View Full Version : Virus attack

04-07-2009, 12:24 AM
Wow! Got to a website from searching a Canon webcam model number. Clicked on one of the top 3 search result page and my browser warned about the site was reported with virus or something and warned me to go away. Before I close the browser, my antivirus software popped up a msg and quickly disappeared. Right after, my computer seemed to be closing down my apps and rebooting the computer. I quickly open up my taskmgr and saw a few single character tasks running. I quickly killed them and did a full scan and hijackthis and couldn't find anything.

Rebooted into Win 7 and downloaded AVG full version free-trial and it didn't find anything.

Rebooted back to my XP and do a full scan and found this in my TEMP folder:

04-07-2009, 01:50 AM
I've had 2 similar attacks in the past month from sites I thought were safe during typical browsing.


04-07-2009, 01:58 AM
Which browser were you guys using?

04-07-2009, 02:16 AM
I was either using Google Chrome and Firefox. I think when I hit the site, it was Firefox that alerted me the site was bad.

04-07-2009, 07:09 AM
Firefox on 1 and Explorer on the other.

04-07-2009, 08:25 AM
I've had the same thing happen with firefox. "Reported attack site."

But antivir has blocked access everytime.

04-07-2009, 08:58 AM
They REALLY need to REDUCE the things that your web browser can do.

The more "advanced" they make it, the more crap can be done w/o your consent. You wuold think they could maybe make the "Internet Bubble" and create almost a sealed zone (permission wise) around the browser you use and require maybe seperate instances of any associated software to be installed and running from within that bubble....

Kind of like a quarantine zone.

The only problem is that they keep wanting to make the internet more interactive, an dthe more interactive it gets, the more like it is just another large HD attached to your comp......

04-07-2009, 10:48 AM
I suspect if you would have had AntiVir installed, not only would it have found the virus AFTER the fact, but it also would have stopped the attack while it was trying to execute in the first place.

It's all about using the correct tool for the job.

04-07-2009, 11:23 AM
Had Avira installed and running on both. It detected the malicious code from the site on the Firefox machine and stopped it, but not the one on the IE box.

04-07-2009, 11:51 AM
That's creepy. Did it detect it on the IE box post-infection?

04-07-2009, 03:38 PM
NoScript is an excellent firefox add-on, albeit a pain sometimes, but keeps things much safer. I wonder if it would prevent that sort of attack

not that it helps you now but i the future :)

04-07-2009, 03:44 PM
Just installed AntiVir and found another one.

Virus or unwanted program 'TR/Agent.caaj.B [trojan]'
detected in file 'C:\WINDOWS\uojgw.rfd.

04-07-2009, 03:47 PM
But uojgw.rfd is an important program!!!!!!

04-07-2009, 03:54 PM
One more:

The file 'C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_007a17'
contained a virus or unwanted program 'EXP/SWF.ED' [exploit]
Action(s) taken:
The file was moved to '4a0baf27.qua'!

04-07-2009, 05:24 PM
Ya Shifty, Avira found the file after infection and I promptly ran complete scans with Avira, Superantispyware, and Spybot S&D.

04-07-2009, 07:58 PM
I'm tellin ya, I love AntiVir. When I say a product is badass and you MUST get it, people just don't want to listen :D

04-07-2009, 08:32 PM
After AntiVir, using SUPERANtiSpyware and it found 2 more. Gee... these things are nasty!

04-07-2009, 09:29 PM
Be sure to dump all restore points after it finds and cleans these things. This is done by turning OFF system restore, pressing APPLY, then turning it back ON and pressing APPLY.

04-08-2009, 01:01 AM
yea, before I did any repair, I turned off the restore. I still can't get AntiVir installed in XP. There may be still something in there stopping it from installing.

04-08-2009, 08:48 AM
Yup - I listened to shifty and got AntiVir. Haven't paid for it yet, but might do it soon since nothing is scanning emails. Although I only ever get job offers on my main email.

04-08-2009, 09:38 AM
you can always try ultimate boot cd built off of an XP image. that comes with several A/V and spyware tools that will run off of the CD on the hard drive... meaning you boot to CD. works decently. and it runs without loading any system files from your installation, meaning nothing is loaded into memory.

also, malwarebytes is a decent spyware removal tool, gets high recommendations from friends and reading online.

04-08-2009, 10:40 AM
I had Win7 installed and couldn't remove it before. So, I boot into it and install the A/V and anti-spyware tools to scan my computer. It worked great so far. Finally able to install Avira back on the XP this morning.

04-08-2009, 01:00 PM
sounds like one of the Vundo variants I've seen.

Yes Wes, they are pretty freekin nasty