Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingIs Trade Me spreading virus again? (updated: metservice)
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | ... | 8
freitasm
BDFL - Memuneh
80658 posts

Uber Geek
+1 received by user: 41072

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #506419 14-Aug-2011 20:00
Send private message

And you checked the hosts files (run notepad \windows\system32\drivers\etc\hosts) to see if there's anything left over from the infection?





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 



graciem

32 posts

Geek

Trusted

  #506424 14-Aug-2011 20:05
Send private message

freitasm: And you checked the hosts files (run notepad \windows\system32\drivers\etc\hosts) to see if there's anything left over from the infection?



no .txt files in there.  There are: hosts, Imhosts.sam, networks, protocal, services.

now googling google URL hijacking.  luckily i got this good laptop to use.

cisconz
cisconz
1348 posts

Uber Geek
+1 received by user: 179

ID Verified
Trusted
Lifetime subscriber

  #506429 14-Aug-2011 20:09
Send private message

graciem:
freitasm: And you checked the hosts files (run notepad \windows\system32\drivers\etc\hosts) to see if there's anything left over from the infection?

no .txt files in there.  There are: hosts, Imhosts.sam, networks, protocal, services.
now googling google URL hijacking.  luckily i got this good laptop to use.

Yes open the "hosts" file in notepad.




Hmmmm



graciem

32 posts

Geek

Trusted

  #506433 14-Aug-2011 20:13
Send private message

cisconz:
Yes open the "hosts" file in notepad.


oh i see.  there's:
127.0.0.1   localhost

Ragnor
8279 posts

Uber Geek
+1 received by user: 585

Trusted

  #506468 14-Aug-2011 21:19
Send private message

graciem:
cisconz:
Yes open the "hosts" file in notepad.


oh i see.  there's:
127.0.0.1   localhost


That's normal.

What OS, browser and browser version are on this laptop? 

Most browsers have an option to startup with addons/extensions disabled., try that. 

Shoes2468
794 posts

Ultimate Geek
+1 received by user: 79


  #506476 14-Aug-2011 21:40
Send private message

One of my family members also called me up about a virus they recently got,  they swore all they were doing was surfing trademe and such, I didn't really believe them but this makes me wonder, they have an older windows xp machine. Interesting.

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
BarTender
3629 posts

Uber Geek
+1 received by user: 2572

ID Verified
Trusted
Lifetime subscriber

  #506495 14-Aug-2011 22:23
Send private message

My wife somehow managed to get a variant of TDSS on her laptop.  The only way we noticed was random sound kept only playing when we weren't doing anything.  Symantec didn't pick it up, neither did AVG, it was only Mcafee did, but couldn't remove it.  Windows Personal Firewall did nothing too.  TDSSKiller from kaspersky was the only thing that cleaned it.

Doesn't surf anything weird basically tm/stuff/facebook etc.  It could have been my daughter accidentally clicking on something, but she is only 6 so not exactly a dodgy site.

TDSS was one nasty piece of malware and I found it very had to remove.  A bit of googling picked up these interesting site about it.

http://www.securelist.com/en/analysis/204792131/TDSS

http://support.kaspersky.com/viruses/solutions?qid=208280684

Nasty stuff....

My bet is it was delivered via an add.

sbiddle
30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #507564 16-Aug-2011 21:12
Send private message

I've just picked this up this evening as well on one of my older machines running server 2003 with IE8 and up to date MS security essentials. It's definately come from a legit site, presumably from an ad.

29k

29k
8 posts

Wannabe Geek


  #507608 16-Aug-2011 22:15
Send private message

I'm in the process of finally removing 'Personal Shield Pro' from my PC right now (Vista). I've been on things like Stuff, FB, Twitter and Metservice all day, so I've picked it up from a legit site somewhere. I did notice loading issues with Metservice tonight and then once it did load suddenly I had issues...but as I had other sites open too, no way of proving it.

wallross
44 posts

Geek
+1 received by user: 4

Trusted

  #507731 17-Aug-2011 10:00
Send private message

My work PC Antivirus alerted a virus yesterday afternoon whilst browsing the MetService site around 4pm yesterday.  I would highly suspect it was Ad related as others have mentioned.  McAfee stated it was some kind of Trojan (can't find the full details in the quarantine logs). 

I have droped some of the guys there a line to get them to check it out from their end.

freitasm
BDFL - Memuneh
80658 posts

Uber Geek
+1 received by user: 41072

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #507775 17-Aug-2011 10:47
Send private message

It was the metservice website: http://twitter.com/#!/MetService/statuses/103597899644026880





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

 
 
 
 

Shop now on AliExpress (affiliate link).
graciem

32 posts

Geek

Trusted

  #507782 17-Aug-2011 10:53
Send private message

freitasm: It was the metservice website: http://twitter.com/#!/MetService/statuses/103597899644026880



legend!  I hope they have a cure for me, my old laptop is still infected with the google url hijacking :(

Ragnor
8279 posts

Uber Geek
+1 received by user: 585

Trusted

  #507790 17-Aug-2011 11:05
Send private message

graciem:
freitasm: It was the metservice website: http://twitter.com/#!/MetService/statuses/103597899644026880



legend!  I hope they have a cure for me, my old laptop is still infected with the google url hijacking :(



Have you tried closing all programs and running a scan with malwarebytes?

Also start your web browser in it's safe mode with addon's disabled if the hijack is being done by browser addon, or use a different browser (Firefox, Google Chrome) until you can fix IE (presuming you are using IE).

Ragnor
8279 posts

Uber Geek
+1 received by user: 585

Trusted

  #507792 17-Aug-2011 11:08
Send private message

freitasm: It was the metservice website: http://twitter.com/#!/MetService/statuses/103597899644026880




Anyone know the specifics of how the infection worked and what it infected, seems to be another IE only exploit on unpatched Windows XP and 2003...

cyril7
9075 posts

Uber Geek
+1 received by user: 2499

ID Verified
Trusted
Subscriber

  #507796 17-Aug-2011 11:11
Send private message

Hi, we have no twitter access here at work, could someone kindly post the guts of the Metservice notice, I see they have plucked their syndicated ad roll.

Cyril

1 | 2 | 3 | 4 | 5 | 6 | 7 | ... | 8
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright