Announcement

Collapse
No announcement yet.

Ot: Web Page Virus Scam

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ot: Web Page Virus Scam

    If you wind up at a web page that looks like this shut down Internet Explorer using the Windows Task Manager. Hit Ctrl+Alt+Delete and select in turn each instance of Iexplore.exe in the processes list by right clicking and selecting "End process". Agree and shut any other instance until the processes list shown no instances of Iexplore.exe.

    This page is a scam and clicking on any of the buttons on it will cause it to install malware of some sort. For me it was very obvious the moment I saw it come up since I use the Windows 2000 theme, not the XP theme that the web page shows. There are also small but very important spelling and grammatical errors that are a 100% clue that this has nothing to do with the operating system.

    Free software for calculating bolt circles and similar: Click Here

  • #2
    I run Firefox and Windows Defender and i ran into the same thing so its not just Internet Explorer

    Comment


    • #3
      I'm glad English is the hardest language to learn.
      The butchered grammar is a dead giveaway to most scams.

      Comment


      • #4
        Curious, how did you guys get to this page in the first place?

        Comment


        • #5
          I see those scams all the time. I must not be visiting very nice websites.
          They are a PITA. It does make me wonder how many people fall for it though.

          Steve

          Comment


          • #6
            I was searching for an image of the Exxon Valdez oil spill using Google images. There was nothing to give a clue that the site was malicious. The site is now down so I presume it was hacked and has been shut down.
            Free software for calculating bolt circles and similar: Click Here

            Comment


            • #7
              But the malfactors will surely have hundreds or even thousands of other sites trying to do the same thing. And are opening up more each day. I try not to trust anything of that nature if I have not specifically typed the address myself.

              Another example of the value of a good education. Proper grammer and spelling is not optional. And it appears to be a good idea to alter your color scheme.

              Thanks Evan for the warning.
              Last edited by Paul Alciatore; 05-17-2010, 09:40 AM.
              Paul A.
              SE Texas

              Make it fit.
              You can't win and there IS a penalty for trying!

              Comment


              • #8
                I was nailed by that thing about two months ago - and it seems that by the time the fake anti-virus popup was displayed, my system was already infected. And I use Fire Fox and Sea Monkey; I doubt that any conventional browser can defend against a site infected with the latest crop of viruses.

                Norton Anti-Virus was _completely_ useless, not even recognizing that my system was infected. (What am I paying for?)

                Malware Bytes (free) was partially successful, but could not prevent reinfection on reboot, even when used in safe mode.

                I finally resorted to ComboFix, and that successfully disinfected my system.

                See documentation here:http://www.bleepingcomputer.com/comb...o-use-combofix

                And despite the cheesy-sounding site name, the software is completely legitimate (and free). But it is wise to be wary: the best way to get a virus disseminated is to hack a site distributing anti-virus tools.
                --------------------------------------------------------------------

                Obviously there is a war of escalation between the virus writers and the anti-virus writers - so I imagine Norton Antivirus has been updated to detect the particular strain of virus I had - but by now the virus authors have also modified their 'product'. Is a Medieval punishment too good for those folks?

                Comment


                • #9
                  and it seems that by the time the fake anti-virus popup was displayed, my system was already infected.
                  That is possible.

                  Norton Anti-Virus was _completely_ useless, not even recognizing that my system was infected. (What am I paying for?)
                  That is why I don't bother with any antivirus software. Instead I turn off the various services that I do not need and that are the most common sources of vulnerabilities that the malware targets. I also don't run a firewall since that also invokes the internet connection sharing function. I have the windows security centre totally disabled. Automatic updates are disabled.

                  This is what I have disabled in my system. For a single user system on a home network it has no affect on the functionality of my computer other than turning off the help system and disabling NetMeeting.

                  Free software for calculating bolt circles and similar: Click Here

                  Comment


                  • #10
                    Son of a Biatch. I got attacked by a version of this malware yesterday and before I knew it it was in my system. Very aggressive malware. It is fast and makes it difficult to open System explorer( which I like better than process explorer) http://systemexplorer.mistergroup.org/
                    In system explorer I can watch it spread quickly in the pc and as soon as I end it, it restarts very quickly.
                    I can not open system restore which makes it hard to kill and it also prevents opening any windows security files.
                    I can find and quarantine it in safe mode, but I still can't get into system restore settings to disable system restore. So the pc is still infected on restart.

                    This may be the worst spyware/ malware I have come across.
                    I really do love my new Imac. Never have to deal with this crap.

                    Steve

                    Comment


                    • #11
                      Originally posted by S_J_H
                      Son of a Biatch. I got attacked by a version of this malware yesterday and before I knew it it was in my system. Very aggressive malware. It is fast and makes it difficult to open System explorer( which I like better than process explorer) http://systemexplorer.mistergroup.org/
                      In system explorer I can watch it spread quickly in the pc and as soon as I end it, it restarts very quickly.
                      I can not open system restore which makes it hard to kill and it also prevents opening any windows security files.
                      I can find and quarantine it in safe mode, but I still can't get into system restore settings to disable system restore. So the pc is still infected on restart.

                      This may be the worst spyware/ malware I have come across.
                      I really do love my new Imac. Never have to deal with this crap.

                      Steve

                      I'm still not buying an Apple. It's nothing personal. My old boss liked them and tried to get me to buy one for ten years.

