PDA

View Full Version : For you movive watchers



5150
11-19-2010, 04:38 PM
N.anny McP.hee2 on mega vide.o gets you anti..virus acti.on or thinkpo.int
Just a heads up

shifty
11-19-2010, 10:24 PM
5150's acct hacked or is Mr Gibbles back?

Dr. Death
11-20-2010, 08:29 PM
Email him and ask him if he posted that...

shifty
11-20-2010, 11:15 PM
Check out what happened when I googled the phrase: http://www.google.com/search?q=%22--------------------------------------------------------------------------------N.anny+McP.hee2+on+mega+vide.o+gets+you+anti..viru s+acti.on+or+thinkpo.int%22&rls=com.microsoft:en-us&ie=UTF-8&oe=UTF-8&startIndex=&startPage=1

shifty
11-20-2010, 11:19 PM
Anyway, I checked IP info for his account, it all ties back to Maine on roadrunner cable, so the likelihood it was him is huge.

I don't see a need to email, but I am curious what's gotten into the 5150.

=A!M=OakWind
11-21-2010, 12:39 AM
Well water :)

5150
11-21-2010, 01:07 AM
It's me-I posted like that to keep some webcrawlers and what not from finding it.

Bald_Yew
11-21-2010, 11:41 AM
thinkpo.int has popped up on 4 PC's folks have brought me in the past 2 weeks. From what their owners told me about when it happened, it was injected from a web page. 3 of the 4 also had rootkits on them. Used this to get rid of that:

http://support.kaspersky.com/viruses/solutions?qid=208280684

shifty
11-21-2010, 12:04 PM
Did they say what the webpage(s) happened to be?

Bald_Yew
11-21-2010, 01:24 PM
Not specifically, but one said they clicked on a video link posted on a facebook page - said she didn't remember what the video claimed to be. The others just said they were on the 'net and got MSE popups warning of infection. 2 of the 4 did have MSE installed, the other 2 didn't but got a fake MSE popup.

shifty
11-21-2010, 02:56 PM
The two main exploit entry points I've seen malware take advantage of are Java and Adobe Acrobat Reader. Basically, 90% of the people I end up fixing these days are assholes that don't do their automated Java updates when they get the systray popup, and assholes that don't do their Acrobat Reader update when prompted by the systray popup.

The BHO Adobe installs with Acrobat Reader is a common exploit point for drive-by malware, and Java is a great exploit for damned near everything.

5150
11-22-2010, 02:45 AM
With a flash drive get rkill and malwarebytes from some other computer (rkill.scr worked for me).
Running rkill lets you disable it to install and update malwarebytes.
Bleeping computer can explain any other issuses.
You may be able to get online with the infected computer in safe mode, etc. and not need a second computer.

5150
11-22-2010, 03:03 AM
Did they say what the webpage(s) happened to be?
If you're looking for it just go to watch.movies.links.online.com, click on N and the returns link--you can figure it out from there.

dragonash
11-25-2010, 10:09 AM
The two main exploit entry points I've seen malware take advantage of are Java and Adobe Acrobat Reader. Basically, 90% of the people I end up fixing these days are assholes that don't do their automated Java updates when they get the systray popup, and assholes that don't do their Acrobat Reader update when prompted by the systray popup.

The BHO Adobe installs with Acrobat Reader is a common exploit point for drive-by malware, and Java is a great exploit for damned near everything.

or just assholes :)
I keep it simple ;p

shifty
11-25-2010, 09:57 PM
I can't blame them, they pay for my comfortable lifestyle ;)

dragonash
11-29-2010, 09:34 AM
i just gave myself a week off from work and I am back today...

I am soooooo jaded. I am the "Nick Burns, your companies computer guy" character now.

Ninjahedge
11-29-2010, 10:15 AM
Better jaded than depressed.

Something just hit me and it is sapping me. Maybe it is post part(y)um depression combined with seasonal disorder combined with "OMFG only 3.5 weeks 'till X-mas" shopping blues to "OMFG I have 5 years of work to do o this house and the heating bills are going to be HUGE!!!!!!!".....

Whatever.

Hopefully this too will pass, quickly, so I can get enough shizznit DONE so I can have fun......

Ninjahedge
11-29-2010, 10:16 AM
Oh, yeah, OT, INSTALL UPDATES!!!


It would help if they found these vulnerabilities BEFORE they were exploited and patched this stuff up a bit better.

It is frustrating to switch on and see a new update every other Login.....

Dr. Death
12-05-2010, 12:45 AM
If the OP was about win32/alureon.h, I found the following on a MS forum:


My experience with an easy solution.

Symptoms : One Blue Screen of Death, followed by a day of erratic web response, traced to DNS address changed from automatic to something I didn't recognize. Microsoft Forefront found win32/alureon.h but could not do anything with it. Could not quarantine, delete or anything else.

How to tell if you have the rootkit :

run cmd to get a dos prompt and enter the following, ending each line with the enter key

cd \

cd windows

cd system32

diskpart

lis dis



If you have the rootkit it will say "no fixed drives found".

If you don't have it it will list one or more disks.



If you do have the rootkit, google "hitman pro" and go download it. You may have to do it on another, uninfected computer and bring it to the infected machine on a flash drive, as the download appeared to be blocked on my infected machine.

Copy the Hitman Pro file to the desktop of the infected machine.

Reboot into safe mode with networking and doubleclick the Hitman Pro icon.

Follow the program's instructions to scan your computer. When the scan finishes, activate your free 30-day trial to enable cleaning and turn it loose. Reboot when prompted and Bob's your uncle !

Check your system with diskpart as described above to verify the rootkit is gone. It worked for me.