Announcement

Collapse
No announcement yet.

#$%&ing drive by fake security software...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #$%&ing drive by fake security software...

    I have been hit by this one program several times... Internet Security 2011 or some variant. It seems to like to infect my systems whenever I use google to search images. I believe that google finds the image with the payload attached and when you click on the image in google, google will open the image as a preview in a new window... this also activates the payload. Next thing ya know a new window opens up with the malware showing you its being loaded on your system. Aint no way to stop it when that happens other than reaching down and quickly turning off the power before it has a chance to fully install itself. The program totaly hijacks your system preventing you from running any executable program, fubars your hosts file, mods your browser connection settings to its own special proxy, even changes your default search provider. Of course you get a reminder every 30 seconds that your system is infected with some bullshit virus and you get a popup window every time you click on an icon that your system is infected. Nasty nasty shit to have to deal with.

    I managed to get malwarebytes to remove the program itself but no tellings what all changes it managed to do to my system. I figure I will just go ahead and wipe my laptop clean just to be safe. Ugh, I hate malware. If I ever find out who is responsible for this, I will fly to wherever it is the fools live and put a bullet in their brains!

    #2
    Re: #$%&ing drive by fake security software...

    What anti-virus do you use?
    Microsoft Security Essentials has one weakness: fake antivirus softwares. It doesn't notice them at all until they kill MSE and corrupt it, rendering it useless...
    Use Avast! or something good...

    Comment


      #3
      Re: #$%&ing drive by fake security software...

      Post Deleted: You already used MBAM.
      Last edited by Hemingray; 02-06-2012, 06:51 PM.

      Comment


        #4
        Re: #$%&ing drive by fake security software...

        Stop using Internet Explorer and disable Adobe Acrobat plugins if you're using them (or you installed Adobe Acrobat)

        Comment


          #5
          Re: #$%&ing drive by fake security software...

          The same thing happens on popular Web sites like MSN. Their ad servers add invisible elements to the page that download the fake antivirus software a few seconds after the page finishes loading. These seem to only come from two advertising/tracking services and are not prevented by ad blockers. To prevent this type of infection, block ad.doubleclick.net and edge.quantserve.com.

          I don't know of any good way to prevent infections from Google Images.
          Originally posted by mariushm View Post
          Stop using Internet Explorer and disable Adobe Acrobat plugins if you're using them (or you installed Adobe Acrobat)
          That won't help. The pages that download fake antivirus software are designed to work equally well on all browsers and do not use Adobe Reader.
          Originally posted by shovenose View Post
          What anti-virus do you use?
          Microsoft Security Essentials has one weakness: fake antivirus softwares. It doesn't notice them at all until they kill MSE and corrupt it, rendering it useless...
          Use Avast! or something good...
          Microsoft Security Essentials also freezes the computer when scanning the contents of any folder you try to open. I would rather use McAfee or Norton.

          Comment


            #6
            Re: #$%&ing drive by fake security software...

            Once you are cleaned up, try my hosts file.

            It'll also clean up 'other things,' if you know what I mean!

            Unzip and put it in \system32\drivers\etc

            Make sure 'DNS Client' is set to 'Manual.'

            And no more Internet Exploiter/Adobe DRM, etc!!

            -Paul
            Attached Files
            "pokemon go... to hell!"

            EOL it...
            Originally posted by shango066
            All style and no substance.
            Originally posted by smashstuff30
            guilty,guilty,guilty,guilty!
            guilty of being cheap-made!

            Comment


              #7
              Re: #$%&ing drive by fake security software...

              AdBlock Plus in Firefox will get block most ad-induced baddies.
              NoScript should help with the rest...

              Comment


                #8
                Re: #$%&ing drive by fake security software...

                The kicker is I am using Firefox with Adblock Plus and Ghosterly. I dont think I had MBAM running at the time of infection though. Even after cleaning MBAM found and nuked two infected files that tried to start up and reload the malware. MSE of course is oblivious to the entire program. Hell the malware actually caused a BSD in Win 7 when MSE was doing a scan for it!

                I hate to say it, but I think I probably need to invest in a better antivirus program but they get expensive especially when you have more than one PC to protect.

                Comment


                  #9
                  Re: #$%&ing drive by fake security software...

                  As I said, I would highly recommend Avast! Free Anti-virus. The full Internet Security version is on sale right now, so it's quite affordable.
                  I haven't had a single virus infection ever since I started using Avast!

                  Comment


                    #10
                    Re: #$%&ing drive by fake security software...

                    Watch out for sales after Christmas. I bought Kaspersky Internet Security 2012, covers 3 machines for 1 year, cost $25. $8 per PC is well worth it.

                    Comment


                      #11
                      Re: #$%&ing drive by fake security software...

                      MBAM is always large and in charge for removing these nasties so to stop them at the gate: buy MBAM. All licenses are lifetime and it's anywhere from $10 to $30 depending on how good the sale is. The key is transferable. I can't remember a better deal on paid software... ever!

                      Watch out for n in 1 antivirus packs. Some of them expire 1 year after the key is used the first time. Install one now, one 6 months from now, and the last a year from now and you'll find you only got 1.5 of your 3 licenses. Others put a temp key on the box and send a real key by email after registration. How often does that get written on the box where it will be of some good for the next install?

                      I only install MSE now. It's fast, never nags, never expires, and self updates the code. I can install it and know that it won't be FUBAR in 3 years from neglect.
                      sig files are for morons

                      Comment


                        #12
                        Re: #$%&ing drive by fake security software...

                        Originally posted by severach View Post
                        MBAM is always large and in charge for removing these nasties so to stop them at the gate: buy MBAM. All licenses are lifetime and it's anywhere from $10 to $30 depending on how good the sale is. The key is transferable. I can't remember a better deal on paid software... ever!

                        Watch out for n in 1 antivirus packs. Some of them expire 1 year after the key is used the first time. Install one now, one 6 months from now, and the last a year from now and you'll find you only got 1.5 of your 3 licenses. Others put a temp key on the box and send a real key by email after registration. How often does that get written on the box where it will be of some good for the next install?

                        I only install MSE now. It's fast, never nags, never expires, and self updates the code. I can install it and know that it won't be FUBAR in 3 years from neglect.
                        What is MBAM?

                        FWIW with Kaspersky you get one year elapsed from whatever date you install it on each individual machine. The expiry date is not "grouped".

                        Comment


                          #13
                          Re: #$%&ing drive by fake security software...

                          Originally posted by bigbeark View Post
                          What is MBAM?
                          http://www.malwarebytes.org/
                          --- begin sig file ---

                          If you are new to this forum, we can help a lot more if you please post clear focused pictures (max resolution 2000x2000 and 2MB) of your boards using the manage attachments button so they are hosted here. Information and picture clarity compositions should look like this post.

                          We respectfully ask that you make some time and effort to read some of the guides available for basic troubleshooting. After you have read through them, then ask clarification questions or report your findings.

                          Please do not post inline and offsite as they slow down the loading of pages.

                          --- end sig file ---

                          Comment


                            #14
                            Re: #$%&ing drive by fake security software...

                            Eset with the firewall that blocks outgoing connections works for me.

                            Comment

                            Working...
                            X