I got whacked by one two days ago. It appeared as the usual pop-up window warning I was infected and that I should scan immediately. The little icon was similar to but not the same as AVG or Microsoft. While I pondered the next move, other balloons popped up with buttons to either purchase brand-x anti-virus software ( some name like "Defender" in the url that was trying to load) or continue to be vulnerable. Of course either option led to more pop-up windows, one showing a scan by brand-x in progress. Worse still was that this virus prevented me from opening any other application from any place on the desktop or file tree.
Lucikly I could still log off ( Win XP Home) or re-start. And more fortunately, the other user account seemed unaffected. I could run anything from there. Revo, AVG, Malware, Adaware, couldn't find anything to uninstall or delete. What seemed to work was to carefully migrate a minimum of known good things and files to the good user account via an external HD and then delete the bad account. The problem was swept away in the process. Another re-install avoided.

ARRG!! Much pain and suffering to all hackers :angryfir: !!

I got whacked by the same thing about 3 weeks ago. How and/or why is still a mystery. It overrode every attempt I made to stop it. Even in safe mode it maintained control and thwarted any attempt to activate any cleaners or virus software. It was a bit slow in activating itself and I was finally able to beat it to the punch (timing was everything) by getting into safe mode with internet connectivity. Then I was able to redownload a couple of cleaners and run them. After that, my antivirus (avast), which is usually very good, was able to run and eliminate the final remaining tidbits. All in all, it probably took me six hours of fighting to win the battle.

Needless to say, I have boosted my protection even further.

The same thing happened to the wife's laptop a couple of weeks ago, except I couldn't shut down Windows. I had to remove the battery to reboot. Everything loaded just fine and AVG didn't find anything. Fortunately, she's a sharp cookie and didn't click anything. No damage.

Bob

i don't know where you guys are going to get these things, but i never see them. i know they're out there, but haven't seen one yet.

i don't know where you guys are going to get these things, but i never see them. i know they're out there, but haven't seen one yet.



You don't ??

Same one got me last year, the window popped up with a microsoft logo and said my PC was infected with over 2000 viruses so I was a little suspicious, ran my anti-virus, norton 360 it told me I had a virus and to reboot. Did that and it wrecked my system, had to get a guy in to wipe everything and start from scratch.
Hope that little F###ER and the one that hit Avsim come to a terrifying and agonising end :violent:

Right now, reports have it that social networks are the prime targets for this crap.

If you are on Facebook, Myspace, or any other of these social networking traps, there is a better than average chance of you picking up a computer disease from there than anywhere else at this time.

My wife's aunt called me yesterday...she had that same thing pop up. I totally rebuilt her system not too long ago...and all has been quiet..until yesterday. I told her what to do, how to update her anti-virus, how to start a full system scan....it came back clean. I have no idea where she goes on the internet, but her system is constantly getting attacked....it won't be long before I get another call from her asking me to come fix her computer.

I got nailed Friday night/Saturday morning....and nailed hard. It was my fault. I was looking for info on a WW2 Ship Identification Training Kit that I have in my collection. One of the search results was from Russia and every early warning system I have installed was telling me that the site was a high risk site...heck they even prevented me from going to the site. I disabled them, went to the site. And paid the price! The nasty punched through my anti-virus, shut down my fire wall, and before I could stand up, reach the router and unplug my system from the net.....nearly 100 viruses were on my system. A full deep format and a reinstall of the OS and everything is good again....but if I had done the smart thing...the thing I knew I should do...and avoid that site my system would not have been hit.

OBIO

There seems to be a common theme here with russian sites. Over on the MAIW forums someone got hit by a virus off avsim.ru hidden in an installer that his anti-virus didn't pick up.

The wife was on AOL and checking her e-mail. I think the 'culprit' was an attachment. She's in the habit of immediately trashing spam and other messages from sites she doesn't know, so I think it was an attachment a 'friend' sent her, but I don't know which one. I told her to note if one of her friends have been absent since then; perhaps THEY had a 'Gotcha'!! Won't break my heart in the least.

Bob

My cousin got nailed on facebook the other day - sent private messages to every one of her friends - me included. I was an idiot and clicked on the link in the message (supposedly from youtube), which took me to some non-website. I heard later that it was downloading viruses onto people's machines, but for some reason didn't do it to mine, or my a/v and firewall blocked it without notifying me.

i don't know where you guys are going to get these things, but i never see them. i know they're out there, but haven't seen one yet.

The last time I saw one like this was at www.palmbeachpost.com it is the local news paper here. It was embeded in an add they had posted on the site. It was part of a rotation of adds so it did not show up all the time only when the web site choose to send that add to the requesting web browser.

