Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
Scaramouche
Mar 26, 2001

SPACE FACE! SPACE FACE!

Isn't W3Schools basing that entirely on their own traffic, e.g. theoretically developers and other people who get there by falling for their out of date SEO clickbait?

Adbot
ADBOT LOVES YOU

canis minor
May 4, 2011

http://gs.statcounter.com/#os-ww-monthly-201309-201408

Still, going down

Geemer
Nov 4, 2010



Came across an interesting one yesterday. Was at my neighbor's to help her with some minor thing, but couldn't help noticing all of her browsers started on sweet-page.com or something and that websites would have ads appear on a pop-over.
She said that she ran some scans yesterday and cleaned a bunch of things off. Further scans turned up nothing. But oddly enough any second browser window showed her actual home page.

Turns out that it had modified all the shortcuts to her browsers, adding the url to sweet-page to them and a whole string of other junk. Fixing the shortcuts also got rid of the pop-overs.

uPen
Jan 25, 2010

Zu Rodina!



:raise:

Nintendo Kid
Aug 4, 2011

by Smythe

North Korea lets foreign tourists connect to the real internet now. It's that and a few government workers.

uPen
Jan 25, 2010

Zu Rodina!
That makes a lot more sense then.

Ynglaur
Oct 9, 2013

The Malta Conference, anyone?

Nintendo Kid posted:

Yeah, W3Schools has always had weird usage rates compared to other sources. If I remember right, they had IE going below 50% several years ahead of when the majority of other stat sources did, which kinda indicates to me they might have an unrepresentative sample.

Or that their sample doesn't include stolen copies of Windows, or something. I remember somebody pointed out a while back that the huge usage of Windows XP in China is driven by the fact that the vast majority of installations are unlicensed.

Edit: Good point below. I'll stop talking out of my rear end now.

Ynglaur fucked around with this message at 10:34 on Sep 10, 2014

Nintendo Kid
Aug 4, 2011

by Smythe

Ynglaur posted:

Or that their sample doesn't include stolen copies of Windows, or something. I remember somebody pointed out a while back that the huge usage of Windows XP in China is driven by the fact that the vast majority of installations are unlicensed.

This doesn't make sense, as there's no way to track that someone used stolen copies through browser headers.

President Ark
May 16, 2010

:iiam:
I reformatted a computer (customer's request) and when I reinstalled MSE it started going nuts telling me it's detecting Alureon on the system. I googled and apparently this poo poo creates hidden sectors to reinstall itself off of. :psyboom:

Siochain
May 24, 2005

"can they get rid of any humans who are fans of shitheads like Kanye West, 50 Cent, or any other piece of crap "artist" who thinks they're all that?

And also get rid of anyone who has posted retarded shit on the internet."


President Ark posted:

I reformatted a computer (customer's request) and when I reinstalled MSE it started going nuts telling me it's detecting Alureon on the system. I googled and apparently this poo poo creates hidden sectors to reinstall itself off of. :psyboom:

Zero-fill drive, start over again. That poo poo is ugly.

Kite Pride Worldwide
Apr 20, 2009


On the topic of old viruses, does anyone know if it's safe to install BonziBuddy now that all the servers are down?

b2n
Dec 29, 2005
I have no experience with this sort of thing (thankfully) but I'm reading the thread out of interest.

I'm wondering if the cryptolocker guys aren't easy to catch because they need to give you some sort of wiring information? Where do they want all the money for decryption wired to?

Zamujasa
Oct 27, 2010



Bread Liar

b2n posted:

I have no experience with this sort of thing (thankfully) but I'm reading the thread out of interest.

I'm wondering if the cryptolocker guys aren't easy to catch because they need to give you some sort of wiring information? Where do they want all the money for decryption wired to?

Cryptolocker usually deals in Bitcoins.

