EXTREME Malware alert - Chevelle Tech
Bug Hunt Computer related problems
Virus warnings - Technical help.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
post #1 of 36 (permalink) Old Nov 22nd, 09, 10:48 AM Thread Starter
Moderator
Matt
 
Join Date: Jan 1999
Location: Western CT
Posts: 1,401
Send a message via AIM to Matt Smith Send a message via MSN to Matt Smith Send a message via Yahoo to Matt Smith
EXTREME Malware alert

Guys,
There's a new, highly insidious type of malware going around that works like this. You surf to your favoraite website and as soon as it loads your browser window dissappears and you got a dialog box that look similar to what's below:

Code:
WARNING!!  YOUR COMPUTER IS INFECTED WITH VIRUSES.  DOWNLOAD CYBERPROTECT NOW TO PROTECT YOUR COMPUTER!
You will have your usual ok and cancel buttons.

WHATEVER YOU GUYS DO DO NOT TOUCH THAT BOX. PRESS THE POWER BUTTON!!!!

If you do ANYTHING with this box you will infect your computer with some very nasty Trojans and spyware and you will have to REFORMAT your computer to get it clean. I had a client on Cape Cod with one of my custom built machines panic and say ok and let the damn thing install. She took it to her local guy and he worked on it 3 days solid and it's still not right. It's now being shipped down here for a format job. Even up to date AV can't stop these things. Only education can. Guys take notice.

Owner, Litchfield County Computer, LLC
http://www.litchfieldcountycomputer.com

Admin, Chevelle Talk
http://www.chevelletalk.net
Matt Smith is offline  
Sponsored Links
Advertisement
 
post #2 of 36 (permalink) Old Nov 22nd, 09, 11:02 AM
Lifetime Premium Member
Dan
 
Join Date: Nov 2005
Location: SW Kansas
Posts: 3,705
Re: EXTREME Malware alert

Thanks for the heads up. Where does this malware come from? How does a hot shut down keep this from coming back?
Racing is offline  
post #3 of 36 (permalink) Old Nov 22nd, 09, 11:08 AM
Tech Team
 
Join Date: Jun 2009
Location: Reno, NV
Posts: 509
Re: EXTREME Malware alert

I have experienced some similar types of malware. One of them would not allow any program to open for more than 1 second, browser, word, any executable. What fixed it was - Panda Antivirus. Panda allows you to make a bootable CDRW and will scan and cleans at the boot level.
Berto is offline  
 
post #4 of 36 (permalink) Old Nov 22nd, 09, 11:28 AM
Lifetime Premium Member
Shane
 
Join Date: Oct 2006
Location: N.E.Pennsylvania
Posts: 5,550
Re: EXTREME Malware alert

Last one I had like this I just did a restore...

New oil is cheaper than new parts
fishhead is offline  
post #5 of 36 (permalink) Old Nov 22nd, 09, 11:28 AM
Lifetime Premium Member
Dan <> TC #4690
 
Join Date: Jun 2008
Location: Seattle
Posts: 1,761
Send a message via Skype™ to 1969 El Camino Dan
Re: EXTREME Malware alert

Quote:
Originally Posted by Berto View Post
I have experienced some similar types of malware. One of them would not allow any program to open for more than 1 second, browser, word, any executable. What fixed it was - Panda Antivirus. Panda allows you to make a bootable CDRW and will scan and cleans at the boot level.
How did you get it in the first place??

Dan
1969 El Camino Dan is offline  
post #6 of 36 (permalink) Old Nov 22nd, 09, 11:33 AM
Tech Team
 
Join Date: Jun 2009
Location: Reno, NV
Posts: 509
Re: EXTREME Malware alert

it wasn't mine. I went to someone's house in need of help. I suggested a reformat but they did not want to have to reload software and be concerned of lost data, kids school projects online etc. It took me the longest time to figure out how to get something to install since I couldnt even open a browser. I didn't have my laptop or any other pcs with me for assistance so I had a friend d/l panda to my webserver and opened an ftp session through the cmd box to d/l panda to the pc.

Panda actually would not allow the malware to close its executable, (i had read something about it once before) then panda wouldnt install because of AVG being installed and it being a conflict, but I couldnt uninstall aVG because of the same reason, the uninstall exe would open for a second and then stop. At that point I had to cut AVG out of the registry in safe mode and reboot 4 times and keep cutting it out. Finally Panda installed. Panda made its own CDRW boot disk and ran it and it cleaned out most of the malware. I still had a few issues but at that point I was able to open Hijack this and cut the rest of the malware out. After I had successfully stopped the processes I was able to delete the folder it had made and remove the registry portions of the malware. Before I got Panda running I would delete the malware files and they would recreate themselves right before my very eyes.

