General [M]ayhem

General [M]ayhem (http://www.genmay.com/index.php)
-   CompuGlobalHyperMegaNet (http://www.genmay.com/forumdisplay.php?f=20)
-   -   Don't Click Virus (http://www.genmay.com/showthread.php?t=836443)

TheMorlock 06-04-2011 04:08 PM

Don't Click Virus
 
Got a virus that disabled Avast added a proxy to firefox and loaded a trojan. Or the trojan did it.

crsss.exe in temps file for the trojan.

Deleted all avast files went to avast directly and downloaded fresh file while running stinger and found something called cybot or something like that backdoor.

Running full scan now.

SemperFly 06-04-2011 04:11 PM

told you to stop opening emails with dirtymilfs4u.exe as the attachment


seriously, unless someone is specifically trying to infect [i]you[/i] there's no excuse for someone with a modicum of computer knowledge to get a virus like that

IcW@teR 06-04-2011 04:15 PM

and this happened how?

TheMorlock 06-04-2011 04:28 PM

[QUOTE=SemperFly;24774456]told you to stop opening emails with dirtymilfs4u.exe as the attachment


seriously, unless someone is specifically trying to infect [i]you[/i] there's no excuse for someone with a modicum of computer knowledge to get a virus like that[/QUOTE]


That is no longer true

actually it got me while I was away at work. Should have known friday morning when I kept getting delays on other sites besides genmay.

Got a hostile proxy as well. That's going to take me awhile to figure out how to remove. Already bypassed it.



[QUOTE=IcW@teR;24774461]and this happened how?[/QUOTE]

I think it was the java popup I got after a windows update. I had always closed it after restart but decided to update that time and it failed. Should have known it was compromised

Fiah 06-04-2011 04:36 PM

Uh if that's the Java popup that I think it is (an UAC prompt out of the blue), that was a legitimate automatic update of Java that you ignored. I know it's highly suspicious that this UAC prompt comes out of the blue, but AFAIK it's totally legit (and necessary).

pyramid 06-04-2011 04:37 PM

[url]http://www.bleepingcomputer.com/combofix/how-to-use-combofix[/url]

SemperFly 06-04-2011 04:37 PM

[QUOTE=TheMorlock;24774471]That is no longer true

actually it got me while I was away at work. Should have known friday morning when I kept getting delays on other sites besides genmay.

Got a hostile proxy as well. That's going to take me awhile to figure out how to remove. Already bypassed it.





I think it was the java popup I got after a windows update. I had always closed it after restart but decided to update that time and it failed. Should have known it was compromised[/QUOTE]of course it's still true. this shit doesn't just randomly happen without user interaction and error. and the only way it could have happened while you were not at your computer is if your home network security sucks ass.

TheMorlock 06-04-2011 04:46 PM

[QUOTE=Fiah;24774481]Uh if that's the Java popup that I think it is (an UAC prompt out of the blue), that was a legitimate automatic update of Java that you ignored. I know it's highly suspicious that this UAC prompt comes out of the blue, but AFAIK it's totally legit (and necessary).[/QUOTE]

but the java temp directory was compromised it was picked up with avast after the reinstall.

Fiah 06-04-2011 04:55 PM

[QUOTE=TheMorlock;24774493]but the java temp directory was compromised it was picked up with avast after the reinstall.[/QUOTE]

Guess what, Java has had vulnerabilities that have been exploited lately. IIRC the browser Java plugin integration was an attack vector for something nasty a few months ago. You may have stumbled upon an infected website with your outdated Java VM and plugin, which would definitely explain infected crap in the Java temp directory.

BTW, I don't agree with the others here who say that you cannot get infected without you doing something stupid. It would not be the first time a high profile site gets hacked and infected with something like this.

Redrum 06-04-2011 04:58 PM

the exploits you can inadvertently download via windows/firefox even after constantly running three different kinds of anti virus tools in the background are getting so ridiculous i'm pretty much only running linux now

my friend got three very nasty trojans on his computer through java exploits this week alone

redirecters, rouge/fake anti spyware software, etc.

shit's ridiculous yo

TheMorlock 06-04-2011 05:04 PM

Yeah they have a new no user interaction required front end out there that does installations with no indication that any activity happened.

And its a real pain in the ass changing passwords when you think there could be a keylogger still on the system.

Tex Arcana 06-05-2011 12:46 AM

.folder

Holy shit... I better hop on my desktop and check it out, I haven't touched it for weeks, since I got this iPad2. :(

My wife, I don't worry too much about, because her surfing is limited to email, banking, and a couple low-traffic specialty sites.

My nephew, on the other hand, tho he's using a limited user account, surfs YouTube and wrestling sites, and is likely to leave the system open to such an attack. So, after I bury his body Allnighte, I'll check it out.

liquidkristal 06-05-2011 01:39 AM

I run a netscreen firewall, MSE, Firefox (With Adblock - which I think is probably responcible for stopping about 95% of attacks before they happen) and sweep weekly with malwarebytes just to be sure. Windows updates are also turned on to download / install whnever they turn up

TheMorlock 06-05-2011 01:44 AM

It's my fourth infection in 25 years.

First was Monkey B off a floppy.

sun_ofa_beach 06-05-2011 02:41 AM

[QUOTE=pyramid;24774483][url]http://www.bleepingcomputer.com/combofix/how-to-use-combofix[/url][/QUOTE]

This shit was a godsend when I couldn't clean my last virus infection.


All times are GMT -7. The time now is 04:48 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
© 2002-2015 CrowdGather, Inc.