 |
|
|||
|
|
|
 |
 |
 Established for the Exploration and Advancement of Effective Affiliate Marketing Practices |
|
|||||||
| Phishing & Fraud Alerts Report phishing and fraud attempts for the world to see... | |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
 |
|
|
Thread Tools | Display Modes |
|
#1
03-02-2010, 12:56 PM
|
||||
|
||||
New Angle SEO alert.
While searching for a spyware removal tool for a local business that picked a virus. I discovered this post on an anti-virus site. Best to use yahoo and be careful where you surf for now..
Article can be read here. http://www.avast.com/pr-malware-gangs-profit-from-seo 
|
|
#2
03-02-2010, 01:07 PM
|
||||
|
||||
|
I ran into this twice at a client site in the past couple of weeks. Fake antivirus scans began on two different workstations and couldn't be stopped by the user. They prevented access to the desktop or kept the desktop from loading. I accessed the c drive across the network and replaced the offending program files with dummy files of the same name and stopped the action.
TIP: Do a search for all files dated within the past one day (or from a date before the infection) to find the culprits. Then use notepad to create a dummy file of the same name, replacing the originals. Then reboot the computer. You should now be able to operate the computer normally and get rid of the threat through AV/AntiSpyware scans. Or on Windows XP, so a system restore from a previous save.
|
|
#3
03-02-2010, 01:15 PM
|
||||
|
||||
|
So far I have been totally unsuccessful with this one....
Keeps getting detected by Norton Security [says removal successful .. reboot required. ] upon reboot, its still there. tried slaving the drive thru a firewire cable and scanning from a clean computer... Still no luck. Tried manually removing files. Most of which can't be found where Norton says they are. Total 98 registry files 17 host files 27 system files and folder. Fake alert is Spyware Gaurd 2008 Variant ...  
|
|
#4
03-02-2010, 01:22 PM
|
||||
|
||||
|
You might have a rootkit infection. Most anti* programs don't know how to get rid of these. I've had more success with http://superantispyware.com than any other software, and it does get rid of rootkits. I'm actually a dealer but have never developed marketing for the package.
Also, if you have access to the registry, check run and run-once for offensive loads. My experience is that even deleting program files you find is ineffective because there's some other program running that simply replaces the deleted files.
|
|
#5
03-02-2010, 01:29 PM
|
||||
|
||||
|
I'm not going to give the anti-virus programs a bad name. But the only one that has detected it is the one mentioned.
The other programs that I have access to on my server, don't even know it's there.... This just isn't cool.. Glad it ain't my computers.. 
|
|
#9
03-03-2010, 02:34 AM
|
||||
|
||||
|
The only 2 symptoms I've seen, oops 3 ++Vista** #3
# One sluggish as all get out. # Two Norton scans and says it has detected and removed it, reboot required. After reboot when Norton scans again, show the same list of files. According to the log files this started on 1/12/2010 @ 4:02 pm I was using Team Viewer last night remotely and I believe he may have been hacked.. Some files were created around 2 - 3 am that morning. This business closes at 11pm and nobody is there after 11:30 pm. The only thing I forgot to do, was disable system restore..  Going to try that again an delete the system restore files. Didn't realize that Vista automatically replaces files it feels are corrupted...
|
|
#10
03-03-2010, 07:55 PM
|
||||
|
||||
|
Well almost eleven hours later, I can say mission accomplished...Sheesh.
I love a figuring things out, put that fake alert was coming from Norton... Un-installed and cleaned registry files and re-installed the virus protection. THen had to drive over there and flush the ipconfig files so it would re-connect to the internet.... 
|
|
| Bookmarks |
| fake virus alert, malware, redirects, spyware |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
