Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

ForumsDesktop computingIs Trade Me spreading virus again? (updated: metservice)
View this topic in a long page with up to 500 replies per page Create new topic
Prev1 | 2 | 3 | 4 | 5 | 6 | 7 | 8Next
BDFL
43727 posts

Uber Geek

Administrator
Trusted
Geekzone
Subscriber
  Reply # 506419 14-Aug-2011 20:00 Send private message

And you checked the hosts files (run notepad \windows\system32\drivers\etc\hosts) to see if there's anything left over from the infection?






Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blogtechnology disclosure, my tweets, Web Performance Optimization

Geekzone Price comparison | Amazon Kindle order page | How to get the best out of Geekzone | New Zealand IT Jobs | Geekzone News | Jinglebugs 



19 posts

Geek

Trusted
  Reply # 506424 14-Aug-2011 20:05 Send private message

freitasm: And you checked the hosts files (run notepad \windows\system32\drivers\etc\hosts) to see if there's anything left over from the infection?



no .txt files in there.  There are: hosts, Imhosts.sam, networks, protocal, services.

now googling google URL hijacking.  luckily i got this good laptop to use.

829 posts

Ultimate Geek

Trusted
Subscriber
  Reply # 506429 14-Aug-2011 20:09 Send private message

graciem:
freitasm: And you checked the hosts files (run notepad \windows\system32\drivers\etc\hosts) to see if there's anything left over from the infection?

no .txt files in there.  There are: hosts, Imhosts.sam, networks, protocal, services.
now googling google URL hijacking.  luckily i got this good laptop to use.

Yes open the "hosts" file in notepad.




Hmmmm



19 posts

Geek

Trusted
  Reply # 506433 14-Aug-2011 20:13 Send private message

cisconz:
Yes open the "hosts" file in notepad.


oh i see.  there's:
127.0.0.1   localhost

6894 posts

Uber Geek

Trusted
Subscriber
  Reply # 506468 14-Aug-2011 21:19 Send private message

graciem:
cisconz:
Yes open the "hosts" file in notepad.


oh i see.  there's:
127.0.0.1   localhost


That's normal.

What OS, browser and browser version are on this laptop? 

Most browsers have an option to startup with addons/extensions disabled., try that. 

266 posts

Ultimate Geek
  Reply # 506476 14-Aug-2011 21:40 Send private message

One of my family members also called me up about a virus they recently got,  they swore all they were doing was surfing trademe and such, I didn't really believe them but this makes me wonder, they have an older windows xp machine. Interesting.

1309 posts

Uber Geek

Trusted
  Reply # 506495 14-Aug-2011 22:23 Send private message

My wife somehow managed to get a variant of TDSS on her laptop.  The only way we noticed was random sound kept only playing when we weren't doing anything.  Symantec didn't pick it up, neither did AVG, it was only Mcafee did, but couldn't remove it.  Windows Personal Firewall did nothing too.  TDSSKiller from kaspersky was the only thing that cleaned it.

Doesn't surf anything weird basically tm/stuff/facebook etc.  It could have been my daughter accidentally clicking on something, but she is only 6 so not exactly a dodgy site.

TDSS was one nasty piece of malware and I found it very had to remove.  A bit of googling picked up these interesting site about it.

http://www.securelist.com/en/analysis/204792131/TDSS

http://support.kaspersky.com/viruses/solutions?qid=208280684

Nasty stuff....

My bet is it was delivered via an add.




Check out my Mobile Cell Site Google Maps KML Files in my blog.
Now using Google Fusion Tables or Address Lookup or GPS using Smartphone
I update it on a monthly basis automatically from RSM.

16712 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 507564 16-Aug-2011 21:12 Send private message

I've just picked this up this evening as well on one of my older machines running server 2003 with IE8 and up to date MS security essentials. It's definately come from a legit site, presumably from an ad.




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

29k

5 posts

Wannabe Geek
  Reply # 507608 16-Aug-2011 22:15 Send private message

I'm in the process of finally removing 'Personal Shield Pro' from my PC right now (Vista). I've been on things like Stuff, FB, Twitter and Metservice all day, so I've picked it up from a legit site somewhere. I did notice loading issues with Metservice tonight and then once it did load suddenly I had issues...but as I had other sites open too, no way of proving it.

32 posts

Geek
  Reply # 507731 17-Aug-2011 10:00 Send private message

My work PC Antivirus alerted a virus yesterday afternoon whilst browsing the MetService site around 4pm yesterday.  I would highly suspect it was Ad related as others have mentioned.  McAfee stated it was some kind of Trojan (can't find the full details in the quarantine logs). 

I have droped some of the guys there a line to get them to check it out from their end.

BDFL
43727 posts

Uber Geek

Administrator
Trusted
Geekzone
Subscriber
  Reply # 507775 17-Aug-2011 10:47 Send private message

It was the metservice website: http://twitter.com/#!/MetService/statuses/103597899644026880






Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blogtechnology disclosure, my tweets, Web Performance Optimization

Geekzone Price comparison | Amazon Kindle order page | How to get the best out of Geekzone | New Zealand IT Jobs | Geekzone News | Jinglebugs 



19 posts

Geek

Trusted
  Reply # 507782 17-Aug-2011 10:53 Send private message

freitasm: It was the metservice website: http://twitter.com/#!/MetService/statuses/103597899644026880



legend!  I hope they have a cure for me, my old laptop is still infected with the google url hijacking :(

6894 posts

Uber Geek

Trusted
Subscriber
  Reply # 507790 17-Aug-2011 11:05 Send private message

graciem:
freitasm: It was the metservice website: http://twitter.com/#!/MetService/statuses/103597899644026880



legend!  I hope they have a cure for me, my old laptop is still infected with the google url hijacking :(



Have you tried closing all programs and running a scan with malwarebytes?

Also start your web browser in it's safe mode with addon's disabled if the hijack is being done by browser addon, or use a different browser (Firefox, Google Chrome) until you can fix IE (presuming you are using IE).

6894 posts

Uber Geek

Trusted
Subscriber
  Reply # 507792 17-Aug-2011 11:08 Send private message

freitasm: It was the metservice website: http://twitter.com/#!/MetService/statuses/103597899644026880




Anyone know the specifics of how the infection worked and what it infected, seems to be another IE only exploit on unpatched Windows XP and 2003...

5674 posts

Uber Geek

Trusted
Subscriber
  Reply # 507796 17-Aug-2011 11:11 Send private message

Hi, we have no twitter access here at work, could someone kindly post the guts of the Metservice notice, I see they have plucked their syndicated ad roll.

Cyril

Prev1 | 2 | 3 | 4 | 5 | 6 | 7 | 8Next
View this topic in a long page with up to 500 replies per page Create new topic
Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
FaceToFace Communications and StarLeaf bring unique cloud-based videoconferencing to Australia and New Zealand
Posted 22-May-2013 09:12

IBM Watson finds a new job: customer services
Posted 22-May-2013 08:37

Microsoft unveils Xbox One
Posted 22-May-2013 08:11

InternetNZ and AUT University form strategic partnership
Posted 21-May-2013 09:29

Microsoft expands Windows Azure with Australian region
Posted 21-May-2013 09:11

Yahoo! to Acquire Tumblr
Posted 21-May-2013 08:18


Trending now »
Hot discussions in our forums right now:

Xbox One
Created by DjShadow, last reply by merve0o0 on 22-May-2013 18:27 (37 replies)
Pages... 2 3

Cannabis is illegal yet we have really strong 'legal highs' ?
Created by qwerty7, last reply by P1n3apqlExpr3ss on 22-May-2013 21:44 (59 replies)
Pages... 2 3 4

A new project coming to Geekzone
Created by freitasm, last reply by networkn on 22-May-2013 23:26 (246 replies)
Pages... 15 16 17

Changeover issue: dial up
Created by Zigg, last reply by robjg63 on 21-May-2013 22:02 (17 replies)
Pages... 2

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by psychrn on 22-May-2013 23:46 (1532 replies)
Pages... 101 102 103

"igov" online passport renewals
Created by Linuxluver, last reply by profrink on 22-May-2013 22:22 (29 replies)
Pages... 2

Orcon, Is this for real or a scam??
Created by old3eyes, last reply by DarthKermit on 22-May-2013 19:12 (29 replies)
Pages... 2

Vodafone Naked Broadband Speeds (Auckland CBD)
Created by wscalioni, last reply by grkiwi on 20-May-2013 21:13 (14 replies)


Geekzone Jobs »
Most recent NZ jobs in technology:

Intermediate Project Manager
Posted 22-May-2013 22:27

Project Manager - Data Centre
Posted 22-May-2013 22:27

Senior Embedded Software Engineer
Posted 22-May-2013 22:27

Senior Business Analyst
Posted 22-May-2013 22:27

Systems Support Administrator
Posted 22-May-2013 19:27

Senior Technical Business Analyst
Posted 22-May-2013 19:27

Network Reporting Engineer
Posted 22-May-2013 19:27


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.