|
Post by ibugly on Dec 11, 2009 21:47:39 GMT -6
I was loading a page a few minutes ago in the forum and got a Windows Warning Type Pop Up saying I needed to do a scan. DO NOT CLICK OFF THE BOX!!!!! Do NOT CLICK OK either. Disconnect from the net ASAP and re-boot. This is some Malware that could have came in on the advertisements. Or I could possibly have gotten it elsewhere as I had IE open on several windows but those sites don't advertise though. I was loading a discussion page when it popped up so that leads me to think it came in piggybacked on an advertisement.
Look for a URL on it also something like Flexit or similar. Sorry guys but I was busty trying to stop the beast from downloading. I tried to X it and it began to download and that is why I say don't X out of it but rather disconnect and re-root. I'm on dial up and stopped it before it got too far.
|
|
|
Post by ibugly on Dec 11, 2009 22:04:37 GMT -6
Second hit description to follow in next post.
|
|
|
Post by caretaker on Dec 11, 2009 22:07:32 GMT -6
Thanks for the heads up!
|
|
|
Post by ibugly on Dec 11, 2009 22:08:58 GMT -6
It's coming from I guard PC. The banner has this addy showing on it in text h t t p:// selffex . com says:
Warning your PC is at risk of virus or malware etc...
This hit me as I was again loading a page in here.
I disconnected and shut down. Right now I'm on another machine and checking the one I was using for bugs that may have also caused it.
|
|
|
Post by caretaker on Dec 11, 2009 22:12:11 GMT -6
So far it has not happened to me. I opened ie and am on firefox so far no hit.
|
|
|
Post by ibugly on Dec 11, 2009 22:13:36 GMT -6
Nothing on SPYBOT scan. Doing Avast virus scan now. But this is a pop up banner. Just find it odd it hit twice only while loading a page.
|
|
|
Post by caretaker on Dec 11, 2009 22:24:17 GMT -6
I just got a warning from Avg. Web Shield.
Web Shield Alert Accessed file is infected Threat Blocked File Name givi cn/ chike3/index php Virus Found JS/Obuscated
This happened when I clicked on boating. I don`t know what is going on.
|
|
|
Post by ibugly on Dec 11, 2009 22:35:03 GMT -6
Randy, Kevin I'm signing out. If you need more info call me I'm up. Best guess is it's coming in on either Google adds or Photo Bucket. Or possibly Pro boards got hit . But something is going on.
|
|
|
Post by sksfordman on Dec 11, 2009 23:39:38 GMT -6
Thanks John and Caretaker, Everone be on the lookout, and I'll have Kevin to check the proboards site for info there. Randy
|
|
|
Post by sksfordman on Dec 11, 2009 23:49:19 GMT -6
I've been on the boating board with no issues, I've been on most of the other boards checking them out with no trouble. Proboards may have it fixed!! Or it has yet to hit mine!!
|
|
|
Post by ibugly on Dec 12, 2009 1:41:36 GMT -6
It's a JS bug looks like vil.nai.com/vil/content/v_153478.htm It hit during page load up so the source of which site it actually came from likely can't be traced. The selffex addy was the banner I saw origin. It's logged on my history. Randy you're probably right where ever this came from likely caught it. The bug Caretaker saw sounds like one and the same thing but his was blocked is my guess. Just be glad the name didn't have a letter after it from what I've read. It's an older exploit. I did check my computer thoroughly for any problems which I might have seen and mistaken for an attack and I found none. The behavior of what occurred is consistent in how this code is embedded right where the page is closing in the script. When it comes to something like this I err on the side of caution. If I hadn't been on dial up the download would have likely completed before I could disconnect. Now that I kinda understand what is happening I'm going to look around the forum. If I find anymore hits I'll post it here or in the other room and get out again till it's clear.
|
|
|
Post by ibugly on Dec 12, 2009 2:30:49 GMT -6
I've made several post and went into several different topics and it didn't show back up.
|
|
|
Post by kg5388 on Dec 12, 2009 11:16:43 GMT -6
always see if you can close it down with ctrl-alt-del if you just shut down to reboot the computer saves what you were doing to try to help you not loose anything and saves it on your disc if you can't get it to stop using ctrl-alt-del then just hold the power button down till it shuts down then restart in safe mode and scan it www.malwarebytes.org/mbam.php down load the free version and use it with spybot search and destroy www.safer-networking.org/en/spybotsd/index.htmlrun mawarebytes then run spybot search and destroy then use the imunize feature on spybot and it helps block most of these things. started having that problem when using free AVG but have switched over to www.pctools.com/free-antivirus/and have only had it happen once but haven't seen it since I started running firefox instead of IE
|
|
|
Post by sksfordman on Dec 12, 2009 13:20:58 GMT -6
I'm running Firefox solely now, for about 4 months. I'm still having no problems. So thank for the great heaps up John, and Kevin for you advice as well as John's.
|
|
|
Post by ibugly on Dec 12, 2009 14:36:29 GMT -6
I was using Firefox both hits but I also has a couple of IE windows open. Each time it hit was while the page was loading though. I had read about that stupid pop up and forgotten about it. It came back to me after I tried to X out. It comes in as an open window or tab as it showed up in my links bar down in Quick Launch.
I wish I had tried the three finger salute as suggested but as soon as I clicked X it was downloading. BTW a window also pops up and shows it downloading. I thought I might have gotten it earlier in the day elsewhere possibly except Caretaker got hit too. Added to that I usually use FF for this site only. I ran Spybot, Avast Virus the Superantispyware and nothing out of the ordinary showed up. I forgot I had Malwarebytes also. But I do usually keep this thing cleaned out.
From what I read the exploit likes to disguise itself as Google adds or that's it most common route in. I didn't come back in for a look again till I had some idea of what the actually hit was.
|
|