Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingIs Trade Me spreading virus again? (updated: metservice)
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
graciem

32 posts

Geek

Trusted

  #508691 18-Aug-2011 18:47
Send private message

After removing personal shield pro, I'm still having this virus of hijacking google search urls.  I tried full scan of malwarebytes again in the windows safe mode option, nothing's detected.  I searched google in this safe mode, the URLs are still hijacked.  Looks like this malware runs in safe mode too.

Any suggestions?



BarTender
3606 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #508708 18-Aug-2011 19:07
Send private message

graciem: After removing personal shield pro, I'm still having this virus of hijacking google search urls.  I tried full scan of malwarebytes again in the windows safe mode option, nothing's detected.  I searched google in this safe mode, the URLs are still hijacked.  Looks like this malware runs in safe mode too.

Any suggestions?


You may also have TDSS, Try TDSSKiller from Kaspersky to see if you have it.

http://support.kaspersky.com/viruses/solutions?qid=208280684

graciem

32 posts

Geek

Trusted

  #508712 18-Aug-2011 19:16
Send private message

BarTender:

You may also have TDSS, Try TDSSKiller from Kaspersky to see if you have it.

http://support.kaspersky.com/viruses/solutions?qid=208280684




nothing's found :(



graciem

32 posts

Geek

Trusted

#508725 18-Aug-2011 20:13
Send private message

fixed... i think :)

downloaded the trial version of the 2012 Kaspersky (http://www.kaspersky.com/internet-security-2012?icid=bnnr_mhp_kis_area) in safe mode.  when i tried to install it, it's trying to stop me from installing saying something about admin setting is not allowing this, which is what I've been getting from installing other anti virus software.  thought that was it, then there was the popup from Kaspersky saying there may be virus that's stopping me from installing and I need to install a special virus removal software.  I Ok'd that and it started downloading the next program.  when trying to run it, I get the popup asking me to block it.  I just keep unblocking to let the program to install.  After it's done trying to scan, looks like nothing's happening and a small popup from Kaspersky saying you need to run full windows.  I did that but couldn't find where to run it.  Went back to safe mode and tried again, ignore the warning and just waited a bit longer.  it detected 1 file.  and now seems working fine, yipee!

ps. above is for removing the google url hijacking virus.

antoniosk
2358 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #508726 18-Aug-2011 20:14
Send private message

Hmmm.... with Mr Mauricio's article on maliciousness, I thought I'd give Malwarebytes a go.

But I also have Microsoft Security Essentials running on the machine. Malware is going through first scan - and just look at what cropped up and got stomped on:

Exploit

Now I'm worried....




________

 

Antoniosk

TangoNZ
117 posts

Master Geek


  #508917 19-Aug-2011 11:34
Send private message

I work at a PC repair shop so seeing lots of these infections, had about a dozen customer's turn up with the problem yesterday. A couple of them have been Vista machines, so its not limited to XP. No Windows 7 machines yet. It looks like the malware was stopping the Vista PC getting into safe mode, it would just shut it down after Windows booted, but normal mode was working fine (apart fro being infected with the malware). The PC had Avast installed, and after an update and a reboot it was able to take care of it.

29k

29k
8 posts

Wannabe Geek


  #508945 19-Aug-2011 12:27
Send private message

TangoNZ: I work at a PC repair shop so seeing lots of these infections, had about a dozen customer's turn up with the problem yesterday. A couple of them have been Vista machines, so its not limited to XP. No Windows 7 machines yet. It looks like the malware was stopping the Vista PC getting into safe mode, it would just shut it down after Windows booted, but normal mode was working fine (apart fro being infected with the malware). The PC had Avast installed, and after an update and a reboot it was able to take care of it.


It was stopping Vista going in Safe Mode? I'm glad you said that, because I got it on a Vista machine and couldn't get into Safe Mode and blamed it on my machine being old/dodgy/dying. One less thing I have to worry about.

 
 
 
 

Shop now on AliExpress (affiliate link).
TangoNZ
117 posts

Master Geek


  #508962 19-Aug-2011 12:59
Send private message

Actually its still not getting into safe mode after removal of that malware, so can't confirm if that was the cause or not.

Ironically one of the first things that popped up after booting for the first time with a clean system was the Java update window. Its such a stupid process that its no wonder so many people don't have the updates and have been infected. You have to click the update window, and then accept a UAC prompt, and THEN you need to click the Java update popup again to install the update...no average user is going to do that, leaving them vulnerable. Best solution as Mauricio says is just to get rid of Java...

freitasm
BDFL - Memuneh
79281 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #509016 19-Aug-2011 14:28
Send private message

For those interested to know how it was accomplished, this seems to be a good read: http://joeloughton.com/blog/security/metservice-hacked-how-it-happened/





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

antoniosk
2358 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #509033 19-Aug-2011 14:55
Send private message

TangoNZ: I work at a PC repair shop so seeing lots of these infections, had about a dozen customer's turn up with the problem yesterday. A couple of them have been Vista machines, so its not limited to XP. No Windows 7 machines yet. It looks like the malware was stopping the Vista PC getting into safe mode, it would just shut it down after Windows booted, but normal mode was working fine (apart fro being infected with the malware). The PC had Avast installed, and after an update and a reboot it was able to take care of it.


Hmmm, hope it's gone then and isn't tricking the security software.




________

 

Antoniosk

TangoNZ
117 posts

Master Geek


  #509040 19-Aug-2011 15:11
Send private message

Nope, its gone, I wouldn't just rely on Avast :-)

kyhwana2
2566 posts

Uber Geek


  #509043 19-Aug-2011 15:13
Send private message

After cleaning this off, make sure you install Secunia PSI and have your users run the updates!
http://secunia.com/vulnerability_scanning/personal/

Ragnor
8221 posts

Uber Geek

Trusted

  #509046 19-Aug-2011 15:16
Send private message

One thing I noticed is that by default if java is installed then IE and Firefox will run the java. Chrome seems to have a more sensible default prompting you to allow java on this site etc.

deltadelta
21 posts

Geek


  #509048 19-Aug-2011 15:18
Send private message

kyhwana2: After cleaning this off, make sure you install Secunia PSI and have your users run the updates!
http://secunia.com/vulnerability_scanning/personal/

This is fantastic advice. It's especially good for bringing a neglected machine up to speed. It checks your Flash/Shockwave/Java, and almost every application you can think of - Acrobat, Firefox...I think mine even detected an update for Notepad++

dale77
294 posts

Ultimate Geek


  #509610 21-Aug-2011 14:39
Send private message

we got this on our windows xp desktop. From firefox, with a few old java plugins installed. I think java was latest version.

Also got the google redirect malware, nothing detected it, combofix from bleepingcomputer finally removed it.




HTPC: Antec Fusion 430, Intel i3, Gigabyte 1050, Corsair 4x1Gb,   Hauppauge WinTv, Logitech z-5500, Logitech Harmony 525, Yamaha Rx-v6a, Samsung KS8000 4k, Windows 10, Mediaportal 1.30, BLU-RAY: Panasonic UB820

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright