Page 1 of 2 1 2 LastLast
Results 1 to 25 of 30
  1. #1
    "Oldfart from Wayback"
    Reputation: onbelaydave's Avatar
    Join Date
    May 2006
    Posts
    1,678

    Avoid Webshots !!! BAD MALWARE

    Myself and several others at my backpacking forum have gotten infected by "win32 NetSky" while browsing individuals albums at the main site.

    The numbers of people reporting it are increasing.

    I got it last night and my computer is still completely disabled. I'm posting from my wife's.

    Win XP pro
    Pc cillion 2009
    Win Firewall
    Haven't "opened" an email in years and delete anything w/ an attachment


    This public service message is now over, back to damage control.

  2. #2
    Oh, So Interesting!
    Reputation: davec113's Avatar
    Join Date
    May 2006
    Posts
    4,146
    Link Please?
    .




    Strava: turn off your dork logger when you're not on sanctioned trails.

  3. #3
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    10,588
    Man... I hope you didn't *pay* for that anti-virus app.

  4. #4
    Rolling
    Reputation: lidarman's Avatar
    Join Date
    Jan 2004
    Posts
    11,119
    Quote Originally Posted by onbelaydave
    Haven't "opened" an email in years and delete anything w/ an attachment
    .
    I guess you missed the memo.

    Bummer. I hope you get it fixed soon.

  5. #5
    Yappy little dog!
    Reputation: schnauzers's Avatar
    Join Date
    Oct 2005
    Posts
    3,881
    Quote Originally Posted by onbelaydave
    Myself and several others at my backpacking forum have gotten infected by "win32 NetSky" while browsing individuals albums at the main site.

    The numbers of people reporting it are increasing.

    I got it last night and my computer is still completely disabled. I'm posting from my wife's.

    Win XP pro
    Pc cillion 2009
    Win Firewall
    Haven't "opened" an email in years and delete anything w/ an attachment


    This public service message is now over, back to damage control.

    PREVX will fix it. http://www.prevx.com/

    We get them all the time at work.

  6. #6
    Antitheist & Kitten lover
    Reputation: jasonvelocity's Avatar
    Join Date
    Jul 2006
    Posts
    996
    I have been running Microsoft Security Essentials since release without issue. I like that it integrates with Defender, and doesn't try to add more firewall services.

    Update:
    Symantec has a removal tool that clears out most variants.
    Race Mojo Wheels | Read VitalMTB

  7. #7
    mtbr member
    Reputation: ColoradoFrosty's Avatar
    Join Date
    Oct 2008
    Posts
    35

    Prevx

    Schnauzers, will the free version actually remove the worm or do you have to buy the Max Protection version?

    Thanks... unfortunately I have the NetSky worm as well. From what I here at work this thing is really getting around.

    Quote Originally Posted by schnauzers
    PREVX will fix it. http://www.prevx.com/

    We get them all the time at work.

  8. #8
    Yappy little dog!
    Reputation: schnauzers's Avatar
    Join Date
    Oct 2005
    Posts
    3,881
    Quote Originally Posted by ColoradoFrosty
    Schnauzers, will the free version actually remove the worm or do you have to buy the Max Protection version?

    Thanks... unfortunately I have the NetSky worm as well. From what I here at work this thing is really getting around.

    Nah, it will just tell you it can remove it. You have to pay the $30.

  9. #9
    ..ouch
    Reputation: thump's Avatar
    Join Date
    Aug 2007
    Posts
    1,960
    Free Windows Antivirus: http://free.avg.com
    Free Windows Antispiware: http://www.safer-networking.org/en/index.html

    The permanent solution: http://www.ubuntu.com/

  10. #10
    Now with 20% more fat!!
    Reputation: JSD303's Avatar
    Join Date
    Jun 2006
    Posts
    2,026
    Free malware/spyware/rootkit removal -
    Malwarebytes - http://www.malwarebytes.org
    SuperAntiSpyware - http://www.superantispyware.com/
    Ccleaner - http://www.piriform.com
    combofix - http://www.bleepingcomputer.com/virus-removal/

    FREE AV (only one on system at a time)
    Avira - http://www.free-av.com/
    Microsoft Security Essentials - http://www.microsoft.com/Security_Essentials/

    BootCDs if your system is that hosed
    UBCD for Windows - http://www.ubcd4win.com/
    UBCD - http://www.ultimatebootcd.com

  11. #11
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    10,588
    I run AVG & Avast (both anti-virus) on my PC... and use a ZoneAlarm firewall. Another helpful utility is the Resident TeaTimer app provided by the Spybot software app. The TeaTimer runs and intercepts ALL requests to modify your registry. Then YOU can decide what gets written to your registry.

  12. #12
    "Oldfart from Wayback"
    Reputation: onbelaydave's Avatar
    Join Date
    May 2006
    Posts
    1,678
    Turns out it's almost worse. It's "Antivirus 2010".