The pc is running fine now, its been about 5 weeks
Berto is offline  
post #7 of 36 (permalink) Old Nov 22nd, 09, 1:35 PM
Lifetime Premium Member
Dan <> TC #4690
 
Join Date: Jun 2008
Location: Seattle
Posts: 1,761
Send a message via Skype™ to 1969 El Camino Dan
Re: EXTREME Malware alert

Quote:
Originally Posted by Matt Smith View Post
Guys,
There's a new, highly insidious type of malware going around that works like this. You surf to your favoraite website and as soon as it loads your browser window dissappears and you got a dialog box that look similar to what's below:

Code:
WARNING!!  YOUR COMPUTER IS INFECTED WITH VIRUSES.  DOWNLOAD CYBERPROTECT NOW TO PROTECT YOUR COMPUTER!
You will have your usual ok and cancel buttons.

WHATEVER YOU GUYS DO DO NOT TOUCH THAT BOX. PRESS THE POWER BUTTON!!!!

If you do ANYTHING with this box you will infect your computer with some very nasty Trojans and spyware and you will have to REFORMAT your computer to get it clean. I had a client on Cape Cod with one of my custom built machines panic and say ok and let the damn thing install. She took it to her local guy and he worked on it 3 days solid and it's still not right. It's now being shipped down here for a format job. Even up to date AV can't stop these things. Only education can. Guys take notice.
I don't see how you will get this kind of a Malware attack from a friendly website, such as T/C or other useful place. It's the "other" kind of places you need to worry about, including places that show up in a search engine!!! Make sure you know and trust the URL that you are being directed to.

Matt, would Alt F4 close this without the hot power down?
I've never seen it, and hope I don't!!

Dan
1969 El Camino Dan is offline  
post #8 of 36 (permalink) Old Nov 22nd, 09, 2:34 PM Thread Starter
Moderator
Matt
 
Join Date: Jan 1999
Location: Western CT
Posts: 1,401
Send a message via AIM to Matt Smith Send a message via MSN to Matt Smith Send a message via Yahoo to Matt Smith
Re: EXTREME Malware alert

Quote:
Originally Posted by 1969 El Camino Dan View Post
I don't see how you will get this kind of a Malware attack from a friendly website, such as T/C or other useful place. It's the "other" kind of places you need to worry about, including places that show up in a search engine!!! Make sure you know and trust the URL that you are being directed to.

Matt, would Alt F4 close this without the hot power down?
I've never seen it, and hope I don't!!

Dan
Dan,
As far as I have seen no. The dialog box is set to be what we call System Modal, which means you HAVE to respond to the box before you can do anything else. In Windows, if you press and release the power button, it starts a shutdown sequence.
In fact, many friendly websites have been attacked. I have seen news sites get attacked, the official website for the Yankees, and yes THIS WEBSITE!!! What happens is a high traffic website will get broken into and its code altered to infect all visitors with the trash. The reason none of you guys knew about the TC site attack was because the scum that did it happened to mess up this site in the process and Al and I caught it and fixed it before anyone got hit. It happened shortly before the Autoforums sale became public.

Owner, Litchfield County Computer, LLC
http://www.litchfieldcountycomputer.com

Admin, Chevelle Talk
http://www.chevelletalk.net
Matt Smith is offline  
post #9 of 36 (permalink) Old Nov 22nd, 09, 4:45 PM
Senior Tech Team
Jay
 
Join Date: Dec 2002
Location: South of Davewho1
Posts: 5,737
Re: EXTREME Malware alert

Quote:
Originally Posted by 1969 El Camino Dan View Post
I don't see how you will get this kind of a Malware attack from a friendly website, such as T/C or other useful place. It's the "other" kind of places you need to worry about, including places that show up in a search engine!!! Make sure you know and trust the URL that you are being directed to.

Matt, would Alt F4 close this without the hot power down?
I've never seen it, and hope I don't!!

Dan
This is not entirely true. Those ads that are in the heading of most websites can be the source of infection.
I didnt believe this until it happen to me. I play World of Warcraft, I was on their forum one day, they were dozens of posts about the ads on the WOW forums infecting computers, I thought the threads were just trolls. Well, I got an infection within a few minutes of browsing the forum. WOW took 2 days to address the problem.

I had to reboot in safemode and run malwarebytes to rid the infection.

Last edited by Elcoman; Nov 22nd, 09 at 6:11 PM.
Elcoman is offline  
post #10 of 36 (permalink) Old Nov 22nd, 09, 5:22 PM Thread Starter
Moderator
Matt
 
Join Date: Jan 1999
Location: Western CT
Posts: 1,401
Send a message via AIM to Matt Smith Send a message via MSN to Matt Smith Send a message via Yahoo to Matt Smith
Re: EXTREME Malware alert

Quote:
Originally Posted by Elcoman View Post
This is not entirely true. Those ads that are in the heading of most websites can be the source of infection.
I didnt believe this until it happen to me. I play World of Warcraft, I was on their forum one day, they were dozens of posts about the ads on the WOW forums infecting computers, I thought the threads were just trolls. Well, I got an infecting within a few minutes of browsing the forum. WOW took 2 days to address the problem.

