Info on viruses and Fake anti-virus software

This is our Magic Vault, Please only take what you need, to help you on your Quest Enlightenment....

Moderators: Omen, Abe

Forum rules
1. PUT AS MUCH INFO AS YOU CAN IN THE SUBJECT LINE (for example: Gabriel source 7 plays upside down).

2. PUT PAGE URL & SOURCE# IN MESSAGE BODY WHEN REPORTING LINKS. EXAMPLE

DizzyPanda
no0b
Posts: 2

Re: Info on viruses and Fake anti-virus software

Post#46 » Thu Apr 07, 2011 10:02 pm

This virus made it through on two of my comps while loading a video at Icefilms. In both cases it seems my anti-virus, which was up to date, caught it but failed to actually stop it.

It's obviously from some add and not Icefilms itself but I think the reason people are catching this is that there are lots (or at least some) of us who rolled back to an older version of Java since the newer versions were causing DivX to crash Firefox. Since upgrading Java I've had no problems so I'm assuming the virus was exploiting the older Java vulnerabilities.

Can't watch videos at the moment though but I'm hoping with a little searching around the forums I'll figure out why and get Divx working again - certainly preferable to risking another virus.

-----------------

I suspect the reason some Icefilms users are getting infected by this virus (myself included, twice in fact) is that a number of people rolled back to an earlier version of Java when Quickstream 3.8/3.9 came out since it prevented DivX from crashing the browser.

I got this virus twice while loading a video on Icefilms (I presume from an add either on this site or Megaupload). Both computers had up-to-date antivirus (one caught it but failed to actually contain it), and after cleaning them up I upgraded Java and have had no problems since.

Might just be a coincidence, but I run a pretty tight proverbial ship and this virus just appeared without me downloading or authorizing anything. Java is the only thing that wasn't up to date on both my computers so it seems like the logical fault.
Last edited by Xerxys on Thu Apr 07, 2011 11:29 pm, edited 1 time in total.
Reason: Post merge.

User avatar

Nevermore669
Obsessively Addicted
Posts: 4509

Re: Info on viruses and Fake anti-virus software

Post#47 » Fri Apr 08, 2011 12:29 am

Hi DizzyPanda,

That's the first I've heard of a java problem...Your browser crashed with the latest, but doesn't when rolled back a release?

We did have a fairly large number of requests for assistance following the last IQS update, but we generally do get at least a few. I'm surprised, if it's a general java fault, that we don't have far more complaints. As I recall, java is pretty insistent with its update requests, so I would expect java to be updated on, dare I say, most computers - even when other things are not?

I don't doubt, given your experience, that the new java is conflicting with something in your setup, but I'm wondering if it's not something more obscure than the divx webplayer. What version of greasemonkey are you using? I don't recall specifically now, but some people were having major problems with the latest (then - perhaps a month or so ago...) GM release and had to roll back (mine is 0.9.1, with java 1.6.0_24 but I'm on a linux box).

Generally, when people say "browser crash" I immediately go to the proxy settings, but I don't know what effect changing java versions would have there...you can check yours if you want for S&Gs:

Go to Control Panel --> Internet Options --> Connections --> LAN Settings --> UNCHECK "use a proxy server for your LAN". SELECT "automatically detect settings".


Start -> regedit

open:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

"ProxyEnable"=dword:00000001

change the value to 0 using regedit .

so it shows :

"ProxyEnable"=dword:00000000


If you're absolutely sure of your conclusions, I'm just talking to hear myself speak, but if you think it could possibly be something else, you might also want to troubleshoot by creating a fresh firefox profile (don't let it overwrite your current one) and ensuring (check your addons & plugins) that only the bare minimum is installed to stream on icefilms (including the latest java - and NO antivirus or firewall plugins or extensions [it's a test remember]).

I did a search and didn't find anything suggesting therre is a general problem between divx and java, but it is kind of technical, maybe people just haven't made the connection...

I would appreciate an update on this if you find out anything new (the virus thing, too ;) ).
Ignorance and callousness are not virtues

A bleeding heart is a symbol of holiness, a symbol of compassion, not an epithet

When our discourse sinks to the level of meaningless, pejorative labels and personal name-calling rather than honest reflection and reasoned dialogue, we are no longer a people, but a mob

User avatar

Topic Author
Abe
AbeZ Apostle
Posts: 1509
Contact:

Re: Info on viruses and Fake anti-virus software

Post#48 » Fri Apr 08, 2011 1:25 am

I'm going to second the Java exploit theory. I too ran a pretty tight ship. There is no other reasonable explanation for something installing without permission.

I feel like I've said this before...
"Lets burn this mother down!"


* ALL SUPPORT REQUESTS VIA PM WILL BE IGNORED. INSTEAD, SEARCH THE FORUM, POST, OR START A NEW TOPIC.

User avatar

Nevermore669
Obsessively Addicted
Posts: 4509

Re: Info on viruses and Fake anti-virus software

Post#49 » Fri Apr 08, 2011 2:39 am

Makes sense. I just did a "java exploits" search. Seems they're on the rise...


Edit:
Notwithstanding DizzyPanda's problems with the latest java version (which, for now at least, I believe to be an isolated case) I think it's prudent for everyone to check and update their java if necessary, to reduce their vulnerability. You can do that, quickly and easily, here.
Ignorance and callousness are not virtues

A bleeding heart is a symbol of holiness, a symbol of compassion, not an epithet

When our discourse sinks to the level of meaningless, pejorative labels and personal name-calling rather than honest reflection and reasoned dialogue, we are no longer a people, but a mob


DizzyPanda
no0b
Posts: 2

Re: Info on viruses and Fake anti-virus software

Post#50 » Fri Apr 08, 2011 12:52 pm

Apologies for the double post; didn't realize there was an authorization delay.

Thanks a bunch Nevermore, a clear of my cache and the registry change fixed the issues with the most recent Java on both computers. Everything is now A-okay.

User avatar

Nevermore669
Obsessively Addicted
Posts: 4509

Re: Info on viruses and Fake anti-virus software

Post#51 » Fri Apr 08, 2011 8:08 pm

Glad to hear it!
Ignorance and callousness are not virtues

A bleeding heart is a symbol of holiness, a symbol of compassion, not an epithet

When our discourse sinks to the level of meaningless, pejorative labels and personal name-calling rather than honest reflection and reasoned dialogue, we are no longer a people, but a mob


here4fun
no0b
Posts: 1

Re: Info on viruses and Fake anti-virus software

Post#52 » Sat Apr 09, 2011 12:02 am

Say hello to another user who has been infected while visiting this site. It has happened twice to me and both times seemed to be while trying to stream video. I'm not sure where exactly the malware came from but it definitely came while on ice-films or from the mega-up site. I love this site but will be staying away until this issue is resolved as it cost me $95 to have my computer cleaned. To try & put the blame somewhere else is not going to solve the problem. People are obviously gettting infected coming to your site.

User avatar

Nevermore669
Obsessively Addicted
Posts: 4509

Re: Info on viruses and Fake anti-virus software

Post#53 » Sat Apr 09, 2011 3:29 am

Hi here4fun,

Thanks for your comment and report on your situation. I understand your frustration.

Please understand we are not trying to place the blame elsewhere, it is that the blame IS elsewhere. We could, I suppose, cancel ad-service, but then there would be no funds for server costs, etc. I don't think I'm overstating when I say that ice could not run without the small amount of revenue those ads generate. Removing them would in effect be a surrender to the purveyors of the malware.

I can understand if you want to move on, but I don't think you should let some criminal in Russia dictate where you can spend your time, and which services you can access, on line.

I'm certainly not an expert on this stuff, but I expect it's a problem the ad service needs to eliminate, and I don't see many other options than to hope they get it taken care of soon.

If I may offer a suggestion or two. Make sure all of your system's components are up to date, esp. windows, java, flash, and adobe reader (these are currently the most active vectors for infection according to one source). Make sure you have a good malware suite, and that it, and its definitions are up to date. Don't click on anything you don't know and trust.


[I'm concerned because of recent malware activity that is likely tied to java, so I am asking everyone to check and update their java if necessary, to reduce their vulnerability. You can quickly check here.
You should also check that windows is fully updated (go to control panel and insure that the windows automatic update feature is ON), that flash is fully updated (you can check that here, and that adobe reader (if you use it) is fully updated (you can look your product up here - or remove it entirely through add/remove programs and install Foxit Reader which does not have adobe's vulnerabilities). These are said to be the current most common vectors for infection.]
Ignorance and callousness are not virtues

A bleeding heart is a symbol of holiness, a symbol of compassion, not an epithet

When our discourse sinks to the level of meaningless, pejorative labels and personal name-calling rather than honest reflection and reasoned dialogue, we are no longer a people, but a mob

User avatar

Russtronic™
Jeddak
Posts: 6788
Contact:

Re: Info on viruses and Fake anti-virus software

Post#54 » Sat Apr 09, 2011 4:47 pm

To the ones who got the "Virus/Mal ware/Exploit" What Browser/Platform/Virus Protect/Firewall are you running? It should be Impossible with your Browser Safeguards in place. So instead of Buying every Anti-virus on the Shelf---Chk Your Browser Privacy Security Settings.
Image

Image

User avatar

Topic Author
Abe
AbeZ Apostle
Posts: 1509
Contact:

Re: Info on viruses and Fake anti-virus software

Post#55 » Sat Apr 09, 2011 7:12 pm

i feel like it's shady ads that sneak on thru partner ad networks, and both google and adbrite partner with other networks, but somehow i think google would be better at screening them... both adbrite and google are very popular networks. if one of them has bad ads then they are everywhere. this is the nature of the net.
"Lets burn this mother down!"


* ALL SUPPORT REQUESTS VIA PM WILL BE IGNORED. INSTEAD, SEARCH THE FORUM, POST, OR START A NEW TOPIC.


kblitz
meh
Posts: 6

Re: Info on viruses and Fake anti-virus software

Post#56 » Wed Apr 27, 2011 5:39 am

Image

Found this on my Chrome browser. Clocked in at 3:39 PST GMT -8, so there is something definitely wrong with ice's ads


bro339
Overachiever
Posts: 1767

Re: Info on viruses and Fake anti-virus software

Post#57 » Wed Apr 27, 2011 5:52 am

wow..i've been visiting icefilms.info every single day and never seen that b4..that superbly new.. :| might need to wait for a reply by the ice god abe on this.. ;)

User avatar

Russtronic™
Jeddak
Posts: 6788
Contact:

Re: Info on viruses and Fake anti-virus software

Post#58 » Wed Apr 27, 2011 8:42 am

I cant even Blow That Up To See What It Says.
Image

Image


kblitz
meh
Posts: 6

Re: Info on viruses and Fake anti-virus software

Post#59 » Wed Apr 27, 2011 8:56 am

click on the picture for redirect to image hosting site?

User avatar

Russtronic™
Jeddak
Posts: 6788
Contact:

Re: Info on viruses and Fake anti-virus software

Post#60 » Wed Apr 27, 2011 9:10 am

That Picture is Malware it Activated my browsers Fail Safe. I think it has nothing to do with Ice. Do not open it like he said and then click on it. I am A very Careful sort been at this since 78 Kinda like a Bomb Tech when I look At The Impossible Program. There is only 10 Meg of space for anything to open in on my puter unless I say More. So I Read It Chkd it then gave it the kick test to see if it blew up and it did.
Image

Image

Return to “Old Help Section... For Refrence Only...”

Who is online

Users browsing this forum: No registered users and 3 guests