http://ask.metafilter.com/tags/virii Questions tagged with 'virii' at Ask MetaFilter. Sun, 11 Jan 2009 23:08:11 -0800 Sun, 11 Jan 2009 23:08:11 -0800 en-us http://blogs.law.harvard.edu/tech/rss 60 http://ask.metafilter.com/111420/Someone%2Dis%2Dspamming%2Dfrom%2Dmy%2Dgmail%2Daccount Has my gmail account really been compromised? Someone, or something seems to have spammed my entire contacts list, from within my gmail account, despite my having a strong password. (Same problem described by this <a href="http://groups.google.com/group/google-de-google-forum/browse_thread/thread/d22caa328f894786/67b5c72ba16bdf62#67b5c72ba16bdf62">german gmail user</a>).<br> <br> Has someone really stolen or guessed my password, and do I need to take anti-virus precautions beside changing my password? I am running OS X 10.4.11.<br> <br> The previous activity on my gmail account suggests someone was using it elsewhere at the time the emails went out, in a GMT+8 timezone:<br> <br> Browser 115.49.96.23 5:28 am (1 hour ago)<br> <br> The text of the email and the header (minus 500 email addresses) are below:<br> <br> --- <br> Dear, <br> Good day!!! <br> I would like to introduce a very good company, electronic products <br> Wholesale dealer. <br> I have bought some products from company,the price was very cheap, <br> and the products are very good quality! <br> Just have a look at this web page : http://www.hpp[redacted].com/ <br> I am sure you will could save a lot of money! <br> Happy new year!!!!! <br> Best regards!!! <br> introduction give you of friend!!! <br> --- <br> <br> This is the header:<br> <br> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;<br> d=gmail.com; s=gamma;<br> h=domainkey-signature:received:received:message-id:date:from:to<br> :subject:mime-version:content-type;<br> bh=K6tVhE5iH9jG8/7W3sL3UlYq6awTl26w2OX6rEz6znw=;<br> b=aEmoNLBhwOJd78gsKoXBSfQU7ZrUJ5yW9TwQe4BS9Z95uMciQgV0xulNnSwsF78wrz<br> K5BSCZPAJSWwTatBtW+N3lrFHYGRYnJxBXIY2n27cuFJf+C4pZk51F7oJwQUqQDwFzHT<br> uZqHFcLFBsyEYbK9C3ovp4b/IPtr8ra+Qq618=<br> DomainKey-Signature: a=rsa-sha1; c=nofws;<br> d=gmail.com; s=gamma;<br> h=message-id:date:from:to:subject:mime-version:content-type;<br> b=qtqP0ZUW3LzE837BnVjmCGEIxXrpddkhrjWNDruuZm4M372ePF8bBfUUq+/qvzKgdQ<br> xvqRgGgOLp9VAxhgPbhVNnAAA/thhEqJtw09/A61L0gREHySwCvINze1Yfi7sY6DEZKM<br> ewL1U02Pwa/pHMmAUIpFgrJMxEiKi2PrjIa4o=<br> Received: by 10.215.100.13 with SMTP id c13mr4320711qam.377.1231738078819;<br> Sun, 11 Jan 2009 21:27:58 -0800 (PST)<br> Received: by 10.214.43.15 with HTTP; Sun, 11 Jan 2009 21:27:58 -0800 (PST)<br> Message-ID: <a0><br> Date: Mon, 12 Jan 2009 13:27:58 +0800<br> </a0> tag:ask.metafilter.com,2009:site.111420 Sun, 11 Jan 2009 23:08:11 -0800 email gmail password spam trojan virii roofus http://ask.metafilter.com/56556/Adware%2Deverywhere Please help me get rid of this spyware infection before I just give up and re-install Windows. My PC is infected with what seems like at least 2 or 3 different varieties of spyware/adware/malware. This started happening a day or two ago after someone else in the house fell for a MySpace bulletin posted under someone else's phished/hacked account. I hardly ever actually use my PC so I didn't notice until this morning. <br> <br> I've got a small blinking icon in my taskbar that alternates between an X in a circle and then a question mark. It pops up little messages about "Critical System Errors!". From what I understand, this is a malware program named VirusBurst. <br> <br> The most noticeable problem though is whatever that's installed on here and is opening Firefox windows to various ads and webpages. It happens in bursts, up to 4 or 5 popups at a time, and seems to happen randomly. While typing this, it's only happened once, but in the time it took to get over to AskMefi it happened 2 or 3 times.<br> <br> The worst part of all of this is that there seems to be yet another malware program that closes Lavasofts Ad-Aware or SpyBoy S&amp;D before they even start. It will also close any browser window that I use to try to search for Ad-Aware or any other spyware removal tools. This is supposed to be something called CoolWebSearch, but every tool I try which is supposed to remove CoolWebSearch claims that it can't find it on my system.<br> <br> So what can I do, other than giving up and reinstalling Windows (along with all the software and games that are currently installed)? I can post a HijackThis log if anyone asks for it. tag:ask.metafilter.com,2007:site.56556 Wed, 07 Feb 2007 13:53:51 -0800 adware HELP malware spyware virii virus Venadium http://ask.metafilter.com/18794/Aurora%2Dnot%2Dthe%2Dpretty%2Dlights%2Din%2Dthe%2Dsky Two friends have been infected with the evil Aurora pop-up thing, and I've spent hours thinking about how to kill it. I've installed Avast on their systems and no dice yet. Is there an app that will destroy it, or is the fix deep DIY registry surgery? Thanks! tag:ask.metafilter.com,2005:site.18794 Mon, 16 May 2005 20:27:03 -0800 aurora evil popup virii virus worms moonbird http://ask.metafilter.com/8796/How%2Ddo%2DI%2Dtell%2Dwhat%2Dprogram%2Dinserted%2Da%2Dregistry%2Dentry PCFilter : Is there any way to tell what program inserted something into the registry?<br> <small>I've been attacked by four seperate virii that sophos claims don't exist in the wild. One of them (netclnc.exe) keeps reappearing in my registry and the system32, and I want to know what's putting it there so I can kill it. Ideas?</small> tag:ask.metafilter.com,2004:site.8796 Sun, 18 Jul 2004 07:05:52 -0800 microsoft registry registrycleaner system32 trojans virii virus viruses windows windowsregistry windowsxp twine42