Results 1 to 30 of 30
  1. #1
    "Oldfart from Wayback"
    Reputation: onbelaydave's Avatar
    Join Date
    May 2006
    Posts
    1,682

    Avoid Webshots !!! BAD MALWARE

    Myself and several others at my backpacking forum have gotten infected by "win32 NetSky" while browsing individuals albums at the main site.

    The numbers of people reporting it are increasing.

    I got it last night and my computer is still completely disabled. I'm posting from my wife's.

    Win XP pro
    Pc cillion 2009
    Win Firewall
    Haven't "opened" an email in years and delete anything w/ an attachment


    This public service message is now over, back to damage control.

  2. #2
    Oh, So Interesting!
    Reputation: davec113's Avatar
    Join Date
    May 2006
    Posts
    4,334
    Link Please?
    .




    Strava: turn off your dork logger when you're not on sanctioned trails.

  3. #3
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    11,663
    Man... I hope you didn't *pay* for that anti-virus app.

  4. #4
    Rolling
    Reputation: lidarman's Avatar
    Join Date
    Jan 2004
    Posts
    11,110
    Quote Originally Posted by onbelaydave
    Haven't "opened" an email in years and delete anything w/ an attachment
    .
    I guess you missed the memo.

    Bummer. I hope you get it fixed soon.

  5. #5
    Yappy little dog!
    Reputation: schnauzers's Avatar
    Join Date
    Oct 2005
    Posts
    3,881
    Quote Originally Posted by onbelaydave
    Myself and several others at my backpacking forum have gotten infected by "win32 NetSky" while browsing individuals albums at the main site.

    The numbers of people reporting it are increasing.

    I got it last night and my computer is still completely disabled. I'm posting from my wife's.

    Win XP pro
    Pc cillion 2009
    Win Firewall
    Haven't "opened" an email in years and delete anything w/ an attachment


    This public service message is now over, back to damage control.

    PREVX will fix it. http://www.prevx.com/

    We get them all the time at work.

  6. #6
    Antitheist & Kitten lover
    Reputation: jasonvelocity's Avatar
    Join Date
    Jul 2006
    Posts
    996
    I have been running Microsoft Security Essentials since release without issue. I like that it integrates with Defender, and doesn't try to add more firewall services.

    Update:
    Symantec has a removal tool that clears out most variants.
    Race Mojo Wheels | Read VitalMTB

  7. #7
    mtbr member
    Reputation: ColoradoFrosty's Avatar
    Join Date
    Oct 2008
    Posts
    35

    Prevx

    Schnauzers, will the free version actually remove the worm or do you have to buy the Max Protection version?

    Thanks... unfortunately I have the NetSky worm as well. From what I here at work this thing is really getting around.

    Quote Originally Posted by schnauzers
    PREVX will fix it. http://www.prevx.com/

    We get them all the time at work.

  8. #8
    Yappy little dog!
    Reputation: schnauzers's Avatar
    Join Date
    Oct 2005
    Posts
    3,881
    Quote Originally Posted by ColoradoFrosty
    Schnauzers, will the free version actually remove the worm or do you have to buy the Max Protection version?

    Thanks... unfortunately I have the NetSky worm as well. From what I here at work this thing is really getting around.

    Nah, it will just tell you it can remove it. You have to pay the $30.

  9. #9
    ..ouch
    Reputation: thump's Avatar
    Join Date
    Aug 2007
    Posts
    2,025
    Free Windows Antivirus: http://free.avg.com
    Free Windows Antispiware: http://www.safer-networking.org/en/index.html

    The permanent solution: http://www.ubuntu.com/

  10. #10
    Now with 20% more fat!!
    Reputation: JSD303's Avatar
    Join Date
    Jun 2006
    Posts
    2,031
    Free malware/spyware/rootkit removal -
    Malwarebytes - http://www.malwarebytes.org
    SuperAntiSpyware - http://www.superantispyware.com/
    Ccleaner - http://www.piriform.com
    combofix - http://www.bleepingcomputer.com/virus-removal/

    FREE AV (only one on system at a time)
    Avira - http://www.free-av.com/
    Microsoft Security Essentials - http://www.microsoft.com/Security_Essentials/

    BootCDs if your system is that hosed
    UBCD for Windows - http://www.ubcd4win.com/
    UBCD - http://www.ultimatebootcd.com

  11. #11
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    11,663
    I run AVG & Avast (both anti-virus) on my PC... and use a ZoneAlarm firewall. Another helpful utility is the Resident TeaTimer app provided by the Spybot software app. The TeaTimer runs and intercepts ALL requests to modify your registry. Then YOU can decide what gets written to your registry.

