PDA

View Full Version : Virus attack



Wes
04-07-2009, 12:24 AM
Wow! Got to a website from searching a Canon webcam model number. Clicked on one of the top 3 search result page and my browser warned about the site was reported with virus or something and warned me to go away. Before I close the browser, my antivirus software popped up a msg and quickly disappeared. Right after, my computer seemed to be closing down my apps and rebooting the computer. I quickly open up my taskmgr and saw a few single character tasks running. I quickly killed them and did a full scan and hijackthis and couldn't find anything.

Rebooted into Win 7 and downloaded AVG full version free-trial and it didn't find anything.

Rebooted back to my XP and do a full scan and found this in my TEMP folder:
http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2007-102310-3513-99

Bald_Yew
04-07-2009, 01:50 AM
I've had 2 similar attacks in the past month from sites I thought were safe during typical browsing.

:/

Saboteur
04-07-2009, 01:58 AM
Which browser were you guys using?

Wes
04-07-2009, 02:16 AM
I was either using Google Chrome and Firefox. I think when I hit the site, it was Firefox that alerted me the site was bad.

Bald_Yew
04-07-2009, 07:09 AM
Firefox on 1 and Explorer on the other.

=A!M=OakWind
04-07-2009, 08:25 AM
I've had the same thing happen with firefox. "Reported attack site."

But antivir has blocked access everytime.

Ninjahedge
04-07-2009, 08:58 AM
They REALLY need to REDUCE the things that your web browser can do.

The more "advanced" they make it, the more crap can be done w/o your consent. You wuold think they could maybe make the "Internet Bubble" and create almost a sealed zone (permission wise) around the browser you use and require maybe seperate instances of any associated software to be installed and running from within that bubble....

Kind of like a quarantine zone.

The only problem is that they keep wanting to make the internet more interactive, an dthe more interactive it gets, the more like it is just another large HD attached to your comp......

shifty
04-07-2009, 10:48 AM
I suspect if you would have had AntiVir installed, not only would it have found the virus AFTER the fact, but it also would have stopped the attack while it was trying to execute in the first place.

It's all about using the correct tool for the job.

Bald_Yew
04-07-2009, 11:23 AM
Had Avira installed and running on both. It detected the malicious code from the site on the Firefox machine and stopped it, but not the one on the IE box.

shifty
04-07-2009, 11:51 AM
That's creepy. Did it detect it on the IE box post-infection?

poppinfresh
04-07-2009, 03:38 PM
NoScript is an excellent firefox add-on, albeit a pain sometimes, but keeps things much safer. I wonder if it would prevent that sort of attack

not that it helps you now but i the future :)

Wes
04-07-2009, 03:44 PM
Just installed AntiVir and found another one.

Virus or unwanted program 'TR/Agent.caaj.B [trojan]'
detected in file 'C:\WINDOWS\uojgw.rfd.

Ninjahedge
04-07-2009, 03:47 PM
But uojgw.rfd is an important program!!!!!!

Wes
04-07-2009, 03:54 PM
One more:

The file 'C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_007a17'
contained a virus or unwanted program 'EXP/SWF.ED' [exploit]
Action(s) taken:
The file was moved to '4a0baf27.qua'!

Bald_Yew
04-07-2009, 05:24 PM
Ya Shifty, Avira found the file after infection and I promptly ran complete scans with Avira, Superantispyware, and Spybot S&D.

shifty
04-07-2009, 07:58 PM
I'm tellin ya, I love AntiVir. When I say a product is badass and you MUST get it, people just don't want to listen :D

Wes
04-07-2009, 08:32 PM
After AntiVir, using SUPERANtiSpyware and it found 2 more. Gee... these things are nasty!

shifty
04-07-2009, 09:29 PM
Be sure to dump all restore points after it finds and cleans these things. This is done by turning OFF system restore, pressing APPLY, then turning it back ON and pressing APPLY.

Wes
04-08-2009, 01:01 AM
yea, before I did any repair, I turned off the restore. I still can't get AntiVir installed in XP. There may be still something in there stopping it from installing.

garm
04-08-2009, 08:48 AM
Yup - I listened to shifty and got AntiVir. Haven't paid for it yet, but might do it soon since nothing is scanning emails. Although I only ever get job offers on my main email.

poppinfresh
04-08-2009, 09:38 AM
you can always try ultimate boot cd built off of an XP image. that comes with several A/V and spyware tools that will run off of the CD on the hard drive... meaning you boot to CD. works decently. and it runs without loading any system files from your installation, meaning nothing is loaded into memory.

also, malwarebytes is a decent spyware removal tool, gets high recommendations from friends and reading online.

Wes
04-08-2009, 10:40 AM
I had Win7 installed and couldn't remove it before. So, I boot into it and install the A/V and anti-spyware tools to scan my computer. It worked great so far. Finally able to install Avira back on the XP this morning.

dragonash
04-08-2009, 01:00 PM
sounds like one of the Vundo variants I've seen.

Yes Wes, they are pretty freekin nasty