87 {{ upvoteCount | shortNum }}
87 {{ upvoteCount | shortNum }}

Use caution - malware in sig file link

by Kay King
71 replies
Have not had a security problem for a long time - till last night.

Clicked signature link on the WF without thinking - and immediately was infected with antimalware doctor. This one is a stinker and I'm still trying to get rid of it.

It got past malwarebytes and AVG and is constantly popping up and freezing my computer screen. Been trying to get rid of it for hours.

I was able to trace the exact time and identify where it came from - and it was a link in a signature on the WF. The member was new - the signature anchor was misleading.

Thought I'd warn others - if you don't who is posting or where the link in the signature goes - be careful.

kay
#caution #link #malware
  • Profile picture of the author rhinocl
    Safe thing to do would be copy the url then go to Google and add site:
    before it and look at the preview. If there is malware a warning may show up.

    Obviously this isn't as bulletproof as using something like Sandboxie but it should help.
    Signature
    cheap search engine optimization
    {{ DiscussionBoard.errors[3962742].message }}
  • Profile picture of the author GlobalTrader
    Originally Posted by Kay King View Post

    Have not had a security problem for a long time - till last night.

    Clicked signature link on the WF without thinking - and immediately was infected with antimalware doctor. This one is a stinker and I'm still trying to get rid of it.

    It got past malwarebytes and AVG and is constantly popping up and freezing my computer screen. Been trying to get rid of it for hours.

    I was able to trace the exact time and identify where it came from - and it was a link in a signature on the WF. The member was new - the signature anchor was misleading.

    Thought I'd warn others - if you don't who is posting or where the link in the signature goes - be careful.

    kay
    Have you notified WF Moderator so they can remove the offender?
    Signature

    GlobalTrader

    {{ DiscussionBoard.errors[3962778].message }}
    • Profile picture of the author Kay King
      Yes - notified immediately
      Signature
      Saving one dog will not change the world - but the world changes forever for that one dog
      ***
      One secret to happiness is to let every situation be
      what it is instead of what you think it should be.
      {{ DiscussionBoard.errors[3962853].message }}
      • Profile picture of the author oneplusone
        Thanks for the heads up, I've been clicking on a few signature links recently.

        I'll avoid clicking on any new members signature links from now on.
        Signature
        'If you hear a voice within you say "you cannot paint," then by all means paint and that voice will be silenced.' Vincent Van Gogh.
        {{ DiscussionBoard.errors[3962978].message }}
      • Profile picture of the author Ken Strong
        Originally Posted by Kay King View Post

        Yes - notified immediately
        Kay, are you absolutely sure that the sig link in question was the problem? I checked the link and the site in question at a couple of places online, and they didn't show any problem with it. McAfee also seemed to think it was OK.
        Signature
        {{ DiscussionBoard.errors[3963586].message }}
        • Profile picture of the author Richard Van
          Originally Posted by Ken Strong View Post

          Kay, are you absolutely sure that the sig link in question was the problem? I checked the link and the site in question at a couple of places online, and they didn't show any problem with it. McAfee also seemed to think it was OK.
          Has it been established if it was the signature link or not that caused this?

          I have to say I tend to look at suspect ones quite a lot.

          Excellent thread too. Made me have a good think.

          I've been taking notes. Lots of them.
          Signature

          Wibble, bark, my old man's a mushroom etc...

          {{ DiscussionBoard.errors[3964017].message }}
  • Profile picture of the author ChrisMcDonald
    Thanks for the heads up Kay, shame you found out the hard way. Have you tried rebooting in safe mode and running multiple AV and spyware?
    Signature
    English Speaking Writers - 400 word, 100% original articles for $6. Larger projects undertaken
    {{ DiscussionBoard.errors[3962991].message }}
  • Profile picture of the author Paleochora
    Bad luck on getting a nasty.

    If you need some help with your machine, head over here for some great step-by-step help: Bleeping Computer - Computer Help and Discussion

    You can choose to leave a donation to your voluntary helper at the end of the process if you wish.
    Signature
    {{ DiscussionBoard.errors[3963002].message }}
    • Profile picture of the author rosetrees
      That's a real bummer. It looks as if it's the same/similar to the rogue Windows Antivirus Suite (or whatever it's called)

      I got that off one client's computer successfully - the second had to have Windows resinstalled.

      I used rkill - that stopped it in both cases. Do back-up all your data before using it and be aware that it might possibly remove other things and/or render the computer unusable.

      Not a very helpful answer really, is it?
      {{ DiscussionBoard.errors[3963042].message }}
      • Profile picture of the author oneplusone
        Originally Posted by ChrisMcDonald View Post

        Thanks for the heads up Kay, shame you found out the hard way. Have you tried rebooting in safe mode and running multiple AV and spyware?
        That's an interesting idea, I wonder if she's removed the malware yet?

        Originally Posted by Paleochora View Post

        Bad luck on getting a nasty.

        If you need some help with your machine, head over here for some great step-by-step help: Bleeping Computer - Computer Help and Discussion

        You can choose to leave a donation to your voluntary helper at the end of the process if you wish.
        Are you sure this link is safe?

        Originally Posted by rosetrees View Post

        That's a real bummer. It looks as if it's the same/similar to the rogue Windows Antivirus Suite (or whatever it's called)

        I got that off one client's computer successfully - the second had to have Windows resinstalled.

        I used rkill - that stopped it in both cases. Do back-up all your data before using it and be aware that it might possibly remove other things and/or render the computer unusable.

        Not a very helpful answer really, is it?
        I had to throw away a computer once because it had some russian virus on it, nobody was able to remove it.

        Luckily I had backed everything up.
        Signature
        'If you hear a voice within you say "you cannot paint," then by all means paint and that voice will be silenced.' Vincent Van Gogh.
        {{ DiscussionBoard.errors[3963076].message }}
    • Profile picture of the author Dwight Anthony
      Yep, there's lots of trolls everywhere. Make sure to turn on a firewall or run a good internet security program like NIS or McAfee or even Trend Micro.
      Signature

      {{ DiscussionBoard.errors[3965671].message }}
      • Profile picture of the author Kay King
        Kay, are you absolutely sure that the sig link in question was the problem? I checked the link and the site in question at a couple of places online, and they didn't show any problem with it. McAfee also seemed to think it was OK.
        I'm pretty sure - the time on the site was about 30 seconds or less - and that was the exact time the virus showed as installed. No other windows were open at the time except WF.

        I can't swear to it but I caught it quickly and the times were the same - that's why I thought it originated there. AVG didn't catch it either.


        NEED MORE IDEAS

        I've been OK tonight on most things - but still have a nasty redirect somehwere in the system. When I do a google search, it redirects me to one of several rather stupid shopping sites fill with ad links. I can only get around it by typing the url into the address bar.

        Is there a "google redirect" bug going around? Seems to have been part of this bigger problem that managed to hide. I'd scream - but I don't like loud noises....
        Signature
        Saving one dog will not change the world - but the world changes forever for that one dog
        ***
        One secret to happiness is to let every situation be
        what it is instead of what you think it should be.
        {{ DiscussionBoard.errors[3965823].message }}
        • Profile picture of the author Rob Howard
          Originally Posted by Kay King View Post

          NEED MORE IDEAS

          I've been OK tonight on most things - but still have a nasty redirect somehwere in the system. When I do a google search, it redirects me to one of several rather stupid shopping sites fill with ad links. I can only get around it by typing the url into the address bar.

          Is there a "google redirect" bug going around? Seems to have been part of this bigger problem that managed to hide. I'd scream - but I don't like loud noises....
          The nasty redirect is adware that a lot of those stupid Rootkits install.

          All of your internet browsers will be affected.

          The best bet is ComboFix.exe

          It's just as nasty as those redirects

          You can get it at bleepingcomputer.com with PLENTY of threads of people using it.

          The thing is powerful though - and it will delete any file on your system if you aren't careful.

          I've used to rescue 2 computers from the redirect, when everything else failed.

          Hope this helps.

          Rob
          {{ DiscussionBoard.errors[3965915].message }}
  • Profile picture of the author WebMomentum
    Oh how I feel your pain - caught that one a few months back and it certainly is pesky to get rid of.

    My virus software (Kaspersky) doesn't pick up on it for some reason.

    I've actually used a free tool from Microsoft (called; Microsoft Safety Scanner) that seems to have helped.
    Signature

    {{ DiscussionBoard.errors[3963095].message }}
    • Profile picture of the author oneplusone
      Originally Posted by WebMomentum View Post

      Oh how I feel your pain - caught that one a few months back and it certainly is pesky to get rid of.

      My virus software (Kaspersky) doesn't pick up on it for some reason.

      I've actually used a free tool from Microsoft (called; Microsoft Safety Scanner) that seems to have helped.
      Kaspersky is great but it can give a lot of false positives at times.
      Signature
      'If you hear a voice within you say "you cannot paint," then by all means paint and that voice will be silenced.' Vincent Van Gogh.
      {{ DiscussionBoard.errors[3963112].message }}
  • Profile picture of the author Paleochora
    Are you sure this link is safe?
    Yup. I used them once before. They are good guys.
    Signature
    {{ DiscussionBoard.errors[3963137].message }}
    • Profile picture of the author Kay King
      If you need some help with your machine, head over here for some great step-by-step help: Bleeping Computer - Computer Help and Discussion
      Excellent help there and that's where I ended up. Still fighting it - this thing re-installs itself.

      I installed RKill as suggested on that site - it froze the trojan app but when I tried to run malwarebytes I ended up with the blue screen of death. Took several tries and manipulations to get windows back up.

      I'm on my third full run of AVG right now - then I'm going to edit the registry to get rid of some of this stuff and then back to malwarebytes to see if I can make that work. MWB ran once but was not able to eliminate the virus - second run defaulted to a blue screen.

      This is so NOT how I planned to spend my day.

      Once I find out what actually works, I'll let you know. If it's not solved today I'm taking the hard drive to my tech guy in the morning and let him play with it. He has better toys than I do.

      I have to say this would not stop me from clicking on someone's link - this was my own fault. The new member had questionable posts and his anchor link was a bit suggestive and didn't fit the url of his site. I know better but I thought I was protected well enough not to worry about it.
      (wrong!)

      kay
      Signature
      Saving one dog will not change the world - but the world changes forever for that one dog
      ***
      One secret to happiness is to let every situation be
      what it is instead of what you think it should be.
      {{ DiscussionBoard.errors[3963548].message }}
      • Profile picture of the author sbucciarel
        Banned
        Originally Posted by Kay King View Post

        This is so NOT how I planned to spend my day.

        I have to say this would not stop me from clicking on someone's link - this was my own fault. The new member had questionable posts and his anchor link was a bit suggestive and didn't fit the url of his site. I know better but I thought I was protected well enough not to worry about it.
        (wrong!)

        kay
        Sorry to hear this Kay. I've had days like this and just wanted to tear my hair out. More than once I had to reformat my hard drive and start all over without a backup of my stuff. Now I have backups.
        {{ DiscussionBoard.errors[3964219].message }}
        • Profile picture of the author HankTheCowDog
          And since I just has to tap my online backup (SOS cloud), I'm pleased to report the service is working as advertised. I got caught with my pants down on my local data backup and after switching disk images realized I lost a month of recent files.

          But I went online and thankfully, SOS had them and it is super easy to pull them off their server.

          --------

          Data backup is easy, at least, it should be.

          It's losing all the one-off programs that sucks if you don't have a disk imaging program.

          Just 3 days ago, giveawayoftheday.com had a FREE version of a Paragon disk imaging program. High quality stuff, for free. It usually shows up on there serveral times throughout the year.
          {{ DiscussionBoard.errors[3964294].message }}
        • Profile picture of the author paulie888
          Originally Posted by sbucciarel View Post

          Sorry to hear this Kay. I've had days like this and just wanted to tear my hair out. More than once I had to reformat my hard drive and start all over without a backup of my stuff. Now I have backups.
          I've had this happen to me a few times now, but I've learned my lesson and back everything up to a portable hard drive now. It's incredibly painful when you lose months or even years of accumulated valuable data and programs, and it's not an experience I'd like to repeat anytime soon.
          Signature
          >>> Features Jason Fladlien, John S. Rhodes, Justin Brooke, Sean I. Mitchell, Reed Floren and Brad Gosse! <<<
          {{ DiscussionBoard.errors[3966202].message }}
          • Profile picture of the author HankTheCowDog
            Linux or Mac baby! Hey, why am I using a Windows machine then? LOL
            {{ DiscussionBoard.errors[3966212].message }}
  • Profile picture of the author Bradley J Anderson
    I found one myself a few days ago in a sig file, but fortunately my a/v stopped it before it did any damage.
    Signature
    BRADLEY ANDERSON - Tips, reviews & resources to make your online business more profitable.
    {{ DiscussionBoard.errors[3963582].message }}
  • Profile picture of the author gefflong
    This can usually be fixed in 5 minutes.

    Just use system restore that is built right into the computer and turned on by default.

    Usually under Start Menu, Accessories, System Tools. (That can vary a little by version of windows, but generally where you will find it.)

    Start it up... Pick a day to restore to (I usually go with the day before an event like that).

    Follow the instructions and presto. 5 minutes, you are back to where you were before the incident.

    Geff
    {{ DiscussionBoard.errors[3963588].message }}
    • Profile picture of the author anton343
      Originally Posted by gefflong View Post

      This can usually be fixed in 5 minutes.

      Just use system restore that is built right into the computer and turned on by default.

      Usually under Start Menu, Accessories, System Tools. (That can vary a little by version of windows, but generally where you will find it.)

      Start it up... Pick a day to restore to (I usually go with the day before an event like that).

      Follow the instructions and presto. 5 minutes, you are back to where you were before the incident.

      Geff
      This has worked for me before but not in every instance.

      Anton
      Signature
      WP Free Image Finder
      {{ DiscussionBoard.errors[3963613].message }}
      • Profile picture of the author gefflong
        Originally Posted by anton343 View Post

        This has worked for me before but not in every instance.

        Anton
        My main job right now (outside of IM) is Network Administrator for a school district. I would agree that this isn't a 100% foolproof fix, but it does work well over 95% of the time.

        It works so often, that is what we do first before anything else. In the off chance that it doesn't... we then go another route.

        Geff
        {{ DiscussionBoard.errors[3963624].message }}
  • Profile picture of the author Shazia Mirza
    Usually when you use Google Chrome, it warns you of malware before you even get to the site.

    Plus, I have got BitDefender Total Security, it is great and nothing gets past it, may be you should try it out?

    It costs a lot in comparison to other antiviruses.
    Signature
    {{ DiscussionBoard.errors[3963598].message }}
  • Profile picture of the author Josh Richardson
    Wow that sucks dude. Post back here if you find a solution, I'm sure if it happened to one of us in the future (touch wood it wont!) - we would love to know how you managed to dispose of it.
    {{ DiscussionBoard.errors[3963600].message }}
    • Profile picture of the author Ken Strong
      Originally Posted by Josh Richardson View Post

      Wow that sucks dude.
      Kay's technically not a dude, although I'll leave it to her to say whether she minds being called one or not.
      Signature
      {{ DiscussionBoard.errors[3963628].message }}
      • Profile picture of the author Kay King
        Right - I'm a dudette:p

        I agree about system restore - always try that first. Doesn't work for this mess.

        It installs in the registry, in archived files and in places you would not think to look for it. It also redirects your searches when you try to find ways to eliminate it.

        One thing I've been reminded of in searching for a cure is how many scammy "clean your PC and buy this fix" sites there are.
        Signature
        Saving one dog will not change the world - but the world changes forever for that one dog
        ***
        One secret to happiness is to let every situation be
        what it is instead of what you think it should be.
        {{ DiscussionBoard.errors[3963646].message }}
        • Profile picture of the author Josh Richardson
          Originally Posted by Kay King View Post

          Right - I'm a dudette:p
          My Bad!

          Josh
          {{ DiscussionBoard.errors[3963652].message }}
        • Profile picture of the author NicheMayhem
          Originally Posted by Kay King View Post

          Right - I'm a dudette:p

          I agree about system restore - always try that first. Doesn't work for this mess.

          It installs in the registry, in archived files and in places you would not think to look for it. It also redirects your searches when you try to find ways to eliminate it.

          One thing I've been reminded of in searching for a cure is how many scammy "clean your PC and buy this fix" sites there are.
          Sounds like a Rootkit, maybe try some Rootkit specific scanners. TrendMicro has a good online scan as well.

          I hate those Rootkits, they are really nasty. Not sure how much data you have but I tend to feel better with a re-install when the really nasty little buggers get in. Just to paint the picture, I have 3.5TBs worth of data, programs etc and a few days worth of work to do when I re-install BUT, I do feel better once it is done. Better knock on wood!

          BACK-UP your data to an external device friends. Back-ups can be set to run overnight and then unplug your external device from your PC to ensure it stays safe.
          Signature
          Whether you think you can, or think you can't, YOU'RE RIGHT!! <~~Henry Ford

          Check out my video gigs on fiverr!
          {{ DiscussionBoard.errors[3963734].message }}
        • Profile picture of the author gefflong
          Originally Posted by Kay King View Post

          Right - I'm a dudette:p

          I agree about system restore - always try that first. Doesn't work for this mess.

          It installs in the registry, in archived files and in places you would not think to look for it. It also redirects your searches when you try to find ways to eliminate it.

          One thing I've been reminded of in searching for a cure is how many scammy "clean your PC and buy this fix" sites there are.
          Yes. VERY annoying.

          If system restore doesn't work, and Malwarebyte's Antimalware doesn't work, we usually stop wasting time and just re-image the machine again.

          I know re-imaging isn't an option for you, but when you get this taken care of, I would highly recommend downloading Clonezilla and making an image of your hard drive. Just use a pocket hard drive for the image. They are easy to use, don't need power, just USB connection and they hold a lot of data.

          That way, if something bad happens like this, you just copy your documents/pictures and such to the pocket drive (so they will be up to date) then fire up Clonezilla and put the old image back on. Boot up, transfer your files back and there you have it.

          Just as a side note - images don't get along with antivirus programs... you will need to reinstall antivirus after you do this.

          Clonezilla isn't the only program that will do this... I mentioned it because it is open source, free, and just plain works.

          Instead of spending most of a day setting your PC up from brand new again, you will be back up and running fairly fast. Depends on how much data you have, but we usually are back up and running within 45 minutes.
          {{ DiscussionBoard.errors[3963748].message }}
          • Profile picture of the author HankTheCowDog
            Originally Posted by gefflong View Post

            Yes. VERY annoying.

            If system restore doesn't work, and Malwarebyte's Antimalware doesn't work, we usually stop wasting time and just re-image the machine again.

            I know re-imaging isn't an option for you, but when you get this taken care of, I would highly recommend downloading Clonezilla and making an image of your hard drive. Just use a pocket hard drive for the image. They are easy to use, don't need power, just USB connection and they hold a lot of data.

            That way, if something bad happens like this, you just copy your documents/pictures and such to the pocket drive (so they will be up to date) then fire up Clonezilla and put the old image back on. Boot up, transfer your files back and there you have it.

            Just as a side note - images don't get along with antivirus programs... you will need to reinstall antivirus after you do this.

            Clonezilla isn't the only program that will do this... I mentioned it because it is open source, free, and just plain works.

            Instead of spending most of a day setting your PC up from brand new again, you will be back up and running fairly fast. Depends on how much data you have, but we usually are back up and running within 45 minutes.
            Excellent advice. I tried playing around with it too, lol.

            Even if you pay $40 for the DISC version of Acronis.......how cheap is that? It riddles me that people do not want to kick down $40 to ensure their system can be broiught back to status quo with 20-30 minutes.

            An observation of mine - I bought Acronis for the rescue disk. Again, with this malware it disabled starting any program in Windows (linux worked just fine). All I had to do was pop in the Acronis rescue disk and the computer booted from it, thus bypassing the malware. Also having your bios set up, or at least knowing how to change the boot order, is an essential skill these days, lol.
            {{ DiscussionBoard.errors[3964327].message }}
            • Profile picture of the author gefflong
              Originally Posted by HankTheCowDog View Post

              Excellent advice. I tried playing around with it too, lol.

              Even if you pay $40 for the DISC version of Acronis.......how cheap is that? It riddles me that people do not want to kick down $40 to ensure their system can be broiught back to status quo with 20-30 minutes.

