Posted on 08/27/2010 5:17:00 PM PDT by SonOfDarkSkies
Earlier today, my computer (normally well-defended by strong virus protection--Kaspersky) was somehow invaded by a program which essentially shut down my ability to access the internet. It seems this program, which dominated all my browsers and gobbled up my system, did not trigger my virus protection program because it pretended to be a virus program itself.
Long story short, I found a solution (using my laptop...which was not infected) that has worked for the last few hours. I was able to download a "free" program to locate this malware by 'total' scan and delete it from my system.
This post is merely a note to any of you who encounter the same thing.
Here is the best definition I have found online of this Windows Security Suite...
[A] rogue security program from the same family as Antivirus System Pro and Spyware Protect 2009. Like its predecessors, Windows Security Suite is installed through the use of malware. Once installed, the program will be configured to start automatically when Windows starts and when run, will perform a scan and then list a variety of infections that it states resides on your computer. It will not remove, though, any of these infections unless you purchase it. Do not be concerned by what Windows Security Suite states is running on your computer as the files it detects are actually harmless files created by the program itself. It only shows these fake infection files in order to trick you into thinking you are infected in the hope that you will then purchase their program. It goes without saying that you should not do so, and if you have already purchased this program, we suggest that you immediately contact your credit card company and dispute the charges as this is a fraudulent program.Source
The above source link is the best help I have found in disabling this program. (http://www.bleepingcomputer.com/virus-removal/remove-windows-security-suite)
I recently took a computer security class. For one assignment, the instructor posted links to an article about an eastern European cyber attack on Estonia. Just reading the article resulted in my computer being attacked by that same virus. Apparently, the cyber hackers behind that particular assault on Eastonia have a ‘sense of humor’ and ‘infected’ articles about what they had done. In that class and this particular example, I discovered that hackers can create an ‘overlay’ over the entire page you are reading so that if all you do is click on the icon for the 2nd page of the article or the word ‘next’ to continue reading, you obtain the virus.
As one poster already said, there are fake ‘decline’ ‘close’ ‘exit’ buttons on popups that install things you don’t want. A geek friend told me to close unwanted popups by the task manager, never by clicking anything on the pop up box.
I frequently image my OS drive, especially after major upgrades or additions.
And, I keep data on a separate drive/partition.
The few times I have run into problems, I just restore a previous ‘good’ OS image. I don’t have to reinstall programs, and my data is untouched on the data drive.
Plug-in USB drives are relatively inexpensive any more. No reason not to back up.
Last one I had I got rid of by using Super Anti Spyware. The trick was clicking on it’s icon and getting it to load before the fake virus program started. I then ran Super Anti Spyware, it found and removed the virus.
The exact same thing happened to me last month at a hotel in Chicago. I was doing a people search, trying to get a street address for a relative in Indiana, when I got a flash warning that my computer was being attacked. Then I started getting error messages that bogus files were infected. Long story short, I could not access any website except for the one selling Antivir virus protection for $59.95 for three months. Worse, I could not access any files, and I do all of my work on this laptop. After a bad experience with Vista and a failed installation of SP2 a while back, I had to revert to factory settings and re-install all my programs (I had performed a full backup to an external HD before the SP2 download). I had failed to reload Spybot and Ad-Aware and that’s how I think this invader got by my Trend Micro PC-cillin security. I finally figured out that I could activate a scan with PC-cillin on startup before the Antivir could load, and sure enough, there were no viruses found on my computer. I started in Safe Mode and did a System Restore to an earlier date and that fixed the problem for me.
I’ve used Spybot and Ad-Aware (both free programs) for years on this laptop and previous computers, and never had an issue like this - it was very scarey to have a website take over my computer like this. I agree, people behind these types of activity should be horsewhipped, if they cannot be prosecuted.
Heh...heh...free...you get what you pay for...
I haven’t had a virus or malware in 15 years. I use Norton.
However, I don’t visit porn sites nor download pirated software/movies eather....
Practice safe computing....
Super Anti-spyware, a free malware remover works very well. However if your computer is badly infected you might be prevented from running your anti-virus. AVG however makes a free anti-malware program that can run from a flash drive.
bump for later
Not true. In fact, Apple just released a patch where clicking a corrupted PDF link could compromise your entire system, with an arbitrary code execution attack.
The fact is, ANY computer that connects to any other network or computer can be infected, and IS vulnerable. There is no such thing as immunity when discussing networked computers.
For the original poster, consider Microsoft Security Essentials. Very good, auto-updating, highly configurable, VERY lightweight in resources/CPU usage (down in the <2% range CPU usage on my laptop), and free.
You’re right. Task manager is the key. Never click on anything. Shut it down using task manager. I got that virus last year, and it was a bear to get rid of. That darn virus gets past everything.
Silly boy that PDF thing is for unlocking your iPhone. It has nothing to do with the OS for a computer. And it was fixed with ZERO exploits. That is NO ONE was hacked like the people on this thread who have all had frustrating hours of their lives stolen from them! You and your anti-Mac FUD are so funny! LOL
Like we always tell you on the Mac threads. Just because, technically, someone MIGHT be able to hack a Mac, doesn’t mean anyone HAS or WILL.
But yer cute when you keep trying !!
XXOO
Yes, like poster #11 said. Just going to a bad site can LOAD the virus/trojan. Then clicking ANYTHING can be the Hidden “YES INSTALL ME”. Even the “X” in the corner screen can be rewritten into the bad code to be the “YES” or “OK” Button. So, just being frank, surfing the web on a PC is VERY HIGH risk these days. Know what sites you go to, and don’t just click links. Or, like others and I have said. Sell it, and get a Mac. The surf worry free. Oh, until, someday, far far off in the future dreams of the MacHaters, someone DOES find a way to get through Mac OS. Meanwhile, you’ll be much safer !!
= )
You really should check things before you post...
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: A stack buffer overlow exists in Apple Type Services’ handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.
Those all seem to be NON-iOS patches, those for desktop computers. Perhaps you should read the link before trying to be dismissive?
Oh, and you can cut the insults.
I really appreciate the way Apple gives us continual support, free of charge, in keeping our Macs as safe as possible.
I get an automatic notice on my desktop that there is a software upgrade, and all I have to do is to click, and it is all taken care of by Apple.
In all the years of using Mac both at home, and in our business, we have never had any virus/Trojan/malware problems, and we have never used any “ virus protection” software.
Of course, no system is ever bullet-proof. It would be silly to make that claim.
Microsoft does as well. Automatic updates should be turned on, and you get patches at regular intervals, and if something is critical it's released and pushed out immediately, even if it's not "on schedule".
I get an automatic notice on my desktop that there is a software upgrade, and all I have to do is to click, and it is all taken care of by Apple.
You can set MS Auto Update to do that as well. Or to just simple automatically apply the updates without any user intervention, which is handy if you leave your computer on overnight.
In all the years of using Mac both at home, and in our business, we have never had any virus/Trojan/malware problems, and we have never used any “ virus protection” software.
Likewise here! The best AV is a concerned user. Don't click or download things you don't want, and if a page is hijacked, use the taskbar or the task manager to blow away the window. Win7's taskbar preview is very nice for this!
Of course, no system is ever bullet-proof. It would be silly to make that claim.
Precisely, no matter what others in this thread will claim...
good post thanks
I was running “BitDefender”, which detected but couldn't clear the malware. Having other machines I found that Microsoft engineers had seen this nasty malware and created a downloadable treatment. Just go to microsoft.com and search for the title the malware provided. The attackers did a pretty good job of generating a screen to look like a Windows application. Having used Windows Defender, I could see that they hadn't managed to replicate graphics attributes used in Windows graphics libraries and knew we had malware. This malware was actually Java-based.
Subscribing to Windows updates can be a help, since Microsoft includes regular security scans among their updates whenever they find a serious problem, even to uses who don't use their Windows Security Essentials (which is a superset of Windows Defender). I don't follow that development team carefully, but when malware is discovered the world of antimalware developers goes to work to try to anticpate its spread. They have done a remarkable job.
While I understand Microsoft's need to provide protection for its customers, they are making it hard for small shops to compete in the antimalware market. Now free, Windows Security Essentials does not provide the detailed control I like to have, but is protecting three of my machines. It doesn't report nagging intrusive cookies, but did stop a serious virus, again on my daughter's system. I'll guess that Microsoft has chosen not to provide bells and whistles so that they don't destroy the antimalware market and face the scrutiny they attracted by providing a free a browser to compete with Netware, which was also free, and a spiffed up application developed by engineering students. (Netware was one of many companies based upon the Internet bubble business strategy: market something to semitechnical investors who have money to burn, do an IPO, and cash out before having to demonstrate a profit.) Microsoft's free software is very easy to use, is removable almost instantly, does take its time doing full scans, perhaps because it includes antivirus and antispam heuristics. It has the cleanest interface in the sector. I pay for BitDefender, Avast, and use free Essentials, have used Avira, and hear good things about Kasperski(sp?). If I were managing in this sector, I'd try to hire any of thes guys and gals.
Internet security will always be a challenge. The developers in little shops in Czeckloslovia, Germany and Sweden are impressive. But five smart people don't have access to the resources of the OS developer, or the staff to solve and provide lightning updates. Macs have the advantage that the relatively small number of users makes them a less interesting target. Mac is little used for business. The OS, while Unix-based, is tightly held, which is why it is unattractive to OEMs. Its a good business model, but probably more vulnerable to aggressive hackers because Apple has had no reason spend much time addressing some of the ‘hacks’ in Unix, which includes Mac OS. Mac users should not assume they are less vulnerable. They are simply not attractive targets (though there are many very attractive female MAC users). MAC users would be foolhardy not to run antimalware software.
All said, I don't see how any of them make a profit. So Microsoft, which has a strong marketing incentive to keep its users happy, and defend itself from naive claims about OS vulnerability, is what I'd recommend. The methods of detecting malware are VERY sophisticated and Microsoft’s success has come from creating a culture of very smart developers. Sure they buy talent from other companies. That is capitalism.
“What I’d like to know is why these types of companies are not shut down and the people put in jail.”
We want them to feel good about themselves.
They are simply expressing themselves differently.
Please join us celebrating the diverse community of programmers.
__________________________________________________________
LOL!!! Dripping sarcasm and the post of the day for me!
Worth repeating. The last several CanSecWest "Pwn2Own" contests saw Mac systems compromised first, in a matter of ~2 minutes, as compared to Windows and Ubuntu systems.
NO system or OS in immune and invulnerable to attacks.
Free Republic is remarkable because people people are remarkable. There seem always to be people around who are expert in something I know a little about. I did work in Unix kernels, both Berkeley and System V and before that in VMS. I was amazed to see how much VMS code there was in Berkeley, and not too surprised to discover that for what I cared about, Windows NT was VMS, and VMS is a very secure OS. There are Unix-based systems which were tightened up, mostly by removing applications, particularly network applications and protocols, to satisfy some military RFPs. But there just isn't a business case for making Mac OS (wasn't Job's company ‘BE’?) more secure. It isn't at all that it couldn't have been done.
Please understand that a number of powerful viruses now exist that really can’t be removed while in Windows. Typically, these are called “rootkits” and they can allow you to think your system is cleaned up when it is not, or simply reinfect your system after your antivirus says everything is okay. I can’t stress enough how important it now has become to boot with one or more of those free antivirus boot CDs and do scans that way (even Safe Mode is far from “safe” when you know you are infected already).
System files get locked from modification when you boot with Windows. When you boot from CD into a Linux or other operating system instead, every Windows file is unlocked by default and this lets a true cleansing occur.
Once you’ve let one of two of those bootable CDs check your system over, it is imperative to immediately go to Secunia.com and download the free “Personal” version of their vulnerability scanner. ANYTHING it says is a problem you need to eliminate. This also includes whatever shows up in the special Advanced mode when you check a box that allows it to tell you about patches that are not “easy to fix” vulnerabilities (these are multi-step items that are more annoying to fix). Be sure to scan after adding that setting under Advanced.
When this is all done, you should reinstall your normal antivirus from scratch (to assure nothing is still not quite right with it). Make it update and then let this scan your computer. It shouldn’t find anything of consequence (no, cookies are not an issue of any real sort).
Of the free antiviruses, two currently stand out as the best options. One is “Avira”, a European/German antivirus, available at “Free-av.com”. The other is Microsoft’s own free antivirus, but I would download the new beta of their upgraded free version (http://windowsteamblog.com/windows/b/bloggingwindows/archive/2010/07/20/beta-for-next-version-of-microsoft-security-essentials-now-available.aspx). This should be even better than the lesser one currently out and which is pretty well reviewed.
Do not have two antivirus programs running on your computer. That causes conflicts, weighs down the resources, and greatly increases the false positives (real programs being flagged as malware). If you want a program that combines multiple antivirus engines, look into G Data antivirus, which leverages two different engines in a clean way (they’ve used BitDefender and Avast! engines and such, but I think they’ve changed the two currently used).
The best antivirus testing comes from this non-profit in Europe, “av-comparatives.org” (http://av-comparatives.org/comparativesreviews/main-tests). You need to get an antivirus that is good “proactively” against new viruses that don’t even have a virus signature from the company. People are most often infected by viruses with which their antivirus program wasn’t given a virus signature (any new virus can meet this definition, as it can take days to weeks for a vendor to develop the detection and removal instructions and then get them tested and sent to you).
If your antivirus can proactively catch these viruses, then you are protected even when the antivirus company doesn’t provide an update. That organization tests such new viruses against older definition files, allowing a “real world” idea of this ability. Look at both the Retrospective/Proactive tests and the On-Demand Comparative and synthesize your best choice.
If there are add-ons you don’t need, feel free to uninstall them. With the way Java works, though, new versions do NOT uninstall the old buggy ones (Sun, now Oracle, always allowed backwards compatibility, but this allows exploits to request the old buggy version that can allow infection). Always delete the old version of Java. Thankfully, Secunia’s utility finds these.
I hope this helps. Pass this on to your friends as needed.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.