S k a t e L o g     F o r u m
Inline Skating and Quad Roller Skating
Forum Hosts: Jessica Wright | Kathie Fry

FOLLOW US: Our Blog | Facebook | Twitter | Email    


Home - Forum Index - Africa Skating - Asia Skating - Europe Skating - Oceania Skating - Pan America Skating - Roller_Rinks - Friend the SkateLog Forum in Facebook - SkateLog Forum on Facebook

Forum Administrators: Jessica Wright and Kathie Fry | Email Us
Access code for buying and selling subforums: "skates"
How To Get a User Account and Posting Privileges in the SkateLog Forum
Use Google to Search the SkateLog Forum

Go Back   SkateLog Forum > Other Forums > Off-Topic Discussions
FAQ Calendar Search Today's Posts Mark Forums Read

Off-Topic Discussions You can use this forum to talk about any non-skating topic you want.

Reply
 
Thread Tools Display Modes
Old February 6th, 2010, 06:34 PM   #1
Smartin
Cerebrally Dismembered
 
Smartin's Avatar
 
Join Date: May 2008
Location: Wishington
Posts: 2,106
Question Photobucket- Malware/Spyware??

I'm curious whether anyone else who uses Photobucket has experienced an increase in alerts by their anti virus program regarding worms, viruses and malware?

Last weekend I had Photobucket open in Firefox. I had nothing else open or running. Norton 360, (although it said it had blocked several potential trojans, worms, etc) let something slip through that was so persistent and annoying, I ended up just reformatting after whatever it was disabled IE, Firefox and Chrome, and most other executable files.

I'm not opening a dialog about what virus programs are best, I've used several over the years and they all have their issues. I'm just curious if anyone else has had anyone odd going on with Photobucket?
Smartin is offline   Reply With Quote
Old February 7th, 2010, 05:34 PM   #2
Bill
Junior Member
 
Bill's Avatar
 
Join Date: Aug 2006
Location: Silicon Valley, CA
Posts: 2,323
Default

Quote:
Originally Posted by Smartin View Post
I'm curious whether anyone else who uses Photobucket has experienced an increase in alerts by their anti virus program regarding worms, viruses and malware?

Last weekend I had Photobucket open in Firefox. I had nothing else open or running. Norton 360, (although it said it had blocked several potential trojans, worms, etc) let something slip through that was so persistent and annoying, I ended up just reformatting after whatever it was disabled IE, Firefox and Chrome, and most other executable files.

I'm not opening a dialog about what virus programs are best, I've used several over the years and they all have their issues. I'm just curious if anyone else has had anyone odd going on with Photobucket?
I hate it when that happens. run mcafee here andAGV and have been pretty much malware free for the past year. makes me almost want to get an apple. googling your topic title, and got a few direct hits so it looks like they are the target of hackers. think I'll try 7 it has a xp mode that should run my old programs I use... it's a crazy world out there be careful. wow a super sunday, sun is out and it's almost warm. tonight I'll skate the adult night. life is pretty good have a great weekend, love all your avatars. nice glasses
Bill is online now   Reply With Quote
Old February 8th, 2010, 12:27 AM   #3
rsfaze
Old School™
 
rsfaze's Avatar
 
Join Date: Jul 2007
Location: Orlando
Posts: 4,488
Default

Quote:
Originally Posted by Smartin View Post
I'm curious whether anyone else who uses Photobucket has experienced an increase in alerts by their anti virus program regarding worms, viruses and malware?

Last weekend I had Photobucket open in Firefox. I had nothing else open or running. Norton 360, (although it said it had blocked several potential trojans, worms, etc) let something slip through that was so persistent and annoying, I ended up just reformatting after whatever it was disabled IE, Firefox and Chrome, and most other executable files.

I'm not opening a dialog about what virus programs are best, I've used several over the years and they all have their issues. I'm just curious if anyone else has had anyone odd going on with Photobucket?

Smartin the alerts you were getting have nothing to do with facebook and everything to do with the banner software that is used on their site and just about every other on the net today. adclick is just one of many but back to the explanation.

People are using SQL injection to infect these banners, so when their infected ad comes up in rotation it will generate a malware pop-up trying to trick you into executing the trojan which drops a payload onto your computer. At this point you end up talking to a guy like me to remove the infected temp files, and anything else that has been dropped or changed by the rogue software.
__________________
"Just because you can't do it doesn't mean I can't."
rsfaze is offline   Reply With Quote
Old February 8th, 2010, 05:20 PM   #4
Smartin
Cerebrally Dismembered
 
Smartin's Avatar
 
Join Date: May 2008
Location: Wishington
Posts: 2,106
Default

Thanks for your reply. I did a little reading over the weekend and agree with your diagnosis re: the problem likely being in the banners.
I immediately closed the browser when the alerts started popping up, but apparently this was an extra clever little bugger. More clever than me at any rate
I'm pretty diligent about keeping things backed up, so reformatting is a minor annoyance- which Ive discovered is usually quicker than trying to find and systematically remove a problem like this.
Smartin is offline   Reply With Quote
Old February 8th, 2010, 05:40 PM   #5
Bill in Houston
Not Low Enough
 
Bill in Houston's Avatar
 
Join Date: Aug 2007
Location: Houston, Texas, USA
Posts: 6,033
Default

I have had good success in using Ad-Aware to clean up a particularly gnarly trojan. The malware will try to keep you from downloading it, but if you try enough sites you will eventually get it done. Then you run it about 10 times, and you'll get it cleaned up... Formatting is probably easier, but wasn't something I could do...
Bill in Houston is offline   Reply With Quote
Old February 8th, 2010, 05:57 PM   #6
Smartin
Cerebrally Dismembered
 
Smartin's Avatar
 
Join Date: May 2008
Location: Wishington
Posts: 2,106
Default

I've used Ad Aware in the past, and have pretty much had equal success with that and CCleaner to clean up the crud.
It occurred to me when that feeling of dread came over me when it became apparent that I had some sort of evil meanie taking over my computer, that I have become entirely more dependent on technology than I had ever intended.
Smartin is offline   Reply With Quote
Old February 9th, 2010, 12:18 AM   #7
Dec8rSk8r
Senior Member
 
Dec8rSk8r's Avatar
 
Join Date: Sep 2008
Posts: 4,137
Default

You might try Malwarebytes, it's free, and is catching our viruses better than the antivirus software we are paying for at work.

http://www.malwarebytes.org/mbam.php
Dec8rSk8r is offline   Reply With Quote
Old February 9th, 2010, 12:23 AM   #8
Smartin
Cerebrally Dismembered
 
Smartin's Avatar
 
Join Date: May 2008
Location: Wishington
Posts: 2,106
Default

Thanks, I'll definitely check that out.
Smartin is offline   Reply With Quote
Old February 9th, 2010, 12:23 AM   #9
A-Town Sk8er
theultimateskatesupply
 
A-Town Sk8er's Avatar
 
Join Date: Dec 2007
Location: A-Town, SC
Posts: 4,794
Default

Quote:
Originally Posted by Dec8rSk8r View Post
You might try Malwarebytes, it's free, and is catching our viruses better than the antivirus software we are paying for at work.

http://www.malwarebytes.org/mbam.php
Excellent Product!! Ive been using this one quiet a bit lately on my service work
__________________
Owner / Operator

www.theultimateskatesupply.com
A-Town Sk8er is offline   Reply With Quote
Old February 9th, 2010, 03:04 AM   #10
Phil in Midwest
Senior Member
 
Phil in Midwest's Avatar
 
Join Date: Feb 2009
Posts: 155
Default

+1 for Malwarebytes
Phil in Midwest is offline   Reply With Quote
Old February 9th, 2010, 03:23 AM   #11
wired
Member
 
wired's Avatar
 
Join Date: May 2008
Location: KY USA
Posts: 1,622
Default

Quote:
Originally Posted by smartin
I'm pretty diligent about keeping things backed up, so reformatting is a minor annoyance- which Ive discovered is usually quicker than trying to find and systematically remove a problem like this.
A++ to Smartin!

If users would spend as much time setting up a backup strategy as putzing around with AV software they would kill two birds with one stone.

But for those of us who get paid to recover for those without backup...

Quote:
Originally Posted by Dec8rSk8r View Post
You might try Malwarebytes, it's free, and is catching our viruses better than the antivirus software we are paying for at work.
+1000

I use MBAM on every malware ridden machine I work on. It usually won't clear the most severe infections since it runs in Windows but it will clean up a machine after the really wicked stuff is gone. MBAM should scan in windows safe mode until everything is gone +1.

Getting rid of really wicked stuff requires scanning the infected disk without using the OS on the infected disk. Use either a bootable CD with virus tools on it or mount the infected disk on another machine.

Personally I despise running AV software as a service on a machine. It is quite pointless with the quantity of zero day attacks currently. The most effective strategy is a good backup. The backup procedure needs to be able to restore from bare metal with a minimum of effort. Disk images are good for this.

My main advice to internet users is that if strange stuff starts popping up DON'T CLICK ANYTHING! The safest course of action is to unplug the machine, start in safe mode and run MBAM (which hopefully you updated recently).

One current malware vector is browser cache poisoning. This usually happens when you connect via a untrusted network and can cause your browser to go to very bad web sites. Flush your browser cache early and often if you use random wireless networks. black-hat-wi-fi-attackers
wired is offline   Reply With Quote
Old February 9th, 2010, 07:24 AM   #12
Armadillo
Senior Member
 
Armadillo's Avatar
 
Join Date: Apr 2008
Location: Chicago, Near the Lake
Posts: 5,496
Default This site has the serious tools to kick some malware a$$

If you really want to regain control when your PC gets malware infected visit this site and learn how to be ready for the next time it arrives:
LINK => http://elitekiller.com/malware.htm

I have neutralized some of the nastiest infections using his S/W downloads and procedures. Not for the faint of heart. Some of these tools, like SchmitFraud, will trigger false alarms with your current protection. These are false alarms - trust me. Because these tools are so powerful, some of them look like nasties, even though they arent.
One of his S/W tools, on install, will ask if you want the the "Microsoft Windows Recovery Console" to be installed on your hard disk. This lets you have a menu choice on every boot whether you want to do the equivalent of a Windows CDROM boot - WITHOUT HAVING TO USE THE CDROM. There is a super good reason to do this.

It relates to a key thing that you can do BEFORE you ever get hit,
and that is to back up your five (5) core hive files into a folder location underneath the Windows folder. Why,... because when you boot to Windows Recovery Console, you can't access Hdisk locations that are not under Windows. By putting your five core hive files backup there manually, you can then boot to system console and manually restore the five core hive files. Once these are restored, you can then usually boot OK into safe mode without the malware loading, and then you can proceed to run a full System Restore (assuming the malware didn't delete all the saved restore points). At this point clearing out all the remaining infected files becomes way more feasible.

In 25 years of PC support, this is the most comprehensive site I have found for becoming more proficient at handling serious malware infections. You can gain skill levels here that will elevate you way beyond what the average "sure I can clean your virus" guy can do.

