unbelieveable infestation in an hour

good tip found a couple hidden malware types, looks like it's back to normal, I browsed for about an hour before work & it runs fine & speed back to normal, thanks to all for the tips & support.

 

Hello larryb52,

The last two things that you should perform is a system scan with both Prevx CSI free and Microsoft Windows Malicious Software Removal Tool. FYI, this version of CSI will not clean any "active" malware that it finds, but at least you will know if your system is clean or not.

http://info.prevx.com/downloadcsi.asp
http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Hope this helps.


Peace & Gratitude,

CogitoErgoSum

 

Hello,
Indeed, why not use Firefox and solve all the problems?
Mrk

 

WilliamP reported something similar with Defensewall. Interesting to say the least.

 

Very similar and, after hitting the reset button, DF put everything back in place. All I know is that it was in MySpace where it happened. The entire thing took barely a second. The screen snapped to black and then the blue screen appeared.

What annoys me is that I was there for the purpose of collecting malware to play with. Geswall has always been rock solid, based on past usage. Wish I could find that site again, but maybe it's better that I don't. Also, I did not have either Returnil or Sandboxie running.

Credit to DeepFreeze, though. Whatever happened didn't break it.

 

@larry congrats glad to here everything worked at for you good job.

 

Returnil, Shadow Defense or some other boot to restore utility could be installed, with an access password. You don't even have to run it ordinarily. Then when someone needs to borrow your computer, initiate a password protected session with your boot to restore utility. Since the user has no need to save or leave anything on your drive, it will be no inconvenience to them.

What you get back when they return it, is only what they borrowed.

 

An installation of "Spybot Search & Destroy" and "Spyware Blaster" may be a good idea too.

 

rest of the story ran superantispyware & it found 12 more nasties, I reran it again & with counterspy & it finally looks clean, thanks all...11 were registry entries...

 

well I owe my daughter an apology. I asked for her laptop & ran a couple programs & all it found was adware cookies & the usual ones nothing crazy or nasty & she does go to Facebook, My Space but if anything had come up Nod eliminated it.. I'm sorry to stretch this thread but I like to know where & how something get's on one of my machines, I don't care who runs it, they trust me to put protection on it. My daughter claimed at the time she went to a hair product's page (I won't name it) as she wanted the coupon & than stuff started hitting. Perhaps as they say just one of those things, thanks to all and thanks to SAS & I'm running it in protection mode as it did find alot of bad stuff and I'd rather NOT have it on anyones machine. The internet use to be fun not as much as years ago, thanks again for listening...

 

Glad you got things cleaned up OK Larry. And don't worry about dragging the story out. Interesting and learning reading. Glad the SAS worked out good for you. It's a heck of a good program.

 

I believe it was myspace that gave me a bsod a couple weeks ago. I don't recall if it was with the geswall driver but I was running a Geswalled browser. In any case, I keep *.myspace.com in my restricted zones now.

 

LOL, I don't even visit MySpace.

 

Is it possible in anyway to reproduce it by just visiting myspace etc?

 

I just visted facebook.com, just to look around. After I closed the page I did a scan with my AV..nothing. The next morning I bootup everything is normal, I have to go out for a couple of hours so I computer off and go out. When I come back I bootup, I start getting error messages that the computer can't find this file...its one that I never even heard of before. This happens 5 or 6 times..very quickly..like one a second. At that point my screen just goes blank and I get the error message Windows was shut down to protect the system. First thing I did was try to put the computer in safe mode to do scans with SuperAntispyware and Spybot and my AV from the page you get from taping F-8, I tried all the options..every single one ended up in the same thing...windows being shut down. I finally got in with Acronises Boot Disk and did a restore from a full backup I had done a month before. I had to do a little updating since then but it back up. Now I am doing a tuneup before I do another Full backup.

 

@Chuck57
@Carver

Ok, I will try to reproduce it with GW. Can u guide me further:

What browser u used?
What sort of activities on face book?
Did u login or simple visting here n there?

 

I used opera browser and I just randomly clicked through the different tabs. No login of any sort, I am not registered there.

 

Yesterday, I regustered on facebook and went here n there, so far nothing. Will try more.

 

The infection didn't happen the same day, but the next day. I suspect it might have been a trojan Dropper of some type. When I went to Face book my AV resident didn't register anything.

 

so: what is this my space and facebook ??
Something for the young peeples yes

What is it for ?
Google search for last month:
facebook+malware
http://www.google.com/search?as_q=f...as_dt=i&as_sitesearch=&as_rights=&safe=images
And my space
http://www.google.com/search?as_q=m...as_dt=i&as_sitesearch=&as_rights=&safe=images

Use FireFox ? ABSOLUTELY
http://isc.sans.org/diary.html?storyid=3929

The posters here will -ahem- 'go in' well armed and aware as for the rest :blech:
http://www.businessweek.com/magazine/content/05_50/b3963001.htm
and that was years ago.

I don't even like mobile phones and I don't have an Ipud.

 

@larry: No offense meant - but if you allow your daughter to log on as admin and to use IE - probably with ActiveX and scripting enabled in the internet zone - I'm not at all surprised about what happened.

 

When I visted facebook I knew that I might just get something, if worst came to worst I had a backup I could restore other wise I wouldn't have gone.