Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 25 Jul 2014, 23:31
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Alpha Anti-Virus hijack attempt
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [25 Posts]   Goto page: 1, 2 Next
Author Message
nubc


Joined: 23 Jan 2007
Posts: 994
Location: USA

PostPosted: Wed 04 Nov 2009, 09:22    Post subject:  Alpha Anti-Virus hijack attempt  

Lately I have been frequenting two sites, one of which is this forum. The other site is more commercial than Puppy Forums, but the fact is, the unsolicited, unclicked download attempt occurred while I was on Puppy Forums. I was using Windows XP SP3 at the time, with AVG running and updated. I have since run MalwareBytes Anti-malware scan, which found no malware. Alpha Anti-Virus is a rogue antivirus. I guess I am trying to identify the source by elimination, and this forum is my starting place.

EDIT: I removed the expression "less respectable" and replaced it with "more commercial".

Last edited by nubc on Wed 04 Nov 2009, 19:57; edited 5 times in total
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Wed 04 Nov 2009, 10:08    Post subject:  

Quote:
The unsolicited, unclicked download attempt occurred while I was on Puppy Forums. I was using Windows XP SP3 at the time, with AVG running and updated.


This maybe a page hijack - normally activated by rogue porn or other dubious sites.
http://en.wikipedia.org/wiki/Page_hijacking

You can use the noscript plug-in for Firefox

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
nubc


Joined: 23 Jan 2007
Posts: 994
Location: USA

PostPosted: Wed 04 Nov 2009, 11:09    Post subject:  

By "less 'respectable' than Puppy Forums", I meant the other site is commercial, runs commercial ads, and doesnt have the noble purpose of a support forum, that is, one is more likely to encounter malware on the other site. The download was preceded by a popup telling me I have malware, that I need this anti-virus. I killed it with the X in the upper right corner, but soon after, exactly when I left Puppy Forums there was another much larger popup showing the Alpha Anti-Virus download progress bar, which I killed immediately. Fortunately, I was on dialup, so the download was slow. That may be the end of it, especially if I delete temporary files, but the fact remains, this happened on Puppy Forums, with only one instance of IE7 running. Consider this thread to be a "heads up" in case there are other reports of Alpha Anti-virus.
Back to top
View user's profile Send private message 
cthisbear

Joined: 29 Jan 2006
Posts: 3387
Location: Sydney Australia

PostPosted: Wed 04 Nov 2009, 17:40    Post subject:  

Use Hitman Pro 3

The first behavioral scan and multi-vendor cloud confirmation
anti-malware and scan your comp over the net.

Small, fast..if you have a reasonable connection.
You get a onetime license to remove any problems that are found.

http://www.surfright.nl/en/hitmanpro

""""""""""""

After you use it...uninstall it straight away, or buy the license.

I use these as well as for nasties.
All Windows comps I fix get scanned with these after using
Puppy to clean XP.

DR Web Cureit

Malware Antimalwarebytes

SuperAntispyware.

RemoveIT Pro v4- SE

AntiVir Free Version

All download links are on my post here.

http://117.53.171.171/forum-replies.cfm?t=1261484&p=3

Chris.
Back to top
View user's profile Send private message 
Caneri

Joined: 04 Sep 2007
Posts: 1580
Location: Canada

PostPosted: Wed 04 Nov 2009, 18:20    Post subject:  

Well Chris,
The solution seems to be to stop looking at pRon..and that's not acceptable.
We need another solution for us normal guys that like a bit of titties and beer...cripes, what's a guy to do now a days.

@Ed,
yup no scripts works well but still not enough..maybe just use Puppy on a live cd and import the pRon links via usb stick.

That's just my idea and nobody has EVER thought of it...Eric

_________________
Be not afraid to grow slowly, only be afraid of standing still.
Chinese Proverb

Back to top
View user's profile Send private message 
nubc


Joined: 23 Jan 2007
Posts: 994
Location: USA

PostPosted: Wed 04 Nov 2009, 19:53    Post subject:  

1. I dont have Alpha Antivirus on my computer. It was an attempt to install Alpha AV from a popup. You dont have to download something to get a popup, am I right? I closed the popup by using the X in the upper right corner; maybe this was the click that initiated the download attempt.

