Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




30 posts

Geek

Trusted

Topic # 88365 14-Aug-2011 18:55
Send private message

my the other laptop just got infected after visiting trademe, metservice and nzherald last night.  didn't click on anything.  this personal shield pro somehow is installed on the pc.  have been trying to do something since.  managed to "pause" the program to do something.  my other laptop (the one i'm using) is fine, so I can search some articles about removing it.  surprising the microsoft security essentials didn't pick anything up, after 3 hrs of full scan.

called TM and emailed nzherald.  curious to find out who it is to spread the virus.


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 506373 14-Aug-2011 19:01
Send private message

Give me one good reason why TM / NZherald / Met service would spread a virus?

You emailed them they must be rolling around on the floor laughing



30 posts

Geek

Trusted

  Reply # 506378 14-Aug-2011 19:04
Send private message

not on purpose of course.  they've been targeted.  probably spread via some of the advertisements (they can be very heavily scripted) 


this is what happened last year: http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10677853

 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
309 posts

Ultimate Geek
+1 received by user: 14

Subscriber

  Reply # 506379 14-Aug-2011 19:08
Send private message

I have always used http://www.malwarebytes.org/ to get rid of these.

Download & install the free version. Install & do any updates.

Then boot to safe mode & run a full scan from there.



30 posts

Geek

Trusted

  Reply # 506382 14-Aug-2011 19:13
Send private message

thx!  doing a full scan with Malwarebytes right now.  fingers crossed.

still curious which site is spreading it. 

19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 506384 14-Aug-2011 19:16
Send private message

It might be a false positive

John

BDFL - Memuneh
60245 posts

Uber Geek
+1 received by user: 11298

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 506385 14-Aug-2011 19:16
Send private message

johnr: Give me one good reason why TM / NZherald / Met service would spread a virus?

You emailed them they must be rolling around on the floor laughing


It happened before, and not a reason for them to laugh. It only needs someone to approve a rogue ad coming from a unknown source and all hell breaks lose.

 




1454 posts

Uber Geek
+1 received by user: 457

Trusted

  Reply # 506386 14-Aug-2011 19:16
Send private message

funny you should say that.. my sister had a virus alert come up after visiting metservice last night




19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 506387 14-Aug-2011 19:17
Send private message

freitasm:
johnr: Give me one good reason why TM / NZherald / Met service would spread a virus?

You emailed them they must be rolling around on the floor laughing


It happened before, and not a reason for them to laugh. It only needs someone to approve a rogue ad coming from a unknown source and all hell breaks lose.

 


Fair point I never thought of the ads on the page!

BDFL - Memuneh
60245 posts

Uber Geek
+1 received by user: 11298

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 506388 14-Aug-2011 19:18
Send private message

These guys are clever. They approach as an ad agency, book ads and start running something that is ok, so if the media managers check they don't reveal anything. Half way through the ad campaign they switch to a script with some malware, and no one will notice until a lot of users are infected.







30 posts

Geek

Trusted

  Reply # 506391 14-Aug-2011 19:24
Send private message

l43a2: funny you should say that.. my sister had a virus alert come up after visiting metservice last night


is it Personal Shield Pro?  it keeps popping up pretending to be an anti spyware warning you about your pc's infected.  it's a malware itself.  don't agree to "protect" your computer or even purchase their software.

2423 posts

Uber Geek
+1 received by user: 142


  Reply # 506395 14-Aug-2011 19:33
Send private message

And people wonder why I use noscript/etc to block ads!

1454 posts

Uber Geek
+1 received by user: 457

Trusted

  Reply # 506398 14-Aug-2011 19:36
Send private message

graciem:
l43a2: funny you should say that.. my sister had a virus alert come up after visiting metservice last night


is it Personal Shield Pro?  it keeps popping up pretending to be an anti spyware warning you about your pc's infected.  it's a malware itself.  don't agree to "protect" your computer or even purchase their software.


that didnt come up, her anti virus (AVG) came up with an alert with some random .exe file and it was removed.




BDFL - Memuneh
60245 posts

Uber Geek
+1 received by user: 11298

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 506406 14-Aug-2011 19:46
Send private message

kyhwana2: And people wonder why I use noscript/etc to block ads!


You are only really at risk if you don't keep your PC up to date. Some drive-by downloads use a mix of vulnerabilities, most of them old. If you have a machine that is up-to-date is less likely anything like that would affect you, script or no script.
 




3888 posts

Uber Geek
+1 received by user: 163


  Reply # 506413 14-Aug-2011 19:55
Send private message

Nice - after debate, wife is now installing adblocker :)





Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz




30 posts

Geek

Trusted

  Reply # 506415 14-Aug-2011 19:58
Send private message

malwarebytes found 2 infected files and removed them.  However, it's still not right.  All the google search results point to some random URL.  IE. nzherald site, if you move cursor over the link, you will see in the status bar it's pointing something like 178.12.343/something/something.  it goes to a travel site.  tried some others, goes to some gossip sites.  something's still there :(  interesting though, when I run google.co.nz on chrome, clicking on "search" it just won't go anywhere. 

 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Lightbox updates platform with new streaming options
Posted 17-May-2018 13:09


Norton Core router launches with high-performance, IoT security in New Zealand
Posted 16-May-2018 02:00


D-Link ANZ launches new 4G LTE Dual SIM M2M VPN Router
Posted 15-May-2018 19:30


New Panasonic LUMIX FT7 ideal for outdoor: waterproof, dustproof
Posted 15-May-2018 19:17


Ryanair Goes All-In on AWS
Posted 15-May-2018 19:14


Te Papa and EQC Minecraft Mod shakes up earthquake education
Posted 15-May-2018 19:12


Framing Facebook: It’s not about technology
Posted 14-May-2018 16:02


Vocus works with NZ Police and telcos to stop scam calls
Posted 12-May-2018 11:12


Vista Group signs Aeon Entertainment, largest cinema chain in Japan
Posted 11-May-2018 21:41


New Privacy Trust Mark certifies privacy and customer control
Posted 10-May-2018 14:16


New app FIXR connects vehicle owners to top Mechanics at best prices
Posted 10-May-2018 14:13


Nutanix Beam gives enterprises control of the cloud
Posted 10-May-2018 14:09


D-Link ANZ launches Covr Seamless Wi-Fi System
Posted 10-May-2018 14:06


Telstra, Intel and Ericsson demonstrate a 5G future for esports
Posted 10-May-2018 13:59


Spark introduces Android One with Nokia 7 plus and Nokia 6.1
Posted 8-May-2018 05:00



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.