• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Warning: SOB on the loose!

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
Adak

Adak

Senior Member
Joined
Jan 9, 2006
I just received the warning on my WindowsXP box, about the need to upgrade the Windows Media Player, because of a security threat.

Fine, fine, clicked OK on that.

About 20 minutes later, I received a warning about the need to upgrade my anti-viral software to "WindowsXP 2008".

Fine, fine, clicked OK on that.

Oh *uck me!

It is a malware program, masquerading as an anti-virus update or program, for WindowsXP. So now I've got a backdoor trojan, and it's busy working away at d/l'ing other backdoor trojans!

Before I saw what was happening and unplugged the internet cable, I already had 7 of these witches. :(

It's constantly showing me a bright red and white picture on the desktop, so I can barely see my icons (and it shuffled the icons around). It also changed the color of my background to stark white, and shifted my display upward about 10 rows. Constantly showing prompts to buy their "program".

I went into Task Manager and killed the offending exe processes, but they immediately returned, sometimes with a different name. Found the offending files, but couldn't delete them because they were "in use". :(

Through 3 hours of constant file re-naming, deleting, using the Task Manager to see what was going on, using my anti-viral program to scan everything, (which did find most of the virus programs, but not all of them), editing the registry, rebooting, etc., I finally got rid of them. :clap:

Not before it had damaged some of my Window files, or settings, however. Not sure how badly, but I still get occasional weird system errors that I never got before.

No, that's not right! The "system errors", show up like system errors, but THEY ARE NOT! They even make your system look JUST LIKE, it's re-booting (windows start up screen and everything), but IT"S NOT Rebooting. It's a STUPID Screensaver one of the virus programs installed! :D

<< Very funny, and clever, I have to say >>

Be warned, don't accept any "update" or anti-virus program, that you haven't requested!! The "screensaver reboot" thing is funny and clever, (and maybe harmless, it appears), but the rest of the trojans were a real pain.
 
I've removed this nasty crap from about 20 PC's over the last couple weeks. I've even seen it on FaceBook as a link
 
malware bytes antimalware in safe mode with networking works wonders. The run spybot 1.6 to get the leftovers. I'd scan your drive from another machine first though
 
Thank God I have a Mac. I've not seen this in OSX since I switched. With Apple's market share gaining so much though, I fear it is only a matter of time. However, the perception that Apple is an "Evil Empire" with the likes of Microsoft and Sony has not really began to propegate yet so we still may be somewhat safe in that aspect. Linux users may not even be untouchable after a bit because from all accounts of what I have heard, those mini/EEE laptops are selling like the proverbial hotcakes. I'm not certain as to how many are sticking with the Linux OS or are opting to have the stores or themselves install XP.
 
FudgeNuggets said:
Thank God I have a Mac. I've not seen this in OSX since I switched. With Apple's market share gaining so much though, I fear it is only a matter of time. However, the perception that Apple is an "Evil Empire" with the likes of Microsoft and Sony has not really began to propegate yet so we still may be somewhat safe in that aspect. Linux users may not even be untouchable after a bit because from all accounts of what I have heard, those mini/EEE laptops are selling like the proverbial hotcakes. I'm not certain as to how many are sticking with the Linux OS or are opting to have the stores or themselves install XP.
Click to expand...

Oh, but we ARE untouchable :p Obviously not really true, but unless you're running as root all the time, Linux is by nature more secure. It's a simple fact of life that running as an administrator/root user all the time (like XP defaults to) is asking for trouble if anything malicious gains access to the system. The market share argument really doesn't apply nearly as much as many people (especially Microsoft themselves) would like you to think it does.
 
When did the initial attack occur, like, what were you doing when it said it needed to update media player, and where/what did the message look like?
 
@Trap, this is a stand alone system. No networking is set up, or will be. The idea of running down a virus in a standalone system is bad enough. I would play hell doing it throughout a network.

I was trying to use Windows Media Player when I received the message about updating that.

Apparently the Windows Media Player message was legit, because I've since d/l'ed the security update just for that threat, right from Microsoft.

The real problem was when I clicked on OK to let Antivirus WindowsXP 2008, install. It *was* the attack. I was just surfing the net. My regular anti-virus software has just about expired, so I'm looking for a new one. This one looked interesting - very slick. Big dummy, me!

I'm back to being functional, but not quite 100%, yet. (crashes every now and then, which I *never* had before).

I see that three minor WindowsXP files are now missing, so I'll have to get them back where they belong.
 
Last edited:
For your new Antivirus, Antivir seems good. I've only been using it for a few weeks, but there's a long thread about it. You have to add a security policy to disable the nag screen (prevent one exe file from running), but it currently (as of a few weeks ago) has the fastest engine and best virus database, and doesn't get many (if any) false positives.
 
petteyg359 said:
For your new Antivirus, Antivir seems good. I've only been using it for a few weeks, but there's a long thread about it. You have to add a security policy to disable the nag screen (prevent one exe file from running), but it currently (as of a few weeks ago) has the fastest engine and best virus database, and doesn't get many (if any) false positives.
Click to expand...

The nag screen is there for a reason. If you like it that much, why not consider purchasing a full version?
 
I've been quite happy with Free AVG, but this old virus just walked right in, (OK, my fault there), and by-passed AVG, shut off the Windows Firewall completely, and went to town!

One problem with Free AVG is that it doesn't do a complete scan on it's daily scan - it does the most likely files (and plenty of those), but an infected file can be missed, even if the file has a virus that AVG *will* catch, normally. In my case, I had to highlight the file in Windows explorer, and right click it, then select "scan with AVG" from the menu that pops up.

I used "Stop Sign" to do a full scan and catch 5 other trojans, due to AVG's lack of scanning all files, so that helped a lot. Then I used another anti-virus scan, and it said that "Stop Sign" itself, had two worms and a key logger. :(

I "compromised" and got rid of all of them except AVG (which I know doesn't have a virus, at least). I'm not too fond of the idea of buying/getting a virus program, from a company that I've never heard of before. I didn't like the last version of Symantec's AV program, however. WAY poor.

You're really putting a lot of trust into these AV programs, when you install them. Hard for me to put that kind of trust into a company/program, I've not heard of, before.
 
Last edited:
Avast ain't the bomb-yo! Really, I just switched from Avast to Avira AntiVir, and it picked up three things that I was not aware were on my system (one spyware lodged in IE temp folder that was also missed by Spybot), and two trojans from a recent FlashGet install. Avast popped up a warning after I installed FlashGet, and removed one trojan, but missed the other two. On that point, anybody using FlashGet, stop using it ASAP. Their update server has been hijacked, and every time you start up FlashGet, it is loading a trojan for you.
 
petteyg359 said:
Avast ain't the bomb-yo! Really, I just switched from Avast to Avira AntiVir, and it picked up three things that I was not aware were on my system (one spyware lodged in IE temp folder that was also missed by Spybot), and two trojans from a recent FlashGet install. Avast popped up a warning after I installed FlashGet, and removed one trojan, but missed the other two. On that point, anybody using FlashGet, stop using it ASAP. Their update server has been hijacked, and every time you start up FlashGet, it is loading a trojan for you.
Click to expand...

It's been doing that since (at least) March :)
 
I know, and it still is, yet I've seen people on other forums still using it, so either there are a ton of sorely lacking virus scanners, a ton of people without virus scanners, or not nearly enough awareness that FlashGet has been compromised for months with no fix and no communication from the developer.
 
You must log in or register to reply here.

Similar threads

Voodoo Rufus
Help troubleshooting 3D operation on my main rig
Replies
2
Views
161
Voodoo Rufus
Voodoo Rufus
mackerel
Are modern IMCs better than in the past?
Replies
8
Views
300
Woomack
W
K
Overclocking RAM to 6000mhz on 7800x3d instable
2
Replies
27
Views
4K
Woomack
W
N
Poor memory clocks caused by TG contact frame?
Replies
9
Views
770
nstgc
N
mackerel
Like a Dragon: Infinite Wealth - DLSS3 vs FSR3 vs XeSS
Replies
1
Views
489
mackerel
mackerel
Back