I had to reboot in safemode and run malwarebytes to rid the infection.
Yes, this is ALSO true. Any HTML code can be a problem

Owner, Litchfield County Computer, LLC
http://www.litchfieldcountycomputer.com

Admin, Chevelle Talk
http://www.chevelletalk.net
Matt Smith is offline  
post #11 of 36 (permalink) Old Nov 22nd, 09, 6:00 PM
Lifetime Premium Member
John
 
Join Date: Dec 2006
Location: N. VA
Posts: 1,455
Re: EXTREME Malware alert

Thank you Matt for your help to us in this matter.
john5469 is offline  
post #12 of 36 (permalink) Old Nov 22nd, 09, 7:06 PM
Lifetime Premium Member
Dan <> TC #4690
 
Join Date: Jun 2008
Location: Seattle
Posts: 1,761
Send a message via Skype™ to 1969 El Camino Dan
Exclamation Re: EXTREME Malware alert

Two additions to your computer that may also help...

Firefox browser w/ Ad Block Plus add-on installed. [Set it w/ the recommended list of sites to block]

This not only makes your browsing experience better, it may eliminate some of these threats that come from "ads"
Try it - you'll like it!
I use this site and many others and never see an ad!

Dan

1969 el Camino Malibu Custom <== linky - SS 350 Phantom - originally Azure turquoise/white top/black buckets.
1969 Malibu Sport Coupe <== linky - Canadian import 307 Powerglide. Working on 454 4 sp w/ OD to liven it up
My progress blog here on T/C:
http://www.chevelles.com/forums/blogs/1969-el-camino-dan/
TC #4690 ACES #8465

Last edited by 1969 El Camino Dan; Nov 22nd, 09 at 7:19 PM. Reason: fixed info
1969 El Camino Dan is offline  
post #13 of 36 (permalink) Old Nov 22nd, 09, 8:43 PM Thread Starter
Moderator
Matt
 
Join Date: Jan 1999
Location: Western CT
Posts: 1,401
Send a message via AIM to Matt Smith Send a message via MSN to Matt Smith Send a message via Yahoo to Matt Smith
Re: EXTREME Malware alert

Quote:
Originally Posted by 1969 El Camino Dan View Post
Two additions to your computer that may also help...

Firefox browser w/ Ad Block Plus add-on installed. [Set it w/ the recommended list of sites to block]

This not only makes your browsing experience better, it may eliminate some of these threats that come from "ads"
Try it - you'll like it!
I use this site and many others and never see an ad!

Dan
yup, a GOOD pop up ad/regular ad bloker helps this problem

Owner, Litchfield County Computer, LLC
http://www.litchfieldcountycomputer.com

Admin, Chevelle Talk
http://www.chevelletalk.net
Matt Smith is offline  
post #14 of 36 (permalink) Old Nov 23rd, 09, 10:00 AM
Senior Tech Team
Big D
 
Join Date: May 2004
Location: Illinois
Posts: 2,622
Re: EXTREME Malware alert

This has been around for over a month, and it is another variation of the Antivirus 2008. It is a fake anti-virus install. If your Virus protection can't catch it and it's been out a month, time for new virus protection. Also, Malwarebytes will remove it. If you don't want to use malwarebytes, a simple search will tell you every registry key, and file that you need to delete.

It isn't extreme, just another one of the millions of retarded pieces of malware out there.

Big D
ChaosEnvy is offline  
post #15 of 36 (permalink) Old Nov 23rd, 09, 10:14 AM
Senior Tech Team
Mark
 
Join Date: May 2002
Location: Madison, WI
Posts: 1,589
Re: EXTREME Malware alert

Actually this mess happened to me over the weekend. The window popped up on a bittorrent site I was perusing, and I tried to close the window with the "X" on the upper right. The next thing I knew it dragged me to a website and tried running a "scan" and tried launching some sort of install. My virus scanner immediately identified it but said it couldn't disinfect the file but it renamed it. I THINK I'm ok, as I ran my virus scan 2 more times and everything came back clean. I had all the latest updates on my anti-virus downloaded (it's online based, and continually updated).

My computer seems fine, and I haven't come across any anomolies as of yet. I sure hope it's ok.

I hope I meet a "hacker" in a blind alley one day armed with my 12 gauge. I guarantee the person won't ever be able to type anything ever again.

So yes, this threat is real, and it's a pain in the butt. I consider myself an "average" internet surfer, and I don't visit any questionable sites to my knowledge. This attack came out of the blue.
70_Malibu is offline  
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Chevelle Tech forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address. Note, you will be sent a confirmation request to this address.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools Search this Thread
Show Printable Version Show Printable Version
Email this Page Email this Page
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome