Virus (link to photobucket)

Why didn't your virus checker catch this? What product do you use for virus checking and what was the name of the virus?

Specifically what was the URL that sent you to the website that infected your PC?

Rule #1.

Do not download anything unless you trust the source.

Do not install anything such as Codecs or Strange Programs.

Sometimes, your screen shows like you are infected by Virus, actually it's not. It's just a way for them to scare you to buy their crappy software. e.g. MS Antivirus . http://en.wikipedia.org/wiki/MS_Antivirus

Use a reputable Anti virus program like ESET NOD32 (Paid), or AVG (Free), Security Essentials from Microsoft (Free), etc...

Screen Shots? Sounds like you might be spending time in torrent sites or Ebay, yes I said ebay!(easy I said might be). Beware of steganography,the most common misuse of steganography is the hiding of malware into seemingly safe files such as pictures, audio and email attachments. This method is used to hide any type of malware ranging from viruses to worms from spyware to Trojans. Companies are still not scanning for these and not sure if the CIA even has a complete handle on them yet.

The word steganography is derived from the Greek words steganos which means covered and graphie which means writing. Thus, steganography literally means covered writing.
Criminals have always sought ways to conceal their activity in real, or physical space. The same is true in virtual, or cyber space. Digital steganography represents a particularly significant threat today because of the large number of digital steganography applications freely available on the Internet that can be used to hide any digital file inside of another digital file. Use of these applications, which are both easy to obtain and simple to use, allows criminals to conceal their activities in cyber space.

This may help clue those in that are interested.
http://www.gfi.com/blog/threats-steganography/

thanks for the info

It was a trojan and I am using (or, I should say my company is using,) McAfee. It didn't catch anything at all. According to my IT people, even the Director of IT caught the same virus the same morning that I did. And, it did want you to buy their software to eliminate the so-called bug. I didn't get an IP address since the IT guys took care of this. But, he said that this is a very prevalent virus at this time. First time since 1996 that I've gotten infected. Hopefully, it will be another 14 years before I get another one. Thanks to Jon I found the problem post. Node 19447 was the problem. It happened when I clicked on the Photobucket link.

Did you let Miss Poi know? She may be able to look at your page history and find the link to remove it.

She is very pro-active on this matter...

Daniel

Please post the link and let MaryAnn know about it.

Jeff

We are working on it;) There was a spam post that went up that morning before I logged in and I removed the post right away.

Miss POI

try

malwarebytes.org

for a really good malware cleaner for windows.

Thanks. These viruses are such a pain to clean.

The link that maddog67 followed to photobucket is now removed.

I don't have any firsthand experience with virus issues at Photobucket, but I did find these posts on other web sites that discuss recent problems at Photobucket:

http://www.storm2k.org/phpbb2/viewtopic.php?f=22&t=107320&vi...

http://oneawesomelife.blogspot.com/2010/01/warning-trojan-im...

JM

I agree with you but sometimes you don't even have to download anything to get infected. Visiting a website that serves malware is enough get you in trouble.

My (Windows specific) rules are:
- Never browse the web with an admin account
- Keep your service pack and patches up to date
- Keep your anti malware/virus/trojan up to date

When you see scareware (a pop up window telling you that you have a ton of viruses), kill it (end task). Clicking any part of that warning window is equal to "install the malware".

and it seems to work great.

What browser were you using? Personally I find Firefox, AdBlock Plus and NoScript work pretty well together to avoid things like this happening. Anything that processes ActiveX shouldn't be part of a browser.l

BobDee, you imply that steganography can be used to infect your computer directly. Just because the virus, Trojan, etc. exists in a carrier file doesn't mean that it is capable of doing it's dastardly deed. It first has to be extracted from the carrier file and reassembled. Just viewing the carrier file won't extract the virus. If the virus is embedded in an audio WAV file and you play the WAV, the virus will manifest itself as an increased noise level.

I am in total agreement here. A lot of malware is served up by the revolving ads on websites. Add to that the javascript injections like the PhotoBucket one, and your machine is owned. NoScript is a very good extension, and one I wouldn't be without!

I agree with your rules, plus one more - a strong HOSTS file.

I run this one in both my PCs:

http://www.mvps.org/winhelp2002/hosts.htm

Thanks for adding another good tip, Gary. I also agree with those who commented about Firefox + ads block + no script.

We had 3 computers in 2 weeks get hit by the same bug. The first one I was on vacation and the boss fell for the buy it to get rid of it scheme. One of our computers, our tech computer, got hit twice in less then a week. The only thing I saw was a tech visiting Friendster I think it was. So with the "host" file I have three of the more common social network sites blocked. It's been two weeks since it has gotten a virus. Not saying that is where it came from though. On this particular computer I did a destructive restore to fix it both times. It is a common multi user PC so if they had personal stuff on it, too bad.

I also agree with using Firefox and the adblock and noscript addon's. If you want to take it a step further, you can even run Firefox in a separate space from the operating system using Sandboxie http://www.sandboxie.com/ (Google Chrome already does this on its own.) If you've been infected with a rootkit or other hard to remove virus, then you can use Combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I don't trust any malware/trojan/rootkit removal tools. Flatten and rebuild (format/reinstall) is always my preferred choice. I'd rather lose all my personal documents, photos etc than my money or worse, lose my ID, if it turns out there's a keylogger or anything that steals my passwords.

I use malwarebytes just for the heck of it to see how good/bad it is. It's a great tool but in the end I'll format my system and reinstall the OS even when there's no more infections found. Maybe too extreme for some of you.

Thanks for the warning.

I use AVG free and it comes with a "Safe Search" link checker that lets you know, before you click, if a link is safe or not. Just mouse-over a link and it will display a pop-up window with information about it's safety.

I highly recommend it for people who are worried about getting infected. It makes the internet a much safer place to be.

http://free.avg.com/ww-en/homepage

DM