[Updated] Nexus Trojan/Virus alert

[halodude23]

thats why i have NORTON 360 thank god i dont click ads id be screwed

[LHammonds]

thats why i have NORTON 360 thank god i dont click ads id be screwed

FYI - You don't have to click an ad to be "screwed"

 

I did the following quick test just to prove a point.

 

1. I setup a Windows XP laptop and service pack 3 and EVERY hotfix available.
   
2. I then installed the latest version of Firefox (without NoScript or Adblock)
   
3. I did not install any virus protection.
   
4. Using Firefox, I then visited a web site well-known for providing NO-CD patches.
   
5. I went to a page that showed NO-CD patches for Oblivion which probably displayed about 10 different ads on it.
   
6. Within a few seconds, I was infected without clicking on a single ad.
   

A fake virus scanner popped up and started scanning my system files.

 

1. I then right-clicked on the task bar and selected "Task Manager" which then popped up an error message saying it could not start taskmanager (the virus blocked it)
   
2. I then pressed CTRL+ALT+DEL and selected Task Manager that way...still got the same error message.
   
3. I then tried to install Comodo which was already downloaded on my PC...failed because it could not start the Windows Installer service (again, the virus stopped it)
   
4. I ended up having to just power off my PC and then turned it back on and logged in with a different account (logging in with the same account always started the fake virus scanner and disabled key services.
   
5. Once I logged in with a different account, I was able to install an Anti-Virus scanner and cleaned the infection.
   

So, to those of you who cruize the Internet without a Virus Scanner or simply think that Firefox is secure enough by itself, think again.

 

If you are running Windows, you need:

 

1. a good Anti-Virus program.
   
2. a good Firewall program.
   
3. several good anti-malware programs.
   
4. Browser helpers such as NoScript, Adblock, WOT.
   
5. Avoid using IE if possible.
   
6. Avoid untrustworthy sites (pirate, porn, etc.) (FYI - WOT for Firefox helps with identifying them before visiting them)
   
7. For more info and links, visit How To Protect Your PC
   

[evilneko]

It's just as important to actually know how to use your security tools. My mom, for one, got pwned even while running NoScript because she had been using "Allow all of thise page" instead of "Allow xxx domain" on the menu. That meant she got a lot of ad networks in her whitelist, and the inevitable happened.

 

The threat of malvertisement is one reason why I purchased a lifetime premium account here. Allowing ads is just too unsafe and I still wanted to support the site.

[baihbalm]

Just an update, looks like I got a Trojan while browsing the site and it gave me a malware that told me I have a trojan. I tried to scan with avast... nothing... scanned with avg... nothing.

 

So I just restarted my comp to see if I could change user and get rid of the malware. Now my comp won't start windows. I usually run no script but I turned it off for youtube... big mistake. Guess I'll have to boot from disk and go from there...

 

If anyone has any advise on how to get rid of this malware, please let me know, thanks. This sucks BTW

[bben46]

As you didn't specify exactly which bogus virus scanner managed to get in - Here s a link to a site that covers how to handle most of the garbage that viruses (viri?) put on your computer. Those are tough to get rid of - good luck.

 

 

Everything on the Major Geeks site is scanned before it gets uploaded so it is a safe site - or at least as safe as any.

http://forums.majorgeeks.com/forumdisplay.php?f=35

[baihbalm]

See my posts above

 

Don't turn off your comp, you'll regret it. Lol.

 

This is the first time this has happen, hopefully i can get it fixed tomorrow.

Edited October 25, 2010 by baihbalm

[luxwing0go]

When I got onto the TES Nexus site this morning, Kaspersky picked up a trojan trying to jump my computer from an ad. It was something like HEUR Script Iframer or something along those lines. I closed out and enabled ad-blocking and now Kaspersky doesn't pick up anything on the site as malicious.

 

Is this just a random thing or are some more of google's ads trying to get me pot o' gold?

 

BTW - It didn't get on my drive. Just to be safe, I scanned with Kaspersky and Malware Bytes. Neither found anything. :3 Yays.

[baihbalm]

Well the boot disk didn't let me boot to windows either... but I did get the blue screen of death. I love ads, weeeee!!!!

