Virus (link to photobucket)

 

Just as a bit of information for all of you folks. Last Wednesday, I was perusing the site and I ran across a segment on screen shots. (I have tried to locate the particular posting but have been unable to do so at this point.) However, upon clicking on the link to get a glimpse of the screen shot, a virus was downloaded to my computer. It took seven hours to get rid of this thing. So, just a word of caution. If you are scanning the screen shots forum, be very cautious about clicking on any links that are posted. (I believe the virus was attached to the web page that you are sent to. I don't believe the person who posted on the forum has any knowledge that the file has been infected.)

UPDATE BY MODERATOR:
maddog67 believes the problem came after following a link to photobucket. As a precatuion, POI Factory has removed the link he followed to the photobucket web site.

--
"Everything I need can be found in the presence of God. Every. Single. Thing." Charley Hartmann 2/11/1956-6/11/2022

What virus checker are you using?

Why didn't your virus checker catch this? What product do you use for virus checking and what was the name of the virus?

Specifically what was the URL that sent you to the website that infected your PC?

--
Zumo 550 & Zumo 665 My alarm clock is sunshine on chrome.

Rule #1. Do not download

Rule #1.

Do not download anything unless you trust the source.

Do not install anything such as Codecs or Strange Programs.

Sometimes, your screen shows like you are infected by Virus, actually it's not. It's just a way for them to scare you to buy their crappy software. e.g. MS Antivirus . http://en.wikipedia.org/wiki/MS_Antivirus

Use a reputable Anti virus program like ESET NOD32 (Paid), or AVG (Free), Security Essentials from Microsoft (Free), etc...

--
Garmin Nuvi 2555 LMT, Street Pilot C340, nuvi 265WT, Mio Moov 300, nuvi 255W, Navigon 2100 (Retired)

screen shots? Virus's Hiding in Plain View?

Screen Shots? Sounds like you might be spending time in torrent sites or Ebay, yes I said ebay!(easy I said might be). Beware of steganography,the most common misuse of steganography is the hiding of malware into seemingly safe files such as pictures, audio and email attachments. This method is used to hide any type of malware ranging from viruses to worms from spyware to Trojans. Companies are still not scanning for these and not sure if the CIA even has a complete handle on them yet.

The word steganography is derived from the Greek words steganos which means covered and graphie which means writing. Thus, steganography literally means covered writing.
Criminals have always sought ways to conceal their activity in real, or physical space. The same is true in virtual, or cyber space. Digital steganography represents a particularly significant threat today because of the large number of digital steganography applications freely available on the Internet that can be used to hide any digital file inside of another digital file. Use of these applications, which are both easy to obtain and simple to use, allows criminals to conceal their activities in cyber space.

This may help clue those in that are interested.
http://www.gfi.com/blog/threats-steganography/

--
Using Android Based GPS.The above post and my sig reflects my own opinions, expressed for the purpose of informing or inspiring, not commanding. Naturally, you are free to reject or embrace whatever you read.

thanks for the info

thanks for the info

Virus

It was a trojan and I am using (or, I should say my company is using,) McAfee. It didn't catch anything at all. According to my IT people, even the Director of IT caught the same virus the same morning that I did. And, it did want you to buy their software to eliminate the so-called bug. I didn't get an IP address since the IT guys took care of this. But, he said that this is a very prevalent virus at this time. First time since 1996 that I've gotten infected. Hopefully, it will be another 14 years before I get another one. Thanks to Jon I found the problem post. Node 19447 was the problem. It happened when I clicked on the Photobucket link.

--
"Everything I need can be found in the presence of God. Every. Single. Thing." Charley Hartmann 2/11/1956-6/11/2022

MaryAnn

Did you let Miss Poi know? She may be able to look at your page history and find the link to remove it.

She is very pro-active on this matter...

Daniel

--
Garmin StreetPilot c580 & Nuvi 760 - Member 32160 - Traveling in Kansas

Same here

dkeane wrote:

Did you let Miss Poi know? She may be able to look at your page history and find the link to remove it.

She is very pro-active on this matter...

Daniel

Please post the link and let MaryAnn know about it.

Jeff

We are working on it;) There

We are working on it;) There was a spam post that went up that morning before I logged in and I removed the post right away.

Miss POI

...cleaner

try

malwarebytes.org

for a really good malware cleaner for windows.

Thanks. These viruses are

Thanks. These viruses are such a pain to clean.

Photobucket

maddog67 wrote:

... Node 19447 was the problem. It happened when I clicked on the Photobucket link.

The link that maddog67 followed to photobucket is now removed.

I don't have any firsthand experience with virus issues at Photobucket, but I did find these posts on other web sites that discuss recent problems at Photobucket:

http://www.storm2k.org/phpbb2/viewtopic.php?f=22&t=107320&vi...

http://oneawesomelife.blogspot.com/2010/01/warning-trojan-im...