Drunk Badger
Aug 27, 2012

Trained Drinking Badger
A Faithful Companion

Grimey Drawer

Forever_Peace posted:

If changing their habits is truly hopeless, make them buy Sandboxie Pro and set all their browsers to auto run in sandboxes.

This seems to be my best option. Let's say I sandbox a browser, will I be allowed to save my legitimate downloads to the hard disk?

Zogo
Jul 29, 2003

Drunk Badger posted:

This seems to be my best option. Let's say I sandbox a browser, will I be allowed to save my legitimate downloads to the hard disk?

Yea, a popup shows up for each browser download. The typical user will find NoScript/Sandboxie a hassle and/or the multiple layers confusing so I usually don't recommend those to everyone.

Alabaster White posted:

On the topic of old viruses, does anyone know if it's safe to install BonziBuddy now that all the servers are down?

I'm not sure but you could install and test just about anything within Sandboxie temporarily to see what happens.

Paul MaudDib
May 3, 2006

TEAM NVIDIA:
FORUM POLICE

Zogo posted:

Yea, a popup shows up for each browser download. The typical user will find NoScript/Sandboxie a hassle and/or the multiple layers confusing so I usually don't recommend those to everyone.

Then you need to charge a fee for every time you come clean viruses off their computer or something.

My girlfriend is not really a technical person, but she eventually got the hang of NoScript. Make them go to a new website that uses scripts, make them push the buttons and armchair quarterback them on what looks like a scripts server or CDN and what looks like ads, and they will figure out the thought process pretty fast.

It would be super awesome if there were some sort of community-ratings system for this task. Like a plugin that looks at the NoScript settings everyone is using for horsecockstube.com and sees which domains the collective hivemind is enabling. Then you can aggregate it on a web-wide level and see that no one actually needs googlemetrics.com for any site to work properly, and so on.

Paul MaudDib fucked around with this message at 01:08 on Sep 12, 2014

Scaramouche
Mar 26, 2001

SPACE FACE! SPACE FACE!

whois posted:

Whois

Complete whois information on the domain, including registrar information.
internic.net
https://www.internic.net
horsecockstube.com
Whois Server Version 2.0

No match for "HORSECOCKSTUBE.COM".

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

I think you know what you need to do.

Zogo
Jul 29, 2003

Paul MaudDib posted:

Then you need to charge a fee for every time you come clean viruses off their computer or something.

It's what I do for a living so that's not an issue.

Paul MaudDib posted:

My girlfriend is not really a technical person, but she eventually got the hang of NoScript. Make them go to a new website that uses scripts, make them push the buttons and armchair quarterback them on what looks like a scripts server or CDN and what looks like ads, and they will figure out the thought process pretty fast.

There are a lot of users out there that won't be persuaded or cajoled into that kind of task.

Gothmog1065
May 14, 2009
Does anyone know if there is a way to remove Avast externally? Their rescue disk only does scans, and I'm pretty sure that is what is stopping this computer from booting. Flattening is the next option, but was wondering if there was something before that (And I really don't want to pull this goddamn harddrive out.)

Paul MaudDib
May 3, 2006

TEAM NVIDIA:
FORUM POLICE

Gothmog1065 posted:

Does anyone know if there is a way to remove Avast externally? Their rescue disk only does scans, and I'm pretty sure that is what is stopping this computer from booting. Flattening is the next option, but was wondering if there was something before that (And I really don't want to pull this goddamn harddrive out.)

Have you tried a safe mode boot? What makes you sure that Avast is keeping it from booting?

Gothmog1065
May 14, 2009
Neither mode will boot. It will lock up once it gets to the user selection screen on normal, and on safe mode it locks up at aswRvrt.sys, and everything I've seen from googling shows it's an avast issue.

e: And yes, there were a few trojans, I think I got a good portion of them with a Kaspersky Rescue Disk.

Scaramouche
Mar 26, 2001

SPACE FACE! SPACE FACE!

It's extreme but have you tried booting into recovery console and redoing bootrec or just deleting the avast stuff from there?

Gothmog1065
May 14, 2009
Whew. Just got the go ahead to flatten and reinstall.

Scaramouche
Mar 26, 2001

SPACE FACE! SPACE FACE!

So new 'exploit of the week': Shellshock affecting MacOSX and most flavours of Linux. Have you guys noticed any changes in remediation strategies now that vulns seem to have pr campaigns and dedicated web pages?

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender

Scaramouche posted:

So new 'exploit of the week': Shellshock affecting MacOSX and most flavours of Linux. Have you guys noticed any changes in remediation strategies now that vulns seem to have pr campaigns and dedicated web pages?

I think you should check out this thread since stuff is getting posted there about it once in a while.

But to answer your question: the solution is to just update your Bash installation on any system that may be running Bash and to consult with any vendors. The biggest pain you might have may be any systems that have the console locked out. There are no sensible remediation steps other than that sadly.

Yoshimo
Oct 5, 2003

Fleet of foot, and all that!
In lieu of an to date OP, what's the standard procedure for finding a relative's Win7 PC that's riddled with spyware and viruses and poo poo? Flattening and reinstalling ain't an option I'm afraid.

Edit- just seen the sticky in the HoTS. Never mind, nothing to see here...

Yoshimo fucked around with this message at 13:33 on Oct 6, 2014

Ynglaur
Oct 9, 2013

The Malta Conference, anyone?
Any thoughts on Norton's product suite compared to ESET? Is there any meaningful difference for the average home user?

Khablam
Mar 29, 2012
RIGHT OR WRONG, I CAN’T HELP BUT EXPRESS MYSELF LIKE A BRATTY CHILD. DON’T LISTEN TO ME.

Ynglaur posted:

Any thoughts on Norton's product suite compared to ESET? Is there any meaningful difference for the average home user?
ESET is actually usable.

Siochain
May 24, 2005

"can they get rid of any humans who are fans of shitheads like Kanye West, 50 Cent, or any other piece of crap "artist" who thinks they're all that?

And also get rid of anyone who has posted retarded shit on the internet."


Ynglaur posted:

Any thoughts on Norton's product suite compared to ESET? Is there any meaningful difference for the average home user?

Eset or Kaspersky are the only decent antiviruses. And just get the AV, not the suite.
Do NOT get Norton or McAffee, they are terrible. I've fixed so many systems just by running the Norton removal tool. Its garbage.

Proud Christian Mom
Dec 20, 2006
READING COMPREHENSION IS HARD
We've been using ESET for about 4 years and it really is the only thing I'd recommend to someone I liked.

Ynglaur
Oct 9, 2013

The Malta Conference, anyone?
Thanks for the responses everyone.

Paul MaudDib
May 3, 2006

TEAM NVIDIA:
FORUM POLICE

Siochain posted:

Eset or Kaspersky are the only decent antiviruses.

Yup, if you're going to pay money it should be one of these two.

And if you watch Newegg/etc and are willing to float a rebate, you can often pick them up for almost nothing. I got a 3-seat 1-year license on Kaspersky Pure for either $0 or $5 (after $50 rebate), and I got a 1-seat ESET license for free after a $10 or $15 rebate or something along those lines.

Zamujasa
Oct 27, 2010



Bread Liar
Someone in my family has a bunch of one-year cards for some Norton 360 garbage and required me to install it instead of something less awful and free (avast! is my usual choice for that).

That poor laptop ground to a halt as soon as it finished installing. :(

super sweet best pal
Nov 18, 2009

For the past couple days my browser was taking forever to load pages, turns out it was loading some tracking site called quantserve.com every time I clicked a link. Adding the site to adblock's filter fixed the loading times but searching for info on what might be causing it hasn't given me anything solid.

e:

Poetic Justice posted:

Doesn't SA use quantserve? It shows up in Noscript for this site, but I keep it blocked because it does tend to cause browsing slowness. It is just an analytics/tracking cookie. For example, it provides invaluable information that the top interest on this site is videogames, and 90% of users are male.

