Virus and trojans

ParaHandy · Post by **ParaHandy** » Mon Sep 21, 2009 10:03 am

Whilst perusing on TOP I clicked on a link and immediately acquired a Russian friend. It was claimed by the unwilling purveyor of this that it was due to IE6 or earlier but I'm using IE7 and ESET as the anti-virus package. This Russian "friend" appears to be called Kryptik and or QHost and is continuously battling with ESET. There's a package from spywarenerds.com which claims to get rid of it. I'm reluctant to jump out of the fat into the fire etc so I'm asking if anyone can recommend this nerd package or is there any other suitable way of getting rid of it ...

If I can't get rid of it, the computer has to go ...

Post by **Nick** » Mon Sep 21, 2009 10:08 am

.
Download, update and run Malwarebytes Antimalware - gets rid of most things painlessly, everyone should have a copy.

BTW, if you are using IE7 Windows will have automagically updated you to IE8 unless you specifically said nay. (See my post on other thread re. flaky editor).

ash · Post by **ash** » Mon Sep 21, 2009 12:57 pm

You might need to start the 'puter in 'Safe Mode with Downloads' to obtain and run Malwarebytes and get rid of the wee beastie.

Ash

PS - I keep ignoring the wee golden shield which keeps telling me that upgrades are available so I'm still on IE7.

Post by **Silkie** » Mon Sep 21, 2009 7:23 pm

How are you getting on with this Para? Have you got it sorted yet? Another vote from me for Malwarebytes.

ParaHandy · Post by **ParaHandy** » Mon Sep 21, 2009 8:39 pm

Silkie wrote:How are you getting on with this Para? Have you got it sorted yet? Another vote from me for Malwarebytes.

I was going to wait until tomorrow before reporting but as of now, it's got rid of it.

More anon ... will wait until tomorrow afore a dram in ra Balvicar whizzo's name is raised ...

Post by **Silkie** » Mon Sep 21, 2009 8:51 pm

Thinking on..

I got a nasty last week from clicking on a link in another place. The site itself seemed the perfectly innocuous nautical content I was expecting and I browsed it happily for a few minutes. It was only when I closed the window that I realised that something was downloading itself onto my machine. Malwarebytes got rid of it at first pass but I was left with a damaged IE8 and eventually had to go back to a restore point.

..I wonder if this is the next phase in the campaign against YBW that prompted the recent software upgrade? Should I send Dan a link to this thread?

Post by **Nick** » Mon Sep 21, 2009 10:17 pm

Should I send Dan a link to this thread?

Personally I'd rather keep a low profile - I think it would be better if you just PM-ed him telling him what happened, and if Para did the same.

Do you really think someone has it in for YBW to that extent, and if so who?

ParaHandy · Post by **ParaHandy** » Mon Sep 21, 2009 10:20 pm

Silkie wrote:Thinking on..

ESET is a decent anti-virus package - I thought Norton & McAfee just look good but do sweet feck all. However, the virus was still trying to access the Russian websites - 2 of them - but ESET blocked them even though it said it had quarantined and deleted them. Only after webbies prog was installed did the access stop. Eset has just requested a copy of the quarantined files so presumably this virus is a new one to them. If it is, then all who accessed the link on TOP and who say their anti-virus never saw it might have a problem. I'm not happy that ESET couldn't stop it altogether and not before it had corrupted the internet properties (it changed the proxy server settings and corrupted some disc space) whereas what webbers recommended did. It wouldn't do any harm to let Dan know.

ash · Post by **ash** » Tue Sep 22, 2009 12:23 am

I haven't been to TOP for a couple of days - can P/H or Silkie give us a clue about which link to avoid.

One of my sons got infected with the virus which diverts you - sometimes known as 'Google Divert'. This seems to be a pretty smart beastie - stops you downloading antivirus progs. Even if you think that you're clear, it restores back to a date when you were infected and away you go again. Not sure if he's clear of it yet - don't know where he got it.

Ash

ParaHandy · Post by **ParaHandy** » Tue Sep 22, 2009 9:58 am

ash wrote:I haven't been to TOP for a couple of days - can P/H or Silkie give us a clue about which link to avoid.

it was Bilbo's link to a video clip of an aeroplane. the virus was inside the ActiveX (?) thing that you had to click to see the video.

Aja · Post by **Aja** » Tue Sep 22, 2009 11:19 am

Oh Bummer. The one about the spyplane? I had a look at that too.

Donald

Edit: Hold on. I didn't have to click on ActiveX - the one I looked at wasn't video - it was Flash. I've downloaded Malwarebyte and will give it a run.

Donald

ParaHandy · Post by **ParaHandy** » Tue Sep 22, 2009 11:52 am

Aja wrote:... the one I looked at wasn't video - it was Flash.

yes, same one .. i think it was flash (dinnae know the difference but am up tae speed verra quickly recently) .. had to click on the menu bar to get it to play

Rowana · Post by **Rowana** » Tue Sep 22, 2009 1:24 pm

As soon as I clicked on the link, McAfee threw up it's hands in horror, and wouldn't let me go any further.

Post by **Nick** » Tue Sep 22, 2009 1:32 pm

.
Naughty Bilbo.

I think the fact that is was the hobbit rules out Silkie's theory that this was phase 2 of the War on Scuttlebutt though.

claymore · Post by **claymore** » Tue Sep 22, 2009 1:51 pm

Just listen to you lot - you sound like the products of cousins who have married.

BLUEMOMENT

Virus and trojans

Virus and trojans

Re: Virus and trojans

Re: Virus and trojans

Re: Virus and trojans

Re: Virus and trojans

Re: Virus and trojans

Re: Virus and trojans

Re: Virus and trojans

Re: Virus and trojans

Re: Virus and trojans

Re: Virus and trojans

Re: Virus and trojans

Re: Virus and trojans

Re: Virus and trojans

Re: Virus and trojans