Loose rivets

Do not attempt to run these links.


http://molholm-sla(break)gter.dk/rumyn.html?pr=iivuuf

And

http://nav(break)itrolla.ee/golrua.html?pt=fycwpi


Got these from an old (non-technical) friend tonight. There was no personal text which is unlike her. G-mail put up a huge red warning.

It had several listed friends CP'd who are very vulnerable due to age and non-tekkiness.

Anything known?




.

Milo Minderbinder

well, either his e-mail account has been hacked or his PC has been zombied. Impossible to know without more details of the kind of e-mail account and how he accesses it.
Either way, he needs to get help to clean things up.

Saab Dastard

A reminder to all to be EXTREMELY careful about clicking on links - even here on PPRuNe!

SD

dazdaz1

Saab, I've noticed more and more on sites of late, "Be aware of clicking on links" is this the new 'Not our fault pall ?

Daz

Loose rivets

I've just read a genuine e from her, and fortunately her son is visiting, and set about cleaning her machine. It was a quick message, but implied there was something there.


I hope G-mail's big red flag thing saved me this end. Off to run an update and scan.

mixture

A bit questionable to put up such links if I may say so Loose Rivets.

Even if you have doctored the text, you don't want to encourage people to visit them.

Loose rivets

Mmmm, okay, OP amended with warning. But isn't this supposed to be the professional computer section.

"I'll think I'll take that (break) out and see what happens."

Shirly not.


Without the full link - protected as it is - you experts would not have all the data you may need at hand. Having said this, I suppose they're generated randomly, so won't give much away.

Milo Minderbinder

OK, I'm a sucker. I'll bite

Using Firefox heavily locked down the first one gets blocked by Googles DNS server - I get a red warning screen warning of malware

The second link isn't blocked that way, but Avast tells me the web page is trying to install a trojan which it calls HTML:Refresher-A[Trj]





Interesting
I just looked that up on Virustotal
Someone submitted a sample of that a couple of weeks ago and only four virus engines picked it up

https://www.virustotal.com/file/bb76...a39c/analysis/

What does that prove? That most AV programs may not have stopped it. You need secondary software as well, but the mot important thing ? DON'T CICK ON LINKS!!!!

oldbeefer

Without clicking on any links or visiting 'dodgy'sites, I suddenly noticed MSE had turned off. Wouldn't turn on, and nor would the Windows firewall. Turned out it was infected with Zero Access. Got rid using MBAM followed by a check with TM Housecall, but wonder how it got there (I'm the only one to use the computer).

Milo Minderbinder

Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode | Naked Security

"This new version of ZeroAccess is being aggressively distributed through the normal mechanisms - drive by downloads, fake keygens, fake game downloads....."

green granite

So much for MSE being the only AV/firewall program needed then.

oldbeefer

No, I know people who have had expensive, paid for software who still get caught.

Milo Minderbinder

Security essentials isn't really enough on its own
It needs padding out with something else
e.g. Threatfire or Panda Cloud - these two seem to have the least system resources overhead
I've tried using ClamWin and its forks as a secondary program, but the performance hit is too high

However, of the free ones my first choice is still Avast, with browserprotect.org blocking hijacks
However, the bet thing is to block the infection from happening: so (as others have said elsewhere) run in "stadnard user" mode, use Firefox as the browser and use the No-Script and AdBlock plus plugins to stop any malware running in the browser. If the infected script on the webpage can't run in the browser, it can't infect you. (To that end also disable javascript in Adobe Reader as well)

green granite

My comment was meant very tongue in cheek Milo.

Milo Minderbinder

sorry....not with it this afternoon ....to much post prandial alcohol methinks