Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

ForumsDesktop computingIs Trade Me spreading virus again? (updated: metservice)
View this topic in a long page with up to 500 replies per page Create new topic
Prev1 | 2 | 3 | 4 | 5 | 6 | 7 | 8Next


19 posts

Geek

Trusted
  Reply # 508691 18-Aug-2011 18:47 Send private message

After removing personal shield pro, I'm still having this virus of hijacking google search urls.  I tried full scan of malwarebytes again in the windows safe mode option, nothing's detected.  I searched google in this safe mode, the URLs are still hijacked.  Looks like this malware runs in safe mode too.

Any suggestions?

1309 posts

Uber Geek

Trusted
  Reply # 508708 18-Aug-2011 19:07 Send private message

graciem: After removing personal shield pro, I'm still having this virus of hijacking google search urls.  I tried full scan of malwarebytes again in the windows safe mode option, nothing's detected.  I searched google in this safe mode, the URLs are still hijacked.  Looks like this malware runs in safe mode too.

Any suggestions?


You may also have TDSS, Try TDSSKiller from Kaspersky to see if you have it.

http://support.kaspersky.com/viruses/solutions?qid=208280684




Check out my Mobile Cell Site Google Maps KML Files in my blog.
Now using Google Fusion Tables or Address Lookup or GPS using Smartphone
I update it on a monthly basis automatically from RSM.



19 posts

Geek

Trusted
  Reply # 508712 18-Aug-2011 19:16 Send private message

BarTender:

You may also have TDSS, Try TDSSKiller from Kaspersky to see if you have it.

http://support.kaspersky.com/viruses/solutions?qid=208280684




nothing's found :(



19 posts

Geek

Trusted
Reply # 508725 18-Aug-2011 20:13 Send private message

fixed... i think :)

downloaded the trial version of the 2012 Kaspersky (http://www.kaspersky.com/internet-security-2012?icid=bnnr_mhp_kis_area) in safe mode.  when i tried to install it, it's trying to stop me from installing saying something about admin setting is not allowing this, which is what I've been getting from installing other anti virus software.  thought that was it, then there was the popup from Kaspersky saying there may be virus that's stopping me from installing and I need to install a special virus removal software.  I Ok'd that and it started downloading the next program.  when trying to run it, I get the popup asking me to block it.  I just keep unblocking to let the program to install.  After it's done trying to scan, looks like nothing's happening and a small popup from Kaspersky saying you need to run full windows.  I did that but couldn't find where to run it.  Went back to safe mode and tried again, ignore the warning and just waited a bit longer.  it detected 1 file.  and now seems working fine, yipee!

ps. above is for removing the google url hijacking virus.

700 posts

Ultimate Geek

Trusted
Vodafone NZ
Subscriber
  Reply # 508726 18-Aug-2011 20:14 Send private message

Hmmm.... with Mr Mauricio's article on maliciousness, I thought I'd give Malwarebytes a go.

But I also have Microsoft Security Essentials running on the machine. Malware is going through first scan - and just look at what cropped up and got stomped on:

Exploit

Now I'm worried....




________
AK

Works for Vodafone

74 posts

Master Geek
  Reply # 508917 19-Aug-2011 11:34 Send private message

I work at a PC repair shop so seeing lots of these infections, had about a dozen customer's turn up with the problem yesterday. A couple of them have been Vista machines, so its not limited to XP. No Windows 7 machines yet. It looks like the malware was stopping the Vista PC getting into safe mode, it would just shut it down after Windows booted, but normal mode was working fine (apart fro being infected with the malware). The PC had Avast installed, and after an update and a reboot it was able to take care of it.

29k

5 posts

Wannabe Geek
  Reply # 508945 19-Aug-2011 12:27 Send private message

TangoNZ: I work at a PC repair shop so seeing lots of these infections, had about a dozen customer's turn up with the problem yesterday. A couple of them have been Vista machines, so its not limited to XP. No Windows 7 machines yet. It looks like the malware was stopping the Vista PC getting into safe mode, it would just shut it down after Windows booted, but normal mode was working fine (apart fro being infected with the malware). The PC had Avast installed, and after an update and a reboot it was able to take care of it.


It was stopping Vista going in Safe Mode? I'm glad you said that, because I got it on a Vista machine and couldn't get into Safe Mode and blamed it on my machine being old/dodgy/dying. One less thing I have to worry about.

74 posts

Master Geek
  Reply # 508962 19-Aug-2011 12:59 Send private message

Actually its still not getting into safe mode after removal of that malware, so can't confirm if that was the cause or not.

Ironically one of the first things that popped up after booting for the first time with a clean system was the Java update window. Its such a stupid process that its no wonder so many people don't have the updates and have been infected. You have to click the update window, and then accept a UAC prompt, and THEN you need to click the Java update popup again to install the update...no average user is going to do that, leaving them vulnerable. Best solution as Mauricio says is just to get rid of Java...

