The time now is Fri 20 Apr 2018, 08:54
All times are UTC - 4 |
Page 2 of 2 [25 Posts] |
Goto page: Previous 1, 2 |
Author |
Message |
nubc

Joined: 23 Jan 2007 Posts: 1907 Location: USA
|
Posted: Thu 05 Nov 2009, 18:52 Post subject:
|
|
I ran updated AVG 8.5 and latest Malwarebytes Anti-Malware, both report my computer is clean. I searched the C-drive for "alpha", nada. I visit maybe 15 sites on a typical day, Linux news, email, YouTube, etc, but Puppy Forums is the only place I get this popup for Alpha AV. Of course I can use FF 3.5.4 instead, or just use Puppy liveCD, or upgrade IE7 to IE8. I can do a workaround from my end, no problem. Sooner or later, the antivirus industry is gonna clean out Alpha AV, spic and span.
Question: Why does this occur only on Puppy Forums? I close the IE7 browser, up comes the popup. Okay, it's an IE7 exploit. So then something is exploiting IE7 and I only experience the exploit here.
|
Back to top
|
|
 |
muggins
Joined: 20 Jan 2006 Posts: 6747 Location: hobart
|
Posted: Fri 06 Nov 2009, 00:03 Post subject:
|
|
Why on earth would anyone still be using IE?
|
Back to top
|
|
 |
nubc

Joined: 23 Jan 2007 Posts: 1907 Location: USA
|
Posted: Fri 06 Nov 2009, 01:35 Post subject:
|
|
IE users: 60% of all computers, newbies (potential converts to Linux), office workers, techs who service Windows
http://en.wikipedia.org/wiki/Usage_share_of_web_browsers
Last edited by nubc on Tue 10 Nov 2009, 01:30; edited 2 times in total
|
Back to top
|
|
 |
SirDuncan

Joined: 09 Dec 2006 Posts: 836 Location: Ohio, USA
|
Posted: Fri 06 Nov 2009, 12:27 Post subject:
|
|
@nubc:
Well, I haven't had any problems when visiting with my Win7RC install. Not that this really means anything since I surf in FF. My first piece of advice is to upgrade IE7 to IE8. They fixed a ton of security flaws between the two. Even if you don't use IE for surfing, merely having it on the computer can still allow some exploits, so get the most secure version of it. The second piece of advice is to get your Win install fully upgraded. Third piece of advice is to use a different browser. If you go with FF/SeaMonkey, install adblock plus and consider installing noscript (I think noscript works with SeaMonkey).
@all:
Multiple people have seen this happen while on the forums. This leads me to believe that it is a cross scripting attack coming from an ad on the site. Has anyone noticed what ad was being shown when the attack happened? Also, if this is being initiated by Adobe Flash (as Aitch says above), why has the popup not presented itself to people running Puppy? Or has it and no one has said anything? Flash is crossplatform, so even if it couldn't get the download initiated on its own, it shouldn't have any problem creating a popup.
This is certainly not the way we want to greet potential new users (or old users visiting from their game/legacy/etc. system). We need to confirm where it is coming from and take steps to get rid of it.
_________________ Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
|
Back to top
|
|
 |
nubc

Joined: 23 Jan 2007 Posts: 1907 Location: USA
|
Posted: Fri 06 Nov 2009, 15:07 Post subject:
|
|
Housecall found and fixed 3 rootkits and 3 trojans. When I upgraded AVG to version 9, it complained that the following program should be removed before proceeding:
{B5AB638F-D76C-A8F2-F3CEAC50212}
A search did not find this key in registry. Possible malware: AproposMedia, URLSearchHook. Seeq
Furthermore, 27 Windows XP / IE7 updates became immediately available after the above changes.
Before I hear a chorus of "I told you so's", none of the above points conclusively to a source, nor does it explain why popups occur only on Puppy Forums. But I am inclined to think this laptop had some preconditions for the current problems.
Last edited by nubc on Wed 11 Nov 2009, 18:10; edited 1 time in total
|
Back to top
|
|
 |
Aitch