JM

It's not that simple any longer

kmo wrote:

Rule #1.
Do not download anything unless you trust the source.
Do not install anything such as Codecs or Strange Programs.

I agree with you but sometimes you don't even have to download anything to get infected. Visiting a website that serves malware is enough get you in trouble.

My (Windows specific) rules are:
- Never browse the web with an admin account
- Keep your service pack and patches up to date
- Keep your anti malware/virus/trojan up to date

When you see scareware (a pop up window telling you that you have a ton of viruses), kill it (end task). Clicking any part of that warning window is equal to "install the malware".

Got it now.....

FPichon wrote:

try

malwarebytes.org

for a really good malware cleaner for windows.

and it seems to work great.

--
"Everything I need can be found in the presence of God. Every. Single. Thing." Charley Hartmann 2/11/1956-6/11/2022

What browser were you using?

What browser were you using? Personally I find Firefox, AdBlock Plus and NoScript work pretty well together to avoid things like this happening. Anything that processes ActiveX shouldn't be part of a browser.l

Steganography

BobDee, you imply that steganography can be used to infect your computer directly. Just because the virus, Trojan, etc. exists in a carrier file doesn't mean that it is capable of doing it's dastardly deed. It first has to be extracted from the carrier file and reassembled. Just viewing the carrier file won't extract the virus. If the virus is embedded in an audio WAV file and you play the WAV, the virus will manifest itself as an increased noise level.

Fire Fox for the win!

gpsaccount wrote:

What browser were you using? Personally I find Firefox, AdBlock Plus and NoScript work pretty well together to avoid things like this happening. Anything that processes ActiveX shouldn't be part of a browser.l

I am in total agreement here. A lot of malware is served up by the revolving ads on websites. Add to that the javascript injections like the PhotoBucket one, and your machine is owned. NoScript is a very good extension, and one I wouldn't be without!

--
nüvi 3790T | Those who make peaceful revolution impossible, will make violent revolution inevitable ~ JFK

Hosts File

chewbacca wrote:
kmo wrote:

Rule #1.
Do not download anything unless you trust the source.
Do not install anything such as Codecs or Strange Programs.

I agree with you but sometimes you don't even have to download anything to get infected. Visiting a website that serves malware is enough get you in trouble.

My (Windows specific) rules are:
- Never browse the web with an admin account
- Keep your service pack and patches up to date
- Keep your anti malware/virus/trojan up to date

When you see scareware (a pop up window telling you that you have a ton of viruses), kill it (end task). Clicking any part of that warning window is equal to "install the malware".

I agree with your rules, plus one more - a strong HOSTS file.

I run this one in both my PCs:

arrow http://www.mvps.org/winhelp2002/hosts.htm

--
Tampa, FL - Garmin nüvi 660 (Software Ver 4.90), 2021.20 CN NA NT maps | Magellan Meridian Gold

Thanks for adding another

Thanks for adding another good tip, Gary. I also agree with those who commented about Firefox + ads block + no script.

3 computer in two weeks

We had 3 computers in 2 weeks get hit by the same bug. The first one I was on vacation and the boss fell for the buy it to get rid of it scheme. One of our computers, our tech computer, got hit twice in less then a week. The only thing I saw was a tech visiting Friendster I think it was. So with the "host" file I have three of the more common social network sites blocked. It's been two weeks since it has gotten a virus. Not saying that is where it came from though. On this particular computer I did a destructive restore to fix it both times. It is a common multi user PC so if they had personal stuff on it, too bad.

firefox

I also agree with using Firefox and the adblock and noscript addon's. If you want to take it a step further, you can even run Firefox in a separate space from the operating system using Sandboxie http://www.sandboxie.com/ (Google Chrome already does this on its own.) If you've been infected with a rootkit or other hard to remove virus, then you can use Combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix

.

jfulton wrote:

If you've been infected with a rootkit or other hard to remove virus, then you can use Combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I don't trust any malware/trojan/rootkit removal tools. Flatten and rebuild (format/reinstall) is always my preferred choice. I'd rather lose all my personal documents, photos etc than my money or worse, lose my ID, if it turns out there's a keylogger or anything that steals my passwords.

I use malwarebytes just for the heck of it to see how good/bad it is. It's a great tool but in the end I'll format my system and reinstall the OS even when there's no more infections found. Maybe too extreme for some of you.

Thanks

Thanks for the warning.

--
Nuvi 660. Nuvi 40 Check out. www.houserentalsorlando.com Irish Saying. A man loves his sweetheart the most, his wife the best, but his mother the longest.

AVG Safe Search

I use AVG free and it comes with a "Safe Search" link checker that lets you know, before you click, if a link is safe or not. Just mouse-over a link and it will display a pop-up window with information about it's safety.

I highly recommend it for people who are worried about getting infected. It makes the internet a much safer place to be.

http://free.avg.com/ww-en/homepage

DM

--
One Planet, One People.