              An observation of mine - I bought Acronis for the rescue disk. Again, with this malware it disabled starting any program in Windows (linux worked just fine). All I had to do was pop in the Acronis rescue disk and the computer booted from it, thus bypassing the malware. Also having your bios set up, or at least knowing how to change the boot order, is an essential skill these days, lol.
              Agreed!

              There is nothing wrong with spending $40 or $50 on something that is easy to use and works. I'm sure Acronis and other programs would be simpler for people to use and work great.

              As a school district, we just had to go the free route because... well... if you want those types of programs on hundreds of computers, the bill is in the thousands. And school districts don't have much extra money these days.

              For us, Clonezilla was a wonderful thing. For the average user with one computer... probably just easier to go with a $40 solution.

              Geff
              {{ DiscussionBoard.errors[3964375].message }}
              • Profile picture of the author Kay King
                I don't mind paying for it - I think was confused about which to choose - put it off - and then forgot about it.

                Ok - I THINK I got rid of it. (this is apparently a newer version of a trojan that made the rounds last year - antimalware doctor).

                The info online was good when I could get to it - damned virus kept redirecting my searches.

                But it was a couple of chances I took that finally gained the upper hand. Saw a file in task manager that I'd not seen before - shut it down. Found a file in start programs that I was unsure about and shut it down.

                That froze the virus long enough to start catching it. I deleted FOUR instances of it in the registry but then found 3 more with malwarebytes.

                Deleted a total of 120+ files with AVG and then was finally able to run malwarebytes all the way through and find the rest of the bugger.

                Had to reboot for the deletions by MWB and was nervously expecting the trojan to re-install itself.

                I think I'm free (but I'm afraid to say it too loudly yet).

                It's been years since I've had an attack get through and this is the worst one I've ever had to track down. I feel like I've been in a war all day - and didn't get a lick of work done!

                kay


                EDIT: I can hear you tech guys laughing. It would have taken you an hour and it took me all day. Gotta give me credit for persistence, though.
                Signature
                Saving one dog will not change the world - but the world changes forever for that one dog
                ***
                One secret to happiness is to let every situation be
                what it is instead of what you think it should be.
                {{ DiscussionBoard.errors[3965106].message }}
                • Profile picture of the author gefflong
                  Originally Posted by Kay King View Post

                  I don't mind paying for it - I think was confused about which to choose - put it off - and then forgot about it.

                  Ok - I THINK I got rid of it. (this is apparently a newer version of a trojan that made the rounds last year - antimalware doctor).

                  The info online was good when I could get to it - damned virus kept redirecting my searches.

                  But it was a couple of chances I took that finally gained the upper hand. Saw a file in task manager that I'd not seen before - shut it down. Found a file in start programs that I was unsure about and shut it down.

                  That froze the virus long enough to start catching it. I deleted FOUR instances of it in the registry but then found 3 more with malwarebytes.

                  Deleted a total of 120+ files with AVG and then was finally able to run malwarebytes all the way through and find the rest of the bugger.

                  Had to reboot for the deletions by MWB and was nervously expecting the trojan to re-install itself.

                  I think I'm free (but I'm afraid to say it too loudly yet).

                  It's been years since I've had an attack get through and this is the worst one I've ever had to track down. I feel like I've been in a war all day - and didn't get a lick of work done!

                  kay


                  EDIT: I can hear you tech guys laughing. It would have taken you an hour and it took me all day. Gotta give me credit for persistence, though.

                  I'm proud of you. Good Job!

                  Now get back to stuff that makes you money.
                  {{ DiscussionBoard.errors[3965624].message }}
  • Profile picture of the author Bradley J Anderson
    I found one in a sig just other day, too, but fortunately it wasn't able to get past my a/v. If it's the one that has been making the rounds all over lately, you might find something useful to help get rid of it in this thread:

    http://www.warriorforum.com/off-topi...ts-rounds.html
    Signature
    BRADLEY ANDERSON - Tips, reviews & resources to make your online business more profitable.
    {{ DiscussionBoard.errors[3963619].message }}
    • Profile picture of the author HankTheCowDog
      Originally Posted by Bradley J Anderson View Post

      I found one in a sig just other day, too, but fortunately it wasn't able to get past my a/v. If it's the one that has been making the rounds all over lately, you might find something useful to help get rid of it in this thread:

      http://www.warriorforum.com/off-topi...ts-rounds.html
      Oops, just saw this, sorry for double posting the link.
      {{ DiscussionBoard.errors[3964300].message }}
  • Profile picture of the author Kirk Ward
    Anyone use Vipre anti-virus and firewall? I've had good luck with it, but I always need to know about new stuff.
    Signature
    "We are not here to sell a parcel of boilers and vats, but the potentiality of growing rich beyond the dreams of avarice."

    Dr. Samuel Johnson (Presiding at the sale of Thrales brewery, London, 1781)
    {{ DiscussionBoard.errors[3963685].message }}
    • Profile picture of the author gefflong
      Originally Posted by Kirk Ward View Post

      Anyone use Vipre anti-virus and firewall? I've had good luck with it, but I always need to know about new stuff.
      We actually use Vipre Enterprise for the school district. It works just as well, if not better than everything else we have had.

      We were one of the first around here that had to deal with conficker. We got that before it was big in the news. It sucked. The antivirus we had at the time (avg, norton, mcafee) did not catch it. We got it before it was in their definitions. Vipre was the only thing to get rid of it and catch it at the time. So we switched over 100% to Vipre.

      We like it. And it has a nice control module for enterprise use.

      Geff
      {{ DiscussionBoard.errors[3963714].message }}
      • Profile picture of the author Kirk Ward
        Originally Posted by gefflong View Post

        We actually use Vipre Enterprise for the school district. It works just as well, if not better than everything else we have had.

        We were one of the first around here that had to deal with conficker. We got that before it was big in the news. It sucked. The antivirus we had at the time (avg, norton, mcafee) did not catch it. We got it before it was in their definitions. Vipre was the only thing to get rid of it and catch it at the time. So we switched over 100% to Vipre.

        We like it. And it has a nice control module for enterprise use.

        Geff
        I use the home edition, and they have been fantastic with their live support. But, when stories like this pop up, I always want to reach out and see what's working.
        Signature
        "We are not here to sell a parcel of boilers and vats, but the potentiality of growing rich beyond the dreams of avarice."

        Dr. Samuel Johnson (Presiding at the sale of Thrales brewery, London, 1781)
        {{ DiscussionBoard.errors[3964199].message }}
        • Profile picture of the author gefflong
          Originally Posted by Kirk Ward View Post

          I use the home edition, and they have been fantastic with their live support. But, when stories like this pop up, I always want to reach out and see what's working.
          Definitely great support. Very responsive.

          I can call them or post on their forum and get help usually within minutes.

          They are also very fast to respond to new threats.

          I've seen no company better than these guys.

          Geff
          {{ DiscussionBoard.errors[3964342].message }}
  • Profile picture of the author KabirC
    You should download spyware doctor, saved me from that earlier!
    {{ DiscussionBoard.errors[3963705].message }}
  • Profile picture of the author Russell Barnstein
    Here ye go. One of the best weapons in my arsenal:

    Official SmitFraudFix Page

    I tried to upload my version here directly but it's just a little too big.

    It's not that easy to use but here's a link that explains:

    How to use SmitFraudFix - Geeks to Go Forums

    If this doesn't solve the problem you're left with a repartitioning.

    If you're stuck with that option, I'd strongly recommend reserving part of your partition for Linux in case of future emergencies.
    {{ DiscussionBoard.errors[3963722].message }}
  • Profile picture of the author CyberSorcerer
    Something to note if we could. Maybe one of the mods can help me out.

    If ANYONE finds malware on a site could you PM me the url so I can download it and reverse engineer it.

    This is one of the things I do which is reverse engineer malware for the A/V industry.
    {{ DiscussionBoard.errors[3963756].message }}
  • Profile picture of the author alcymart
    The best way to avoid this issue easily is to Always have an image backup ready just in case something like this happens. Few have an image backup solution and know this for a fact.

    Everyone should invest in such software solution. I personally use Acronis True Image, and the price of the software is very cheap and well worth the investment.

    I would of lost my system about 50 times since a year if it wasn't for Acronis True Image restore function. I'm not selling for them, I am just recommending it to my fellow warriors here.

    PM me if any of you need advice on using Acronis True Image...

    Bernard St-Pierre
    Signature
    {{ DiscussionBoard.errors[3963782].message }}
    • Profile picture of the author Kay King
      Everything is backed up on a protable hard drive - but I'm going to go with an image program once this is solved. I'd looked at them but for some reason didn't go ahead and do it. Sounds much cleaner and faster than my system.

      Full AVG scan is still running - so far I have 84 infected files:rolleyes:
      Signature
      Saving one dog will not change the world - but the world changes forever for that one dog
      ***
      One secret to happiness is to let every situation be
      what it is instead of what you think it should be.
      {{ DiscussionBoard.errors[3963912].message }}
  • Profile picture of the author HankTheCowDog
    We were discussing this in a thread in off topic:

    http://www.warriorforum.com/off-topi...ts-rounds.html

    It's one nasty pice of malware - the worst I've seen. Check out the thread for details.

    Ultimately, as ALCYMART suggested, I loaded an fresh disk image from an earlier date. BUT, the damage was still there - the malware hides all your files and even after loading a new disk image you must still go back and unhide the files - a pain in the arse.

    Rkill and then Malwarebytes will get rid of it. The version I had disabled every program even in safe mode (and that includes restoringing to an earlier date). I also heard since it disables programs, that the resident disk imaging program in Win 7 is useless.

    I run a Netscreen 5GT firewall APPLIANCE and it got by, there is no stopping it, period. Only damage control.
    {{ DiscussionBoard.errors[3964141].message }}
  • Profile picture of the author alteclansing
    Avast also can prevent you for your malware problems.. those are malicious threats that harms our PC..
    {{ DiscussionBoard.errors[3964180].message }}
  • Profile picture of the author gefflong
    That's the problem with some of those things... Some really are in there so deep that the only reasonable solution is to reformat the computer and use the recovery partition or CD/DVD to restore the computer back to the way it was when you bought it.

    A pain in the @ss? For sure!

    However, it may end up causing less frustration and be quicker as well.

    Just be sure to get Acronis or something to take an image of the computer after you have it all set up again. Then you won't have to reinstall all the goodies every time. You can just take the computer back to when you made the image.
    {{ DiscussionBoard.errors[3965860].message }}
  • Profile picture of the author webapex
    Some major publisher (forgot who) recently reported that 17% of internet downloads contain windows malware.
    Signature

    “An expert is a person who has made all the mistakes that can be made in a very narrow field” Niels Bohr

    {{ DiscussionBoard.errors[3965886].message }}
    • Profile picture of the author Kay King
      I'm going to give it up for tonight. I have it to the point where I'm in control of my computer so that was a big step forward.

      I'll see Kevin tomorrow (my tech) and see what he advises.

      ...and as soon as I get it finally solved I'll get the imaging thingie.
      Signature
      Saving one dog will not change the world - but the world changes forever for that one dog
      ***
      One secret to happiness is to let every situation be
      what it is instead of what you think it should be.
      {{ DiscussionBoard.errors[3966189].message }}
  • Profile picture of the author ChrisMcDonald
    Kay,

    Glad to hear you're pretty much up and running as normal! You should be proud for seeing it through and fixing it yourself. A lot of people would've given up.

    So MWB hasn't picked up the redirect? I had a similar nasty about a year ago. A combination of the following has beaten everything I've had and I've had some pretty nasty stuff:

    Super Anti Spyware SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
    Spybot Search and Destroy
    HijackThis
    MWB
    Signature
    English Speaking Writers - 400 word, 100% original articles for $6. Larger projects undertaken
    {{ DiscussionBoard.errors[3965968].message }}
    • Profile picture of the author HankTheCowDog
      Kay, now that you have removed a good portion of it, maybe try restore to an earlier date?

      The redirect malware is relatively old - there are known fixes for most of them, but the malware is not the same, so ultimately they're not fixed until you run across a fix for that particular variant. In other words, keep hacking away.

      With 117 items you found - most likely, you were already infected with other malware too. I saw a maximum of 13 items and have seen it as low as 6.

      Also prepare the computer for the worse and while you can, make sure your data is backed up. Don't forget your Outlook files and data, Quickbooks or other accounting software data which might not be backed up regulalry, your BOOKMARKS (you should be using Xmarks anyways though), and your Roboform data. Also pull off all the zip files, WSO downloads....stuff like that which you might not otherwise routinely back up, and might not be available again.
      {{ DiscussionBoard.errors[3966032].message }}
      • Profile picture of the author HankTheCowDog
        -- And again, in general to everybody --

        Clickable malware will get you; it's a certainty. Every piece of AV software out there is reactive and only recognizes know virus/malware signatures. It's the unknown, clickable variants which will get you.

        My Netscreen 5GT is an enterprise grade, high-security appliance. It's a separate physical device and the updates signatures cost about $400 per year. Did it stop the malware - nope, not for the reason outlined above.

        I swear, at this point I'm wondering if the only money we should spend is on programs like Acronis, instead of av software since nearly all of it cannot stop the malware.
        {{ DiscussionBoard.errors[3966070].message }}
  • Profile picture of the author Roaddog
    Kay try spybot search and destroy in safe mode...people really underestimate this program.

    Doing it in safe mode will stop more 'sophisticated' spyware from being able to run (ie:rootkits) along with the programs it's installed itself in... this guy has kept up well with a lot of things.

    Make sure it's updated and safe mode and Spybot.

    I am being as basic as possible,with the description, but 'give her a shot'


    Jim
    Signature
    KimW a Fellow Warrior Who Really Needs Help
    Ken Strong Cancer Donation | Keep Ken Strong WSO





    {{ DiscussionBoard.errors[3966245].message }}
  • Profile picture of the author domainarama
    Thanx roaddog. Spybot worked for me. Actually, I ran it in 'normal' (unsafe?) mode first and the offending virus showed up on the screen. Afterwards, when I did the same thing in 'safe' mode, the offending virus had already been removed. Maybe that means 'safe' mode is not essential. But I'm no expert.

    In any case, added something to Spybot's tip jar as thanx to them.
    {{ DiscussionBoard.errors[3972297].message }}
    • Profile picture of the author Kay King
      WOW - this is odd.

      I thought this thread had been deleted - I couldn't find it yesterday even when I searched in my own profile. Very odd.

      I'll try these fixes tomorrow. I know it's a lingering bit of malware that managed to hide from me and it does slow down search and is a little bi#ch to find.

      This sounds like a stupid question - but there's an exe file LSASS.exe (or something like that) I think it is. It's legit file - but I seem to remember reading that some of these little bugs can hide in it.

      I'll attack the problem again tomorrow - taking today off for my mental health
      Signature
      Saving one dog will not change the world - but the world changes forever for that one dog
      ***
      One secret to happiness is to let every situation be
      what it is instead of what you think it should be.
      {{ DiscussionBoard.errors[3972644].message }}
      • Profile picture of the author Kay King
        I'm very much non-techie but I have one advantage. My first computer was used and I learned to dig into registry errors, BIOS, etc - because I had to in order to keep it running.

        The knowledge I gained from doing that out of necessity makes me a little less non-techie than I might be otherwise. Thank goodness for that old computer!

        kay
        Signature
        Saving one dog will not change the world - but the world changes forever for that one dog
        ***
        One secret to happiness is to let every situation be
        what it is instead of what you think it should be.
        {{ DiscussionBoard.errors[3972655].message }}
        • Profile picture of the author LilBlackDress
          Sorry that happened and really appreciate the heads up.
          Signature

          Pen Name + 8 eBooks + social media sites 4 SALE - PM me (evergreen beauty niche)

          {{ DiscussionBoard.errors[3972677].message }}
  • Profile picture of the author goodmast3r
    That's why I hate those link cloaker
    Signature
    cheap custom wordpress only $399 for now
    http://odihost.com/convert-html-to-wordpress/, start from $399
    {{ DiscussionBoard.errors[3972704].message }}
  • Profile picture of the author rts2271
    Kay,
    Thanks for the headsup. A good reminder to be vigilant anywhere you go on the net.
    Signature

    Ralph Smith
    Mercenary development and deployment.

    {{ DiscussionBoard.errors[3972864].message }}
    • Profile picture of the author Kay King
      All right!

      The recommendation to use Spybot was excellent. By the time I did that today I had located several rogue files but AVG could not get them into a vault and malwarebytes couldn't find the actual files.

      Spybot seems to have caught every one of them. This sneaky virus had a redirect but also had an override to avoid security. So far, all the nasty redirects are gone, speed is back, etc. I didn't know the program was as powerful as it is. Thanks so much for suggesting it.

      And, yes, I'm going to back to the site now to donate what a couple of tech hours would have cost me. I will be running Spybot regularly now.

      kay
      Signature
      Saving one dog will not change the world - but the world changes forever for that one dog
      ***
      One secret to happiness is to let every situation be
      what it is instead of what you think it should be.
      {{ DiscussionBoard.errors[3979885].message }}
  • Profile picture of the author domainarama
    The Spybot fix got rid of the worst residue from the virus attack. But there still are problems. It takes forever to switch to new pages/posts. When I click on a link it can take an hour or two (nah, maybe a minute or so, it just seems like an hour) before the new page appears. My computer is all kinds of constipated. Any fixes? ccleaner doesn't do a lot.
    {{ DiscussionBoard.errors[3986211].message }}
  • Profile picture of the author eWebCats
    Have you tried contacting Microsoft? They might be able to answer some of your questions. Also I've heard of viruses that act like sleeper cells, six months later it attacks. So it may just be you were on this forum when it got you. Glad you got rid of it, good job. That's my 2 cents
    Signature

    Your most unhappy customers are your greatest source of learning. ~Bill Gates

    {{ DiscussionBoard.errors[3986278].message }}
  • Profile picture of the author domainarama
    Scott, you are probably correct that the Softies can suggest solutions. I am reluctant to go that route not because I have a thing to hide but because they will probably give me the technically correct answer which will take skill to implement, while all I want is a quick fix. If nothing else comes to my rescue I'll knock on their door. If someone has a simple answer please let me know.
    {{ DiscussionBoard.errors[3987280].message }}
    • Profile picture of the author Roaddog
      @domainarama


      You can try Advanced systemcare

      and Auslogics disk defrag

      Both available free from cnet, which these links are.


      The disk defrag is one of the better free ones around..use the 'advanced'

      'optimise' files feature.Takes longer but worth it.

      The Advanced system care, I think only optimizes IE for the browser. But will go thru the windows and optimize to a degree, you will have to read instructions. It's been awhile since I used it. I do most things on my PC manually.

      If it's your browser and you use FF, there is faster fox,(addon) but I'm not sure if that is working on the 4.0 version or not.


      There is a site called tweakguides.com (also free)that will talk you thru the- about:config settings in firefox.

      Your question is very general...so these should give you a starting point.

      Good luck.
      Signature
      KimW a Fellow Warrior Who Really Needs Help
      Ken Strong Cancer Donation | Keep Ken Strong WSO





      {{ DiscussionBoard.errors[3987366].message }}
      • Profile picture of the author domainarama
        Thanx, Roaddog. You're a hero. It's almost midnight here, so I won't get a chance to try your remedies until tmrw evening. I'll let you know.

        BTW I prefer Maxthon and Comodo Dragon browsers. On my machine they are much faster. I'm not asking you to help me with those. That would be too much. I just want to register the fact that the world is bigger then IE and FF.
        {{ DiscussionBoard.errors[3987494].message }}
  • Profile picture of the author Matthew Shane Roe
    As long as people are talking about backing things up....

    I have an external hard drive set to back up all my information nightly. It has got to be the best $100 I have spent towards my business with all the viruses out there and the actual NEED to have all your information safe.

    Strongly suggest people to pick one up if you haven't already. You can get a good 320gb one for around $60 at walmart.

    To Kay: Hope you get it fixed if you haven't already. I will admit I haven't read page two of this thread to fully know how things have went/are going..

    Signing off

    Matthew Roe
    Signature
    {{ DiscussionBoard.errors[3987441].message }}
  • Profile picture of the author domainarama
    Results after Day 1: mixed. Some slight improvements here and there. Still nagging waits on IE and FF. Less than waits two days ago, which suggests that something is going right. Maybe if I repeat cleaning, things will improve again. I'll give it another day or so before pulling the emergency cord (ie, ask Microsoft).
    {{ DiscussionBoard.errors[3996078].message }}

Trending Topics