Nasty, nasty people.
Psychophysiological entity
Thread Starter
Nasty, nasty people.
Do not attempt to run these links.
http://molholm-sla(break)gter.dk/rumyn.html?pr=iivuuf
And
http://nav(break)itrolla.ee/golrua.html?pt=fycwpi
Got these from an old (non-technical) friend tonight. There was no personal text which is unlike her. G-mail put up a huge red warning.
It had several listed friends CP'd who are very vulnerable due to age and non-tekkiness.
Anything known?
.
http://molholm-sla(break)gter.dk/rumyn.html?pr=iivuuf
And
http://nav(break)itrolla.ee/golrua.html?pt=fycwpi
Got these from an old (non-technical) friend tonight. There was no personal text which is unlike her. G-mail put up a huge red warning.
It had several listed friends CP'd who are very vulnerable due to age and non-tekkiness.
Anything known?
.
Last edited by Loose rivets; 12th Jul 2012 at 16:02.
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
well, either his e-mail account has been hacked or his PC has been zombied. Impossible to know without more details of the kind of e-mail account and how he accesses it.
Either way, he needs to get help to clean things up.
Either way, he needs to get help to clean things up.
Last edited by Milo Minderbinder; 11th Jul 2012 at 07:55.
Join Date: Jul 2010
Location: East sussex
Posts: 624
Likes: 0
Received 0 Likes
on
0 Posts
Saab, I've noticed more and more on sites of late, "Be aware of clicking on links" is this the new 'Not our fault pall ?
Daz
Daz
Last edited by dazdaz1; 11th Jul 2012 at 15:42.
Psychophysiological entity
Thread Starter
I've just read a genuine e from her, and fortunately her son is visiting, and set about cleaning her machine. It was a quick message, but implied there was something there.
I hope G-mail's big red flag thing saved me this end. Off to run an update and scan.
I hope G-mail's big red flag thing saved me this end. Off to run an update and scan.
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
A bit questionable to put up such links if I may say so Loose Rivets.
Even if you have doctored the text, you don't want to encourage people to visit them.
Even if you have doctored the text, you don't want to encourage people to visit them.
Last edited by mixture; 12th Jul 2012 at 06:31.
Psychophysiological entity
Thread Starter
Mmmm, okay, OP amended with warning. But isn't this supposed to be the professional computer section.
"I'll think I'll take that (break) out and see what happens."
Shirly not.
Without the full link - protected as it is - you experts would not have all the data you may need at hand. Having said this, I suppose they're generated randomly, so won't give much away.
"I'll think I'll take that (break) out and see what happens."
Shirly not.
Without the full link - protected as it is - you experts would not have all the data you may need at hand. Having said this, I suppose they're generated randomly, so won't give much away.
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
OK, I'm a sucker. I'll bite
Using Firefox heavily locked down the first one gets blocked by Googles DNS server - I get a red warning screen warning of malware
The second link isn't blocked that way, but Avast tells me the web page is trying to install a trojan which it calls HTML:Refresher-A[Trj]
Interesting
I just looked that up on Virustotal
Someone submitted a sample of that a couple of weeks ago and only four virus engines picked it up
https://www.virustotal.com/file/bb76...a39c/analysis/
What does that prove? That most AV programs may not have stopped it. You need secondary software as well, but the mot important thing ? DON'T CICK ON LINKS!!!!
Using Firefox heavily locked down the first one gets blocked by Googles DNS server - I get a red warning screen warning of malware
The second link isn't blocked that way, but Avast tells me the web page is trying to install a trojan which it calls HTML:Refresher-A[Trj]
Interesting
I just looked that up on Virustotal
Someone submitted a sample of that a couple of weeks ago and only four virus engines picked it up
https://www.virustotal.com/file/bb76...a39c/analysis/
What does that prove? That most AV programs may not have stopped it. You need secondary software as well, but the mot important thing ? DON'T CICK ON LINKS!!!!
Last edited by Milo Minderbinder; 12th Jul 2012 at 17:44.
Without clicking on any links or visiting 'dodgy'sites, I suddenly noticed MSE had turned off. Wouldn't turn on, and nor would the Windows firewall. Turned out it was infected with Zero Access. Got rid using MBAM followed by a check with TM Housecall, but wonder how it got there (I'm the only one to use the computer).
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode | Naked Security
"This new version of ZeroAccess is being aggressively distributed through the normal mechanisms - drive by downloads, fake keygens, fake game downloads....."
"This new version of ZeroAccess is being aggressively distributed through the normal mechanisms - drive by downloads, fake keygens, fake game downloads....."
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
Security essentials isn't really enough on its own
It needs padding out with something else
e.g. Threatfire or Panda Cloud - these two seem to have the least system resources overhead
I've tried using ClamWin and its forks as a secondary program, but the performance hit is too high
However, of the free ones my first choice is still Avast, with browserprotect.org blocking hijacks
However, the bet thing is to block the infection from happening: so (as others have said elsewhere) run in "stadnard user" mode, use Firefox as the browser and use the No-Script and AdBlock plus plugins to stop any malware running in the browser. If the infected script on the webpage can't run in the browser, it can't infect you. (To that end also disable javascript in Adobe Reader as well)
It needs padding out with something else
e.g. Threatfire or Panda Cloud - these two seem to have the least system resources overhead
I've tried using ClamWin and its forks as a secondary program, but the performance hit is too high
However, of the free ones my first choice is still Avast, with browserprotect.org blocking hijacks
However, the bet thing is to block the infection from happening: so (as others have said elsewhere) run in "stadnard user" mode, use Firefox as the browser and use the No-Script and AdBlock plus plugins to stop any malware running in the browser. If the infected script on the webpage can't run in the browser, it can't infect you. (To that end also disable javascript in Adobe Reader as well)