BDFL
43817 posts

Uber Geek

Administrator
Trusted
Geekzone
Subscriber
  Reply # 509016 19-Aug-2011 14:28 Send private message

For those interested to know how it was accomplished, this seems to be a good read: http://joeloughton.com/blog/security/metservice-hacked-how-it-happened/






Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blogtechnology disclosure, my tweets, Web Performance Optimization

Geekzone Price comparison | Amazon Kindle order page | How to get the best out of Geekzone | New Zealand IT Jobs | Geekzone News | Jinglebugs 

700 posts

Ultimate Geek

Trusted
Vodafone NZ
Subscriber
  Reply # 509033 19-Aug-2011 14:55 Send private message

TangoNZ: I work at a PC repair shop so seeing lots of these infections, had about a dozen customer's turn up with the problem yesterday. A couple of them have been Vista machines, so its not limited to XP. No Windows 7 machines yet. It looks like the malware was stopping the Vista PC getting into safe mode, it would just shut it down after Windows booted, but normal mode was working fine (apart fro being infected with the malware). The PC had Avast installed, and after an update and a reboot it was able to take care of it.


Hmmm, hope it's gone then and isn't tricking the security software.




________
AK

Works for Vodafone

74 posts

Master Geek
  Reply # 509040 19-Aug-2011 15:11 Send private message

Nope, its gone, I wouldn't just rely on Avast :-)

2155 posts

Uber Geek
  Reply # 509043 19-Aug-2011 15:13 Send private message

After cleaning this off, make sure you install Secunia PSI and have your users run the updates!
http://secunia.com/vulnerability_scanning/personal/

6895 posts

Uber Geek

Trusted
Subscriber
  Reply # 509046 19-Aug-2011 15:16 Send private message

One thing I noticed is that by default if java is installed then IE and Firefox will run the java. Chrome seems to have a more sensible default prompting you to allow java on this site etc.

13 posts

Geek
  Reply # 509048 19-Aug-2011 15:18 Send private message

kyhwana2: After cleaning this off, make sure you install Secunia PSI and have your users run the updates!
http://secunia.com/vulnerability_scanning/personal/

This is fantastic advice. It's especially good for bringing a neglected machine up to speed. It checks your Flash/Shockwave/Java, and almost every application you can think of - Acrobat, Firefox...I think mine even detected an update for Notepad++

275 posts

Ultimate Geek
  Reply # 509610 21-Aug-2011 14:39 Send private message

we got this on our windows xp desktop. From firefox, with a few old java plugins installed. I think java was latest version.

Also got the google redirect malware, nothing detected it, combofix from bleepingcomputer finally removed it.




HTPC: Antec Fusion 430, GA-MA78GPM-UD2H F7, X2 4850e, Sapphire 4670 1GB, Corsair 2x1Gb,  WD10EARS Green, LG GGC-H20L Blu-ray, Hauppauge NOVA TD-500, Logitech z-5500, Logitech Harmony 525, Samsung LA40B530 1080p, Vista Premium-32 SP2, Catalyst 10.12(Facelift preview), Mediaportal 1.2.2+OneButtonMusic, AC3Filter, Powercinema 6, WinDVD 11 Pro

Prev1 | 2 | 3 | 4 | 5 | 6 | 7 | 8Next
View this topic in a long page with up to 500 replies per page Create new topic
Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
Geeksphere TV: Episode 19.1
Posted 25-May-2013 18:19

Amazon brings Kindle Fire to 170 countries, expand app store to more than 200 countries
Posted 24-May-2013 14:41

Gen-i and SAP partner in mobile business
Posted 23-May-2013 09:23

Ericsson to close down telecom cable manufacturing
Posted 23-May-2013 08:46

FaceToFace Communications and StarLeaf bring unique cloud-based videoconferencing to Australia and New Zealand
Posted 22-May-2013 09:12

IBM Watson finds a new job: customer services
Posted 22-May-2013 08:37


Trending now »
Hot discussions in our forums right now:

Fecked up religious people strike again :-(
Created by Mark, last reply by freitasm on 25-May-2013 08:44 (85 replies)
Pages... 4 5 6

Cannabis is illegal yet we have really strong 'legal highs' ?
Created by qwerty7, last reply by freitasm on 23-May-2013 23:20 (74 replies)
Pages... 3 4 5

A new project coming to Geekzone
Created by freitasm, last reply by l43a2 on 24-May-2013 23:02 (342 replies)
Pages... 21 22 23

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by Finch on 26-May-2013 21:37 (1579 replies)
Pages... 104 105 106

Xbox One
Created by DjShadow, last reply by Zweifler on 26-May-2013 19:26 (80 replies)
Pages... 4 5 6

Monolithic Cement Sheet cladding mid 80s house - "leaky home" or not?
Created by joker97, last reply by mattwnz on 24-May-2013 23:46 (15 replies)

Entire house HTPC concept
Created by InfiniteLoop, last reply by darthmeow on 24-May-2013 12:19 (26 replies)
Pages... 2

Win 8 - Copy files - keep existing
Created by TwoSeven, last reply by xpd on 26-May-2013 20:40 (12 replies)


Geekzone Jobs »
Most recent NZ jobs in technology:

Systems Consultant Project Manager
Posted 26-May-2013 14:28

Reporting & Payroll Manager
Posted 26-May-2013 13:28

Developer of interactive experiences
Posted 25-May-2013 21:28

Ambitious Project Coordinator
Posted 25-May-2013 19:28

Ambitious Project Coordinator
Posted 25-May-2013 19:28

Exceptional Senior Project Manager
Posted 25-May-2013 19:28

Multitalented Business Analyst
Posted 25-May-2013 18:28


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.