PDA

View Full Version : Photobucket Virus



BigBoy1
01-31-2010, 03:10 PM
When I went to access photos I have on Photobucket, I "caught" a virus. I wanted to edit the photos and as soon as I opened the first one, I got a message saying that I have received a virus. The virus deleted my desktop background and changed it to a grey. Then I immediately got a popup ad for a software package that would "fix" the virus if I purchased it for $49.95. I closed the ad and got out of photobucket and ran my Anti-Malware and Spybot programs and they detected and eliminated five “problems”. All the time they were running I keep getting notices that I had a virus and needed to order the software to “eliminate” it.

After a restart of the computer, I was able to rest the desktop background that had be changed. Since I had gotten the virus from Photobucket, I wanted to go into the Photobucket site and delete the pictures that were infected. Now, I can not access the Photobucket site because I get the following error message:

Restricted Site!
________________________________________
This web site is restricted based on your security preferences.
________________________________________
Your system is infected. Please activate your antivirus software.

There is nothing in my security software to change to re-access the Photbucket site. Any one have any suggestions on what to do?


SIDE BAR
I’m having suspicions about this site:

The Home Shop Machinist & Machinist's Workshop BBS

This is the only site on which I posted the pictures in question. Also this site requires the link to the Photobucket to access the pictures. My thinking is that this link was used to gain access to my Photobucket account without having to go through the security login process. If my reasoning is completely faulty, can some please correct it and let me know how my pictures could have be come infected. Thanks.

dp
01-31-2010, 03:24 PM
SIDE BAR
I’m having suspicions about this site:

The Home Shop Machinist & Machinist's Workshop BBS

This is the only site on which I posted the pictures in question. Also this site requires the link to the Photobucket to access the pictures. My thinking is that this link was used to gain access to my Photobucket account without having to go through the security login process. If my reasoning is completely faulty, can some please correct it and let me know how my pictures could have be come infected. Thanks.

This is impossible. You have a virus because you have Windows and it is very easy to attach a virus to Windows.

The infestation you see could have been picked up any place at any time. There is no reason to think that Photobucket is even involved. The virus may be designed to respond to any site you visit that requires a password or some other trigger that suggests the site is important to you. The hackers know that people will respond more positively if they think they're losing something valuable.

Barrington
01-31-2010, 03:35 PM
BB1, Have you recently accepted an offer to install 'Internet Security 2010' anti virus package from a pop-up on some other site ?

Googling 'internet security 2010 virus' should get you some more info...

Cheers

.

MrSleepy
01-31-2010, 03:40 PM
quoite..."This is the only site on which I posted the pictures in question"

You posted a link....not the pictures.... this BBS doesnt store the pics..just the link..

Rob

gnm109
01-31-2010, 03:45 PM
I use Photobucket frequently without any difficulties. I also have Windows and don't seem to pick up viruses. It's only been about 20 years now so it hasn't been long enough yet. Maybe I'm scheduled to get a virus any time. :)

aboard_epsilon
01-31-2010, 03:48 PM
the link displays your photobucket pictures on your computer in an allocated area on your computers screen with the forum surrounding it coming from elsewhere.

all the best.markj

MrSleepy
01-31-2010, 04:04 PM
the link displays your photobucket pictures on your computer

all the best.markj

Not always...I was trying to look at your J ans S 540 pics from wayback...but they were showing just the placeholder...
How do you rate your 540 Mark...I'm looking into one at the moment..

cheers Rob

airsmith282
01-31-2010, 04:29 PM
i have had no issues at all

aboard_epsilon
01-31-2010, 04:30 PM
mine is perfect ..and i like it ..it must have had an easy life.
but there is a lot of rubbish out there

Early 540 had Babbitt bearings .not available now ..and no one around to fix them .

machine ID'ed by the oil site glass on the side of the head

so if you buy one of these with worn heads .then you're looking at buying a whole new ball bearing head for it.

all the other spares are available from Jones and shipman ..at good reasonable prices, so no worries there.

early electrics can be a problem ..contactors for mem starters .......not available.........and there is great possibility that these will be burnt out .as the metal dust falls on to them in use.

other than that .if you can see lots of intact scraping marks then hopefully it should be a good one ..and should last you out .


sorry have deleted album from photobucket , as...when this site was revamped the links were buggered up .

i blocked all the add servers and pop ups on photobucket .so i dont see many ...if i do ...i take a look at the script, work out where its coming from and block that as well

block them with ...internet options ..security ..restricted sites.

i know it pays the way for photobucket ..but if they show anoying adds like that buzzing bee, and the "you have a virus" ones ..then so be it ..i have a blitz on them.

it would be great if you block adds on TV ........there are some really effing anoying ones on uk tv at the moment.

all the best.markj

Tony Ennis
01-31-2010, 05:15 PM
I got a virus warning from work the other day when viewing photobucket.