I also had some one using my old laptop they were on myspace again it was buried in an add.

Neither time was I infected the key is to not press any of their buttons prompting you to confirm or refect the scan or what ever it is they are asking you to do.

The first thing to do is disconnect from the internet by pulling the network cable or If you are on wireless shut off the wireless card or power down your access point that will stop any pop ups that they may call on next. . Then hit the X in the upper right hand corner and exit the window. Do this for anything else that might pop up.

Because you did not knowingly or unknowingly confirm anything it should have been stopped. That is how it worked for me twice and my wife once.

Now to put yourself at ease run your anti virus and malware software. You should have no infections.

When this happens, unplug your computer as fast as you can.... That is the fastest thing you can do to intercept and stop the upload. Switching off your computer will take too much time.

Great thinking on the removeall of the battery. Macs dont do that, if I am correct, the battery is in the case, not removeable like that.. arrgh.

If this happens, pull the cord, wait, then reboot...


I was at a Font site when this happened to me 2 years ago. Its happened a couple of times and I was able to thwart it by unplugging.

Even one of my webpages is presently contaminated. Yahoo says I have to fix it and I cannot even find the bug... arrgh. (Yahoo small business site. Dont you think they should manage it for you since you are 'renting' space from them? crazy.... ).


Bill

Right now, reports have it that social networks are the prime targets for this crap.

.

Correct...

Yup
My missus pooter and 2 laptops on our network got infected with Instmsx.exe
It was a nasty little hard to kill sucker of a worm,it drops the firewall and hides copys of itself in multiple unrelated
files.The only common factor was all the systems effected had been at some time on facebook,not saying facebook is the problem just that some app or associated app that is used must have been responsible ...as my missus is addicted to farm geto and farm vile :)
Wozza

I think I got it from a Rus site by following a link from here. I was looking into a panel or something related to a chap with a veering problem on a beta Russian airliner. Wish I hadn't.

I almost got into trouble at work once. I was looking up bloody trauma pictures for a presentation and four days later was hauled into the office to answer questions about porn sites. Not this boy, I said and promptly marched into the HR office with supervisor in tow. HR showed me a printout of sites I was visiting and I go yep, yep, yep, no, yep, no... Puzzled, I sat down at HR's desk and went to the sites on the list. Well, well, her printout showed she hit same porn sites. Legitimate sites were ghost linking to the porn, showing nothing on the screen but it was captured by the monitoring system. I guess we're done here was my only comment. That was very sweet. So even trusted sites can harbour evil stuff.

Some mentioned quickly pulling the plug, is this the internet or power plug? Anyway, my little problem seems to have been fixed by deleting the user account. Time will tell.

stopping the flow of bits ... the fastest way is to break the internet connection if you can. I have T1 running from my puter to my router, the router is within arms reach of the puter ... a quick flip and the T1 is out of the router and all is good. :)

.
This stuff is getting beyond bad.

My security systems have been updating with megabytes of new definitions & updates every single day now for weeks. Much greater than usual.

A cyber-war is certainly being presently waged in force, an economic & malicious one. It is getting nearly overwhelming.

.
Snuffy- Good tool, guy, as well as applying it when needed.
.............My DSL modem is connected to a separate surge protection unit.
.............. 1st sign of trouble: *click*
.

Hm...virus? What's that? ;)

Yeah, they tried to get me too. It was a software company that was an XP antimalware something or another that altered the registry file so that whenever I went into the security center it redirected me. I used msconfig to disable it and then followed it's path on my HD and deleted it. Then went into the regedit and changed everything back to normal. It shut down Microsoft firewall and MS Security Essentials anti virus programs and redirected to theirs. I never let theirs scan my computer, but it was a bugger to find and shut down and delete.

HiJack This did not find it, but Spybot S&D from Lavasoft did, even after I disabled it and thought I deleted it.

Now all is good. I uninstalled MS Security Essentials and reloaded my Army provided Norton Endpoint firewall and antivirus program.

I've always Norton and Ad-Aware from LavasoftUSA. The best thing to do is to never open anything you don't know what it is.

OOPS Spybot S&D from Safer Networking in Ireland, not Adaware from Lavasoft.

I used to have Adaware, but the program seemed to want to take over my computer resources.

I got whacked by one two days ago. It appeared as the usual pop-up window warning I was infected and that I should scan immediately. The little icon was similar to but not the same as AVG or Microsoft. While I pondered the next move, other balloons popped up with buttons to either purchase brand-x anti-virus software ( some name like "Defender" in the url that was trying to load) or continue to be vulnerable. Of course either option led to more pop-up windows, one showing a scan by brand-x in progress. Worse still was that this virus prevented me from opening any other application from any place on the desktop or file tree.
Lucikly I could still log off ( Win XP Home) or re-start. And more fortunately, the other user account seemed unaffected. I could run anything from there. Revo, AVG, Malware, Adaware, couldn't find anything to uninstall or delete. What seemed to work was to carefully migrate a minimum of known good things and files to the good user account via an external HD and then delete the bad account. The problem was swept away in the process. Another re-install avoided.

ARRG!! Much pain and suffering to all hackers :angryfir: !!

What you got was the winworm32.netsky virus. Distribution of this virus for the last year has been traced to North Korea. It attacks via random surf, through email, and is most prevalent in porn sites. It's been around for a while, and many virus scanners can't detect it as it's easily modified. This is the first and only virus I've ever had in over ten years on the web. There is no way to "clean" this virus, you have to rebuild your OS from the bottom up with HD format.

Bones

I got whacked by one two days ago. It appeared as the usual pop-up window warning I was infected and that I should scan immediately. The little icon was similar to but not the same as AVG or Microsoft. While I pondered the next move, other balloons popped up with buttons to either purchase brand-x anti-virus software ( some name like "Defender" in the url that was trying to load) or continue to be vulnerable. Of course either option led to more pop-up windows, one showing a scan by brand-x in progress. Worse still was that this virus prevented me from opening any other application from any place on the desktop or file tree.
Lucikly I could still log off ( Win XP Home) or re-start. And more fortunately, the other user account seemed unaffected. I could run anything from there. Revo, AVG, Malware, Adaware, couldn't find anything to uninstall or delete. What seemed to work was to carefully migrate a minimum of known good things and files to the good user account via an external HD and then delete the bad account. The problem was swept away in the process. Another re-install avoided.

ARRG!! Much pain and suffering to all hackers :angryfir: !!


I had the same one back in October , had to re-install to get everything.

Now I've got persistent DEP windows knocking me off from about every site including this one. Never even heard of it until as part of the hack I had to re-verify I had genuine Windows. For cripe sake they know all about me, so they must have know I paid through the nose to put XP on this thing! So after I did that I suppose some NEW thing was pushed down my rigs gullet from MS, to make me safer don't you know. Now this fool DEP thing is on the prowl. I followed the steps to turn it off for IE8 without success. Now I'm trying other browsers. At least I can still fly in relative peace.
I think it is high time we bribed some ace hackers for ourselves. They could invent a barrier that also sends out destructive pulses or software automatically back to the villian's PC, or maybe just reflecting the hack back to the source would be enough. :pop4: :jump: Oops, just got another DEP window...

Could this feature be tripping up on active-x things, Adobe, Flash Player, or other things that automatically kick in to show a page?

Okay guys, don't reinstall your OS.

It is resident in your windows/prefetch folder and is AVE.EXE-(numbers).pf

Just run a search on your HDs for AVE.EXE it is usually two files.
Once you delete these two files, it stops.

DD73

Ok DD, I'l try searching for that.

I got nailed three weeks ago by the same thing. Blew through my Firewall from an embedded ad on a site I go to all the time. (Had it happen a year ago from another site I frequent via the same procedure)

First time, Malware Bytes fixed things. Last time I got hit, none of my AV programs would run. I was able to get a new copy of Bit Defender to download and run after killing the virus with End it all (I usually use this to clear resources after running Game Booster before I fly) This gave Bit Defender time to start it's scan before the virus could reboot.

All has been good since.


Brian

One of our company computers got this one a few weeks ago, Norton tech support spent 7 hours helping me remove it, they claim they can immunize against this one as it's a 'chameleon' virus and advised we keep a registry backup on removal media if we need to restore again. They got it removed, and have our logs, their guys are working on a solution. Their corporatate support is amazing, I can't complain about them anymore.

Yup
My missus pooter and 2 laptops on our network got infected with Instmsx.exe
It was a nasty little hard to kill sucker of a worm,it drops the firewall and hides copys of itself in multiple unrelated
files.The only common factor was all the systems effected had been at some time on facebook,not saying facebook is the problem just that some app or associated app that is used must have been responsible ...as my missus is addicted to farm geto and farm vile :)
Wozza

Farmville is said to be really addictive... The game is a 'online' game, which means its running virtually. I think they are usually Java programs.

I keep hearing that if you get an 'update' in the Facebook website, dont do it... I have one in que and I'm not touching it, lol..

The wierd thing is that when you read about these, you find that they usually always have 3 types of files related to them, their primary 3 program files. But, they deposit them in several locations. Further, when you think you have deleted them all, you boot up your computer and its back again.

Some tricks for deleting them when they refuse to be deleted, is to rename them a TXT file, etc. Then you can delete them, (if they have set themselves as being 'non-deleteable' and this is only sometimes that you can do this).

A self healing virus.. grim.... Take these bad guys out and drop them off in a north korean prison!


Bill

.
Was offline for 7 hours, updating my security suite software just before going to bed. When clicking on the update link again 2.31 megabytes of new definitions & updates were downloaded... in just 7 hours. My assertion above continues.

Anyone else happen to have noticed this increased size of daily security/antivirus/anti'pooter-crud downloads these last couple of weeks?
.

.
Was offline for 7 hours, updating my security suite software just before going to bed. When clicking on the update link again 2.31 megabytes of new definitions & updates were downloaded... in just 7 hours. My assertion above continues.

Anyone else happen to have noticed this increased size of daily security/antivirus/anti'pooter-crud downloads these last couple of weeks?
.


http://www.washingtontimes.com/news/2010/mar/24/cyber-attack-on-us-firms-google-traced-to-chinese/

Well the search for AVE.EXE turned up nothing. Is it gone? That BitDefender looks pricey, same as McAffee which I used to have. Wonder if it would have caught this thing. I only dropped it because AVG seemed just as good for free. It certainly has worked for 2 years until this.

The crap just keeps pouring down so a leak or two is inevitable.

The same thing happened to the wife's laptop a couple of weeks ago, except I couldn't shut down Windows. I had to remove the battery to reboot. Everything loaded just fine and AVG didn't find anything. Fortunately, she's a sharp cookie and didn't click anything. No damage.

Bob



AVG will not find anything usually..neighter will Norton, MacAfee, trend..You name it..

That is what those trojans do, first hit (in minutes) are the definations that see them..Now go scan 100 times and it will never find a thing.

next is Windows updates..

Then your Internet comection

then it hits safe mode, then D/ recovery...

Better have a complete back up disk..you will need it..

i fix them every day just like that...





Freeware??? Shakes head....

Farmville is said to be really addictive... The game is a 'online' game, which means its running virtually. I think they are usually Java programs.

Bill
Lol yeah it is My missus spends about 5 to 8 hrs a day on it :) keeps her of my back so alls good ;)

This latest batch of nastys has got me thinking that some of these fly by night scanners writers are also modding the virus code.I found very little info on the exe's I was chasing and a vague link to a scanner which would find the nasty but wants you to purchase the full vers to remove it....... yeah right ....Its all a bit sus if you ask me, its in the virus scanners makers best interest if more new virus pop up ;)

Oh yeah, I have re-format and re-boot disks ready. And I'm done with IE too for now. I know most people say what too you so long but I liked the interface and that I can manage favorites through Windows Explorer. Now I'm back to Firefox because of the DEP thing. Just can't shut it off or make it behave.

My next door neighbor is really into Farmville. She keeps sending me all sorts of cr*p related to the game. If it tends to 'collect' viruses and other nasties, I'd better brush up since she has me fix her pc problems. She's a Veterinarian and keeps our dog and two cats in the peak of good health. It's a nice trade-off.

Bob

Hmmmm. Better pay her a visit this evening and see if everything is current and updated. BTW, the Boss will go, too.

Stay away from farmville. It's addicting and takes you away from flightsim. I can only really service one addiction at a time.
:ernae:

.


http://www.washingtontimes.com/news/2010/mar/24/cyber-attack-on-us-firms-google-traced-to-chinese/
That was quite the article, Snuffy, thank you. Indeed, it may or not be China but it most certainly is .from a major cyber power or powers. Am thinking that some are from originating from China, yes, though there are some mighty heavy hitters these day arrising out of North Korea & others as well.

It's getting to the point of my considering going offline again & making mine a dedicated fs rig, accessing the web with a seperate computers available to me here.
.

I caught that comp virus a couple of weeks ago. Never worried much about such because I never open anything unfamiliar and avoid fishy sites, figured Windows Defender was enough. First saw it when clicking on a photo attachment on Facebook. It laid low for a while and then pretty much locked my computer a week or so later.
Got advice to run Windows System Restore.
That allowed me to download and run Malwarebytes and TrendMicro antivirus/antispyware programs.
Identified it as Koobface and another threat and deleted.
Please stay away, viruses, 'cause I would keel you ...
jbtate