|
Khablam posted:Re-install it, that can't be anything other than some manner of corruption of the install. You can test this by sending a file Avast thinks is shady to virustotal; if the Avast! line of the results (which is set to maximum detection / heuristic sensitivity) is clean, your system is wonkey somewhere. For example, the recent Chrome update is not a false positive being experienced by anyone else. The Avast team tweeted an apology for the Chrome upate thing so it wasn't a glitch. The jpegs might be but it hasn't happened since the most recent upgrade so I will wait and see.
|
#
?
Dec 12, 2013 06:44
|
|
|
|
| # ? Apr 25, 2024 03:18 |
|
|
I install MSE on customers' computers more as a peace of mind thing. For my frequent flyers who were coming in once a month with 17 toolbars and a ransomeware infection, I started installing Adblock to protect them from themselves and instructing them to do a manual scan with Malwarebytes once every few weeks or so. From that point I don't see most of them until their hard drive dies or something. Maybe I should stop doing that.
|
|
#
?
Dec 12, 2013 19:57
|
|
|
Just got a virus (multiple infected files that seemed to be affecting a .NET Framework 2.0 installation) for the first time in about five years. I run AdBlock and MSE (which the virus disabled), keep my programs updated, and am genuinely quite careful, so I'm curious how this slipped past me. I re-installed Windows to be safe, and all my important data is on Google Docs or a separate hard drive so this wasn't too painful of a process. Here's my question: I use LastPass to store all my passwords. I changed my LastPass vault password, and important passwords like Gmail, PayPal, and bank - should I bother changing the rest? I unfortunately did not get a chance to isolate the virus - are a lot of common viruses scanning for passwords?
|
|
#
?
Dec 14, 2013 05:03
|
|
|
NicelyNice posted:Just got a virus (multiple infected files that seemed to be affecting a .NET Framework 2.0 installation) for the first time in about five years. I run AdBlock and MSE (which the virus disabled), keep my programs updated, and am genuinely quite careful, so I'm curious how this slipped past me. Did you have Java installed? NicelyNice posted:Here's my question: I use LastPass to store all my passwords. I changed my LastPass vault password, and important passwords like Gmail, PayPal, and bank - should I bother changing the rest? I unfortunately did not get a chance to isolate the virus - are a lot of common viruses scanning for passwords? I'd change any password of value. We're not sure of what kind of virus you had and how regularly you log into the various sites you use.
|
|
#
?
Dec 14, 2013 22:26
|
|
|
NicelyNice posted:I run AdBlock and MSE (which the virus disabled), keep my programs updated, and am genuinely quite careful, so I'm curious how this slipped past me. Lots of the worst rootkits do this, and some of them make use of .NET framework installations as well. You don't say what virus you detected, but you might want to look a bit closer at what's happening there. quote:Here's my question: I use LastPass to store all my passwords. I changed my LastPass vault password, and important passwords like Gmail, PayPal, and bank - should I bother changing the rest? I unfortunately did not get a chance to isolate the virus - are a lot of common viruses scanning for passwords? As for how you got it? Well it can be assumed: - You're locally an admin - You have java installed - You let javascript run in a browser In that scenario, even with ad block it's more when, not if. Change one of those three and your chance of a lovely website ruining your afternoon plummets very rapidly. Khablam fucked around with this message at 00:46 on Dec 15, 2013 |
|
#
?
Dec 15, 2013 00:42
|
|
|
Thank you for the advice! I've been using MSE because it's simply to easy to use - I've never had a false positive and I like the way it integrates with Windows update. However, I'm going to look into replacing it since whatever attacked absolutely blew by it. Is Symantec Endpoint Protection any good? I have a free license through work. Otherwise I'll likely switch to NOD32, used it before MSE was released and was very happy with it. edit: Looks like Symantec is terrible as usual, I'll try the free version of Avast. And yes, I was using Java (possibly outdated, I know I've ignored them more than once) and I wasn't running any script blocking add-ons. I don't follow security too closely at all, so I thought simply not running any strange executables along with AdBlock and a decent browser would keep me safe - I'm blown away by how tenacious the latest incarnations of these exploits have become. Also, if this was indeed a rootkit, can I be sure that my reinstall got rid of it? I didn't zero out the hard drive and I didn't fix the MBR, but scans with GMER, TDSSKiller, and the Malwarebytes Anti-Rootkit software have all turned up clean. I also have a second hard drive and a networked computer that show no signs of infection. NicelyNice fucked around with this message at 08:47 on Dec 15, 2013 |
|
#
?