The admins had the latest and greatest security patches installed so it bounced off.

All it takes is a malicious ad. A fair number of viruses are embedded in ads. The site (like photobucket) isn't directly involved.

Here's the warning I got:

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Pidief.G
File: C:Documents and SettingsxxxLocal SettingsTempNCLzR2qp.pdf.part
Location: C:Documents and SettingsxxxLocal SettingsTemp
Computer: D-GSHZCK1
User: xxx
Action taken: Pending Side Effects Analysis : Access denied
Date found: Friday, January 29, 2010 5:00:44 PM

I don't know if it is the same issue the OP mentioned.

Dawai
01-31-2010, 06:16 PM
http://bbs.homeshopmachinist.net/showthread.php?t=28891&highlight=photobucket+virus

Problem is.. Java ads they "rent" the sidebar out to people, some, do dastardly things inside your computer which you gave them permission to do so by activating Java on your machine.

I notified Photobucket and they assured me they had fixed the problem.

nheng
01-31-2010, 09:00 PM
If you're using Firefox as a browser, a wonderful add-in is "NoScript" from the Mozilla site. It returns power back to you ... for the most part.

It's amazing the garbage attached to most sites these days. With NoScript you allow only those portions of a page that you "trust". It can be a PITA since many sites depend are Flash based or are brain dead without scripting but you get used to it.

Photobucket does have a number of scripts from various places attempt to run. With a few clicks you can figure out which parts you need.

Den

CCWKen
01-31-2010, 10:11 PM
The virus Tony posted is coming through via Adobe Flash Player. Another reason not to use Flash Player. I won't load it to my machines.

Trojan.Pidief.G
By: precisesecurity | Under: Trojan 22

Trojan.Pidief.G is a maliciously-created PDF document file that will infect computers by exploiting an Adobe Flash Player software vulnerability. Trojan.Pidief.G is also capable of creating a backdoor port on the compromised computer.

Dr Stan
01-31-2010, 10:51 PM
You may be a victim of "Ransomware". Go to: http://redtape.msnbc.com/2010/01/turning-hijacked-computers-into-cash-is-still-hard-work-for-most-computer-criminals-theyve-got-to-trick-the-infected-pc-into.html

Falcon67
01-31-2010, 11:12 PM
The virus Tony posted is coming through via Adobe Flash Player. Another reason not to use Flash Player. I won't load it to my machines.

Trojan.Pidief.G
By: precisesecurity | Under: Trojan 22

Trojan.Pidief.G is a maliciously-created PDF document file that will infect computers by exploiting an Adobe Flash Player software vulnerability. Trojan.Pidief.G is also capable of creating a backdoor port on the compromised computer.

Update - your computer(s) should be on auto update and install any updates provided by supplementary software immediately. Aside from running a top class AV software. Not installing something in wide use as part of the internet experience is like saying you're not going to go buy a newspaper at the store because you might have a wreck. I run Java, Flash and everything else and don't have issues, but I receive virus notifications as part of the job and update everything regularly. I handle internet security, so I ought to be more paranoid than anyone. Everything has regular issues and faults - update, update, update.

And don't lay it all on Windows/MS - Linux has just as much trouble, trust me. Some weeks - 10x more than Windows.

MrSleepy
02-01-2010, 11:52 AM
mine is perfect ..and i like it ..it must have had an easy life.
but there is a lot of rubbish out there

Early 540 had Babbitt bearings .not available now ..and no one around to fix them .

machine ID'ed by the oil site glass on the side of the head

all the best.markj


Hi Mark

Thanks for the heads up on the 540....

My 80yr old uncle used to work for LNER in their then repair facility at Immingham Docks...when they switched to diesels in the 60's they threw out all the babbit related equipment they had...moulds..furnaces...tools..and babbit ingots.
(he used to do the same as Burt Lancaster did in "The Train")..

In his wisdom he retrieved it from the scrapper and still has quite a lot left...I made him promise that when he finally pegs it...I will inherit his workshop gear (at the least):)...

Rob

saltmine
02-01-2010, 12:06 PM
I occasionally use Photobucket, and have never encountered a problem.
Of course, I have a very tight security suite and am careful where I surf.