    That's what's been setting off all of the false alarms.

    In the meantime it also disables your desktop so that no icons/start panel shows, blocks cntrl-alt-delete, it blocked me from booting to safe mode....

  13. #13
    Yappy little dog!
    Reputation: schnauzers's Avatar
    Join Date
    Oct 2005
    Posts
    3,881
    Quote Originally Posted by onbelaydave
    Turns out it's almost worse. It's "Antivirus 2010".

    That's what's been setting off all of the false alarms.

    In the meantime it also disables your desktop so that no icons/start panel shows, blocks cntrl-alt-delete, it blocked me from booting to safe mode....
    Next time stay off the pr0n sites . Honestly, I feel your pain. My staff deals with this crap on a daily basis. That's after firewalls (with antivirus), ironport (with antivirus), and two antivirus apps.

  14. #14
    Now with 20% more fat!!
    Reputation: JSD303's Avatar
    Join Date
    Jun 2006
    Posts
    2,026
    Yeah, those are total bu!!$hit.. I'd use the boot disk I mentioned above or another working computer to scan that drive (hook it up externally). You can hook the infected drive to a working computer and scan with the tools I mentioned above... Or if you'd prefer, you can boot from the UBCD (reg or 4win) - you can let it load the network drivers and then run SuperAntispyware - spybot search and destroy - AV - get them up to date and do full scans - remove items they find. That might be enough to get you into safe mode - then use the other tools (malwarebytes - ccleaner - combofix) to clean the malware off. I would normally use a few other utilities to help, but I wouldn't recommend them to people that don't know what they are doing - as you can do serious damage if you remove the wrong files etc. Cleaning this crap off your system can take hours of scanning with different utilities. Stay off facebook...

  15. #15
    ..ouch
    Reputation: thump's Avatar
    Join Date
    Aug 2007
    Posts
    1,960
    This thread should read: "Avoid Windows !!! BAD MALWARE"

    Seriously, unless you're a hardcore gamer there's no reason to run winblows anymore. Maintaining a network connected windows machine is a loosing battle... and there is no such thing as safe web browsing with IE.

  16. #16
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    10,588
    Quote Originally Posted by thump
    This thread should read: "Avoid Windows !!! BAD MALWARE"

    Seriously, unless you're a hardcore gamer there's no reason to run winblows anymore. Maintaining a network connected windows machine is a loosing battle... and there is no such thing as safe web browsing with IE.


    You think?

    I don't play games.

    I'm a Unix/Linux administrator. I ran it as a desktop one time. I'll not be doing it again.

    I run Firefox (with AdBlock+ and NoScript) almost exclusively.

    I've never had a virus infect my PC.

    What would you recommend I migrate to?

  17. #17
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    10,588
    Quote Originally Posted by JSD303
    Yeah, those are total bu!!$hit.. I'd use the boot disk I mentioned above or another working computer to scan that drive (hook it up externally). You can hook the infected drive to a working computer and scan with the tools I mentioned above... Or if you'd prefer, you can boot from the UBCD (reg or 4win) - you can let it load the network drivers and then run SuperAntispyware - spybot search and destroy - AV - get them up to date and do full scans - remove items they find. That might be enough to get you into safe mode - then use the other tools (malwarebytes - ccleaner - combofix) to clean the malware off. I would normally use a few other utilities to help, but I wouldn't recommend them to people that don't know what they are doing - as you can do serious damage if you remove the wrong files etc. Cleaning this crap off your system can take hours of scanning with different utilities. Stay off facebook...
    Seriously - if you're going to go through all this you might as well simply reinstall your operating system. It's the only *real* way to know you've cleaned it.

    Reinstall your programs, restore your data, and you're back in business.

    Until the next one strikes.


  18. #18
    Now with 20% more fat!!
    Reputation: JSD303's Avatar
    Join Date
    Jun 2006
    Posts
    2,026
    Generally, people don't back anything up... so when it gets this bad and people are complaining, it's because they are going to lose their important stuff (email, pics, data, etc). That's why cleaning it up is better than just wiping, albeit slower.

    I'm also a SysAdmin - I get to deal with UNIX (AIX, HP, etc) and Linux (RHEL/CentOS, BSD, Ubuntu, etc) and Windows.. At home I run a mix of Linux - Windows - Mac.. The Mac is the most flexible, as it can run all of the above natively and through virtualization - as well as read/write to all file systems I throw at it. Thump wasn't stating that you should migrate because you are on a PC... he was stating that someone using Windows might wanna migrate to something else, unless they require Windows for games/apps. The same safe-haven you found on Linux, he found on Macintosh... Let's not turn this into a *nix vs *nix battle... Linux and Macintosh are both *nix... you are on the same team! You can both hate on M$ equally!