2. I am not looking at porn, and I'm pretty sure you can encounter Alpha AV anywhere on the net. Can anyone claim that it's impossible to contract Alpha AV on Puppy Forums? (not being rhetorical, a real question)

3. I used Malwarebytes Anti-Malware, which found no infection. When recommending security software, one should make a point of correctly spelling the vendor and product, because the crooks use misspellings of legit software to name their junk.
Back to top
View user's profile Send private message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Wed 04 Nov 2009, 20:23    Post subject:  

nubc

It was a flash popup fake AV scam

Quote:
Alpha Antivirus is installed through the use of fake online anti-spyware scanners and Trojan viruses. Trojans, usually FakeAV, display fake security alerts and notifications stating that your PC is infected or under attack by an Internet virus. FakeAV variants may also download additional malware. In this case is also installs a password stealer on the compromised computer. Once active, AlphaAntivirus will be automatically configured to imitate system scan and display bogus results each time you log on into Windows. As we have already mentioned, the scan results are fake, you may safely ignore them. The main goal of this infection is to trick you into purchasing totally useless software.


source: http://www.2-spyware.com/remove-alpha-antivirus.html

Definitely doesn't originate on Puppy forum - we are too quick for that!

As long as you closed the popup, then your browser & then shut down/rebooted & ran normal AV program you should be OK

I recommend using SandboxIE if using Windoze

http://www.sandboxie.com/

Just delete the sandbox after browsing ... [Very useful for that other purpose, Eric Wink ]

If in doubt - try Chris's earlier remedies

Aitch Smile
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10931
Location: Arizona USA

PostPosted: Wed 04 Nov 2009, 21:44    Post subject: Re: Alpha Anti-Virus hijack attempt  

nubc wrote:
... the unsolicited, unclicked download attempt occurred while I was on Puppy Forums. ...
Apparently the same thing happened to me about 3 weeks ago. I was moderating this forum from my brother's Windows computer, probably using Firefox, and an "antivirus scan" window popped up without me clicking anything to start it. Later my brother told me his AV software found a relatively benign growth in his computer which might have been caused by it. Unfortunately I deleted his email telling me what it was. I told John Murga about it and he changed a few things. It may not be this forum's server that's responsible.
Back to top
View user's profile Send private message 
rjbrewer


Joined: 22 Jan 2008
Posts: 4422
Location: merriam, kansas

PostPosted: Thu 05 Nov 2009, 03:15    Post subject:  

Doing some work for a friend that just got his pc (xp) back
from the shop all cleaned up and updated .

Hooked it up and quickly found that many google searches
were being redirected.

When hitting "back" in I.E., fake antivirus crap showed up. The
only way to stop it was with reboot or shutdown.

Works fine with puppy cd.

_________________

Inspiron 700m, Pent.M 1.6Ghz, 1Gb ram.
Msi Wind U100, N270 1.6>2.0Ghz, 1.5Gb ram.
Eeepc 8g 701, 900Mhz, 1Gb ram.
Full installs

Back to top
View user's profile Send private message 
nubc


Joined: 23 Jan 2007
Posts: 994
Location: USA

PostPosted: Thu 05 Nov 2009, 12:58    Post subject:  

Happened again today at 11am. I had just closed the only IE7 window where I was reading this forum, and the popup Warning!!!! appeared, with nothing else on desktop. This time I closed the popup with Task Manager by killing "iexplore.exe" and there was no subsequent download attempt. So I would say if you click anything on that first popup, you will thereby initiate the undesired download. Right now I am running security scans, and will report anything significant.

