Banner Ad Virus About

[sethomega]

Hey guys, new poster here but long-time user of the Nexus mods; absolutely love the fact there's a central hub for modding most of my favorite titles (that are modular anyway).

 

But this isn't a plug for the site, down to business: While perusing the various mods for Dragon Age 2 over at Dragon Age Nexus (dragonagenexus.com) using Mozilla Firefox, opening many additional tabs to bookmark potentially useful mods, with only Pandora playing as the only non-Nexus Firefox window, it suddenly crashed. I instinctively re-opened Firefox, only to be met with some script-kitty's poor attempt at a coup: OBVIOUSLY fake Windows Defender window displaying even faker security settings, then declaring it detected a virus and was attempting to do some sort of file transfer. The moment the window popped up, I cracked the knuckles and got my Task Manager up and running and found the errant file was "lvd.exe" on the list. Killed it, scrubbed it and quarantined for future meddling.

 

Again, aside from Pandora.com (which is paid for so no advertisements tick over), Dragon Age Nexus was the only site being surfed, so I think it's safe to assume it's only a banner that could display there. I also am quite certain it's not one of the mandatory video advertisements that run when you download, but just specifically a -banner- ad.

 

Still in the process of scrubbing my system down, and livid over the fact Avast didn't manage to catch it. No-Script would have handled it just fine, but I of course allowed a Nexus site to avoid having to finagle the mandatory vids for downloads. Might have to drop some cash on Nod32, dunno.

 

Anyway, hope this is in the right spot, and it's at least somewhat useful. Cheers guys, thanks again for the great site(s).

[bben46]

Those fake antivirus viruses are some of the nastiest around - and difficult to get rid of. I have a few suggestions as to what should be done with the authors, but they are NSFW as well as illegal and against the Genevia convention among other things.

 

The first thing they do - if you have UAC turned off, is disable your real anti-virus, then call over their big brother to help trash your machine while they scan for credit card numbers. Turn it off. Unplug it from the internet - if you have wifi disable that until you are ready to disinfect it.

 

My own solution - a rescue CD - Boot from the rescue disk and not your virus ridden hard drive - it boots a Linux system and scans the hard drive from the CD drive or a bootable USB stick. As it doesn't run the Windows OS, and it is run from a CD it cannot be infected bt the virus. And you do not even have to know anything about Linux to use it.

 

Here is a source for several different FREE Anti-virus rescue disks made by well known AntiVirus companies.

See link in DarkeWolf's post below

 

If you are not infected, go ahead and create one now to save time when you are.

 

If you are already infected, Pick the anti-virus you like, save it to a friends computer as an ISO, then use almost any CD burner to burn the program onto a CD (burn two – one for you and one for your friend) - then use that CD to boot your infected computer. You will want Internet access turned ON for this as they all automatically update their antivirus database with the newest when they run.

 

More info on getting rid of persistant Viruses here: Last updated 1-1-11 (Warning some Geek content) http://forums.majorg...ead.php?t=35407

[DarkeWolf]

hrm. Wierd. Your link to the download list is wacked out there Ben.

Google search found what I think you were trying to post.

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

 

OP- really sorry to hear about that! That really sucks. :mad:

[bben46]

Thanks DW. I don't know what happened to my link as I have posted it before with no problem. Changed to the new one.

 

Something strange is happening here. I click on your link, copy the link, then paste it in my post and it does not work. Tried several times - still does not work.

 

Went to the site using your link. Copied the link from the actual site. pasted into my post - still doesn't work :blink:

[jewalker73]

My issue is similar to sethomega. Had just finished a round of DA2 and wanted to check the forum before calling it a night. Only Firefox running with only one tab. As soon as I hit the Nexus main page, I was hijacked by Win 7 Security 2011. Same deal -- official looking interface, warning about multiple infections, click here to purchase/activate so your system can be cleaned.

 

I also brought up Task Manager without thinking twice. The bogus process was easy enough to spot and kill. Problem was, every executable I attempted to run only launched the same process and not the intended program. Safe mode changed nothing. Couldn't open any file or directory from the Start menu, but I finally figured out that I could get into the directory structure from a folder on the desktop. I navigated to the Malware Bytes folder and took care of the problem. Took nearly 2 hours to finish though.

 

A friend has since recommended I use COMBOFIX in the future, and that it takes care of damned near everything. Will certainly give it a try if and when this happens again.

 

I can only guess there is/was an infected banner ad that tagged me? Never had any other issues on this site previously.

[bben46]

Combofix can be worse than the problem. It is known for killing things that aren't part of the virus. Save it for a last resort.

 

Besides the rescue DVD listed above I have been using SuperAntiSpyware portable from a DVD or bootable USB. So far between that & MalwareBytes I have been able to clean anything that has come along. So far I haven't had to resort to Combofix - but I do have it in my toolkit for the one time that nothing else works.

 

Note: SuperAntiSpyware is a virus remover also. Don't let the name fool you.

http://majorgeeks.com/SUPERAntiSpyware_Portable_Scanner_d6862.html