same thing happened to the wife's laptop a couple of weeks ago, except I couldn't shut down Windows. I had to remove the battery to reboot. Everything loaded just fine and AVG didn't find anything. Fortunately, she's a sharp cookie and didn't click anything. No damage.

Bob



AVG will not find anything usually..neighter will Norton, MacAfee, trend..You name it..

That is what those trojans do, first hit (in minutes) are the definations that see them..Now go scan 100 times and it will never find a thing.

next is Windows updates..

Then your Internet comection

then it hits safe mode, then D/ recovery...

Better have a complete back up disk..you will need it..

i fix them every day just like that...





Freeware??? Shakes head....
 
Farmville is said to be really addictive... The game is a 'online' game, which means its running virtually. I think they are usually Java programs.

Bill
Lol yeah it is My missus spends about 5 to 8 hrs a day on it :) keeps her of my back so alls good ;)

This latest batch of nastys has got me thinking that some of these fly by night scanners writers are also modding the virus code.I found very little info on the exe's I was chasing and a vague link to a scanner which would find the nasty but wants you to purchase the full vers to remove it....... yeah right ....Its all a bit sus if you ask me, its in the virus scanners makers best interest if more new virus pop up ;)
 
Oh yeah, I have re-format and re-boot disks ready. And I'm done with IE too for now. I know most people say what too you so long but I liked the interface and that I can manage favorites through Windows Explorer. Now I'm back to Firefox because of the DEP thing. Just can't shut it off or make it behave.
 
My next door neighbor is really into Farmville. She keeps sending me all sorts of cr*p related to the game. If it tends to 'collect' viruses and other nasties, I'd better brush up since she has me fix her pc problems. She's a Veterinarian and keeps our dog and two cats in the peak of good health. It's a nice trade-off.

Bob

Hmmmm. Better pay her a visit this evening and see if everything is current and updated. BTW, the Boss will go, too.
 
Stay away from farmville. It's addicting and takes you away from flightsim. I can only really service one addiction at a time.
:ernae:
 
.
That was quite the article, Snuffy, thank you. Indeed, it may or not be China but it most certainly is .from a major cyber power or powers. Am thinking that some are from originating from China, yes, though there are some mighty heavy hitters these day arrising out of North Korea & others as well.

It's getting to the point of my considering going offline again & making mine a dedicated fs rig, accessing the web with a seperate computers available to me here.
.
 
I caught that comp virus a couple of weeks ago. Never worried much about such because I never open anything unfamiliar and avoid fishy sites, figured Windows Defender was enough. First saw it when clicking on a photo attachment on Facebook. It laid low for a while and then pretty much locked my computer a week or so later.
Got advice to run Windows System Restore.
That allowed me to download and run Malwarebytes and TrendMicro antivirus/antispyware programs.
Identified it as Koobface and another threat and deleted.
Please stay away, viruses, 'cause I would keel you ...
jbtate
 
Back
Top