News:

SMF - Just Installed!

Main Menu

Virus warning!!

Started by indigowulf, February 06, 2010, 08:12:09 PM

Previous topic - Next topic

indigowulf

Ok. Looks like it's past 20:00. that was when I was going to reveal that indigowulf=gene pool anyway. Both accounts will be offline for a couple days. Virus. 3rd one this month! all aquired from the same place, the same way.

You may have cookies turned off for safety, but did you know, when you log in to a site, it requires some cookies to be allowed? Most of us say OK when its a site we trust. Well, scratch photobucket OFF trusted list. When I logged on, I got multiple warnings, a few minutes apart, from my antivirus software. Finally, something made it past and infected my system.

There is someone posting ads on photobucket that put cookies on your computer- cookies containing a virus. They can get past your normal protection because you trust photobucket and set your browser to allow things from them.

This is the 3rd time Ive been hit with it this month. I kept track- they alter the files and program names every 3 days, so if you havent updated your virus definitions almost daily, it slips in. The only other site I had up at the time was Secundi, and I know it wasnt from here.

To avoid panic, you (most likely) wont get it just from viewing a photo- its thier ADs with cookies on.


SplitX

-hugs Indigo- OH NO!
And how did I know it was you? O_O; I actually had a weird feeling. -spaz- <3

Tribe

Oh man i totally know this to, i had a problem with it along time ago. Just make sure youve got a nice adware system & that you keep your cookies off.

When you look at photobucket from a standpoint of what all  bad things you can get from its scary i think me and my mom found over 20 virus's from different places trying to get in from photobucket.

Gene Pool

Its all hostage-ware virus too. The exact same one, just renamed so they get past anti-vi that hasnt been updated in the last couple days. Its one that completely hijacks your computer, telling you that you have a virus, and randomly opening adult sites and viagra selling sites. they do that to convince you that you have a virus only removable by buying thier anti-virus product. It will allow you to go to thier website and give credit card info, but no other sites will be allowed. Horrible thing. They have a very convincing microsoft-windows type warning, that instructs you to buy thier product. They are making $60 a pop off everyone that believes them. So its worth it to them to keep re-coding the virus to slip past antiviruses.
This is DizzyFishClick DizzyFish for website!

Taruia

This is why I love my Macs *huggles them*

Reality is only for those who lack imagination.

Silvanon

Ouch, not cool.  Photobucket is such a well-used site, too.  Thanks for the warning, and so sorry to hear about your computer! 

Neocridders

Mmmhhm. Thank you so much for the warning.
Photobucket, you say? Ah... Chopsticks might need to find a new home for a bit.
Thanks so so much :)



SweetCaroline

Do you get the virus just from logging on to photobucket or from actually clicking on the ads?
~SC~

red_uni387

o.o geez photobucket's getting worse

*squishes indigo* I hope you manage to find a way to keep those viruses away

JBGarrison72

My gut feeling tells me that the viruses are riding on a flash or scripting vulnerability invoked when the ads display.  This would mean you could be infected just from viewing the ad.

The solution would be to disable scripts in your browser.  You can disable scripts in Firefox, not sure about IE8 though... i haven't checked IE8 options yet.
- Jeffrey Boyd Garrison

Kadana Sorano

how does one go about disabling the scripts in FF?  Also, when we disable them, how will it affect other sites we go on?  Will it just kill ads (all ads everywhere) or will it kill games, movies etc as well?  If the latter, is there a way to tell it that certain ones are OK and only have it block others?

*feels rather thick and wishes like hell she had a pocket geek*

Ahem yes well, here's hoping Indigo's compy is Ok in the end.  Give her a hug for me.
Storm Chasers Current Thread: http://www.secundi.net/forum.php?topic=3836.0
Storm Chasers Customs Thread: http://www.secundi.net/forum.php?topic=3691.0
Okibi Stud and RB Service: http://www.secundi.net/forum.php?topic=4266.0
Quinsta Studs Free to Use: http://www.secundi.net/forum.php?topic=4308.0

My Eggs/Pets.. they would appreciate some love :) 


                    

indigowulf

Yes it will. I think he's right tho.
(im currently logged in from safe mode- so nothing that can hurt my comp is working lol)

Youll lose all the things like flash/java games, ads, ect. but they also will no longer be able to exploit flash and java to insert viruses. I am willing to make that trade off until someone finds a way to block these hackers from this avanue.

I didnt think id be able to get online even this much, so I asked fean to post his findings here. I do believe he has already logged off, and wont be back for about 2 weeks due to very pressing real life. Perhaps google how to turn off scripts?


Garney

Better yet, I found this awesome program called Sandboxie. Run all browsers through sandboxie and everything is 'sandboxed' in one isolated area and can't effect the actual systems of your computer.

Of course it means any downloaded files have to be extracted from the sandbox, so you have to use a thorough virus scanner on them first. That confused me, I was like where are my adoptie pics I just saved! XD


indigowulf

Ill have to look into that! Right now, after safemode-update MWBam and running it, I seem to be ok. I set the internet options to beyond high security, then set secundi as trusted. Hopefully that keeps me safe til they catch these jerks who are rewriting thier virus every few days to beat that anti's.


red_uni387

okay I had something weird happen to me too ._. I clicked on something before the page had fully loaded, and it started to 'scan' my comp for viruses and showed a red shield x with a huge number after it. then it suddenly closed, and I went and tried to run windows live safety scan, but the comp must have restarted when it was running cause when I came back the error message 'your comp has recovered from a serious error' was up and nothing else.......

indigowulf

could be you got lucky, that's exactly what the virus does.. a fake scan with a big red shield and tray icons that look exactly like windows security center, saying you have a virus. if your system crashed before the virus had a chance to install itself, count your blessings!

if i were you, Id download and update malwarebytes just to be sure. if it got to you, you'll need to run that from safety mode (it wont let you open it any other way)


Ryuukokoro

Oh crap, Red_uni I got that virus before (or one with similar symptoms) and it can be a doozy.

My suggestion: google 'malware bytes'. It's a pretty powerful virus deleting program that you can download for free. Run it in Full mode and it should be able to get rid of anything on your machine.

indigowulf

hehe last time i got it, it was 3 days before malwarebytes was updated to kill the latest version. the virus programmers were, for a while, making a new version every 3 days to stay ahead of virus squishing programs. *insert nasty name here*


red_uni387

I haven't yet turned on that computer, and I plan to rerun the microsoft scan first as my dad trusts it, but I'll look up malware if the scan shows something bad's in the system

indigowulf

be very very carefull, the virus poses itself as the microsoft scan!!!


red_uni387

the scan I use is online, so it can't ^^

springacres

I suddenly love Firefox (and its Ad Blocker add-on) even more.


red_uni387

'kay got to school and was talking to Wolf's Fang, and her comp actually got the virus o.o so gonna let her type....

Fangy:
A virus scan window keeps poppint up, saying "WARNING! 47 infections found!!!". But when I click "Remove all threats now", another window pops up and says that I have to pay for some kind of SecurityTool software. ._. I think it's either a scam or trying to get me to buy something, since it asks for my credit card number/name/address.

bewilderness

Ugh.  I was already completely disgusted with Photobucket, after having problems again today trying to upload pics (it crashed my browser twice).  Then I came here and saw this.  >:(  I have a new name for Photobucket, but can't post it here, lol.

Ryuukokoro

Yes, that is a scam, and it's the worst kind too. Most of the time, clicking on 'remove all threats now' actually DOWNLOADS the virus onto your computer. It's doing the opposite of what it says it will do. (Fricken virus hackers are clever s.o.b's...)


Pinkshadow

Have anyone heard from indigo? or know where she is/what she is doing? Because i accepted her bid on my mala pup, and its soon aweek since and she hadnt picked her up yet? :s

bewilderness

I haven't heard from her either.  I hope everything's alright.

Kadana Sorano

she's not been on msn either.  I'll see if I can poke her on PI.
Storm Chasers Current Thread: http://www.secundi.net/forum.php?topic=3836.0
Storm Chasers Customs Thread: http://www.secundi.net/forum.php?topic=3691.0
Okibi Stud and RB Service: http://www.secundi.net/forum.php?topic=4266.0
Quinsta Studs Free to Use: http://www.secundi.net/forum.php?topic=4308.0

My Eggs/Pets.. they would appreciate some love :) 


                    

indigowulf

sorry guys, BF is going through a very stressful time, including some legal BS. I've been staying with him, helping him cope, and taking care of some basic domestic things he's just too stressed to think about right now.