Redirection to a bad site?

Discussion in 'malware problems & news' started by JerryM, Dec 14, 2009.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Hope this is the right place.
    I sent a friend an address to a thread on a forum that I know is safe. Within that thread was a thumbnail photo. I had previously clicked on it and it was OK.

    My friend, George, clicked on it and it would not let him view the photo, but he had to join, tell who directed him to the site, and wanted $15. He closed it, but ended up with a virus. Not sure what it was.

    Is is probable that somehow he got redirected to a bad site? How could that happen when I had no problem before or since?

    I think his ISP, AOL, has an AV that he has been confident with.

    I would think a good AV plus SAS and MBAM would get rid of the virus, and he might have to disable Restore.

    What are your thoughts?

    Thanks,
    Jerry
     
  2. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Re: Rediretion to a bad site?

    OK. Since we can't make a good assessment as to why he got infeced, what are the best cleaners? I have the impression that, in addition to the AV, MBAM and SAS are among the best cleaners.
    He needs something that won't do more damage cleaning.

    Would a Restore work, or would the virus hide where it would not be affected by a Restore?

    Thanks,
    Jerry
     
  3. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    Re: Rediretion to a bad site?

    We are not allowed to say what is the best cleaner because this would turn into an A vs B thread but we can make a suggestion without saying what it best.

    Check out this thread for a huge list of free malware cleaners: https://www.wilderssecurity.com/showthread.php?t=249469
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Re: Rediretion to a bad site?

    i will say malware bytes;)
     
  5. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Re: Rediretion to a bad site?

    Hey Jerry,

    as well as running the cleaners check the hosts file with HostsXpert
    use the option download original microsoft hosts file.

    which version of windows,what type of account and what browser?

    after cleaning use the repair options in superantispyware and then make sure browser is up to date,plugins are up to date for example flash play,java,shockwave etc and also uninstall any older versions of the plugins since java doesnt uninstall older versions when you install new.

    show your friend opera and firefox and ask them to choose which one they prefer or use both if they want. both are safer than IE.
    what kind of device is used to connect to the internet? is it a ethernet modem or a router?
     
    Last edited: Dec 14, 2009
  6. Billy Blaze

    Billy Blaze Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    79
    Location:
    Vorticon VI
    Re: Rediretion to a bad site?

    The thumbnail photo on the forums could have just been coincidence and he may have been infected in some other way before that. Or if he is certain that he was infected by that link maybe he was infected through a browser exploit/plugin exploit (as lodore hinted at) or the image hosting site might have some type of questionable advertising. The only way to know for certain would be to verify that link he got redirected to.

    It might also be helpful to know why he thinks he ended up with a virus or some other type of adware/malware (if it was his AV identifying that and if it was cleaned or if he is just noticing other strange behavior).

    If you still feel a scan/clean is necessary I would probably go ahead and disable system restore, restart, and do a full scan with his updated AV, and updated super antispyware/malwarebytes.
     
  7. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Re: Rediretion to a bad site?

    Many thanks for the help. I will have to get with him later.
    I viewed the thumbnails before I sent him the link, and also did it a few minutes ago. It is a puzzle to me.

    Lodore I'll do as you suggest. He is running XP, IE, and he probably has not ever done anything as to account. I have not either. I guess then it is Administrator.

    Regards,
    Jerry
     
  8. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Re: Rediretion to a bad site?

    I learned that the malware is antizir. It gives a stream of pop-ups. I think he downloaded some instructions to remove it.
    Any advice here?

    Thanks,
    Jerry
     
  9. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    The malware is antivir. I spelled it incorrectly. He is running SAS now and has found 56 items of malware.

    I just talked to my friend, and SAS removed a bunch of stuff, but when he rebooted, and went to the internet he got a pop-up and when he tried to download MBAM it blocked the site.
    That thing is a nasty.

    I advised him to use his laptop and download MBAM and put it on a CD. Then to load it on his desktop and see if it will run. I notice that some applications need to update when you install. I am not sure about MBAM and if it would do what is needed without updating if the Antivir won't let it update.

    Now that we know what it is, does anyone here have experience with it, or suggestions? Thanks

    Mods, would it be better to close this and post a new one with the name Antivir? I guess it would go on this forum. Whatever you think.

    Regards,
    Jerry
     
    Last edited: Dec 14, 2009
  10. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    The malware is 'Antivir' ? ? ? Antivir is the name of Avira's antivirus, a reputable AV. Maybe you have a rogue version, it's corrupted, or ??

    56 items is a lot of malware. You may want to consider reformatting and reinstalling the OS, drivers, software, data.

    In this case I won't comment on MBAM.

    A few suggestions: Avira LiveCD (http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html) and Dr Web LiveCD (http://www.freedrweb.com/livecd/?lng=en)
    Download and burn it on a clean computer.
    The advantage of booting from such a CD (the BIOS should be set to boot from the CD first) is that malware doesn't have a chance to interfere with the scanner.

    An excellent but long read: https://www.wilderssecurity.com/showthread.php?t=252253
     
  11. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hey Jerry,

    ive found removal instuctions

    as everyone can see from the screenshots its a rogue called the same name as a legit antivirus to trick users.

    once it has been removed superantispyware repairs to remove internet explorer restrictions should be used.
     
    Last edited: Dec 15, 2009
  12. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    MBAM should be able to clean this one up unless it's a new morphed version?

    If it is an exe killer that targets MBAM then I have had good results with Freefixer which requires manual selections and once the main malware.exe is dead then running a scan MBAM will clean up any dregs.

    MBAM seems to be one of the main targets of these exe killing rogues.

    Antivir.JPG
     
  13. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Many thanks, friends for the help. We will continue to work with it, and I will report the results. the name is confusing until you know what it is.

    I do appreciate the help.

    Regards,
    Jerry
     
  14. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    MBAM in safe mode.
     
  15. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks, I had wondered if that would be an advantage.

    As far as I have learned so far no AV detects Antivir rogue. That is somewhat of a surprise to me.

    Regards,
    Jerry
     
  16. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    This AM I took a CD with MBAM on it and installed it on my friend's computer. Without updating we ran a quick scan, it detected antivir, and removed it. We then used a-squared to scan and all was clean.

    Great work for MBAM.

    Lucian on the Kaspersky forum stated that Kaspersky will also detects it.
    http://www.viruslist.com/en/weblog?weblogid=208187938

    No mention was made of removal, and maybe Kaspersky also removes, as I would expect if it detects.

    Thanks for all the help.

    Regards,
    Jerry
     
Loading...
Thread Status:
Not open for further replies.