Joined: 04 Apr 2007 Posts: 6815 Location: Chatham, Kent, UK
|
Posted: Sat 07 Nov 2009, 09:25 Post subject:
|
|
nubc
glad to see you have tracked down rootkits/trojans on your system
I recommend, if you are to continue using IE, installing WOT
http://www.mywot.com/en/download/ie
as it will warn of malware/bad sites - most times, accurately
see earlier and herein repeated sandboxIE message
For general info, and to put people's minds at rest, I just verified using XP SP2 & a deliberately vulnerable IE6, by trapping any likely malware in a sandbox [as suggested earlier - SandboxIE] - There was NO viral activity from the forum despite nubc's assertions
Keep it clean! Use Puppy/any other browser than IE!!
Good post, Chris, as usual
Aitch
|
Back to top
|
|
 |
nubc

Joined: 23 Jan 2007 Posts: 1907 Location: USA
|
Posted: Sat 07 Nov 2009, 23:31 Post subject:
|
|
The forum for the other site I mentioned is now getting reports of rogue antivirus hijack attempts. I am gonna let this issue ride for several days, then mark this thread SOLVED. Thanks for all feedback. (Fingers crossed)
|
Back to top
|
|
 |
Patriot

Joined: 15 Jan 2009 Posts: 734
|
Posted: Sun 08 Nov 2009, 22:35 Post subject:
|
|
Hmmm .....
Occasionally, I would have to troubleshoot a system with an infected malware ... Most of the time, I had to do it manually .... The minor to medium malware infection can be cleared up in about an hour ... The bad a*ss ones could take up to 3-4 hours ...
One of the symptoms that you're having a bad a*ss malware is when you've attempted all sorts of software assisted disinfection methods and yet you still get "hijacked" ... This is what I call the hocrux effect ... A piece of malware with the ability to split itself/link/service and hide it into several windows objects using the dark arts ... The real smart bad a*ss will definitely do a hidden system service that's tough to remove ... An attempt to kill it will just make it spawn a new one in the background ...
Such a malware have a timer or counter mechanism that triggers an activity ... You could be at Disney's website and still get such an activity ... Many people failed to understand that software assisted malware cleaning is not 100% effective. A cocktail of malware cleaners does help but is still less than 100% effective ...
Hocrux hunting is also a difficult art to master itself ... Whenever I encounter a new malware, it could take me hours to find and destroy all the hocrux ... The only cure to such an infection for the layman is prevention ... Even a fresh re-install from zero does not guarantee a no-reinfection if it has spread to your broom flying pen drives or other external storages .... A suitable antivirus from a trusted source can definitely help (ie. I do recommend Comodo for those who really cannot afford yearly licenses).
Unfortunately, I haven't encounter this AlphaAV malware thus I am unable to say where to find its roots .....
Rgds
|
Back to top
|
|
 |
James C

Joined: 26 Mar 2009 Posts: 6717 Location: Kentucky
|
Posted: Tue 10 Nov 2009, 21:47 Post subject:
|
|
I was using my XP box earlier this afternoon when I suffered one of the fake anti-virus hijack attempts.I rebooted so fast I didn't even notice the name, but after Malwarebytes, SuperAntispyware And Avira scans my computer luckily wasn't infected.
And I was using Firefox 3.5.5 by the way, so its not just the IE users who need to be careful.
|
Back to top
|
|
 |
Pence
Joined: 30 Jul 2005 Posts: 201
|
Posted: Mon 16 Nov 2009, 11:55 Post subject:
|
|
Our Library blocked the link to Barry's Blog for awhile, but it's now working again.
|
Back to top
|
|
 |
|
Page 2 of 2 [25 Posts] |
Goto page: Previous 1, 2 |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|