That's a relief. Don't know why it suddenly started hammering my loading speeds, I'll just leave it blocked now that it's doing that.

super sweet best pal fucked around with this message at 00:14 on Oct 22, 2014

DrAlexanderTobacco
Jun 11, 2012

Help me find my true dharma
https://www.malwarebytes.org

Run that, see what pops up! Oh, and start your browser in safe mode if it's got one (All add-ins disabled) to see if there's a difference as well.

somethingawful bf
Jun 17, 2005

Unguided posted:

For the past couple days my browser was taking forever to load pages, turns out it was loading some tracking site called quantserve.com every time I clicked a link. Adding the site to adblock's filter fixed the loading times but searching for info on what might be causing it hasn't given me anything solid.

Doesn't SA use quantserve? It shows up in Noscript for this site, but I keep it blocked because it does tend to cause browsing slowness. It is just an analytics/tracking cookie. For example, it provides invaluable information that the top interest on this site is videogames, and 90% of users are male.

somethingawful bf fucked around with this message at 23:11 on Oct 21, 2014

Drunk Badger
Aug 27, 2012

Trained Drinking Badger
A Faithful Companion

Grimey Drawer

Poetic Justice posted:

Doesn't SA use quantserve? It shows up in Noscript for this site, but I keep it blocked because it does tend to cause browsing slowness. It is just an analytics/tracking cookie. For example, it provides invaluable information that the top interest on this site is videogames, and 90% of users are male.

I would have figured Food and Drink would have been higher, but that is some interesting information

Three-Phase
Aug 5, 2006

by zen death robot

Stanley Pain posted:

Do you have one example of a in the wild, drive by, ad malware that can infect android without any user interaction? I'm being half snarky and half curious.

As a side question, has anyone encountered, as Stan said, drive-by ad malware (like an advertisement on a web site), that can infect Mac OS X via Safari? (Yosemite or Mavericks)

I've been curious about OS X malware/viruses, and my understanding is there aren't many, and they tend to be situations where someone gets a fake download (Flashback) or they are trojans piggybacking on pirated software.

Three-Phase fucked around with this message at 00:56 on Oct 22, 2014

Hipster_Doofus
Dec 20, 2003

Lovin' every minute of it.

Poetic Justice posted:

Doesn't SA use quantserve? It shows up in Noscript for this site, but I keep it blocked because it does tend to cause browsing slowness. It is just an analytics/tracking cookie. For example, it provides invaluable information that the top interest on this site is videogames, and 90% of users are male.

Amusingly, I had to enable scripts for quantcast.com to see the stats. :irony:






(yes I know that's not really irony)

Adbot
ADBOT LOVES YOU

Khablam
Mar 29, 2012
RIGHT OR WRONG, I CAN’T HELP BUT EXPRESS MYSELF LIKE A BRATTY CHILD. DON’T LISTEN TO ME.

Three-Phase posted:

As a side question, has anyone encountered, as Stan said, drive-by ad malware (like an advertisement on a web site), that can infect Mac OS X via Safari? (Yosemite or Mavericks)

I've been curious about OS X malware/viruses, and my understanding is there aren't many, and they tend to be situations where someone gets a fake download (Flashback) or they are trojans piggybacking on pirated software.

Good timing, because 'iWorm' has just become the latest high-profile one (though every bit of malware on an Apple platform gets over-hyped for clickbait; a false-positive detection on an i-frame in an app got bloggers claiming malware has made it to the iOS store). It seems to need user interaction, though.

Flashback was distributed via a java exploit when it first hit, and required no user interaction to get infected. After java patches got pushed out it moved to social engineering.

It seems Macs are getting targeted disproportionately as machines for botnets; I assume this is because the virus authors make the assumption there's no AV installed on many, vs a PC which even if it gets missed, might later remove it by a definitions update.

  • Locked thread