I must say, the circumstantial evidence is strong that this problem originates with Puppy Forum, or its servers. It may be a trojan, a downloader, or some kind of infection on my Windoze puter, but barring those possibilities it must be originating here. It probably only affects Windows computers using IE, but what about a curious Windows user who explores our friendly forums and comes away with a little momento for his interest.

Quote:
Warning!!!!! Your computer needs antivirus to protect it from further corruption. Alpha Antivirus....

Last edited by nubc on Mon 11 Jan 2010, 08:17; edited 4 times in total
Back to top
View user's profile Send private message 
James C


Joined: 26 Mar 2009
Posts: 5679
Location: Kentucky

PostPosted: Thu 05 Nov 2009, 13:42    Post subject:  

I occasionally access this forum from a Windows computer, using XP SP3 and Firefox 3.5.4 at the moment, and luckily have had no hijack attempts from here yet.( Haven't booted my Puppy box this am) However, I have seen these hijack attempts a number of times elsewhere.

I personally use AVG Free 9.0, Malwarebytes' Anti-Malware, SUPERAnti-Spyware and SpywareBlaster........in an attempt to keep the bad stuff at bay.

Think I'll go boot Puppy now.......... Smile
Back to top
View user's profile Send private message 
plankenstein


Joined: 15 Nov 2008
Posts: 121
Location: Arkansas, USA

PostPosted: Thu 05 Nov 2009, 13:57    Post subject:  

I had the same thing happen to me @ work a couple of times recently. Running XP SP3 and IE7. It's only been here that I have run into this, but then again I haven't been surfing much of anywhere else lately.
_________________
I carefully plan ALL my random acts! Laughing
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1255

PostPosted: Thu 05 Nov 2009, 14:29    Post subject: hijack attempts  

These are not necessarily due to the forum. There are infected systems all over the net. If you are running something that isn't right up to date with fixes for cross-site scripting or code injection attacks you can get hit by a compromised system in between, or at a linked site. The more systems in a path, the more opportunities. Getting to your ISP may not expose you, getting to Switzerland may, if you live elsewhere. (There is nothing special about Switzerland, I could have said Eniwetok.)

I've seen two infected Windoze systems in the last few weeks that were running AVG 8.5 free. (I haven't had experience with AVG 9.0.) I consider Norton hopeless and am not impressed with McAfee's recent performance. The number of signatures in virus/malware databases is now in the millions, and new strains are appearing daily, if not hourly, stressing all systems which depend on fast signature updates. Simply going away for the weekend and leaving your computer off can put you at risk when you check the news on return, if you don't update your protection first.

I've recommended Comodo Internet Security, though I admit it takes some work to get it adjusted so you can use it conveniently. A new problem: last week people using this got hit by Windows Defender, a real M$ protection program which quickly decided Comodo was malware. (The irony here is that Comodo has been ahead of the pack in using behavioral analysis to identify malware without waiting for a signature. It appears M$ is now using this approach, but has neglected to identify Comodo as an ally. Comodo must not pay Bill.)

Recent attacks definitely go after protection software. Some identify themselves as security software, even Windows components. Don't depend on appearance, there are many versions of the same malware with different "skins". If you can't restore to a point before infection, check the prefetch cache for strange things.

Best advice of all: don't use Windoze for browsing. Run Puppy from RAM.
Back to top
View user's profile Send private message 
cthisbear

Joined: 29 Jan 2006
Posts: 3387
Location: Sydney Australia

PostPosted: Thu 05 Nov 2009, 17:44    Post subject:  

" I must say, the circumstantial evidence is strong that this
problem originates with Puppy Forum, or its servers. "

::::::::::::::::::::::::::::::::::::::::::::

I am sorry to tell you in quite this fashion.

But >>>>Absolute Bullshit Moment.

I am running XP most times on this Puppy Forum.

Two different computers.
Not a sniff or a whiff of these Nasties.

IE...the shittiest browser you could use. WHY?????????
Once again I will state...don't use it.

I run Seamonkey in Windows.
Don't go past Server Pack 2 in XP.
No updates.
All I do is fix comps.
All MS updates do is slow and F....P comps.
Put a firewall on...not MS crap.

////////

Luthers answer may be best.

By Luther on Oct 29, 2009

Okay…I think I have the real fix for this phukkin Alpha crap.

I tried all of the suggested fixes to no avail. I searched my registry and it wasn’t there. So I let the alpha thing run for a second and noticed where the Alpha.exe file location was.

It showed it was in
C:\program files\x86\Alpha
(something to that effect)

Since the Alpha program starts automatically based upon the executable file, I just deleted that S.o.b.

Before you start deletion attempts, make sure you open the task manager and end the Alpha process first (or it won’t let you delete it).

And to all the “free” malware/spyware peddlers – you ppl are dikks.

Thank God I have the understanding to figure this crap out myself and help other ppl without charging them.

Email me if you all have any further ??? or need any further help.

-Luther

http://www.xp-vista.com/spyware-removal/remove-alpha-antivirus-removal-instructions

//////////

You are done and hosed.
Clean up...clean out as I mentioned.
Turn off System Restore.

" To Remove Alntivirus in you Computer First Use Manual steps to
turn off on System Restore
Steps to turn off System Restore

1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore.

Then After Restart you Computer Safe Mode with Networking How To Restart? To get into the Windows Safe Mode with Networking computer is booting press and hold your "F8 Key" which should bring up the
"Windows Advanced Options Menu" as shown below. Use your arrow keys to move to Safe Mode with Networking and press your Enter key.
Then Download Update and Scan Use Malwarebytes' Anti-Malware Press This Link http://www.download.com/Malwarebytes-Ant…

To Remove Alpha Antivirus Download and Scan Use Super Antispyware Press here http://www.superantispyware.com/

To Remove Alpha Antivirus Download and Scan Use Norman Malware Cleaner Press here http://74.125.77.132/search?q=cache:tc23…

""""""""""""""
You need to kill the process.

This one works for Vista and XP...ut not everything.
If you could install it on another machine,
copy the program files...not the setuo...onto your comp.

http://orangelampsoftware.com/products_killprocess.php

Icesword is great for XP.
Sometimes works in Vista.

http://www.antirootkit.com/software/IceSword.htm

////////////

My cleanout for XP. A little different for Vista

as Documents and Settings
changed to
Users.

http://www.murga-linux.com/puppy/viewtopic.php?mode=attach&id=16661

/////////

Other answers.


http://answers.yahoo.com/question/index?qid=20090925163712AAY0CnJ

http://www.2-spyware.com/remove-alpha-antivirus.html

http://www.2-viruses.com/remove-alpha-antivirus

http://www.bleepingcomputer.com/virus-removal/remove-alpha-antivirus

///////////

This is in fact very similar to How to remove SecurityTool

http://www.spywarevoid.com/remove-securitytool-security-tool-removal-help.html

Where I posted back that Leos answer worked.

Sorry mate but your whinge peed me off.

Chris.
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1255

PostPosted: Thu 05 Nov 2009, 18:19    Post subject: security tool  

Security tool is one of the names I have seen with this general behavior. Unfortunately, we now appear to be dealing with custom malware generators. Changing appearance is easy, for those with the tools.

I have also seen malware which pretends to be a relatively old infection. This complicates removal, and may help them identify your protection software, which takes predictable actions.

Dealing with this level of sophistication on my own was a challenge. You no longer have to do this. Run searches, but be cautious about what advice you accept. There are people poisoning search engine caches to direct you to malware. People providing reputable tools will have a track record, legitimate sites, and a discussion forum.

As for browsers under Windows, switching from IE to Opera will eliminate most threats. I run Firefox 3.5.4 with Noscript, which requires some thinking to decide what scripts to allow. I haven't tried Seamonkey on Windows. Running Seamonkey on Puppy works very well.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [25 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1083s ][ Queries: 11 (0.0063s) ][ GZIP on ]