-Armadillo
__________________
Rollin' on AIR
Armadillo is offline   Reply With Quote
Old February 10th, 2010, 11:41 AM   #13
rsfaze
Old School™
 
rsfaze's Avatar
 
Join Date: Jul 2007
Location: Orlando
Posts: 4,488
Default

I do tech support mostly malware removal for a living and I can tell you even with some of the best tools out there like..

combofix
malwarebytes
SuperAntiSpyware
Killbox
Smitfraud
Gmer

and the list goes on but my point is even after running the common ones 8 times out of 10 the machine is still infected. Rootkits are becoming VERY popular again, I think simply because MS said the 64 OS would kill the idea of a root kit ever again because of kernel signature requirements... but I have already dealt with a 64bit rootkit so we are just getting a sneak peak at the the net is turning into.

can we say Bot-net ?
__________________
"Just because you can't do it doesn't mean I can't."
rsfaze is offline   Reply With Quote
Old February 10th, 2010, 03:26 PM   #14
wired
Member
 
wired's Avatar
 
Join Date: May 2008
Location: KY USA
Posts: 1,622
Default

Quote:
Originally Posted by rsfaze View Post
my point is even after running the common ones 8 times out of 10 the machine is still infected. Rootkits are becoming VERY popular again,
That is why you have to scan without the infected Operating System running. Once a rooted OS loads what you see is a lie...

Trinity Rescue Kit offers a free version on the Linux tools I use to work on Windows machines. While the version of ClamAV is old it still works quite well. You will need a network connection to update the signatures.

Avast! Bootable Antivirus & Recovery Tool has a similar name to the excellent tools at www.nu2.nu but is a commercial venture with a different feature set. This tool is easier to use than TRK. It also includes a fairly decent registry cleaner and several other tools. Once subscribed you can download files and updates to make a bootable CD. Very easy!

Once you get the nasties these bootable CDs remove you still need to run the most current Malware Bytes Anti-malware in safe mode until it cannot find any infected files +1 more time. One big hitch is that some times a rooted OS will have vital system files removed during cleaning with the bootable CDs. If this happens you can either do a rescue re-install of Windows or replace the removed files from a clean source.

Elitekiller.com mentioned by Armadillo is a nice overview and has a lot of good tips but appears to only offer safe mode cleaning instructions. These methods will offer little help against a rootkit unless the rootkit is included in the latest Rogue removal kit and can work properly under an rooted OS. Remember, Once a rooted OS loads what you see is a lie...

It is MUCH easier to have a good backup strategy than to struggle with this foolishness, unless you are getting paid to do so. Like I have said before images are where it is at for restoring an OS. To make imaging easier keep your OS partition as small as possible and put all your data and program files on a separate logical drive. Image for the OS, file backup for the rest. This way a fairly old OS image is still quite useful.
wired is offline   Reply With Quote
Old February 12th, 2010, 04:18 AM   #15
Bill
Junior Member
 
Bill's Avatar
 
Join Date: Aug 2006
Location: Silicon Valley, CA
Posts: 2,323
Default

Quote:
Originally Posted by Dec8rSk8r View Post
You might try Malwarebytes, it's free, and is catching our viruses better than the antivirus software we are paying for at work.

http://www.malwarebytes.org/mbam.php
downloaded the trial did a scan. I guess mcafee is doing it's job , got a clean result!
I 'm set up to do the updates , for windows and my anti virus software is always up to date. still it's been a few years.since I've bought this system. hoping to do an upgrade.
Bill is online now   Reply With Quote
Old February 12th, 2010, 05:45 AM   #16
Armadillo
Senior Member
 
Armadillo's Avatar
 
Join Date: Apr 2008
Location: Chicago, Near the Lake
Posts: 5,496
Default Why dont ALL A-V programs generate a bootable CD?

Quote:
Originally Posted by wired View Post
...

Avast! Bootable Antivirus & Recovery Tool has a similar name to the excellent tools at www.nu2.nu but is a commercial venture with a different feature set. This tool is easier to use than TRK. It also includes a fairly decent registry cleaner and several other tools. Once subscribed you can download files and updates to make a bootable CD. Very easy!

Once you get the nasties these bootable CDs remove you still need to run the most current Malware Bytes Anti-malware in safe mode until it cannot find any infected files +1 more time. One big hitch is that some times a rooted OS will have vital system files removed during cleaning with the bootable CDs. If this happens you can either do a rescue re-install of Windows or replace the removed files from a clean source.
How can any serious anti-malware program NOT have the feature of making a system bootable CDROM with ability to connect to WEB and then either scan Hdisk from web, or download updates and then scan locally? For what they charge, it is an insult not to have this included.

Quote:
Originally Posted by wired View Post
It is MUCH easier to have a good backup strategy than to struggle with this foolishness, unless you are getting paid to do so. Like I have said before, images are where it is at for restoring an OS. To make imaging easier keep your OS partition as small as possible and put all your data and program files on a separate logical drive. Image for the OS, file backup for the rest. This way a fairly old OS image is still quite useful.
Use Acronis True Image S/W and you can control what items are included in the image. You can also do incremental images of only files that have changed. You can filter files from the image too, like *.tmp ...
Highly recommended & fast too. Acronis has a 30 day full function Eval download too, so you can use it to make a full image for free. Then generate a "Recovery CD" so, if you crash, you can boot from the CD and restore your image(s) - even after the 30 days have passed.
-Armadillo
__________________
Rollin' on AIR
Armadillo is offline   Reply With Quote
Old February 12th, 2010, 07:01 AM   #17
wired
Member
 
wired's Avatar
 
Join Date: May 2008
Location: KY USA
Posts: 1,622
Default

Quote:
Originally Posted by Armadillo View Post
How can any serious anti-malware program NOT have the feature of making a system bootable CDROM with ability to connect to WEB and then either scan Hdisk from web, or download updates and then scan locally? For what they charge, it is an insult not to have this included.
Each to his own...

For rootkit scans I would never DREAM of having the machine connected to a network much less the Internet...
wired is offline   Reply With Quote
Old February 12th, 2010, 11:59 AM   #18
rsfaze
Old School™
 
rsfaze's Avatar
 
Join Date: Jul 2007
Location: Orlando
Posts: 4,488
Default

Quote:
Originally Posted by wired View Post
That is why you have to scan without the infected Operating System running. Once a rooted OS loads what you see is a lie...
I do remote tech support, where the machines are the client of the remote session so scanning the file system offline is not an option yet...but I and others are working on an idea on how that could work...remotely
__________________
"Just because you can't do it doesn't mean I can't."
rsfaze is offline   Reply With Quote
Old February 16th, 2010, 04:15 AM   #19
Bill
Junior Member
 
Bill's Avatar
 
Join Date: Aug 2006
Location: Silicon Valley, CA
Posts: 2,323
Default

noticing my system is not as responsive as I remember.... I do back up some files but. decided to defrag.. and found my bot drive almost full!. funny how that sneaks up on me. one gig at a time. time to move some files. usually keep an eye on this. but....surprise!
Bill is online now   Reply With Quote
Old February 16th, 2010, 11:25 AM   #20
rsfaze
Old School™
 
rsfaze's Avatar
 
Join Date: Jul 2007
Location: Orlando
Posts: 4,488
Default

Quote:
Originally Posted by Bill View Post
noticing my system is not as responsive as I remember.... I do back up some files but. decided to defrag.. and found my bot drive almost full!. funny how that sneaks up on me. one gig at a time. time to move some files. usually keep an eye on this. but....surprise!
the other thing to keep in mind is after an infection there could be system files that have been corrupted or modified so it's best to run a system file check on the drive.Possibly a check disk at boot up, and depending on the OS, dial-a-fix and or fixpermissions from MS.You would be amazed at what one single file could do to your system if it's bad or been altered.

Then there are many tools that can remove restricted policies from your computer that was caused by malware ie..disabled regedit,changing wallpaper,etc.
__________________
"Just because you can't do it doesn't mean I can't."
rsfaze is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:28 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.