Dec 15, 2013 08:34
|
|
|
You've done basically the exact right thing - if you can't determine the attack vector it used and can ensure it's gone, then it's easier and safer to flatten and re-install. ESET/NOD32 is good, so is Kaspersky. Avast is great for a free A/V. If you don't need Java, uninstall it. If you do, consider either sandboxing your browser or using No Script!. Ad block is great, but it blocks based on rules, so if a new ad shows up that isn't in the list, it can show. If it's malicious, it can do it's thing. Also note that webservers that have been compromised and forced to serve malware won't get blocked by ad block.
|
|
#
?
Dec 15, 2013 17:08
|
|
|
Is disabling the Java plugins in the browser good enough? I need Java locally but have no use for it in my browser.
|
|
#
?
Dec 15, 2013 21:18
|
|
|
dis astranagant posted:Is disabling the Java plugins in the browser good enough? I need Java locally but have no use for it in my browser. Yes, that's the main thing to do with Java to plug any kind of vulnerability that might occur, Java is not bad but the browser plugin for Java is what will get you from some random drive by infect.
|
|
#
?
Dec 15, 2013 23:23
|
|
|
Yeah, the company we use installed MSE (When we had a subscription with NOD) on all of our computers when we got new PCs and our secretary managed to get that new cryptovirus on her computer, which of course encrypted every office file she had access to. I didn't notice NOD was missing until a week later and had our employer call the company so they could come in and install it on all the computers. Then my co-workers were all having startup issues and it turned out they forgot to take MSE off after they installed NOD. Sephiroth_IRA fucked around with this message at 14:37 on Dec 19, 2013 |
|
#
?
Dec 19, 2013 14:34
|
|
|
Orange_Lazarus posted:Yeah, the company we use installed MSE (When we had a subscription with NOD) on all of our computers when we got new PCs and our secretary managed to get that new cryptovirus on her computer, which of course encrypted every office file she had access to. I take it it was on Windows 7? Windows 8.x should turn off MSE automatically when another AV is installed.
|
|
#
?
Dec 19, 2013 15:06
|
|
|
WattsvilleBlues posted:I take it it was on Windows 7? Windows 8.x should turn off MSE automatically when another AV is installed. Yeah, you nailed it.
|
|
#
?
Dec 20, 2013 15:54
|
|
|
Is there something for Chrome that does what NoScript does? From what I've read, it seems more comprehensive than simply disabling all JavaScript, and it seems it also gives you information on what's trying to run.
|
|
#
?
Dec 22, 2013 21:07
|
|
|
hooah posted:Is there something for Chrome that does what NoScript does? From what I've read, it seems more comprehensive than simply disabling all JavaScript, and it seems it also gives you information on what's trying to run. Yep, 'notscripts'. Though chrome launched with an inability to support such addons, it's steadily improved and I believe it's fairly similar in function now.
|
|
#
?
Dec 28, 2013 00:28
|
|
|
Khablam posted:Yep, 'notscripts'. Though chrome launched with an inability to support such addons, it's steadily improved and I believe it's fairly similar in function now. Hmm. I did come across that in my search, but read posts/reviews about how it's missing some (a lot?) of key features fork NoScript. I don't remember the date on any of those anymore; is that no longer accurate?
|
|
#
?
Dec 28, 2013 04:47
|
|
|
Has anyone had any experience with AVG TuneUp 2014? I had a 15 day free trial and the program seems useful but a paid for program is never going to seem poo poo. Is it worth the money or should I just do what it does myself with free programs?
|
|
#
?
Dec 29, 2013 15:34
|
|
|
Got a question about Avast and boot-time scans: I can tell Avast to "intercept" the Windows boot process and scan a folder, disk, or my whole computer. Is this a fairly bulletproof way to detect things like rootkits that may be on my computer? I do try and stay vigilliant: A. Keeping Windows, programs, and browsers up-to-date (check at least once a week) B. Run Antivirus (Avast - the key times it protected me was intercepting viruses that were email attachments (obvious ones at that), as well as stopping scripts before they tried to run in my browser (the ones listed I researched and I believe were false positives) C. Running NoScript and Adblock in Firefox As far as people complaining about false positives, my opion is that those are generally good things unless they become obnoxious or result in system files being knocked out killing your computer. I always keep my heuristical scanning set to high sensitivity.
|
|
#
?
Dec 31, 2013 01:08
|
|
|
I'm having some problem with a malware extension that keeps installing itself on Chrome, the browser that I prefer (posting from FF currently). I stepped away from my computer a few hours ago with Chrome open on nothing in particular (probably SA). When I came back Chrome had crashed. I wouldn't have noticed that two pieces of malware attached themselves to Chrome if they hadn't uninstalled the SALR Redux extension. Their names are "FFindBestDeaL" and "EnjoyaCoupone" both [sic]. Anyway a FULL scan from Malware Bytes a FULL scan from Avast and a FULL scan from CCleaner (just to make sure there were no lingering broken registry entries). I also searched through regedit and deleted all mentions of either of these things. I also deleted a suspicious folder in Program Data containing .dlls and .exes that were pointed to by some of the registry entries. Both of these were in my Uninstall Programs list, but I wasn't dumb enough to try to uninstall them as they just pointed to the suspicious .exes in the folder. This got rid of "EnjoyaCoupone" but not "FFindBestDeal" and it's pissing me off. They were in FF when I booted it up recently, but on deactivating and deleting they don't reappear. But "FFindBestDeaL" simply will not go away and I'd rather use Chrome to be frank. Any help? Anyway, I'm running Win 7 that is fully updated. The only thing I've downloaded and installed in the last 3 or 4 weeks that wasn't from an unimpeachable source was a program called Procurement for Path of Exile. I was leery of it, but I figured since it's on Google Code it was safe. Was I stupid? Overwined fucked around with this message at 07:01 on Dec 31, 2013 |
|
#
?
Dec 31, 2013 06:59
|
|
|
Overwined I think I have the exact same thing. What it looks like it does it choose two different names that are misspellings of search terms so if you look it up it doesn't know what to do exactly. I can't seem to find the other one now but it also had a somewhat garbage name that was close to how a real term was spelled. I've run Malware Bytes and Spybot to no avail, it seems to be sticking around in my extensions as well. Tracula fucked around with this message at 11:34 on Dec 31, 2013 |
|
#
?
Dec 31, 2013 11:29
|
|
|
Yeah, that's got to be the same thing. It's ruthlessly clever to name them something that you can't Google search without having to sift through millions of irrelevant (and spammy) hits. I kinda want to punch whoever designed this thing in the face. EDIT: I'm also highly suspicious of this group of .dlls  It caught my eye because the name and the capitalization imply it wants to look official, but it looks really fishy. Google comes up with nothing on these files which tells me they are at least non-official. There are a number of registry entries that point to these files and folders. I'm deleting the registry entries as well as the folder itself. It appears to be unrelated to this other poo poo, but you never know. EDIT2: I'm really pissed about this poo poo. Over the many years of being a computer and internet user (and for the record the number of the years I've been using the internet is all of them) I have never fallen prey to any major malicious software. EDIT3: I found a reference to some of the .dlls at this site (not sure how legit that site is) that say these files were discovered only in the last 5 or 6 days. I think we're dealing with some new poo poo here. Overwined fucked around with this message at 15:25 on Dec 31, 2013 |
|
#
?
Dec 31, 2013 14:57
|
|
|
A few programs I'll recommend for you to try, and I'd be shocked if this won't solve this. Usage is pretty self explanatory. AdwCleaner - http://www.bleepingcomputer.com/download/adwcleaner/ RKill - http://www.bleepingcomputer.com/download/rkill/ Junkware Removal Tool - http://www.bleepingcomputer.com/download/junkware-removal-tool/
|
|
#
?
Dec 31, 2013 15:20
|
|
|
Check my last post. I'll run those programs, but I believe we're working with something that's brand-spanking new and hasn't gotten into the definitions yet. EDIT: Yeah confirmed, none of those three programs worked. Thanks anyway. Overwined fucked around with this message at 16:22 on Dec 31, 2013 |
|
#
?
Dec 31, 2013 15:26
|
|
|
The only suggestion I have left is to make a post over at http://www.bleepingcomputer.com/forums/ there's a bunch of capable people over there that might have a working solution or way to isolate this for you, also your problem will get more exposure there then this little niche thread.
|
|
#
?
Dec 31, 2013 16:34
|
|
|
Overwined posted:I'm having some problem with a malware extension that keeps installing itself on Chrome, the browser that I prefer (posting from FF currently). If it keeps reinstalling itself after you clear it out, you might have a rootkit. Try TDSSKiller, that'll check if it it's one of the more common ones and clear it out.
|
|
#
?
Dec 31, 2013 16:49
|
|
|
You might want to use Malwarebytes Anti-Rootkit instead of Kasperskys TDSSKiller as it only scans for boot sector and the drivers directory and might miss things.
|
|
#
?
Dec 31, 2013 17:00
|
|
|
No rootkit detected. This is a persistent piece of poo poo. I still believe that this is pretty new and maybe not widespread (yet). I'll just keep furiously scanning every time some new definitions come down. There was a new one that came up with Malwarebytes, but I came up clean and the extension is still there. I'll probably post about it in the bleeping computer forums if it doesn't get cleared up in the next few days. EDIT: Ugh, it looks like FF is not safe for me either. I just got a popup tab that went to "browse-update.net" that said I "urgently needed" to update my browser. I did nothing and clicked nothing on this site. But it's evidence of some serious poo poo. I am angry at: 1.) Myself. How the gently caress did this poo poo get in here? I don't use ANY filesharing utilities and I don't download random poo poo from shady sites. I NEVER get executable files in the email and even if I did I wouldn't click them. It's pissing me off. 2.) Avast. Avast has no idea what the gently caress is going on. According to a full scan everything is hunky-dory. 3.) Chrome. Apparently not as secure as they claim. Overwined fucked around with this message at 23:48 on Jan 1, 2014 |
|
#
?
Jan 1, 2014 23:05
|
|
|
Overwined posted:No rootkit detected. This is a persistent piece of poo poo. I still believe that this is pretty new and maybe not widespread (yet). I'll just keep furiously scanning every time some new definitions come down. There was a new one that came up with Malwarebytes, but I came up clean and the extension is still there. I'll probably post about it in the bleeping computer forums if it doesn't get cleared up in the next few days. Have you tried WDO? http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline If that doesn't find anything have you tried ComboFix? http://www.bleepingcomputer.com/download/combofix/
|
|
#
?
Jan 2, 2014 00:54
|
|
|
Overwined, you won't find help in this thread. If you have a specific problem then the new thread button is your friend. There's also a thread knocking about discussing new malware trends. That said if what you describe is exactly what's happening you have a rootkit and the only solution is to flatten the system.
|
|
#
?
Jan 2, 2014 02:24
|
|
|
Tracula posted:Overwined I think I have the exact same thing. What it looks like it does it choose two different names that are misspellings of search terms so if you look it up it doesn't know what to do exactly. Just reporting back here to tell you what I've found, Traclua. Hopefully this helps you out. -The extensions that you and I both have are symptoms of a "Safe Saver" malware infection. I have not figured out how to remove it, but have made a post at Bleeping Computer if you want to follow it. -I also had a Comame Trojan infection, which only Windows Defender Offline found. I'm not sure if these two are related, but I recommend doing a FULL SCAN with WDO. This take a LONG TIME (for me about 5 hours) but it's worth it.
|
|
#
?
Jan 3, 2014 20:47
|
|
|
Thanks for that all. I'll make sure to keep an eye on the thread that you started and give WDO a shot as well.
|
|
#
?
Jan 4, 2014 01:30
|
|
|
I've been reading this thread for some time. Im kinda confused of the whole AV program to run. One person says Microsoft Security Essentials is the way to go while another person says MSE hasn't been a valid option in years. All i really want to know is what Anti Virus program (free) is a good one to use that wont take over my system and slow it down. I've used avast and just simply wasnt impressed with it. I already run Anti-malware and Microsoft Security Essentials to try to keep my machine Virus/Malware free. Any suggestions would be great!
|
|
#
?
Jan 5, 2014 15:44
|
|
|
iminers posted:I've been reading this thread for some time. What about avast! left you unimpressed? I've been using it for a week or so since reading about MSE in this thread, and I haven't had any problems. Granted, I can't even remember the last time I had something more malicious than crapware.
|
|
#
?
Jan 5, 2014 15:45
|
|
|
hooah posted:What about avast! left you unimpressed? I've been using it for a week or so since reading about MSE in this thread, and I haven't had any problems. Granted, I can't even remember the last time I had something more malicious than crapware. Now that i think about it, it was some options that i didn't uncheck in the settings like Load after boot, realtime protection etc. All i really want from a AV is non intrusive program. I don't need it to load everytime i boot my computer, don't need it to scan every 3 mins or slow my system down. When i shut it off, i want it to be off. And not reload itself. Im assuming Avast! is pretty much the way to go? Fake edit: my bad for not completely going through all the Avast! settings.
|
|
#
?
Jan 5, 2014 17:16
|
|
|
If you're the type of person who gets malware, Avast is good. Occasionally you'll have to allow things to run or temporarily disable it before installing things, but it has good detection. If you're not the type who gets malware but you want protection anyway, use MSE and/or do a manual scan with Malwarebytes every couple of weeks or so. Malwarebytes is also good for getting rid of adware/PUPs (potentially unwanted programs).
|
|
#
?
Jan 5, 2014 19:27
|
|
|
Probably the biggest advantage of having Avast over MSE is the better real-time protection, for which you need it running with your system at all times anyway. It's not that MSE has a terrible scanner / remover, but it's that it doesn't do a good job of preventing infections in the first place. If you just wanted an occasionally "scan my computer" button with a program that does nothing else, just get MalwareBytes.
|
|
#
?
Jan 5, 2014 20:25
|
|
|
I recently switched over to Avast, and today it gave me a pop-up for its GrimeFighter add-on. Can anyone speak to the effectiveness of this feature? At first glance it kind of sounds like it overlaps with CCleaner (which I also run), but I guess that's not a bad thing. Then again the one thing I don't like about Avast so far is how often it pops up messages so I'm not too keen on giving it more chances to do so unless the add-on actually have some meaningful use. Plus they have this weird cartoony way of describing it which is really off-putting for whatever reason.
C-Euro fucked around with this message at 23:32 on Jan 5, 2014 |
|
#
?
Jan 5, 2014 20:36
|
|
|
iminers posted:I don't need it to load everytime i boot my computer You do. On top of pretty basic logic like "prevention is better than the cure", oftentimes if you've let the virus run it will have done damage a scan either: a) Can't detect (rootkits) b) Can't fix (backdoors) The logic of "I don't get viruses because____" will hopefully die an even harder death now that even Yahoo! have served malware on their pages, via a drive-by download you would have no means of detecting if you weren't running a real-time scanner. You mentioned MSE so odds are you are running a realtime scanner, but just don't realise you are. e: if you just want to do virus scans then installing a resident AV program then trying to turn off it's resident protection is approaching it backwards anyway, just use any one of the dozens of online scanners provided by major AV companies. Note: their ability to remove infections after the fact is still as poor as in your above situation. Lose 3-5% of your system performance (that you can deactivate when playing games or whatever anyway) so that you're not sitting there blissfully unaware your computer is a zombie in a bot network. Khablam fucked around with this message at 02:42 on Jan 7, 2014 |
|
#
?
Jan 7, 2014 02:39
|
|
|
Khablam posted:You do. On top of pretty basic logic like "prevention is better than the cure", oftentimes if you've let the virus run it will have done damage a scan either: Thanks for the help. Gonna reinstall Avast!
|
|
#
?
Jan 8, 2014 04:47
|
|
|
Are there any tips on getting rid of Better Surf on Firefox? I had it weeks ago and did the obvious things: disable it on the Firefox add-ons, uninstall the program from the control panel, and found two folders in Program Files "better surf" and "better-surf". It reappeared last night however and while the folders are gone (and removed from recycle bin), and it is still listed as disabled in Firefox and nothing under its name of some of the common pseudonyms from my web research have any matches in Control Panel. I set up MSE and Avast to do a complete scan last night and have not had a chance yet to check the results, but are there any other suggestions? Oh, I also used that Adw.. I forget the name and it did not find anything wrong. My research has shown I did everything right, but it still keeps appearing.
|
|
#
?
Jan 10, 2014 16:04
|
|
|
|
| # ? Apr 25, 2024 03:18 |
|
|
If it's coming back auto-magically after you nuked it with adwcleaner, and your system is scanning as clean, then you have a significant problem and should make a thread. n.b. If you have 2 resident AV programs running at the same time then that's a recipe which ensures that probably neither work.
|
|
#
?
Jan 10, 2014 17:48
|
|