                      I got hit by that virus about two years ago. I basically ruined my hard drive. It shut off the ability to use CD's so I could never even access the HD. I just replaced it. I know, I know, HD's are usually recoverable. Well this one wasn't. It met Mr. Hydraulic press after I wasted a month trying to fix it.

                      Evan's got the right idea. Shut everything off. I think my server has some sort of firewall since I never get spam anymore but I never, ever open attachments from unknown sources.
                      Last edited by gnm109; 05-18-2010, 03:59 PM.

                      Comment


                      • #12
                        I should mention that visiting that web page did NOT infect my system. The security measures I use go to the heart of the problem by disabling the "features" in Windows that are the main vulnerabilities. Perhaps the biggest one is the Universal Plug and Play system. That isn't related to the regular Plug and Play and turning it off has no effect on your computer's ability to detect new hardware. It is a network function only and is a giant hole into the OS for anything that can access your network.
                        Free software for calculating bolt circles and similar: Click Here

                        Comment


                        • #13
                          holy cow! I just got rid of it. It was a little different than the one Evan posted screen shots of.
                          This thing disabled all access to windows security and system restore files on a normal startup and in safe mode. Most system files I tried to open would open and then close within a 1/2 second or not open at all.Task manager function was shut down.
                          It changed my internet connection settings to a proxy server and the only web site I could visit was the scamming anti-virus website.
                          Several times I caught it with my spyware remover but since I could not disable system restore it was right back on startup.

                          Never seen anything this aggressive.
                          It somehow changed my user account password as well.
                          I finally realized it seemed to pause the attack when I visited the site and hit the buttons to purchase it, like they obviously are hoping people will do. Makes sense because they can't make any money if the bamboozled persons pc is still going haywire.
                          After doing that I caught it again, shut down to safe mode and started the last known good config. It was then neutralized.
                          Time for me to rethink my spyware and virus strategy's I guess.

                          Steve

                          Comment


                          • #14
                            Originally posted by S_J_H
                            holy cow! I just got rid of it. It was a little different than the one Evan posted screen shots of.
                            This thing disabled all access to windows security and system restore files on a normal startup and in safe mode. Most system files I tried to open would open and then close within a 1/2 second or not open at all.Task manager function was shut down.
                            It changed my internet connection settings to a proxy server and the only web site I could visit was the scamming anti-virus website.
                            Several times I caught it with my spyware remover but since I could not disable system restore it was right back on startup.

                            Never seen anything this aggressive.
                            It somehow changed my user account password as well.
                            I finally realized it seemed to pause the attack when I visited the site and hit the buttons to purchase it, like they obviously are hoping people will do. Makes sense because they can't make any money if the bamboozled persons pc is still going haywire.
                            After doing that I caught it again, shut down to safe mode and started the last known good config. It was then neutralized.
                            Time for me to rethink my spyware and virus strategy's I guess.

                            Steve

                            When I got it in my HD, I was unable to get into safe more to restore to an earlier point. It's bad.

                            Comment


                            • #15
                              Found it on www.Bleepingcomputer.com ( the site to go to for malware knowledge of all sorts) ,
                              It's known as ransomware.
                              The basics-
                              What this programs does:

                              Antispyware Soft is a rogue from the same family as Antivirus Soft and Antivirus Suite. This rogue is promoted through malware that will install the program on to your computer without your permission or knowledge. In fact, when the program is installed it will stay running in the background and perform no actions until some later date when it then starts to display its warnings and program screen. This program is also configured to start automatically when Windows loads, and once running, will scan your computer and state that your computer has numerous infections. If you try to remove any of these infections, though, the program will not allow it until you purchase the program. This is a scam, as the infections this program displays do not actually exist on your computer. Instead they are being showed to scare you into purchasing it.

                              While Antispyware Soft is running it will also block the majority of programs from running on your computer. When you attempt to run them, it will display a warning stating that the program is infected and then terminate it. The message you would see is:

                              Windows Security Alert
                              Application cannot be executed. The file cmd.exe is infected. Do you want to active your antivirus software now?

                              It blocks programs in order to protect itself from being removed.

                              While running it will also display fake security alerts stating that active infections have been found or that a remote computer is attacking yours. The text of these alerts are:

                              Windows Security alert
                              Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan you computer. Your system might be at risk now.

                              Antivirus software alert
                              Infiltration Alert
                              Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan - dropper or similar.
                              Details
                              Attack from: IP Address, port 39096
                              Attacked Port: 30516
                              Threat: Win32/Nuqel.E

                              Last, but not least, the program will also configure your computer to use a proxy server for its Internet connection. This proxy server will not allow you connect to any sites, but will instead display a warning stating that the site is malicious and that you should purchase Antispyware Soft to protect yourself. All of these warnings and infections messages should be ignored as they are false and just being shown to scare you into purchasing the software.

                              Without a doubt, Antispyware Soft was created to scam you out of your money by trying to convince you that you are infected. It goes without saying that you should not purchase this software, and if you already have, you should contact your credit card company and dispute the charges. To remove Antispyware Soft and any associated malware, please follow the removal guide below.

                              Further info and removal instructions- http://www.bleepingcomputer.com/viru...tispyware-soft

                              It's no fun to have or remove.
                              Steve

                              Comment

                              Working...
                              X