 

Oct 25: update, I got the miserable windows up again, I used these two sites to help...

 

1) Read through the whole thing, it doesn't cover backing up you boot.ini file, so figure it out and BACKUP!

http://tech.icrontic.com/articles/repair_windows_xp/

 

2) The first site didn't help much, but it perhaps did, i'm not 100% sure. This site did the trick using a command in windows recovery called fixmbr, read through the whole article don't be lazy when messing with system files. Backup!

http://helpdeskgeek.com/how-to/fix-mbr-xp-vista/

 

The Trojan/malware/Boot Sector Virus I received from the nexus ads had the title "Microsoft Security Essentials Alert" -> some kind of hybrid mother f'er. Pain in the rear to even get the info to delete it.

 

the Malware goes on to say "unknown win32/Trojan"

Alert level -> "severe" Recommendation -> Remove

(Just info on the malware so others can recognize it, don't use the infernal thing, lol. and to avoid lots of stress, don't reboot your computer if you have this malware!)

 

See my post above to see How to remove the FAKE Windows Security Essentials Alert Malware

Edited October 25, 2010 by baihbalm

[XTR3M368]

These virus' are still attacking the site. I just got a NASTY one (10-25-2010 appr. noon PST) that disabled my task manager and all my internet software. I have the complete Norton Security Suite cranked down so tight it squeeks, good firewalls, and I have everything set to manually update and ASK BEFORE INTSTALLING......AND I STILL GOT THIS VIRUS!!! Sorry if I seem a little hacked off....because I am. >:( :wallbash: I know it is not the site's fault per say, but isn't there a way that the ads can be checked before allowing to run? This one started out as the typical "this page needs an additional plugin to be viewed (I am using FireFox)". I knew that was BS because I have been looking at the site all day. I "X'd" to close the little "info tool bar" that displays the info to close the unnecessary add-on and it was off to the races for this virus. :down: It tried to get me to buy something that looked like a Windows Security Center tool which I knew was also BS because I couldn't close the window and it had a country code request for the phone number which legit stuff never has.

 

I don't know what someone could have done to get rid of this if they weren't skilled in virus removal. It disabled running anything including the virus scan and the task manager. Lucky for me I have a second HD that I have my Windows XP on that I was able to boot from where I could use Norton to scan and get rid of the trojan on my Vista Ultimate HD.....

 

Moral to this? Can we get some quality control with the ads please? I haven't had a virus in YEARS until now....and it took almost an hour to work around it without contaminating my whole PC. :mad:

 

*update...this virus even installed some desktop ini's .....I would LOVE to get my hands on one of those little tools that write these....I would be cool to go full speed sparring on them. :devil:

 

*FYI This and the other unsuccessful attack on my machine happened on the TESNexus. I haven't had any troubles with the DANexus or FO3Nexus. I won't be going to the TESNexus until these ads have been taken care of....removing this virus was worse than having my wisdom teeth pulled. Is there a way that a notice can be posted letting us know when the TESNexus is clean so we can go back? I love that site but the risk is too high right now.

[baihbalm]

How to remove the FAKE Windows Security Essentials Alert Malware Guide: (look at my previous posts if this malware/trojan/boot sector virus has made it impossible to boot into windows!) I use windows xp

 

Everything you need is in my comments, Just use this most current post if you haven't shut down your computer or you have a superior operating system (something other then windows).

 

Update on my crap, everything you need to seek and destroy this thing is on this site

 

http://www.spywarevoid.com/remove-fake-microsoft-security-essentials-alert.html/comment-page-1#comment-65487

 

1) Follow the instructions on the very last comment Done by Daniel (me). It includes downlaod HiJackThis, and using it's fake task manager to delete the hotfix.exe (which is the problem behind non-access to internet/taskbar/regedit).

 

2) After you're done following that, read through the article at the beginning, and 'manually remove' the registry entries made by the malware.... the most important one is to delete the C:"username"application datahotfix.exe file.

 

3) Good luck, oh and btw, don't restart your computer unless you have deleted the hotfix.exe located in your application data folder. It will reinstall otherwise... or so i've been told. Weeeee!!!!

Edited October 25, 2010 by baihbalm