Malware may still be active, but in a different location

[joquanpro]

Hey everyone. I wanted to report that I caught this malware script yesterday on the MAIN site, not the forums. I never even went to the forums yesterday, and I somehow caught it. I have Avast! and Spybot Search & Destroy, and it still got through. I wanted to report that even after giving my laptop to a professional to remove it, I came back to the site today, and I believe that it is back, but on the main site instead. I have some of the similar symptoms to what happened yesterday. I will show you guys some of the symptoms I had. If you experience these, I advise you to run a full scan with your antivirus software. (If you don't have any, I recommend getting AVG. It is free)

 

I monitored my processes in the task manager, and it kept showing IEXPLORER as running. I end the task to find it popping back up the list. This is mainly just a memory hog, rather than a danger.

 

Internet pages mysteriously start up, to random different pages. This is more of a nuisance.

 

The final stage is where an icon pops up, saying that you need to upgrade your antivirus software. DO NOT SAY YES!!!!! After this, if you let it in, it locks you out of every web page and application, saying that it is infected. Their way of getting rid of this, is to pay them to get the uninstaller, OR you could do it my way, and have a professional look at it.

 

Keep safe, and take precautions, and you should be okay. :)

[LHammonds]

Solution - Stop using Internet Explorer. Start using Firefox with the following add-ons: NoScript, Adblock Plus, WOT. You can configure NoScript to allow scripts to run at the Nexus sites...it will block any nasty code injections from other sites.

 

I also use Comodo Internet Security which has Anti-Virus, Anti-Malware, Firewall and a few other protective features.

 

MalwareBytes, Spybot Search & Destroy and SpywareBlaster are good tools to have installed on your system (you have to manually update them every once in a while).

 

It is also a good idea to have a program called ProcessExplorer on your desktop in case you suspect any nasty program are running. It is like Windows Task Manager but will work even if Task Manager is disabled by malware. It also lets you see where the program was initiated from on your PC as well as other useful information about it.

 

LHammonds

[Nexus Set]

It may not be an injection to the site but maybe you got it through bad ads or you may have gotten it elsewhere. Yeah, and that fake antivirus software is a nasty infection.

[bben46]

Whatever you do DO NOT pay them anything - paying them does not remove the virus, it just hides it. The first thing that angel does is block any real antivirus it recognizes. Then it installs some code in another part of your hard drive to resurrect it if you do manage to delete it. It has a delay so you will think it is gone for a while before it strikes again.

 

Best is to use a bootable antivirus CD to boot up outside of your hard drive and clean it. Here is a source - be sure to download and make your didk from a clean computer and not the infected one.

 

Then after the virus cleaning, immediately do a registry cleaning with a program such as CCleaner - available here: http://majorgeeks.com/CCleaner_Slim_No_Yahoo_Toolbar_English_d4191.html

[joquanpro]

I am using Firefox, but not Process Explorer, MalwareBytes or SpywareBlaster. I try to take all possible precautions to keep my computer clean, but I don't know how I got this one. It just seems more likely to have caught it from here, considering the recent issue. Right now, it is just being a nuisance, IE keeps popping up in the task manager.

[RedVexHK]

I'm so far apparently ok. I use PC Tools Firewall Plus and PC Tools Threatfire packaged together free although you can pay to upgrade to a more comprehensive program.. the free versions are quite good I find and auto update regularly. AVG is my Antivirus program and seems quite able to handle most issues.. tho some stuff it tags with a false positive,best to google it if it shows as malware and you are uncertain.

[joquanpro]

I am actually running Malwarebytes and so far, it says it's picked up 1 infected file. Thanks for suggesting it. :) I will also run MalwareBlaster to check it.

[vidirian2001]

I also am running Malwarebytes and it says 1 infected file. Thanks for the heads up.Vidirian2001.

[Deleted133263User]

A recent very good development has come from a surprising source - http://www.microsoft.com/security_essentials/

 

Have a read through Malwarebytes forums and you will find a fair few of the technically knowledgeable participants, and malwarebytes team members, are recommending it alongside malwarebytes... They work very well together.

 

Between the free anti-virus solutions, I have watched the comparison reviews for a number of years, occasionally AVG nosing out in front of Avast or vice versa for example... recently Microsoft Security Essentials IMHO has become brilliant at what it does. So much so big players like Norton have tried to play it down publicly (threat to their paid for bloatware?), Microsoft respond with the attitude if other people can make free anti-virus why cant we.

 

Initially I had my doubts, MS once bought a perfectly good solution from Giant (I think it was a variation of Webroot SpySweeper) and created the frankenstein monster known as windows defender which was so buggy especialy in its earlier incarnations.

 

MSSE has been done very well, very system resource friendly, and updates via the same channels as windows updates. As a free internet facing solution its very good, backed up with an occasional scan from the best non-resident antimalware that Malwarebytes is... its a good combination.

 

I have managed to get rid of some pretty nasty pieces of work from other peoples machines just using a combination of those two, sometimes with a safe boot scan, sometimes needing to install the exe from a bootable usb memory stick with a linux OS onboard, and with a different name so that when it came to initial installation any already installed malware did not detect the installation of a threat to itself..... But in all cases just using MSSE and MBAM.

 

I dont use the resident part of Malwarebytes in the registered version - Prefer to have a scan from MBAM as a surprise to any potential infection. :)

 

An additional layer to security - Having a good hosts file helps keep all your machines communications away from bad sites in the first place...

http://www.mvps.org/winhelp2002/hosts.htm

 

RTFRM :)

[Deleted133263User]

P.S Anyone following that last link and wondering "Does this do the same as adblock?"

 

Yes - But a lot better.

 

Adblock will only help protect the browser you have plugged it into.

 

The hosts file stops ANY communications software resolving bad dns addresses - Even malware itself, if its dns is in the hosts file when malware tries to phone home - blocked.

 

Windows messenger, live, mail clients, any browser... Firefox/IE/Opera/Chrome variations... dodgy toolbars or browser helper objects (bho's)

 

The hosts file is loaded when windows starts up. Also works the same on any Linux OS.