A recent scan of my system showed half-a-dozen "LOW LEVEL" security threats, but my software quarantined them and pronounced the system clean and free from any virus.

It's interesting at times. Once in a while a virus or Trojan or whatever tries to "take over" only to be stomped flat by my security software...It's almost fun to watch, as the software goes after the threat.

No, I'm not perfect. My security set-ups got that way after I had a hostile hijacking and then a virus that required replacement of the whole hard drive.
I learned my lesson, the hard way.

On the subject of babbit bearings. Yes, I had the opportunity to re-babbit the connecting rods on an elderly Royal Enfield 650 motorcycle, once. The old beast is still running, so I must have done the job right.

Dawai
02-01-2010, 12:21 PM
When you looked with real eyes.. insert bearings are cheap.. but babbit bearings can be rebuilt by anyone with the knowledge of howto and a shop.

SAFE PLACE TO SURF? well My letter to Photobucket said I used to "trust" thier site..

It was the malicious ads on the sidebar.. just like the one running up above this post here.. Maybe.. maybe not.. unless you spend big bucks on "software" to stop it.

Kinda like when the Loose sex (Free Love Hippy era) of the 70s started trading diseases widespread like.. Everyone was used to swapping partners like shuffling cards.. then "OMG" it ain't safe anymore..

SteveF
02-01-2010, 12:24 PM
Falcon67 and Saltmine (and others) - what do you guys think is the "best of class" in AV software now?

Steve.

aboard_epsilon
02-01-2010, 12:37 PM
When you looked with real eyes.. insert bearings are cheap.. but babbit bearings can be rebuilt by anyone with the knowledge of howto and a shop.

..

it's the application that they are built into ..that is the problem ..

a surface grinding machine that needs micro tolerances after the job is done.

I wouldn't like to do that job for the first time and expect perfect results .

royal enfield ..yes i would give it a go .surface grinder .nope.

one good thing would be, because it re-melt-able You get to try it over and over until perfect i suppose.

all the best.markj

CCWKen
02-01-2010, 08:46 PM
Not installing something in wide use as part of the internet experience is like saying you're not going to go buy a newspaper at the store because you might have a wreck.

I laugh every time I hear about "Improved Internet Experience". :D If there was a way to control the use of Flash Player, I might add it to my system. But that's not the case. The PC owner has no control over Flash Player and it's one of worst data miners released to the public. The PC owner has no control of the "secret cookies" used by the site programmers. They're encrypted and buried outside of the normal cookie locations. And there about 10 times the size.

Besides "You-got-Tubed" and data mining, the only other major use of Flash Player is irritating ads all over the screen. I can do without that experience, thank you.

Ken

Flash Player has support for an embedded scripting language called ActionScript (AS), which is based on ECMAScript. Since its inception, ActionScript has matured from a script syntax without variables to one that supports object-oriented code, and may now be compared in capability to JavaScript (another ECMAScript-based scripting language).

gnm109
02-01-2010, 08:51 PM
I laugh every time I hear about "Improved Internet Experience". :D If there was a way to control the use of Flash Player, I might add it to my system. But that's not the case. The PC owner has no control over Flash Player and it's one of worst data miners released to the public. The PC owner has no control of the "secret cookies" used by the site programmers. They're encrypted and buried outside of the normal cookie locations. And there about 10 times the size.

Besides "You-got-Tubed" and data mining, the only other major use of Flash Player is irritating ads all over the screen. I can do without that experience, thank you.

Ken


I dislike Flash Payer as well but without Flash Player AFAIK you cannot use You Tube and other similar sites. Is there some way to use another video player?

CCWKen
02-01-2010, 09:11 PM
When I was on dial-up, I couldn't view online videos and got used to it. I don't feel the need just because I have a high speed connection. If a video is that great, I'll hear about on the news. And any site that "Requires" me to have Flash Player doesn't need my attention either. I've gotten by. :cool:

SteveF
02-02-2010, 09:50 AM
I agree that Falcon67's analogy is a little off. Installing all the bells and whistles which maximizes the chance of getting a virus is like bringing home a newspaper that has a 1% chance of spontaneously combusting and burning your house to the ground. Not a good idea.

Steve.

TGTool
02-05-2010, 12:22 PM
Hmmm. Just got this flag preparing to upload images to Photobucket. :mad:

Does this mean it's time to scrub out the bucket with some disinfectant? :D

http://i48.photobucket.com/albums/f244/TGTool/PhotobucketProblem.jpg

CountZero
02-05-2010, 01:07 PM
Use the firefox extension Flashblock if you want control and still be able to use youtube and other sites.