  19. #19
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    10,588
    Quote Originally Posted by JSD303
    Generally, people don't back anything up... so when it gets this bad and people are complaining, it's because they are going to lose their important stuff (email, pics, data, etc). That's why cleaning it up is better than just wiping, albeit slower.
    It'd actually be safer to get a new drive, install your OS, then attach the other drive and restore your data. Trying to salvage an infested drive is just a waste of time IMO.

    I'm also a SysAdmin - I get to deal with UNIX (AIX, HP, etc) and Linux (RHEL/CentOS, BSD, Ubuntu, etc) and Windows.. At home I run a mix of Linux - Windows - Mac.. The Mac is the most flexible, as it can run all of the above natively and through virtualization - as well as read/write to all file systems I throw at it. Thump wasn't stating that you should migrate because you are on a PC... he was stating that someone using Windows might wanna migrate to something else, unless they require Windows for games/apps. The same safe-haven you found on Linux, he found on Macintosh... Let's not turn this into a *nix vs *nix battle... Linux and Macintosh are both *nix... you are on the same team! You can both hate on M$ equally!
    I don't hate Microsoft. I run it on all my desktops (home/work). I tried Linux as a desktop. To be honest... I didn't have the patience to deal with it. And I'd agree that unless you have an app requirement to run Windows it might make sense to not run Windows. But let's face it - most people have app requirements that require Windows whether they know it or not.

  20. #20
    Your retarded
    Reputation: Nickle's Avatar
    Join Date
    Aug 2006
    Posts
    3,085
    Quote Originally Posted by SkaredShtles
    I run Firefox (with AdBlock+ and NoScript) almost exclusively.
    Careful, even using FF with those add-ons won't make you immune.

    As I understand it, the pendulum is starting to swing toward Firefox as more and more users leave IE for FF. It'll be interesting to see what browser becomes the whipping boy in the web exploit world now that Chrome is beginning to pick up popularity. Remember, with browsers, it's not that any one is significantly more vulnerable than another -- although how well they stick to W3C standards does help make them less so -- it's how many people use it. If you're searching out vulnerabilities and creating exploits, you are going to pick the most popular apps/browsers and start there. You aren't going to waste your time writing exploits for something very few people use... [SIZE="1"]Mac[/SIZE].

    Honestly, the best way to make your computer(s) secure is to remove them from the internet.
    A trail thatís too difficult wouldnít exist because itíd never be used. But, trails can exist thatíre too difficult for you.

  21. #21
    Thread Terrorist
    Reputation: IndecentExposure's Avatar
    Join Date
    Sep 2006
    Posts
    5,837
    This thread is full of nerds.
    Golden Bike Park Group

    Peak Cycles Gravity Team & Bikeparts.com
    Trestle Bike Park

  22. #22
    Yappy little dog!
    Reputation: schnauzers's Avatar
    Join Date
    Oct 2005
    Posts
    3,881
    Quote Originally Posted by SkaredShtles
    Seriously - if you're going to go through all this you might as well simply reinstall your operating system. It's the only *real* way to know you've cleaned it.

    Reinstall your programs, restore your data, and you're back in business.

    Until the next one strikes.

    AGREE!

    If you back up your crap regularly a complete install is not that bad. Use an imaging program. There's a couple of free ones out there, but I can remember. I use acronis, but you have to pay for that one.

  23. #23
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    10,588
    Quote Originally Posted by schnauzers
    AGREE!

    If you back up your crap regularly a complete install is not that bad. Use an imaging program. There's a couple of free ones out there, but I can remember. I use acronis, but you have to pay for that one.
    Have you gotten the new version of Acronis? It RULES.

  24. #24
    Yappy little dog!
    Reputation: schnauzers's Avatar
    Join Date
    Oct 2005
    Posts
    3,881
    Quote Originally Posted by SkaredShtles
    Have you gotten the new version of Acronis? It RULES.

    Yessiree!

  25. #25
    Want to vent?
    Reputation: The SS Boz's Avatar
    Join Date
    Apr 2004
    Posts
    654
    Quote Originally Posted by thump
    The permanent solution: http://www.ubuntu.com/
    Because ubuntu runs all mainstream apps with no fuss...amirite?


    Back to the problem at hand...some of these viruses are user id specific....login in as a local admin if you have that ability and just download some fix software (malwarebytes) and let it run...

    If you have the nastier version, the one that screws with safe mode...i have read you can trick that AV 2010 virus by installing a removal program (IE: malwarebytes). It will not let you run the new .exe file to cure yourself. But if you next install malwarebytes on a clean computer and copy the .exe file over, the virus doesnt have permissions on that file and lets you run it an clean the crap off your machine...From your issue you might need to know some command line if you cant browse with the gui...

    Worth a shot...

    /nerd speak
    Last edited by The SS Boz; 01-29-2010 at 09:26 AM.
    "I'm supa-fly TNT, I'm tha guns of the navarone!"

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •