Ask MetaFilter questions tagged with malware

Hive knowledge about malware and strategy of redirecting user profiles to other partitions

atm — Tue, 27 Oct 2009 14:22:48 -0800

Hive knowledge about malware and strategy of redirecting user profiles to other partitions For years I've used Ghost as a backup to anti-malware programs and uninstallers. If I suspect anything or if I install a program I don't want, I just reimage the C: drive with a known good Ghost image.

I redirected my My Documents and my FF profile to E:, so when C: was reimaged, my data was untouched. So, unless I download an infected file into My Docs, or somehow put an infected file onto my E: drive, the E: should stay clean. It it's been my understanding (maybe I'm wrong) that if I had (argh) opened an infected file that I had accidentally put onto my E:, all the damage/infection would be done to the system partition, leaving my E: untouched. (Of course I'd need to delete the malware installer file from E:)

So the only trouble is, after a reimage, there were always a few little things to be done to put things 100% back in working order. Settings like custom menus in apps, etc; the type of things that are stored in my C: drive user profile under Local Settings or Application Data. Inevitably, as I install more pgms or further tweak the ones I have, the number of little ToDo's after a reimage slowly increases. (I could, and have, made new Ghost images to include the new tweaks, but it gets tiresome)

I was thinking about redirecting my entire user profile folder to E:, so that reimaging C: would require less work. However, I don't want to do this if there is ANY chance a malware would infect/pollute my profile's files and folders. I don't want to invite problems onto my E: drive by way of my user profile folder. I want it to stay sparkling clean.

Do/can malwares infect user's profile files and folders? I want to make as sure as I can that my E: stays uninfected, and all infection would stay on C: and away from my cherished E: drive. ;)

Thank you.

Free/low-cost virus protection for Windows?

GilloD — Wed, 19 Aug 2009 22:58:59 -0800

I just got a raging beast of a new laptop. Runs Left 4 Dead like a dream. Problem: I've been in Mac-world for 7 years. Now that I'm back in Windows Land, I gotta be careful. What's the best free/low-cost/open-source spyware/malware/virus protection around? Running Vista Home Premium 64-bit. Suggestions?

Sneaky, nasty PC virius...SOS!

dawson — Mon, 01 Jun 2009 09:59:28 -0800

So for the first time in...well, ever. I let my pc get infected. The virus is calling itself 'Internet Antivirus Pro'....and this is how it happened... A facebook friend sent me and several others a video clip 'he found'.
This is NOT the friends fault, his account was hacked or whatever. He sent a warning out minuites later. Meanwhile, I was updating some programs. 'His' video said it needed a newer version of Adobe Flash to play...I blithely clicked on update. Nothing seemed to happen, so I went to the Adobe site and my PC was up to date.
Then I closed that window and saw a big malware warining page. It was too late. I had clicked on 'update Adobe' in the video screen. (this was all 'inside' facebook.)
So now this thing is taking over my computer, with bogus warnings (Internet Antivirus Pro has detected 37dangerous viruses, your computer is in immediate danger. Click here to unlock key!) and pop-unders and 'auto'-updates and crap. I tried to uninstall, and it did vanish from my programs, but OBVIOUSLY not from my machine.
What to do?
I have never, ever had this happen before, as usually I am obsessively ultra-cautios. But there it is.
Please, what are my options?
Dell inspiron 1720, Vista, Chrome...

How Do You Deal With An .SCR File That's A Likely Virus?

ProfLinusPauling — Sun, 24 May 2009 15:12:11 -0800

I downloaded a .scr file that was probably a virus. I was at least smart enough to trash the file instead of opening it, but is it likely that my computer is infected, anyway; that the file is executed merely by downloading it? (NOTE: This happened on a Macbook Pro.) Tragicomically Stupid Aspect, Offered For Your Amusement, You Helpful Ones:

I just got out of a bad relationship, and this .scr file was from a very dumb, desperate and ill-conceived foray into craigslist casual encounters.

back it up, back it up

gnutron — Wed, 20 May 2009 09:27:13 -0800

Can a virus on my desktop infect my external HD? Solutions needed for backing up data on a computer I'm about to nuke. Last nite a virus slipped past Avast! and infected my desktop computer. I'd like to backup a few more things before I nuke the box.

Is it safe to plug in my external HD and copy some specific files? I can't boot into safe mode (I get an "NTLDR is missing" message). I've already unplugged the computer from the network.

Most secure PDF viewer?

benzenedream — Wed, 01 Apr 2009 18:58:47 -0800

In light of the increasing number of PDF security exploits, what is the most secure PDF viewer for Windows? I would prefer a minimal viewer that will handle encrypted PDFs but doesn't have a javascript engine built in, nor any of the other multimedia junk that exists in Adobe products. I'm aware of Foxit and some of the open source offshoots from Ghostview. I know you can turn off Javascript execution via registry hacks but would prefer to minimize the attack space by not having features that are rarely used.

Eerie coincidence, or does bigfoot...er...OS X malware actually exist?

jferg — Tue, 31 Mar 2009 10:52:30 -0800

Fraudulent Skype transactions: eerie coincidence, malware, or something else? So, my mom had some real weirdness happen in the past couple of days with Skype and her credit card, and I'm wondering if there's some sort of new, bleeding-edge malware for OSX out there I'm not aware of, or if it's just a really crazy coincidence.

(Note: I'm an IT Security Guy, but mostly on the development and network side, so I'm not _as_ current on desktop security and I do almost nothing with Macs - but feel free to go technical on me.)

This is the timeline of the weirdness:
1. Last Thursday afternoon while visiting my mom, I downloaded Skype to her Mac (x86 iMac, OSX 10.5.4), and set her up with an account. The account didn't have the same username as any of her other online identities, but was tied to the gmail address she uses for most other stuff. Didn't give them any credit card info or anything else, because she's just going to be using it for Skype-to-Skype to talk to me. (And I don't have her credit card info anyway.). After testing it to make sure it works, we closed Skype and didn't touch it again before we left.

2. Saturday, shortly after we left, she gets a call from CitiBank saying her credit card has been used for 'high-risk' transactions, in the form of 3 charges from www.skype.com totalling $10. She calls me, I tell her what info I gave them, that her credit card info was not given to them, etc. She calls them back, tells them the transactions were fraudulent, and they cancel the card, refuse the charges, etc.

3. Sunday morning, she gets an e-mail to her gmail account from Skype telling her that the charges to [some other Skype username] were refused, etc.

So this means that within 48 hours of having downloaded and installed Skype on her computer, somebody else has used her credit card number and e-mail address to sign up for a Skype account. This is, in my mind, slightly beyond coincidental, but the only other thing I can come up with is that her machine is compromised, or her home network (cable modem, wireless, WPA2, average password quality, few neighbors) is comp'ed.

However, I also signed up for a Skype account from my machine on her network, as well as paid bills, logged into my online banking, etc, and my stuff (at last check) was fine, which suggests its not at the network level.

So...is anybody aware of Malware for OSX that's harvesting info for Skype fraud, or is this just a really bizarre coincidence? Or is there anything else you guys can think of that I'm missing? Does anyone have any suggestions (outside of the normal unixy methods of looking for running processes, open ports, etc) for detecting malware on here machine, if such a thing were out there? I don't have physical access to her machine now, as we've since driven back across 4 states to home, but can do a WebEx or VNC session with her if need be.

(Also, she's since had the card cancelled and is getting a new one issued, so that's a non-issue, but I want to make sure this doesn't happen again.)

While I appreciate the irony..

CRM114 — Thu, 26 Mar 2009 17:51:50 -0800

I've been attacked by some malware called "Spyware Protect 2009". Have you guys seen this before? Screenshot and symptoms inside - hoping someone can help me kill this thing. This is what it looks like in action.

Note than NONE of the balloons or popups you see are from any of the legitimate security software on my computer, they're all from the malware. The popups show up every minute or so, and there's even a system tray icon for this non-existent piece of software now.

It's also done something strange to Task Manager - the border around the center of the window is gone; I can't see or access the File menu, for example.

I'm running Spybot with the latest definitions, but that scan is going to take a while. Anybody got any experience dealing with this thing?

Who's posting links to malware/viruses from my facebook account? How do I make them/it stop?

unclezeb — Sun, 15 Mar 2009 10:37:11 -0800

Facebook-filter: Somehow two links have been posted to my facebook page, NOT by me, which directly people to a website to "Vote for my modeling pic please :) http://theimageparlour.com/images/?&uploaded=58291H560.jpg" or similar ... that pages contains malware or virus. How is this getting posted? How can I stop it? The first link was posted yesterday, I changed my password and limited some permissions (including "links" requiring that application to "Prompt me" before posting to my wall). It happened again today with a new link which stated:

Vote for my modeling pic please :) http://theimageparlour.com/images/?&uploaded=58291H560.jpg

Today I limited permissions on all my applications and deleted most of the non-standard applications (i.e., Causes, rate beer, etc) and limited the standard applications (Photos, events, links) to "Prompt me" before posting anything.

I get nothing when searching for the specific file name referenced in the link nor when searching for the website it's "uploaded" to ... though that site does seem to offer file uploads.

Any ideas what else I can/should do? Is this a more common scheme that occurs on facebook? Thanks social-networking-privacy-protecting-stranger-helping-mefites!

How do I get rid of malware?

tangyraspberry — Tue, 03 Mar 2009 19:23:40 -0800

How do you rid a web site of Malware? People trying to google my website, allanhardy.com, are getting a warning that the site "appears to contain malware." What do I do?

Blanking Applications

aspenbaloo — Thu, 05 Feb 2009 17:07:51 -0800

Basic applications on my computer seem to be temporarily "blanking out" on me. Especially noticeable when I'm typing. What might be causing it and how can I fix it? I'm typing along contentedly, I notice the windows border on the application dims, then re-brightens and I notice that the letters I typed while it was dim are missing. It usually lasts for less than a second, but with some applications it remains dim, the cursor disappears and I have to click on the page to begin typing again.

I recently had a spyware issue but I hope I cleared that up with Spybot and Hitman Pro.

Any ideas how to track this down - it's getting really annoying, but I'm more concerned that somethins f-ing with my computer in the background.

Did Google break today?

kellygreen — Sat, 31 Jan 2009 07:05:03 -0800

Did Google break today? Please reassure me that this is a mistake. Can you tell me why Google is blocking me from clicking through to virtually all websites (including MetaFilter)? Try to click through to a search result and you get this malware warning. Google has been employing this feature for a while, but only attaching it to a small number of sites. Now it's everywhere. Is this a mistake that will be fixed later today?

How vulnerable is the Internet to a cyber attack?

bystander — Fri, 23 Jan 2009 02:28:10 -0800

So how vulnerable is the Internet to some sneaky worm attack that targets Windows? It looks like organised crime is running increasingly sophisticated malware attacks to control large numbers of clients, if I were a bad person I could imagine a smart, quiet rootkit or similar that infected many, many machines then went live and could be very disruptive. Is it a reasonable worry, and how much trouble could it cause? I figure there would be Mac and Linux users still working, and many servers would be unaffected, but could such a nasty 'break' the Internet?
And figuring that the smart guys are probably already worrying about it, what are they doing to minimise the risk?

Help me load up an anti-malware tookit

tdismukes — Fri, 02 Jan 2009 12:13:21 -0800

I'm heading out tomorrow to work on my Mom's computer, which has been infected by Antivirus2009. Help me load up my flash drive with everything I need. Mom lives over 3 hours away and the infection on her computer (Windows XP) is keeping her from being able to download any anti-malware. Therefore I want to make sure I take everything I need with me.

I'll have a Windows disc in case I end up needing to completely re-install Windows, but I'd like to avoid having to do that if possible. What anti-malware tools can I take with me on a flash drive to give me the best chance of success?

Thanks in advance for any and all suggestions.

Cleaning an infected laptop

covert7 — Mon, 29 Dec 2008 09:05:40 -0800

How can I clean an infected laptop without booting to it's own drive? I'm working on a laptop (Win XP) that is fairly jacked up with some malware. I'm pretty certain I can clean it successfully without resorting to wiping the whole OS, but when I get into the drive (even safemode) it's almost totally unusable.

So now I'm trying to think of a way to just link the laptop drive to my main desktop so I can clean it from there. Any ideas?

I'm also looking into going with some type of live cd that I could boot to in order to try and clean it from there (like BartPE or miniPE). I've never used one of these before but I'm sure I can get into the drive. My question with live cd's is, will they include the tools I need to clean the infections off? Any folks have experience doing this sort of thing?

Thanks for any help you can provide!!

Webmail can get hosed too?

Iosephus — Mon, 18 Aug 2008 15:35:29 -0800

Is there a nastyware lurking in this computer? Strange Yahoo! Mail contact list kidnapping observed... A friend of mine suffered an odd incident on their Yahoo! Mail account, which they only use through their browser: a spam message from some consumer electronics company (that some googling reveals is a probable fraudster) was sent to all their contacts, and the contacts seem to have been deleted after that. They have changed the password and recovered the contact list, but since they are not really computer knowledgeable and I have no access to their machine (a typical Win XP system), not much else to be done there. Some more googling shows up another cases like theirs, but no identification of the nasty. Besides my willingness to help save their bacon, I'm curious about what kind of thing would this be and how it did its trick, able to sneak into a webmail access and spam around the contact list. I'm not linking to the fraudster so as not to give them traffic, but their site as mentioned also in the spam starts with an e, then a dash, then saloon dot com.

I hate you computer. No. Really.

santojulieta — Sat, 16 Aug 2008 12:56:15 -0800

Now I'm just mad. Before I drag my stupid, crap laptop over to the Geek Squad, help me figure out some solutions for what's like a malware/adware problem. Alright. Apparently, in the last two days, I've managed to contract some malware/adware baloney. (Five years with no viruses or adwares.... sigh...)

When I run internet explorer, my system resources are 100% used and the whole thing gets bogged down. Task Manager says there's a second instance of explorer running in the background. If I end the second instance, it just pops back up.

I've run Spybot S&D & Avast with no fix.

What else can I run to figure out what the hell is running on my computer. I'm hoping for free resources.

How do I work out if a website has given my computer a virus?

Jack Alucard — Mon, 04 Aug 2008 11:44:11 -0800

Has the Galbaldia Hotel infected my computer with malware? Hi,

I downloaded some music from a videogames music website called the Galbaldia Hotel. I lost the URL for the website so I just googled the website.

According to Google the website has a tendency to infect computers with malware. I was just wondering if there's a way to work out if the parts I visited have malware (all the pages for MP3s from the House of the Dead series)?

Warning from Google:
http://www.google.co.uk/interstitial?url=http://gh.ffshrine.org

XP Filter: I set up a non admin account for safer computing -- Am I safe enough now?

dancestoblue — Mon, 21 Jul 2008 09:06:12 -0800

I've read so much here lately 1 2 3 about not browsing as an admin, decided to check it out and yepper, I surely was using an admin account. I've set up a non admin account, made a few other changes (described inside), hoping to find out from The Hive Mind if I am now safe enough to breathe easy(er). Ya'll put the fear of computer death into me, I finally decided to check and yeah, I was doing it wrong wrong wrong. So I set about trying to get my mind (and puter) right in the eyes of The Hive Mind.

I set up an account without Admin rights, and will use this for most everything from now on.

I left both accounts without passwords because of reading this post -- is this a good plan, or is this guy off the wall?

I am using a fairly fresh XP install (maybe two months) and I'm pretty sure I'm still clean -- I've run Spybot and AdAware, updated as needed, maybe every couple weeks.

I'm using AVG Anti-Virus Free and update it as it says it's needed.

I'm using the ZoneAlarm free firewall -- I LOVE that it allows me to determine when software decides to 'call home' and I get to decide -- Apple is pretty determined with this, I've found, and so is Open Office, a few others.

I've got Windows Auto Update turned on but not to auto download and install -- I want it to prompt me and let me decide if and when.

I'm using MS Windows Defender and upgrading as it suggests.

I'm using Firefox 3 upgraded automatically any time they suggest, and running AdBlock Plus and NoScript, updated when suggested.

If any site gives me problems in Firefox, I first try Opera (updated as needed) and then IE7, last resort. I run IE Tab through Firefox rather than firing up IE7, and I only use it on sites that demand IE7 (NetFlix, Sprint, a couple of others) -- I'm hoping this helps me but I don't actually know if it adds safety or not. I update IE7 as Windows Update suggests, pretty sure I'm always current.

I'm using Foxit PDF rather than Adope bloatware.

"Aye" suggested Disabliing all AutoRun and AutoPlay options with TweakUI (a Microsoft PowerToy) is this needed/wanted?

What have I missed? Where have I gone overboard? I want safety but don't want to live locked down so hard I cannot move.

Thanx in advance.

Peace.

dancestoblue

Badware (or why I can't get to Gmail.)

Arquimedez Pozo — Sun, 20 Jul 2008 09:33:41 -0800

I have some sort of malware on my Dell that constantly redirects me away from where I desire to go. Specifically, it seems to prevent Gmail from working. Also prevents any major search site from loading. Always redirects to some idiotic ad site. Which means I can't even search Metafilter to find out if this has been asked before. Life without Google is hard!
I'm running an updated Firefox with windows XP. I have used: Hijackthis, Adaware, McAfee (worse than useless), Spyware Doctor, Ewido, Everything in the Best Buy toolkit
(kind of like hitman pro), and Sophos. I can detect and delete a gobbledigook DLL running as an .exe when I use Hijackthis, but it respawns when Firefox restarts. I'm not an idiot, but have only enough knowledge of the processes involved to be dangerous. It also seems to disable Windows Automatic Update service. I've done an end run around my inability to use Gmail by using thunderbird.

Any suggestions? If the only answers left are reformat, reformat and buy a new machine I can accept that.

FYI: I was running as an admin, a mistake not to be repeated, but something has disabled those privileges, and that something wasn't me.

And yes, my next computer will be a Mac.

Best free Windows malware removers?

i_am_joe's_spleen — Wed, 09 Jul 2008 15:15:22 -0800

What free Windows malware detectors/removers should I put on a CD or USB stick? I will shortly be visiting a relative with an XP machine which I have reason to believe may be less than sanitary. I have not been maintaining Windows boxes regularly for a couple of years, so I am not up with the play, but I have a modest level of cluefulness as a hardcore Unix person and ex-XP user.

If I were to offer to clean this machine up, what I should I use to do so? I was thinking of creating a disk of utilities for the purpose before I leave.

Thin Defence

Kronos_to_Earth — Fri, 04 Jul 2008 20:05:21 -0800

Is 'Trend Micro Antivirus plus AntiSpyware' and Spysweeper (along with the firewall) enough to keep a PC clean? I recently switched to Trend Micro; during the installation the program warned that I would have to uninstall Spybot and AdAware 2007 (free version). This leaves me with Spysweeper and whatever capability TM has in this respect. I'd like to have at least two antispyware utilities; is Trend Micro's antispyware facility as effective as either of the two that had to be removed? (The operating system is Windows XP, SP3)

Something is killing my FTP!

Guy_Inamonkeysuit — Tue, 20 May 2008 04:21:04 -0800

I have some malware on my machine -- yes, I know, stupid. Prolly got it from pr0n. I'm running Windows XP Home Edition Version 2002 on a Gateway laptop with a Pentium 4, 3.06GHz and 480 MB of RAM. I can connect to the nets, but I can't FTP into sites (I'm a freelance web designer) with either Dreamweaver or WS-FTP, my weapons of choice. I am having a hard time getting rid of the damn malware, because when I scan my system with Spybot Search and Destroy or Bit Defender my machine shuts itself off! This seems to happen when (I think) the scanning process hits one or another of the nasties. The nasties are:
Trojan.DNSChanger.RU
Trojan.Downloader.Zlob.ABLE
Trojan.Downloader.Zlob.ABLF
Exploit.Java.Gimsh.B
Java.Trojan.Exploit.Bytverify.I
Trojan.Java.ClassLoader.D
Trojan.Java.Binny.A
Trojan.Classloader.G

Can these things futz my ability to FTP? What's my best course of action to get it back? I have work waiting to be done. I'm kicking myself in the ass, so you needn't waste time on that.

Buggy USB Drive?

Kronos_to_Earth — Thu, 01 May 2008 23:26:09 -0800

Can simply connecting an infected jump drive release bugs onto a computer? I had to connect a thumb drive (I needed to use a password manager on it: PC-Mac Password Vault2go. It runs completely off the jump drive; it doesn't need the Windows registry.) to a computer (Windows) not my own. From a security standpoint, I now have to assume the drive is unsafe. Is it OK to connect it to my own computer to scan it? I don't think it's likely I'd have to bring it to a shop or something, but I've had to re-install Windows before, and it's not fun. (P.S. This was at work, not some keylogger-infested cafe.)

Seeking advice on anti-virus and other security software

danwalker — Wed, 12 Mar 2008 13:20:10 -0800

What software (or combination of software) are you using to keep your computer internet-secure these days? I work for a not-for-profit org and am finding myself increasingly responsible for its IT needs. We're about twenty people in an office, with another six or seven halfway across the country, and perhaps another half-dozen roaming the landscape as remote employees. A mix of fairly barebones Dell laptops and desktops, all running some flavour of Windows XP. Most users use 'limited' accounts, but some are admin where necessary. Everyone has MS Office and Outlook for everyday tasks, there's a lot of browsing with IE or Firefox, and not much else goes on.

Our IT intelligence isn't that hot, so we have a mishmash of various anti-virus scanners and other such software on the machines. It's mostly Avast, which scares our less-savvy users with its sirens and voices shouting out when it's done something. (I can give these users a hug and discreetly change their notification settings while they get over it, but the exercise is getting kind of annoying.)

Anyway, being a fan of Spybot S&D myself, but with very little specific anti-virus software knowledge, I'm looking for some feedback on options available out there today. What would you recommend? Is S&D ok to run alongside other AV software, or do the two clash?

(Free is better for a not-for-profit, of course, though commercial software will be considered. And the main goal here is to keep each individual machine secure - outfitting our overall network with more security and assessing the ways we communicate with remote users will be the subject of a future AskMeFi post, I'm sure.)