Ask MetaFilter posts tagged with malware

Webmail can get hosed too?

Iosephus — Mon, 18 Aug 2008 15:35:29 -0800

Is there a nastyware lurking in this computer? Strange Yahoo! Mail contact list kidnapping observed... A friend of mine suffered an odd incident on their Yahoo! Mail account, which they only use through their browser: a spam message from some consumer electronics company (that some googling reveals is a probable fraudster) was sent to all their contacts, and the contacts seem to have been deleted after that. They have changed the password and recovered the contact list, but since they are not really computer knowledgeable and I have no access to their machine (a typical Win XP system), not much else to be done there. Some more googling shows up another cases like theirs, but no identification of the nasty. Besides my willingness to help save their bacon, I'm curious about what kind of thing would this be and how it did its trick, able to sneak into a webmail access and spam around the contact list. I'm not linking to the fraudster so as not to give them traffic, but their site as mentioned also in the spam starts with an e, then a dash, then saloon dot com.

I hate you computer. No. Really.

santojulieta — Sat, 16 Aug 2008 12:56:15 -0800

Now I'm just mad. Before I drag my stupid, crap laptop over to the Geek Squad, help me figure out some solutions for what's like a malware/adware problem. Alright. Apparently, in the last two days, I've managed to contract some malware/adware baloney. (Five years with no viruses or adwares.... sigh...)

When I run internet explorer, my system resources are 100% used and the whole thing gets bogged down. Task Manager says there's a second instance of explorer running in the background. If I end the second instance, it just pops back up.

I've run Spybot S&D & Avast with no fix.

What else can I run to figure out what the hell is running on my computer. I'm hoping for free resources.

How do I work out if a website has given my computer a virus?

Jack Alucard — Mon, 04 Aug 2008 11:44:11 -0800

Has the Galbaldia Hotel infected my computer with malware? Hi,

I downloaded some music from a videogames music website called the Galbaldia Hotel. I lost the URL for the website so I just googled the website.

According to Google the website has a tendency to infect computers with malware. I was just wondering if there's a way to work out if the parts I visited have malware (all the pages for MP3s from the House of the Dead series)?

Warning from Google:
http://www.google.co.uk/interstitial?url=http://gh.ffshrine.org

XP Filter: I set up a non admin account for safer computing -- Am I safe enough now?

dancestoblue — Mon, 21 Jul 2008 09:06:12 -0800

I've read so much here lately 1 2 3 about not browsing as an admin, decided to check it out and yepper, I surely was using an admin account. I've set up a non admin account, made a few other changes (described inside), hoping to find out from The Hive Mind if I am now safe enough to breathe easy(er). Ya'll put the fear of computer death into me, I finally decided to check and yeah, I was doing it wrong wrong wrong. So I set about trying to get my mind (and puter) right in the eyes of The Hive Mind.

I set up an account without Admin rights, and will use this for most everything from now on.

I left both accounts without passwords because of reading this post -- is this a good plan, or is this guy off the wall?

I am using a fairly fresh XP install (maybe two months) and I'm pretty sure I'm still clean -- I've run Spybot and AdAware, updated as needed, maybe every couple weeks.

I'm using AVG Anti-Virus Free and update it as it says it's needed.

I'm using the ZoneAlarm free firewall -- I LOVE that it allows me to determine when software decides to 'call home' and I get to decide -- Apple is pretty determined with this, I've found, and so is Open Office, a few others.

I've got Windows Auto Update turned on but not to auto download and install -- I want it to prompt me and let me decide if and when.

I'm using MS Windows Defender and upgrading as it suggests.

I'm using Firefox 3 upgraded automatically any time they suggest, and running AdBlock Plus and NoScript, updated when suggested.

If any site gives me problems in Firefox, I first try Opera (updated as needed) and then IE7, last resort. I run IE Tab through Firefox rather than firing up IE7, and I only use it on sites that demand IE7 (NetFlix, Sprint, a couple of others) -- I'm hoping this helps me but I don't actually know if it adds safety or not. I update IE7 as Windows Update suggests, pretty sure I'm always current.

I'm using Foxit PDF rather than Adope bloatware.

"Aye" suggested Disabliing all AutoRun and AutoPlay options with TweakUI (a Microsoft PowerToy) is this needed/wanted?

What have I missed? Where have I gone overboard? I want safety but don't want to live locked down so hard I cannot move.

Thanx in advance.

Peace.

dancestoblue

Badware (or why I can't get to Gmail.)

Arquimedez Pozo — Sun, 20 Jul 2008 09:33:41 -0800

I have some sort of malware on my Dell that constantly redirects me away from where I desire to go. Specifically, it seems to prevent Gmail from working. Also prevents any major search site from loading. Always redirects to some idiotic ad site. Which means I can't even search Metafilter to find out if this has been asked before. Life without Google is hard!
I'm running an updated Firefox with windows XP. I have used: Hijackthis, Adaware, McAfee (worse than useless), Spyware Doctor, Ewido, Everything in the Best Buy toolkit
(kind of like hitman pro), and Sophos. I can detect and delete a gobbledigook DLL running as an .exe when I use Hijackthis, but it respawns when Firefox restarts. I'm not an idiot, but have only enough knowledge of the processes involved to be dangerous. It also seems to disable Windows Automatic Update service. I've done an end run around my inability to use Gmail by using thunderbird.

Any suggestions? If the only answers left are reformat, reformat and buy a new machine I can accept that.

FYI: I was running as an admin, a mistake not to be repeated, but something has disabled those privileges, and that something wasn't me.

And yes, my next computer will be a Mac.

Best free Windows malware removers?

i_am_joe's_spleen — Wed, 09 Jul 2008 15:15:22 -0800

What free Windows malware detectors/removers should I put on a CD or USB stick? I will shortly be visiting a relative with an XP machine which I have reason to believe may be less than sanitary. I have not been maintaining Windows boxes regularly for a couple of years, so I am not up with the play, but I have a modest level of cluefulness as a hardcore Unix person and ex-XP user.

If I were to offer to clean this machine up, what I should I use to do so? I was thinking of creating a disk of utilities for the purpose before I leave.

Thin Defence

Kronos_to_Earth — Fri, 04 Jul 2008 20:05:21 -0800

Is 'Trend Micro Antivirus plus AntiSpyware' and Spysweeper (along with the firewall) enough to keep a PC clean? I recently switched to Trend Micro; during the installation the program warned that I would have to uninstall Spybot and AdAware 2007 (free version). This leaves me with Spysweeper and whatever capability TM has in this respect. I'd like to have at least two antispyware utilities; is Trend Micro's antispyware facility as effective as either of the two that had to be removed? (The operating system is Windows XP, SP3)

Something is killing my FTP!

Guy_Inamonkeysuit — Tue, 20 May 2008 04:21:04 -0800

I have some malware on my machine -- yes, I know, stupid. Prolly got it from pr0n. I'm running Windows XP Home Edition Version 2002 on a Gateway laptop with a Pentium 4, 3.06GHz and 480 MB of RAM. I can connect to the nets, but I can't FTP into sites (I'm a freelance web designer) with either Dreamweaver or WS-FTP, my weapons of choice. I am having a hard time getting rid of the damn malware, because when I scan my system with Spybot Search and Destroy or Bit Defender my machine shuts itself off! This seems to happen when (I think) the scanning process hits one or another of the nasties. The nasties are:
Trojan.DNSChanger.RU
Trojan.Downloader.Zlob.ABLE
Trojan.Downloader.Zlob.ABLF
Exploit.Java.Gimsh.B
Java.Trojan.Exploit.Bytverify.I
Trojan.Java.ClassLoader.D
Trojan.Java.Binny.A
Trojan.Classloader.G

Can these things futz my ability to FTP? What's my best course of action to get it back? I have work waiting to be done. I'm kicking myself in the ass, so you needn't waste time on that.

Buggy USB Drive?

Kronos_to_Earth — Thu, 01 May 2008 23:26:09 -0800

Can simply connecting an infected jump drive release bugs onto a computer? I had to connect a thumb drive (I needed to use a password manager on it: PC-Mac Password Vault2go. It runs completely off the jump drive; it doesn't need the Windows registry.) to a computer (Windows) not my own. From a security standpoint, I now have to assume the drive is unsafe. Is it OK to connect it to my own computer to scan it? I don't think it's likely I'd have to bring it to a shop or something, but I've had to re-install Windows before, and it's not fun. (P.S. This was at work, not some keylogger-infested cafe.)

Seeking advice on anti-virus and other security software

danwalker — Wed, 12 Mar 2008 13:20:10 -0800

What software (or combination of software) are you using to keep your computer internet-secure these days? I work for a not-for-profit org and am finding myself increasingly responsible for its IT needs. We're about twenty people in an office, with another six or seven halfway across the country, and perhaps another half-dozen roaming the landscape as remote employees. A mix of fairly barebones Dell laptops and desktops, all running some flavour of Windows XP. Most users use 'limited' accounts, but some are admin where necessary. Everyone has MS Office and Outlook for everyday tasks, there's a lot of browsing with IE or Firefox, and not much else goes on.

Our IT intelligence isn't that hot, so we have a mishmash of various anti-virus scanners and other such software on the machines. It's mostly Avast, which scares our less-savvy users with its sirens and voices shouting out when it's done something. (I can give these users a hug and discreetly change their notification settings while they get over it, but the exercise is getting kind of annoying.)

Anyway, being a fan of Spybot S&D myself, but with very little specific anti-virus software knowledge, I'm looking for some feedback on options available out there today. What would you recommend? Is S&D ok to run alongside other AV software, or do the two clash?

(Free is better for a not-for-profit, of course, though commercial software will be considered. And the main goal here is to keep each individual machine secure - outfitting our overall network with more security and assessing the ways we communicate with remote users will be the subject of a future AskMeFi post, I'm sure.)

What are appropriate rates for computer surveillance work?

Jack Feschuk — Mon, 10 Mar 2008 16:37:08 -0800

I'm currently running a business where I monitor computers for people. I use custom made software that gets by all the anti-malware scanners and through the firewalls. I have been charging $40/hr for the first hour, and $45 for each hour after that. Since most of work may only take 1-4 hours per client I've been told that I'm charging too little. Figures have been thrown at me by friends, family and even clients that I should charge $60, $75 or even $100. What is a fair amount in this business. Yes this involves spying on people at the workplace, churches and spouses. My first question. I've searched mefi for similar stuff and came up empty.

Mysteryware

Kronos_to_Earth — Sun, 17 Feb 2008 18:55:03 -0800

I have a mysterious service listed.... It has the name ZPIXLKJXJ; the path to the executable is C:\DOCUME~1\User\LOCALS~1\Temp\ZPIXLKJXJ.exe . The description in the column in the Services window is blank, the status is stopped, it's manual, and "log on as" is local system. A Google search turns up "no matching documents"; Norton AV says it doesn't find anything untoward, as does Spysweeper, Ad-Aware, and Spybot. What in the world?

Why does my desktop keep crashing?

ZaneJ. — Thu, 17 Jan 2008 21:48:37 -0800

Why (and how do I fix it) does my Windows desktop keep crashing? I recently had an issue with some adware, Vundo, and other nefarious computer programs. After resolving that issue, my computer's desktop keeps disappearing. All the icons disappear, the taskbar becomes unusable; the clock even stops updating. When I drag my mouse across the taskbar it gives me the little 'working' icon, for me the hourglass. Windows Task Manager still works fine, and gives me some control. I'm leery about using the System Restore option, in fear of re-introducing the malicious programs I've removed back onto my machine. I'm also cheap, and don't want to take my comp into the repair shop if it's something I can easily do myself.

Could we have malware on our Mac??

Mamapotomus — Sun, 21 Oct 2007 18:30:20 -0800

Browser hijack- on a MAC?! Both Firefox & Safari on our iBook will only access a page that says, "Welcome to Comcast" and wants us to "Click here to install". We have internet service with AT&T and my PC on the same network is working fine. You can type any URL in the address bar and it's not redirecting (it'll show www.metafilter.com for example) but the page only displays the welcome to Comcast message. I've found two other reports of this happening on a Mac via Googling, but no answers are found in either thread. (There is a lot of "no, you can't have malware, dood!" however.)

We restarted the machine and it still happened, but the Finder buttons quit working as well. After force restarting it I'm only getting the gray screen & spinny thing.

Does anyone know what this could be? None of our usual Mac gurus have ever heard of anything like this and it seems pretty obvious that it has messed up the machine.

Macbook keyboard functionality problems

birdlady — Wed, 03 Oct 2007 15:04:39 -0800

Macbook keyboard issues: I clicked on a google search result and was sneakily redirected to one of those malware scan sites, now macbook keyboard is doing funny things. The arrows do not work and the apostrophe and forward slash keys bring up the "find" window at the bottom of the screen (firefox). How do cancel out whichever setting was changed and get my key functionality back? I love my mac, but I am not so mac savvy so I have no idea what happened. If it helps, it is a macbook running os x 10.4.10.

Help me get rid of a PC intruder....

schoenbc — Sun, 22 Jul 2007 20:36:52 -0800

My desktop is my IE homepage! My son clicked on a popup thinking it would load an ActiveX control when it was a malware program What this program did was resent my destop picture to my IE homepage. I was susccessful in changing the homepage away from that nasty site, but it also changed my web page toolbars, and I can't seem to load Firefox (it seems to be blocked) and Adaware, and haven't come up with anything. I reloaded my old Norton, but the program is outdated and I don't feel like paying to renew.

Any suggestions would be GREATLY appreciated!

A different kind of malware test

tdreyer1 — Wed, 04 Apr 2007 17:34:18 -0800

I need help finding an online security quiz I took a year ago or more... I seem to remember an online security quiz that had pictures of certain websites and had you compare two offering similar services. The thing was one of them would give you spyware while the other was good. My google-fu is failing me and I cant seem to find this anywhere.

Warning, this is a bad site!

Toekneesan — Sun, 25 Feb 2007 11:39:25 -0800

Why is Google warning that Yochai Benkler's site is bad? Here's Google's warning He's the author of a very good book and I've been to this site in the past. His whole book is available through the site. It also has a wiki. Is anyone familiar with malware in wikis?

Adware everywhere

Venadium — Wed, 07 Feb 2007 13:53:51 -0800

Please help me get rid of this spyware infection before I just give up and re-install Windows. My PC is infected with what seems like at least 2 or 3 different varieties of spyware/adware/malware. This started happening a day or two ago after someone else in the house fell for a MySpace bulletin posted under someone else's phished/hacked account. I hardly ever actually use my PC so I didn't notice until this morning.

I've got a small blinking icon in my taskbar that alternates between an X in a circle and then a question mark. It pops up little messages about "Critical System Errors!". From what I understand, this is a malware program named VirusBurst.

The most noticeable problem though is whatever that's installed on here and is opening Firefox windows to various ads and webpages. It happens in bursts, up to 4 or 5 popups at a time, and seems to happen randomly. While typing this, it's only happened once, but in the time it took to get over to AskMefi it happened 2 or 3 times.

The worst part of all of this is that there seems to be yet another malware program that closes Lavasofts Ad-Aware or SpyBoy S&D before they even start. It will also close any browser window that I use to try to search for Ad-Aware or any other spyware removal tools. This is supposed to be something called CoolWebSearch, but every tool I try which is supposed to remove CoolWebSearch claims that it can't find it on my system.

So what can I do, other than giving up and reinstalling Windows (along with all the software and games that are currently installed)? I can post a HijackThis log if anyone asks for it.

Charming road warrior seeks smart and sassy net protection software for fulfilling relationship.

chrominance — Fri, 27 Oct 2006 23:22:17 -0800

Help this desktop power user protect his new laptop from evil internet demons while using public Wifi hotspots. I am utterly thrilled at the prospect of being able to surf the internet in locations other than my home, but there's one glaring problem to which I don't have a comprehensive solution. You see, my desktop Windows system has been fairly well taken of. Up-to-date antivirus and anti-malware packages and the presence of a hardware firewall have kept my system free of viruses, worms and spyware (yes, it is indeed possible!). I'd like to keep my laptop similarly free of such ailments.

Unfortunately, I can't rely on a hardware firewall when I use public hotspots. I may not know or trust the owners of the open hotspots, for one, and even if I do (thank goodness for the volunteer-based Wireless Toronto!) I can't necessarily trust other wireless users on the same hotspot. And I'm not fooling myself; I know a big reason why my desktop continues to have a clean bill of health is because of that hardware firewall, far more so than the antiviral and anti-malware software.

My experience with software firewalls have led me to believe they are clunky and annoying; an earlier AskMe question also indicates they are unreliable at best. So what should I do to protect my vulnerable laptop from the dangers that await it in the outside world? Are there any firewalls that are at least somewhat effective, and what can I do to patch the holes that remain in my security regimen?

(Please, no "get a Mac" snarks, I already weighed the pros and cons when I bought my laptop and I'm quite happy with my decision despite the superiority of the Mac with regards to internet security.)

Computer Protection Over-Kill

Smarson — Thu, 24 Aug 2006 11:08:37 -0800

What are effective anti-virus and anti-spyware programs that work in harmony? I recently attempted to save a relative's computer from the depths of virus and spyware hell (a foolish attempt, I know) and not only failed, but also managed to turn the laptop into an authoritarian regime of "you sure you wanna execute that program???" x infinity.

Needless to say the computer's hard drive will undergo a reformatting shortly (what I should have done in the first place). However, once that is completed, what melange of anti-virus and anti-spyware programs should I look into that will play nice together?

Here is a list of programs I had running simultaneously which not only bogged down the poor laptop's processor, but also objected to nearly everything you tried to do on the computer except empty the recycle bin.

*ad-aware - Love this program and have used it since college

*Spybot - Search & Destroy - Had heard good thing about this program but never used it until recently

*ewido anti-spyware - This was something I found recommended here on AskMeFi, but it would often go nuts when activated and want to go total war on everything from temp files to cookies.

*smitRem - Was using this to try and get rid of the dreaded SpywareQuake

*ToolBar Cop - Was instructed to use this in combination with smitRem to get rid of SpywareQuake

*Kaspersky Anti-Virus 6.0 - Downloaded this also on suggestions from MeFi users and it too seemed to like to freak out attack anything that moved. It seemed a little trigger happy and actually deleted some executables that disabled explorer (I've since sold said relative on the glories of firefox).

*ClamWin Anti-Virus - I'm a huge fan of opensource stuff and I'd heard raving reviews about this program so I added it to the party. I think it does a great job, but it's scans took for.ev.er. I left it on over-night and still had to wait until noon the next day. Ever more frustrating, once it was finished, it didn't give an option to delete the identified threatening files (at least no option I could find).

Bottom line: With the newly reformatted hard drive, what combination of these (or other programs) could I use to combat spyware/ malware and protect against viruses without sparking a turf war?

Meth Mouth? malware?

bradn — Tue, 25 Jul 2006 08:02:44 -0800

Has anyone heard of a computer virus/worm/trojan that causes a photo of someone's rotten teeth (meth mouth) to pop up at startup and occasionally? This is on a computer at my Dad's business, used primarily by an employee. I haven't seen it, he just emailed me about it yesterday. Apparently the photo takes up the whole screen, and there is no window or border (it's not visibly in a browser window). He mentioned "It is supposedly called “meth mouth” and it was passed around on the internet" but I'm not sure how he knew that.
Google and Symantec.com searches turned up nothing.

Anyone found my spyware?

Postroad — Fri, 26 May 2006 08:11:49 -0800

Where does my spyware go? I go to many sites on the net, searching for links for my daily blog. At the end of the day, and because I am using my son'slaptop now--he wants to keep IE Explorer as browser--I run a scan and delete some 20 or so pieces of spyware. Si.nce I post throughout the day before scanning, does this spyware get past on to viewers opening links at my site? Or are they kept at my site till removed.

How to avoid getting hosed by Starforce copy protection?

arto — Thu, 06 Apr 2006 12:40:50 -0800

Starforce copy protection: Threat or menace? I recently purchased, but have not yet installed, a game (GT Legends) using Starforce copy protection. Due to all the recent negative publicity surrounding Starforce, I'm a little hesitant to install it. What ways are there to minimize the potential damage to my system?

dialer.gbdial won't die!

terpsichoria — Thu, 16 Mar 2006 06:49:13 -0800

Particularly stubborn infestation of dialer.gbdial (or something very similar) on a Windows XP machine - any suggestions, either of solutions or reliable anti-malware forums where I can post logs? I've had this dialer lurking for a few days now - there's no risk of it actually dialing anything, since this PC is plugged into a router and doesn't have a modem, but the constant reappearance of an 'Access Members Area.exe' icon on the desktop is annoying me. I've run a variety of virus/spyware scanners (many of which have found affected files and deleted/cleaned them) and have run HijackThis logs through the analyser at hijackthis.de, and cleaned up anything untoward, but the bloody thing keeps reappearing from somewhere. I get a program called 'winxx.tmp.exe' running, where xx is replaced with, say, 5A or 2B, which seems to recreate the dialer icon on the desktop, and which turns up with a new permutation of letter and number if I delete it.

Obviously, I'd really appreciate a relatively idiot-friendly guide to getting rid of this thing if anyone's had any experience with it. Failing that, I'm perfectly happy to post HijackThis (or something else) logs to one of the expert-frequented forums around the 'net if anyone can direct me to a trustworthy one. Thanks!