Malware: SUCKS

[Jeffros Spec V]

Well recently my computer has been having a lot of IE pop ups with a thing that pops up that says "Ad served by context tool" and my computer will play random sounds and sometimes even random commercials like "Congratulations you've been selected to win a free ipod nano."

I run the Adaware program and Norton Antivirus and it doesn't solve the problem so I looked into it more last night.

Apparently there is a newer type of infectious programs out there labeled Malware which are basically ****ty virus made to annoy people.

Any body have any experinece with this crap? I've made a post on techsupportfourm.com and they seem really technical over there. They gave me some steps to create some logs and they have gys that review the logs and help you clean up you ****.

[05GT]

Yes. Malware is not a new thing.

You need to scan with Adaware from www.lavasoftusa.com if that isn't the one you said you used. Make sure it's definitions are up to date.

Also, get a program called Hijackthis. But be warned, it deep scans and shows things that if you delete them, it could mess up your computer. You could scan with it, then save the log and email to me, or post it here, and I can tell you EXACTLY what needs to be deleted. Then you will be good to go.

And FYI....Nortons is useless.

If it is Adaware from the link I posted that you are using, then you definitely need to run Hijackthis.


Edit - Here is the link you can download Hijackthis from : http://www.majorgeeks.com/download5554.html

[Jeffros Spec V]

Yeah I use Adaware and run a scan pretty regularly. I've been informed to run Hijackthis and post the logs. I'll do this when I get home from work.

I won't delete anything that it finds until I'm informed by somebody to do so.

[05GT]

Quote:

Originally Posted by Jeffros Spec V

Yeah I use Adaware and run a scan pretty regularly. I've been informed to run Hijackthis and post the logs. I'll do this when I get home from work.

I won't delete anything that it finds until I'm informed by somebody to do so.

Well just make sure that whoever you show the log to, if it isn't me, knows what they are doing. If not, you might have to kiss your OS goodbye lol.

[Jeffros Spec V]

Quote:

Originally Posted by 05GT

Well just make sure that whoever you show the log to, if it isn't me, knows what they are doing. If not, you might have to kiss your OS goodbye lol.

ahahahahha thanks for the heads up

[05GT]

Quote:

Originally Posted by Jeffros Spec V

ahahahahha thanks for the heads up

LOL. Yeah no prob. Like I said, you can PM me the log or post it here, and I can tell you. Unless you have someone else that will do it for you.

[james_ls]

Are you using Internet Explorer. If so. Fail.

[Jeffros Spec V]

Quote:

Originally Posted by james_ls

Are you using Internet Explorer. If so. Fail.

Nope, I use Firefox and have been since it first came out.

[Scapegoat]

delete porn = problem solved

[Jeffros Spec V]

Quote:

Originally Posted by Scapegoat

delete porn = problem solved

I don't have any porn and I don't look at porn. Leave my thread.

[Scapegoat]

Quote:

Originally Posted by Jeffros Spec V

Leave my thread.

um... no?

Porn, mp3's, mpeg's, etc can open bridges to pop up's to come in. Best to back up any files you want to keep and delete those that you no longer need.

Try AVG's free software. They have an adaware like program as well as a anti virus. Both kick ass.

[Jeffros Spec V]

Quote:

Originally Posted by Scapegoat

um... no?

Porn, mp3's, mpeg's, etc can open bridges to pop up's to come in. Best to back up any files you want to keep and delete those that you no longer need.

Try AVG's free software. They have an adaware like program as well as a anti virus. Both kick ass.

Thanks, that is better advice than assuming its linked directly to porn. I do however have a lot of songs that I download. Is this crap linked to Youtube or photobucket or myspace at all?

[05GT]

Sorry but AVG sucks.

And MP3s aren't "linked" to anything per say. What is more common is that when you download MP3's, attached onto them sometimes are viruses, or spyware applications that silently run or install once you open the MP3 or file, etc.

[Scapegoat]

Quote:

Originally Posted by 05GT

Sorry but AVG sucks.

And MP3s aren't "linked" to anything per say. What is more common is that when you download MP3's, attached onto them sometimes are viruses, or spyware applications that silently run or install once you open the MP3 or file, etc.

as far as free goes, I'll take it over anything microsoft, norton, or macafee offers...

Linked was a bad word to use. But yes, whenever you download something from the internet there is a chance that it won't be alone.

[den9]

u shouldnt have any problems with firefox, but adaware from lavasoft is ur best bet

[JET02WRX]

Heres some info on what alot of people have been seeing lately...the problem isn't the content you are downloading...its those sweet little adds that forums, most websites, myspace...etc..etc..have chosen to allow on their sites to make extra money. Those ads are being used as a path to put spam on your PC.


DoubleClick Serves Up Vast Malware Blitz


On Nov. 12, Web sites' marketing professionals were flooding industry e-mail lists with reports of complaints from readers that they have been receiving inappropriate ads. Marketing professionals have complained of their ad servers being "hijacked" at sites, including The Wall Street Journal, Discovery and BizJournals. It's not that the servers have been hijacked, Harvey said, but rather that a toolbar or some other mechanism is overlaying the intended ad with inappropriate content.

ADVERTISEMENT "It looks like we are all in the same boat," one marketer said in a message to the mailing list.

Another marketer said his company had already shut down one of its networks that was devoted to serving up ads and had suspended all third-party ads on another site.

It's not clear yet whether all the sites are having the same problem, given that some sites are delivering the bogus anti-spyware and others are experiencing normal ads being replaced with ads for porn or other inappropriate material.

To read about why the Google-DoubleClick deal is facing Senate scrutiny, click here.

As for the bogus anti-spyware code its origin the German company AdTraff.com. AdTraff had not responded to inquiries as of the time this article posted. Google, which has proposed a $3.1 billion buyout of DoubleClick, declined to comment.

Harvey said in a statement that this is "an industry-wide challenge; unfortunately, there are bad actors who misrepresent themselves and purchase advertising as an avenue to distribute malware. This has the potential to affect all businesses and consumers in the online environment."

Even as DoubleClick monitors its online environment for malware—it has a dedicated team that works around the clock on the issue—malware writers are working to adapt to its new security measures, Harvey said in the statement.

"As with any system (Norton, McAfee, etc.) designed to root out bad actors, there are going to be times when the bad actors are a step ahead—when this occurs, we immediately cease serving the infected ads, and then work to refine our system so that similar ads are captured and disabled before they are ever served (just like when Norton provides a 'patch' in response to a new threat)," the statement said.

DoubleClick has alerted its clients, particularly publishing clients, of the need to pay close attention to the advertisers, agencies and networks with which they work.

When clicked on, the bogus anti-spyware ad presents in the lower right-hand screen corner a dialog box informing users that their computer is infected and that they need to download a scanner immediately.



Warning: If clicking on the following link, do not click "OK" to any dialog boxes; instead, simply close out the browser window. This is a link to the bogus infection scan that's presented to victims. Eckelberry said that the Trojan consistently reports that malware has been found even on systems known to the security firm to be perfectly clean.

Sunbelt and other security researchers see this type of misleading ad, which uses convincing warning dialog boxes that look like legitimate Windows messages, on a regular basis.

Adam Thomas, a researcher at Sunbelt, said the IP address for the AdTraff.com ads overlaps with those used by Innovative Marketing, which has a long history of misleading on the Internet. AdTraff.com's domain registration also lists the same Yahoo.com e-mail address as Innovative Marketing, Thomas said.

"These guys are just slimy advertising guys," Eckelberry said.

Ad hijacking is a constant problem, Eckelberry said. That makes it essential that online publishers and others who serve ads vet the advertisers to whom they hand their space—and their visitors' eyeballs.

[Kiel]

Quote:

Originally Posted by james_ls

Are you using Internet Explorer. If so. Fail.

Get over yourself.

[Spocknasty]

Run msconfig. See if theres any weird stuff going on in there, google those, and go from there.

Start task manager. Look at your processes. If you see anything weird in there, google those, and find out what they are.

IE is the devil.

[05GT]

JET, while all of that is true, in no way is it anything new. For years sites have been doing that. Anytime you click an add, if something tells you it needs to install "ActiveX Controls" or it needs to run anything, unless it is a REPUTABLE site, and you know for sure what it's asking you to install, you should never click yes or ok to anything of that nature.

Sometimes, even if what you are clicking looks legit, and the dialog box looks ok, or you know what it is, it sometimes will still contain silent code or scripts, viruses, etc that will run in the background and cause havoc.

Running MSCONFIG will not help too much in most cases. Most of the newer, more dangerous spyware and malware put themselves in multiple places in your Windows installation, and even if you remove or delete them from MSCONFIG, or even if you actually manually find the file and delete them, they will spawn back up from another hidden location.

That's why you need tools like "hijackthis".

[Z3R0]

Lookup the WMF Exploit...there might be variants.