  12. #12
    "Oldfart from Wayback"
    Reputation: onbelaydave's Avatar
    Join Date
    May 2006
    Posts
    1,682
    Turns out it's almost worse. It's "Antivirus 2010".

    That's what's been setting off all of the false alarms.

    In the meantime it also disables your desktop so that no icons/start panel shows, blocks cntrl-alt-delete, it blocked me from booting to safe mode....

  13. #13
    Yappy little dog!
    Reputation: schnauzers's Avatar
    Join Date
    Oct 2005
    Posts
    3,881
    Quote Originally Posted by onbelaydave
    Turns out it's almost worse. It's "Antivirus 2010".

    That's what's been setting off all of the false alarms.

    In the meantime it also disables your desktop so that no icons/start panel shows, blocks cntrl-alt-delete, it blocked me from booting to safe mode....
    Next time stay off the pr0n sites . Honestly, I feel your pain. My staff deals with this crap on a daily basis. That's after firewalls (with antivirus), ironport (with antivirus), and two antivirus apps.

  14. #14
    Now with 20% more fat!!
    Reputation: JSD303's Avatar
    Join Date
    Jun 2006
    Posts
    2,031
    Yeah, those are total bu!!$hit.. I'd use the boot disk I mentioned above or another working computer to scan that drive (hook it up externally). You can hook the infected drive to a working computer and scan with the tools I mentioned above... Or if you'd prefer, you can boot from the UBCD (reg or 4win) - you can let it load the network drivers and then run SuperAntispyware - spybot search and destroy - AV - get them up to date and do full scans - remove items they find. That might be enough to get you into safe mode - then use the other tools (malwarebytes - ccleaner - combofix) to clean the malware off. I would normally use a few other utilities to help, but I wouldn't recommend them to people that don't know what they are doing - as you can do serious damage if you remove the wrong files etc. Cleaning this crap off your system can take hours of scanning with different utilities. Stay off facebook...

  15. #15
    ..ouch
    Reputation: thump's Avatar
    Join Date
    Aug 2007
    Posts
    2,025
    This thread should read: "Avoid Windows !!! BAD MALWARE"

    Seriously, unless you're a hardcore gamer there's no reason to run winblows anymore. Maintaining a network connected windows machine is a loosing battle... and there is no such thing as safe web browsing with IE.

  16. #16
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    11,663
    Quote Originally Posted by thump
    This thread should read: "Avoid Windows !!! BAD MALWARE"

    Seriously, unless you're a hardcore gamer there's no reason to run winblows anymore. Maintaining a network connected windows machine is a loosing battle... and there is no such thing as safe web browsing with IE.


    You think?

    I don't play games.

    I'm a Unix/Linux administrator. I ran it as a desktop one time. I'll not be doing it again.

    I run Firefox (with AdBlock+ and NoScript) almost exclusively.

    I've never had a virus infect my PC.

    What would you recommend I migrate to?

  17. #17
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    11,663
    Quote Originally Posted by JSD303
    Yeah, those are total bu!!$hit.. I'd use the boot disk I mentioned above or another working computer to scan that drive (hook it up externally). You can hook the infected drive to a working computer and scan with the tools I mentioned above... Or if you'd prefer, you can boot from the UBCD (reg or 4win) - you can let it load the network drivers and then run SuperAntispyware - spybot search and destroy - AV - get them up to date and do full scans - remove items they find. That might be enough to get you into safe mode - then use the other tools (malwarebytes - ccleaner - combofix) to clean the malware off. I would normally use a few other utilities to help, but I wouldn't recommend them to people that don't know what they are doing - as you can do serious damage if you remove the wrong files etc. Cleaning this crap off your system can take hours of scanning with different utilities. Stay off facebook...
    Seriously - if you're going to go through all this you might as well simply reinstall your operating system. It's the only *real* way to know you've cleaned it.

    Reinstall your programs, restore your data, and you're back in business.

    Until the next one strikes.


  18. #18
    Now with 20% more fat!!
    Reputation: JSD303's Avatar
    Join Date
    Jun 2006
    Posts
    2,031
    Generally, people don't back anything up... so when it gets this bad and people are complaining, it's because they are going to lose their important stuff (email, pics, data, etc). That's why cleaning it up is better than just wiping, albeit slower.

