Info on viruses and Fake anti-virus software

This is our Magic Vault, Please only take what you need, to help you on your Quest Enlightenment....

Moderators: Omen, Abe

Forum rules
1. PUT AS MUCH INFO AS YOU CAN IN THE SUBJECT LINE (for example: Gabriel source 7 plays upside down).

2. PUT PAGE URL & SOURCE# IN MESSAGE BODY WHEN REPORTING LINKS. EXAMPLE
User avatar

iszazial
Average User
Posts: 74

Re: Info on viruses and Fake anti-virus software

Post#91 » Sun Jun 12, 2011 5:58 pm

It was not icefilms that gave this person the ransomware but rather that user was already infected with a rootkit calls TDSS. The specific varients such as TDL3 and TDL4 cause the web browser to open in hidden mode and under compatibility mode in the background which then randomly connects to various websites without the users knowledge. So unfortunatly if you this rootkit then a biproduct of the infection is it can accidently hit a nefarious website that includes ransomeware in its cookie, then uploads itself to your computer.

The TDSS rootkit is very very common and if you dont know computers very well and look at Banned all day there is a very good chance you may have it. You can identify this rootkit and remove it with Kaspersky's free utility they have on they're website called "TDSSKILLER.exe".

to further protect yourself from those nefarious website I would also suggest adding the MVP catalog to your windows host file and locking it.
Image


sethharper
meh
Posts: 7

Re: Info on viruses and Fake anti-virus software

Post#92 » Sat Dec 10, 2011 10:26 am

I have two laptops that are hooked up to two televisions, one in my living room and one in my bedroom. These laptops were purchased explicitly for the use of my icefilms/megavideo account. These laptops visit no other sites but icefilms.info and megavideo.com. I too have been infected with the Win 7 2012 Security (or what ever the hell it is called) on both of these laptops, on more thn one occasion (4 each, to be precise), and it did occur during the use of icefilms. This is not to say that icefilms was the cause, but by all logic and reason it had to have been either icefilms or megavideo since these two laptops do not go to any other sites. I have been using the following solution:

http://www.bleepingcomputer.com/virus-r ... urity-2012

In safe mode, it utilizes rkill to stop all unecessary processes, followed by a reg key auto editor to restore the use of executables, followed by the use of malwarebytes to remove the malware(s) causing the problem.

I am not a computer guru, but what I can say is that the programs kicked on after clicking source links on icefilms, prior to even getting to megavideo. Again, this is not saying icefilms is the source of the malware, it is just the order in which the events happened to have occured. I have yet to install something that will provide real time protection for malware, but I am looking at what is available.

User avatar

Nevermore669
Obsessively Addicted
Posts: 4509

Re: Info on viruses and Fake anti-virus software

Post#93 » Sun Dec 11, 2011 11:21 pm

Good post. That link to bleepingcomputer will likely be useful for someone.

Have you tried using noscript in your browser? As I understand the vector of this particular infection, it should stop it dead. To use noscript with icefilms, you need to allow scripts from icefilms.info, icedivx.com, and megaupload.com. You should also set your browser to stop automatic page changes or reloading.
Ignorance and callousness are not virtues

A bleeding heart is a symbol of holiness, a symbol of compassion, not an epithet

When our discourse sinks to the level of meaningless, pejorative labels and personal name-calling rather than honest reflection and reasoned dialogue, we are no longer a people, but a mob


Catsin
Heart on for IceFlims
Posts: 124

Sharing my experience and how the virus showed up

Post#94 » Tue Dec 20, 2011 1:29 pm

I am going to read this entire thread because I am not as tech-y as most of you and I'm sure I will learn a lot. But I will say that what I got yesterday (~11pm CST) took the cake of horrible viruses. It blocked all my Norton software and my access to the web so I couldn't dl any different AV programs. I finally had to call Norton support and pay for the guy to clean it all up, and it took him 4.5hrs. (One time fee, not per hour so he was moving pretty fast from what I could tell.)

Anyway, this is how it started - I had clicked on the most recent ep of Terra Nova, been redirected to MU; it gave what looked like a totally normal reminder box to upgrade to GM 4.3 [or 4.2, can't remember] (first hint - I had already upgraded) but I clicked ok anyway; it only gave me a 5 sec. wait time and I was thinking, 'wow, way to go new script' and then instantly these messages started popping up from what looked to be very legitimate XP Security Center software. It even dropped the icon into the taskbar. There were a couple minor clues that it wasn't real, thank goodness I noticed them and didn't click on ANYTHING. Anyway, at the end of the whole removal process the guy told me the virus was called gbw.

He said it was a new type of virus and that Norton is working on a fix for it, and that soon Norton will recognize it and block it. I was pretty pissed that it wasn't already doing that and that I had to pay to get rid of it, but whatever. At least its ok now. I have the feeling from looking at these posts that there are tons of superior programs to Norton, but I will probably keep it because after me bitching about it they extended my subscription another 6 months.

I realize this is not particularly informative, and the problem has already been fixed on the site (you guys are BRILLIANT and MU SUX), but it was so frustrating I just had to cathartically share my own experience. Whew. Oh, and horrifylingly the toilet picked that exact time frame to back up and I had to spend two hours in the middle of the night working on that too. I had a terrible night which didn't end until 6am this morning. Fortunately Chicago is like the nicest place in the world, and the plumber (who came this morning after my efforts failed) didn't even charge me. I must have looked awful! :)

Merry Christmas to all!!!!!


Catsin
Heart on for IceFlims
Posts: 124

Re: Info on viruses and Fake anti-virus software

Post#95 » Tue Dec 20, 2011 1:41 pm

@Nevermore...

I wonder, for those tech-iots among us, if you would explain what a noscript is and how to find it and use it? I think I can figure out the automatic page changes and reloading if I search for that.

Thx,
Catsin

PS you guys are BRILLIANT.

User avatar

Nevermore669
Obsessively Addicted
Posts: 4509

Re: Info on viruses and Fake anti-virus software

Post#96 » Wed Dec 21, 2011 8:12 am

Yeah, I saw from your other post that you've already got noscript installed.

But for anyone else, Noscript is a firefox browser addon that blocks scripts (and other methods of downloading nasties onto your computer). There is, I believe a version for IE, and one called, I think, NotScript, for chrome. It's a bit of a pain to use sometimes, but better safe and all that...
Ignorance and callousness are not virtues

A bleeding heart is a symbol of holiness, a symbol of compassion, not an epithet

When our discourse sinks to the level of meaningless, pejorative labels and personal name-calling rather than honest reflection and reasoned dialogue, we are no longer a people, but a mob

User avatar

Nevermore669
Obsessively Addicted
Posts: 4509

Re: Info on viruses and Fake anti-virus software

Post#97 » Wed Jan 04, 2012 5:43 pm

That's very funny, Zippy! Got a taste of your own medicine (from your son)!
Ignorance and callousness are not virtues

A bleeding heart is a symbol of holiness, a symbol of compassion, not an epithet

When our discourse sinks to the level of meaningless, pejorative labels and personal name-calling rather than honest reflection and reasoned dialogue, we are no longer a people, but a mob

User avatar

Russtronic™
Jeddak
Posts: 6802
Contact:

Re: Info on viruses and Fake anti-virus software

Post#98 » Wed Jan 04, 2012 7:56 pm

I still haven't figured out how some people get thru life Nev. They can't take responsibility for their own actions... It is always someone else's fault and they should pay.. I have been an IT guy since the 70's, yea I am that old.. You will never change them, so show them the door... If they aren't smart enough to Protect Themselves, then the way I look at it, it is natural selection. You know survival of the fittest. The fittest being the one who takes responsibility and protects himself... Although from time to time I so like watching the Idiot standing on the target range wearing only a bulls-eye and yelling if you shoot me I will sue.
First off in this thread the only thing of new interest in this thread is TDSS I will do my due diligence on this and get back to you.
Image

Image


kwellerfolds
no0b
Posts: 1

Re: Info on viruses and Fake anti-virus software

Post#99 » Fri Jan 06, 2012 10:31 am

Unfortunately it is not just the WWE link. My anti-virus has been going insane the last few days using this website, where it NEVER has EVER had an issue before. The real issue is the first time it happened, it actually broke through my firewall. The fake win 7 anti-virus 2012 has popped up twice now. I use Avast! Internet Security which usually updates 2-3 times a day. It always happens either when you click to the link for a specific episode, or when you click the link from the episode page to the megavideo website. I believe it may be using some of greasemonkeys features to attempt opening programs without my consent. The first time it happened, I thought I lost my computer, I had to reinstall a few things including Avast! The second time it happened, Avast! did as me how I wanted to open a threatening program, I told it to close without opening, and the friggin fake antivirus broke through again! Thank the lord in a safebox this time... but still. This is another attack on the website, and this time targeted towards its viewers. Seems like they must be pretty experienced hackers if they are breaking Anti-Virus Software that is so up to date...

User avatar

Way
RedTek
Posts: 3187

Re: Info on viruses and Fake anti-virus software

Post#100 » Fri Jan 06, 2012 12:08 pm

Do you mean this one? http://www.icefilms.info/ip.php?v=105223&

Works fine for me ;)

Image

User avatar

gspat
Oh my Santa!
Posts: 2530

Re: Info on viruses and Fake anti-virus software

Post#101 » Fri Jan 06, 2012 12:17 pm

well, I just got hit with "Vista Antivirus 2011"...

It took about an hour to get rid of, but it was annoying as hell!
Now I've got a link... What the hell do I do with it?

Considering helping us find links? Please read this!

User avatar

Russtronic™
Jeddak
Posts: 6802
Contact:

Re: Info on viruses and Fake anti-virus software

Post#102 » Fri Jan 06, 2012 2:31 pm

Are you using Ad-Block? And do you have any clue to the vector? PM me all the info you can Please both G and Zippy.
Image

Image

User avatar

gspat
Oh my Santa!
Posts: 2530

Re: Info on viruses and Fake anti-virus software

Post#103 » Fri Jan 06, 2012 4:43 pm

no need for a PM...

I don't know where it came from... My son uses this computer, so does my daughter. The history shows a bunch of hits to anime and video websites... could have come from anywhere.

took about an hour to setup the virus scan, reboot, scan and fix a registry error (didn't know what to do with exe files after the infection). Multi scans after show nothing, so I'm no longer worried.
Now I've got a link... What the hell do I do with it?

Considering helping us find links? Please read this!

User avatar

Nevermore669
Obsessively Addicted
Posts: 4509

Re: Info on viruses and Fake anti-virus software

Post#104 » Sun Jan 08, 2012 12:18 am

Yeah, we got hit with a whole slew of these guys last...spring? Idk, you can just go back in this thread to see...

I really think they're coming through the ad-server somehow. Last time they just stopped. I assume the ad-server finally went through their ads and cleaned them out.
Ignorance and callousness are not virtues

A bleeding heart is a symbol of holiness, a symbol of compassion, not an epithet

When our discourse sinks to the level of meaningless, pejorative labels and personal name-calling rather than honest reflection and reasoned dialogue, we are no longer a people, but a mob


icemonkey
no0b
Posts: 2

Re: Info on viruses and Fake anti-virus software

Post#105 » Fri Jan 27, 2012 7:53 am

ya'll are bad*ss motherf****rs and I love this site. keep up the good works :)

thx for the malwarebytes info btw...they have a free trial on atm with live screening.

browser: opera :P

first time security warning ever (moved over when ninja slipped and fell of da cliff) from this site on the page for dailyshow 17x50. when i open the page from the mainsite and before i click the source it shows a dialogue box saying :

\
Security Warning: Information from this secure page will be submitted to a page that is not secure on ia.media-imdb.com. Submitting sensitive information is strongly discouraged. Submit/cancel (button options)
\

won't let me click anything on the page unless i click one of the buttons, which i won't do lol, just closed the tab. I'm not an expert to say the least.

edit: doesn't happen anymore. :)

Return to “Old Help Section... For Refrence Only...”

Who is online

Users browsing this forum: No registered users and 2 guests