4/3 rumor site VIRUS

Discussion in 'The Watering Hole' started by Luke, Jun 14, 2011.

  1. Luke

    Luke Mu-43 Hall of Famer

    Jul 30, 2010
    Milwaukee, WI
    Luke
    Just a quick shout-out to warn everyone about the NASTY infestation I received while visiting the 4/3 rumors site.

    By the way, has anyone had any experience removing the bogus "MS removal tool"? I've downloaded Malwarebytes (which seems to be the most recommended program for this specific malady) and run it several times. It seems to find stuff every time and remove it, but every time I restart the computer, it restarts. It locks out spyware programs and dominates the start menu. It does everything it can to stop me. But I will win......getting close to paying someone else to do it for me, though which is really just a different way to admit defeat.

    Hiding out in "Safe Mode"......
    Luke

    p.s. - please don't tell me that it wouldn't have happened if I were using a Mac.
     
    • Like Like x 1
  2. Alf

    Alf Mu-43 Top Veteran

    846
    Mar 23, 2010
    Northeastern Tuscany
    That's nasty.
    Do you have a recent backup? You can wipe your disk and restore from the backup as if it never happened, if you do.

    Else, save your files somewhere and freshly install. Finding all the instances of those things is so time consuming that it's safer and faster working this way.

    Chrome warned me just in time, I suggest to use it.
     
  3. hanzo

    hanzo Mu-43 Veteran

    341
    Jan 22, 2010
    Chan
    I was about to..... :biggrin:
    do you use desktop or laptop ? If you use desktop you can remove the hard drive and scan it from other desktop. The reason it is still infected is that the virus is already in your computer memory.
     
  4. Luke

    Luke Mu-43 Hall of Famer

    Jul 30, 2010
    Milwaukee, WI
    Luke
    It's on my laptop. Well, my last 2 scans have come up with nothing. It's now consumed around 4 hours of my time. I can't that it's gone for certain, but things are looking up.
     
  5. Xuereb

    Xuereb Mu-43 Rookie

    12
    Apr 20, 2011
    Perth, Australia
    I use Google Chrome and the browser came up with a warning of a virus infestation on that site a couple of hours ago. It was fine earlier in the day. Please be careful.
     
  6. WT21

    WT21 Mu-43 Hall of Famer

    Feb 19, 2010
    Boston
    Doesn't seem to have impacted my iPad or Macbook.




    (oops -- just read I wasn't supposed to say that. Sorry)
     
  7. drd1135

    drd1135 Zen Snapshooter

    Mar 17, 2011
    Southwest Virginia
    Steve
    Same here. Running a scan just to be sure.
     
  8. dagaleaa

    dagaleaa Mu-43 Veteran

    252
    Jun 4, 2011
    Naples, Fl
    Dawn
    I had the same thing happen to me last week. I had a Trojan Virus called FakeAlert! grb on my computer. McAfee caught it right away, but it had already done its thing to my computer. It took over, and it took all my files ( photos, videos, music, documents, etc.) and hid them. It hid my desktop icons and programs too. It did everything it could to make it look like my hard-drive had crashed and I lost everything. I kept my cool, and contacted a photography group that I have been an active member of for over 8 years-------DP Challenge---and, many of the members helped me with the process of getting my computer back to normal. I used Malwarebytes and Spybot at their suggestion. Then I used a download that found all my hidden files and restored them to their proper places.
     
  9. DekHog

    DekHog Mu-43 Top Veteran

    579
    May 3, 2011
    Scotland
    Some of these new ones kicking around can be quite nasty, and are smart enough to run in safe mode and stop Malwarebytes running. You need to....

    Download rkill

    Download Malwarebytes

    Start in Safe Mode with Networking Support

    Run rkill (may take up to a minute to show) to stop the malware process

    Install/update Malwarebytes and run a quick scan

    I've never failed to rid any system of any malware using the above method
     
  10. Alanroseman

    Alanroseman Super Moderator Emeritus

    Dec 21, 2010
    New England

    Okay.
     
    • Like Like x 2
  11. Johnny1.33

    Johnny1.33 Mu-43 Regular

    113
    Jun 4, 2011
    Is it this one?

    Remove MS Removal Tool (Uninstall Guide)
     
  12. Luke

    Luke Mu-43 Hall of Famer

    Jul 30, 2010
    Milwaukee, WI
    Luke
    Yup.......that's the one. I think I finally got it after running the Malwarebytes anti-Malware scan around 10 times and tweaking some changes to my browsers connections (that the malware re-configured).

    I've also restored the system back to a previous date before the infestation (in case that helps in any way).

    It seems like it's gone now, but it pretty well robbed me of a whole day of productivity. I wish I could get a physical address for someone who was responsible for this. I just cleaned up all the doggie piles from the backyard in preparation for cutting the grass and would love to share my "bounty" with the perpetrator.
     
  13. JohnMetsn

    JohnMetsn Mu-43 Veteran

    Quote from 43 Rumors

     
    • Like Like x 1
  14. Promit

    Promit Mu-43 All-Pro

    Jun 6, 2011
    Baltimore, MD
    Promit Roy
    If you're browsing the web, use the absolute latest of your browser (Firefox, Chrome, or if you have to IE9). Also use Adblock + Flashblock. That will greatly diminish the potential for damage from these types of attacks. I'm running Chrome + Adblock, was visiting 43rumors yesterday, and got absolutely nothing dangerous.
     
    • Like Like x 1
  15. Amin Sabet

    Amin Sabet Administrator

    Apr 10, 2009
    Boston, MA (USA)
    From listening to experts on podcasts (a good one is "Security Now" on the TWiT network), my impression is that once your PC has been compromised, the only way to be certain that you're clean is to format and reinstall Windows. I've had to do that a couple times as a result of my 6 yo son scourging the web for old Pokemon movies.

    The nice thing about a format and reinstall is that there is usually a nice performance bump. I've noticed this with both my Macs and PCs.
     
    • Like Like x 1
  16. Johnny1.33

    Johnny1.33 Mu-43 Regular

    113
    Jun 4, 2011
    No offense but I would not reinstall for this.
     
  17. Amin Sabet

    Amin Sabet Administrator

    Apr 10, 2009
    Boston, MA (USA)
    Certainly no offense taken. I'm just conservative about this sort of thing.
     
  18. Johnny1.33

    Johnny1.33 Mu-43 Regular

    113
    Jun 4, 2011
    Only thing is that there would be a lot and lot of folks doing this every time. Viruses and spyware can be cleaned off with no ill effects. There is no need to reinstall if you are sure it has been cleaned. Reinstalling is no way to insure it won't happen again the very next day. That would be truly bad. Reinstalling every day or so until you found the offensive site, flash drive, file, etc.
     
  19. JohnMetsn

    JohnMetsn Mu-43 Veteran

    Hmmm...classic combo - good browser + firewall + AV never failed at me. Plus doing whole system backups every two months (not because of fear from viruses, but because my main computer is notebook which already died on me once). Anyway, happy you were able to recover, Luke :smile:
     
  20. sprinke

    sprinke Mu-43 All-Pro

    Apr 5, 2011
    Pasadena, CA
    Debi
    This is another reason why my 4-year old has his own computer! :biggrin: We don't let him play on ours.