Virus and keyloggers on my350z
#81
Registered User
iTrader: (12)
Join Date: Jun 2003
Location: Little Rock
Posts: 2,332
Likes: 0
Received 0 Likes
on
0 Posts
ad feeds should have been cut on Friday until they could track down the offender. heads should roll for this (or at least the ad network). 4 hours is understandable, 4 days can't be excused. It's happened to the biggest net properties, but it rarely goes on for more than a few minutes or hours at most. I hope IB demands some accountability from whomever approved these malicious ads. While I believe it's the ultimate responsibility for everyone to protect their own machines and practice safe browsing, this isnt the type of place you'd expect to have to sandbox your browser to visit.
I feel bad for anyone who had their work machine exploited. Again, ultimately, it's your responsibility for your own machine at work, but I bet alot of people have some explaining to do that they really shouldn't have had to worry about.
I feel bad for anyone who had their work machine exploited. Again, ultimately, it's your responsibility for your own machine at work, but I bet alot of people have some explaining to do that they really shouldn't have had to worry about.
#83
Design Engineer
iTrader: (22)
ad feeds should have been cut on Friday until they could track down the offender. heads should roll for this (or at least the ad network). 4 hours is understandable, 4 days can't be excused. It's happened to the biggest net properties, but it rarely goes on for more than a few minutes or hours at most. I hope IB demands some accountability from whomever approved these malicious ads. While I believe it's the ultimate responsibility for everyone to protect their own machines and practice safe browsing, this isnt the type of place you'd expect to have to sandbox your browser to visit.
I feel bad for anyone who had their work machine exploited. Again, ultimately, it's your responsibility for your own machine at work, but I bet alot of people have some explaining to do that they really shouldn't have had to worry about.
I feel bad for anyone who had their work machine exploited. Again, ultimately, it's your responsibility for your own machine at work, but I bet alot of people have some explaining to do that they really shouldn't have had to worry about.
#84
Registered User
iTrader: (12)
Join Date: Jun 2003
Location: Little Rock
Posts: 2,332
Likes: 0
Received 0 Likes
on
0 Posts
I hope that people who are reporting repeat infections late today are really just seeing the same infection. It can't possibly be still lurking around... I'd really like to think that.
Out of respect for the site, I generally wouldn't visit with an Ad Blocker and noscript. But I'm not sure there's a safe option until we hear how this happened and how it should be prevented in the future.
I wonder if anyone got this will fully patched flash? no flash installed? I've been blocking flash (although it is installed) for weeks. a complete PITA, but I'm not sure when it will be safe to run Flash again.
Out of respect for the site, I generally wouldn't visit with an Ad Blocker and noscript. But I'm not sure there's a safe option until we hear how this happened and how it should be prevented in the future.
I wonder if anyone got this will fully patched flash? no flash installed? I've been blocking flash (although it is installed) for weeks. a complete PITA, but I'm not sure when it will be safe to run Flash again.
#85
Professional
iTrader: (2)
Join Date: Jan 2006
Location: Virginia
Posts: 4,398
Likes: 0
Received 0 Likes
on
0 Posts
ad feeds should have been cut on Friday until they could track down the offender. heads should roll for this (or at least the ad network). 4 hours is understandable, 4 days can't be excused. It's happened to the biggest net properties, but it rarely goes on for more than a few minutes or hours at most. I hope IB demands some accountability from whomever approved these malicious ads. While I believe it's the ultimate responsibility for everyone to protect their own machines and practice safe browsing, this isnt the type of place you'd expect to have to sandbox your browser to visit.
I feel bad for anyone who had their work machine exploited. Again, ultimately, it's your responsibility for your own machine at work, but I bet alot of people have some explaining to do that they really shouldn't have had to worry about.
I feel bad for anyone who had their work machine exploited. Again, ultimately, it's your responsibility for your own machine at work, but I bet alot of people have some explaining to do that they really shouldn't have had to worry about.
Honestly, it's kinda sad that until "bigger" names and mods entered into the equation nothing seemed to be getting done about it.
Even a warning would have been nice...instead of hiding a little thread in the "Feedback" section where maybe 20% of the people go?
#86
Banned
iTrader: (37)
Join Date: Jul 2008
Location: Charlotte / Raleigh, NC
Posts: 3,525
Likes: 0
Received 0 Likes
on
0 Posts
ARE YOU SERIOUS? that is from this site? i got it randomly yesterday and if this site is the reason for this nearly-impossible-to-delete ****, then we'll put our vendorship on hold until its resolved. i spent hours yesterday trying to shake XP defender and cant. truly ridiculous that its coming from this site, whether its from an ad feed or whatever.
This computer sees 3 websites and 3 alone, so it probably is here.....*super face palm*
This computer sees 3 websites and 3 alone, so it probably is here.....*super face palm*
#87
New Member
iTrader: (13)
yah getting rid of the stupid vista 2010 defender was a bit tricky on my other vista laptop at home, there is no simple "just install and run this program", i had to play with the registry manually, i wasnt sure the fix.reg was gonig to do it...... the one i am using now was well protected (win7)......still
this is BS and i hope to hear more from the staff on this.
this is BS and i hope to hear more from the staff on this.
Last edited by IIQuickSilverII; 03-09-2010 at 08:09 AM.
#88
Registered User
iTrader: (12)
Join Date: Jun 2003
Location: Little Rock
Posts: 2,332
Likes: 0
Received 0 Likes
on
0 Posts
seriously, I posted wayyyy up on the first page, this can be knocked out in a matter of minutes, if not seconds. Head over to the malwarebytes site, then contact us, then forums. Or use my links. down the page there are instructions to remove just about every infection out there right now. They tell you how to get Process Explorer to stop the process, then how to rename malwarebytes so it will run unseen by the other part of the rogue software. After that, youre one scan and reboot away from being rogue free. However, that wont stop you from being jacked again.....
Just to come back to see this thread, I'm running Firefox, with noscript blocking flash and ADP ad blocker add-on.... and I'm in a sandboxed browser thru Kaspersky's Run Safe. But free sandboxie would have also worked.
Just to come back to see this thread, I'm running Firefox, with noscript blocking flash and ADP ad blocker add-on.... and I'm in a sandboxed browser thru Kaspersky's Run Safe. But free sandboxie would have also worked.
#90
Registered User
iTrader: (12)
Join Date: Jun 2003
Location: Little Rock
Posts: 2,332
Likes: 0
Received 0 Likes
on
0 Posts
I would consider that a failure of sorts. It tried to execute, which probably means malicious code managed to wiggle into your temp storage. You got lucky. Don't leave it up to your AV to protect you. Lock down your browser.
Last edited by tware; 03-09-2010 at 09:13 AM.
#92
Banned
iTrader: (24)
Join Date: Dec 2005
Location: LA, CA
Posts: 106
Likes: 0
Received 0 Likes
on
0 Posts
I got it 3 times already. I had no idea it was from this site. HOW SAD no one is doing anything about it. I found an easy solution tho. It leeches on to your registery files so all you have to do is fix the registery files into the original default mode. There's no reset button so you have to download a file called FixExe.reg it's small file. You just download it and double click it and it does everything by itself. Viola. back to normal. Those xp antivirus 2010 or other similar named ones are VERY annoying. MAKE SURE you Run it in safemode to get to the website so it won't block you. Or download the file from another comp and transfer it using usb drive or something. That malware site the guy above me said has that file too.
#93
Registered User
iTrader: (12)
Join Date: Jun 2003
Location: Little Rock
Posts: 2,332
Likes: 0
Received 0 Likes
on
0 Posts
"What would you recommend for the browser?"
My recommendation would make the internet suck for a few days until you manually whitelisted all the trusted scripts. And vids dont load until I click on the box and allow them to run. FF with noscript and ABP add ons for me. My wife is not exactly tech savy but within a few minutes, she was figuring out how to whitelist scripts with noscript. If you go to ebay or paypal, and 1/2 the page is blank, youre missing a script. You right click on the little noscript S in the bottom corner and "allow ebay.com" or "allow my350z" and so forth.
My recommendation would make the internet suck for a few days until you manually whitelisted all the trusted scripts. And vids dont load until I click on the box and allow them to run. FF with noscript and ABP add ons for me. My wife is not exactly tech savy but within a few minutes, she was figuring out how to whitelist scripts with noscript. If you go to ebay or paypal, and 1/2 the page is blank, youre missing a script. You right click on the little noscript S in the bottom corner and "allow ebay.com" or "allow my350z" and so forth.
#95
Registered User
iTrader: (12)
Join Date: Jun 2003
Location: Little Rock
Posts: 2,332
Likes: 0
Received 0 Likes
on
0 Posts
btw, the most nefarious thing is the next version of this actually mimics legit AV.. I mean, down to the logos.. not only do you not know it's disabled your real AV, but when you 'renew', which pops up right away, they are actually getting your info. F'n evil... so keep an eye on that. The fakes are easy to spot if youre paying attention.
#99