    I'm also a SysAdmin - I get to deal with UNIX (AIX, HP, etc) and Linux (RHEL/CentOS, BSD, Ubuntu, etc) and Windows.. At home I run a mix of Linux - Windows - Mac.. The Mac is the most flexible, as it can run all of the above natively and through virtualization - as well as read/write to all file systems I throw at it. Thump wasn't stating that you should migrate because you are on a PC... he was stating that someone using Windows might wanna migrate to something else, unless they require Windows for games/apps. The same safe-haven you found on Linux, he found on Macintosh... Let's not turn this into a *nix vs *nix battle... Linux and Macintosh are both *nix... you are on the same team! You can both hate on M$ equally!

  19. #19
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    11,663
    Quote Originally Posted by JSD303
    Generally, people don't back anything up... so when it gets this bad and people are complaining, it's because they are going to lose their important stuff (email, pics, data, etc). That's why cleaning it up is better than just wiping, albeit slower.
    It'd actually be safer to get a new drive, install your OS, then attach the other drive and restore your data. Trying to salvage an infested drive is just a waste of time IMO.

    I'm also a SysAdmin - I get to deal with UNIX (AIX, HP, etc) and Linux (RHEL/CentOS, BSD, Ubuntu, etc) and Windows.. At home I run a mix of Linux - Windows - Mac.. The Mac is the most flexible, as it can run all of the above natively and through virtualization - as well as read/write to all file systems I throw at it. Thump wasn't stating that you should migrate because you are on a PC... he was stating that someone using Windows might wanna migrate to something else, unless they require Windows for games/apps. The same safe-haven you found on Linux, he found on Macintosh... Let's not turn this into a *nix vs *nix battle... Linux and Macintosh are both *nix... you are on the same team! You can both hate on M$ equally!
    I don't hate Microsoft. I run it on all my desktops (home/work). I tried Linux as a desktop. To be honest... I didn't have the patience to deal with it. And I'd agree that unless you have an app requirement to run Windows it might make sense to not run Windows. But let's face it - most people have app requirements that require Windows whether they know it or not.

  20. #20
    Your retarded
    Reputation: Nickle's Avatar
    Join Date
    Aug 2006
    Posts
    3,085
    Quote Originally Posted by SkaredShtles
    I run Firefox (with AdBlock+ and NoScript) almost exclusively.
    Careful, even using FF with those add-ons won't make you immune.

    As I understand it, the pendulum is starting to swing toward Firefox as more and more users leave IE for FF. It'll be interesting to see what browser becomes the whipping boy in the web exploit world now that Chrome is beginning to pick up popularity. Remember, with browsers, it's not that any one is significantly more vulnerable than another -- although how well they stick to W3C standards does help make them less so -- it's how many people use it. If you're searching out vulnerabilities and creating exploits, you are going to pick the most popular apps/browsers and start there. You aren't going to waste your time writing exploits for something very few people use... Mac.

    Honestly, the best way to make your computer(s) secure is to remove them from the internet.
    A trail thatís too difficult wouldnít exist because itíd never be used. But, trails can exist thatíre too difficult for you.

  21. #21
    Thread Terrorist
    Reputation: IndecentExposure's Avatar
    Join Date
    Sep 2006
    Posts
    5,847
    This thread is full of nerds.
    Golden Bike Park Group

    Peak Cycles Gravity Team & Bikeparts.com
    Trestle Bike Park

  22. #22
    Yappy little dog!
    Reputation: schnauzers's Avatar
    Join Date
    Oct 2005
    Posts
    3,881
    Quote Originally Posted by SkaredShtles
    Seriously - if you're going to go through all this you might as well simply reinstall your operating system. It's the only *real* way to know you've cleaned it.

    Reinstall your programs, restore your data, and you're back in business.

    Until the next one strikes.

    AGREE!

    If you back up your crap regularly a complete install is not that bad. Use an imaging program. There's a couple of free ones out there, but I can remember. I use acronis, but you have to pay for that one.

  23. #23
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    11,663
    Quote Originally Posted by schnauzers
    AGREE!

    If you back up your crap regularly a complete install is not that bad. Use an imaging program. There's a couple of free ones out there, but I can remember. I use acronis, but you have to pay for that one.
    Have you gotten the new version of Acronis? It RULES.

  24. #24
    Yappy little dog!
    Reputation: schnauzers's Avatar
    Join Date
    Oct 2005
    Posts
    3,881
    Quote Originally Posted by SkaredShtles
    Have you gotten the new version of Acronis? It RULES.

    Yessiree!

  25. #25
    Want to vent?
    Reputation: The SS Boz's Avatar
    Join Date
    Apr 2004
    Posts
    653
    Quote Originally Posted by thump
    The permanent solution: http://www.ubuntu.com/
    Because ubuntu runs all mainstream apps with no fuss...amirite?


    Back to the problem at hand...some of these viruses are user id specific....login in as a local admin if you have that ability and just download some fix software (malwarebytes) and let it run...

    If you have the nastier version, the one that screws with safe mode...i have read you can trick that AV 2010 virus by installing a removal program (IE: malwarebytes). It will not let you run the new .exe file to cure yourself. But if you next install malwarebytes on a clean computer and copy the .exe file over, the virus doesnt have permissions on that file and lets you run it an clean the crap off your machine...From your issue you might need to know some command line if you cant browse with the gui...

    Worth a shot...

    /nerd speak
    Last edited by The SS Boz; 01-29-2010 at 09:26 AM.
    "I'm supa-fly TNT, I'm tha guns of the navarone!"

  26. #26
    Yappy little dog!
    Reputation: schnauzers's Avatar
    Join Date
    Oct 2005
    Posts
    3,881
    Quote Originally Posted by SkaredShtles
    It'd actually be safer to get a new drive, install your OS, then attach the other drive and restore your data. Trying to salvage an infested drive is just a waste of time IMO.


    I don't hate Microsoft. I run it on all my desktops (home/work). I tried Linux as a desktop. To be honest... I didn't have the patience to deal with it. And I'd agree that unless you have an app requirement to run Windows it might make sense to not run Windows. But let's face it - most people have app requirements that require Windows whether they know it or not.
    I have Macs and PC's. Windows 7 seems to be holding up pretty good. I also run Win 7 on a vmware fusion window on the Mac with Snow Leopard. That hauls ass! Win 7 is running faster on that than my Quad Core HP.

  27. #27
    slack jawed
    Reputation: Cletus's Avatar
    Join Date
    Jun 2004
    Posts
    169
    Quote Originally Posted by Nickle
    You aren't going to waste your time writing exploits for something very few people use... Mac.
    Priceless....

    .
    I've got nothing witty to say....

  28. #28
    ..ouch
    Reputation: thump's Avatar
    Join Date
    Aug 2007
    Posts
    2,025
    Quote Originally Posted by SkaredShtles


    You think?

    I don't play games.

    I'm a Unix/Linux administrator. I ran it as a desktop one time. I'll not be doing it again.

    I run Firefox (with AdBlock+ and NoScript) almost exclusively.

    I've never had a virus infect my PC.

    What would you recommend I migrate to?
    Ubuntu

    I've been running Linux as my primary desktop OS for over a decade. Early Redhat and Suse were a little rough around the edges, but today's Ubuntu/Kubuntu distro's are just as polished as windows and provide twice the stability, security and all the open source applications you'll ever need. I keep a little Windows partition around that I'll boot up via Virtualbox on the rare occasion I need a Windows app that won't run on Wine, but there is zero advantage to running Windows today outside of gaming.

    My wife, who is happily technology challenged, is just fine on her Macbook Pro and the kids (including my 4 yr old) run Edubuntu as their primary OS with a small dual-boot Win7 partition for gaming.

  29. #29
    mtbr member
    Reputation:
    Join Date
    Aug 2004
    Posts
    1,373
    schnauzers wins!

    Do all your browsing in a VM under VirtualBox(free) or VMWare. Snapshot the VM after you install it, and periodically on a regular basis. If you get infected, just roll back to a previous version. Never browse from your host.

    You can run WIndows as the guest, but if you run a Linux guest under VMWare or VirtualBox, you'll never get infected anyway, and you'll still have the Windows host for gaming or Office stuff, although OpenOffice under Linux is awesome and does 99% of what MS Office does.

    Or, as mentioned, if you like to spend a lot of money on your computer crap, buy a Mac and run Windows under VMWare on that. If you really need the horsepower for gaming, you can always boot Windows in native mode on the Mac.

  30. #30
    bacon! bacon! bacon!
    Reputation: SkaredShtles's Avatar
    Join Date
    May 2007
    Posts
    11,663
    Quote Originally Posted by thump
    Like I said, I did the Linux on the desktop thing a few years back. I'll not be f**king with it again... (famous last words, eh?)

    They must have made some VAST improvements in WINE over the last few years. It was abysmal when I tried to use it.

    Device access was a big thing too. I don't want to spend a crapload of time trying to figure out what will make some "Windows" device work in Linux... it's just not worth my time.

    Don't get me wrong - I'm glad people find Linux useful as a desktop. I think for basic computer use it's actually probably pretty functional.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •