Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingIs Trade Me spreading virus again? (updated: metservice)
graciem

32 posts

Geek

Trusted

#88365 14-Aug-2011 18:55
Send private message

my the other laptop just got infected after visiting trademe, metservice and nzherald last night.  didn't click on anything.  this personal shield pro somehow is installed on the pc.  have been trying to do something since.  managed to "pause" the program to do something.  my other laptop (the one i'm using) is fine, so I can search some articles about removing it.  surprising the microsoft security essentials didn't pick anything up, after 3 hrs of full scan.

called TM and emailed nzherald.  curious to find out who it is to spread the virus.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | ... | 8
johnr
19282 posts

Uber Geek
+1 received by user: 2526
Inactive user


  #506373 14-Aug-2011 19:01
Send private message

Give me one good reason why TM / NZherald / Met service would spread a virus?

You emailed them they must be rolling around on the floor laughing



graciem

32 posts

Geek

Trusted

  #506378 14-Aug-2011 19:04
Send private message

not on purpose of course.  they've been targeted.  probably spread via some of the advertisements (they can be very heavily scripted) 


this is what happened last year: http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10677853

stuzz
352 posts

Ultimate Geek
+1 received by user: 24

ID Verified
Trusted

  #506379 14-Aug-2011 19:08
Send private message

I have always used http://www.malwarebytes.org/ to get rid of these.

Download & install the free version. Install & do any updates.

Then boot to safe mode & run a full scan from there.



graciem

32 posts

Geek

Trusted

  #506382 14-Aug-2011 19:13
Send private message

thx!  doing a full scan with Malwarebytes right now.  fingers crossed.

still curious which site is spreading it. 

johnr
19282 posts

Uber Geek
+1 received by user: 2526
Inactive user


  #506384 14-Aug-2011 19:16
Send private message

It might be a false positive

John

freitasm
BDFL - Memuneh
80672 posts

Uber Geek
+1 received by user: 41123

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #506385 14-Aug-2011 19:16
Send private message

johnr: Give me one good reason why TM / NZherald / Met service would spread a virus?

You emailed them they must be rolling around on the floor laughing


It happened before, and not a reason for them to laugh. It only needs someone to approve a rogue ad coming from a unknown source and all hell breaks lose.

 




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

 
 
 
 

Shop now for Dyson appliances (affiliate link).
l43a2
1784 posts

Uber Geek
+1 received by user: 591

ID Verified
Trusted

  #506386 14-Aug-2011 19:16
Send private message

funny you should say that.. my sister had a virus alert come up after visiting metservice last night





johnr
19282 posts

Uber Geek
+1 received by user: 2526
Inactive user


  #506387 14-Aug-2011 19:17
Send private message

freitasm:
johnr: Give me one good reason why TM / NZherald / Met service would spread a virus?

You emailed them they must be rolling around on the floor laughing


It happened before, and not a reason for them to laugh. It only needs someone to approve a rogue ad coming from a unknown source and all hell breaks lose.

 


Fair point I never thought of the ads on the page!

freitasm
BDFL - Memuneh
80672 posts

Uber Geek
+1 received by user: 41123

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #506388 14-Aug-2011 19:18
Send private message

These guys are clever. They approach as an ad agency, book ads and start running something that is ok, so if the media managers check they don't reveal anything. Half way through the ad campaign they switch to a script with some malware, and no one will notice until a lot of users are infected.





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

graciem

32 posts

Geek

Trusted

  #506391 14-Aug-2011 19:24
Send private message

l43a2: funny you should say that.. my sister had a virus alert come up after visiting metservice last night


is it Personal Shield Pro?  it keeps popping up pretending to be an anti spyware warning you about your pc's infected.  it's a malware itself.  don't agree to "protect" your computer or even purchase their software.

kyhwana2
2572 posts

Uber Geek
+1 received by user: 233


  #506395 14-Aug-2011 19:33
Send private message

And people wonder why I use noscript/etc to block ads!

 
 
 
 

Shop now for Lego sets and other gifts (affiliate link).
l43a2
1784 posts

Uber Geek
+1 received by user: 591

ID Verified
Trusted

  #506398 14-Aug-2011 19:36
Send private message

graciem:
l43a2: funny you should say that.. my sister had a virus alert come up after visiting metservice last night


is it Personal Shield Pro?  it keeps popping up pretending to be an anti spyware warning you about your pc's infected.  it's a malware itself.  don't agree to "protect" your computer or even purchase their software.


that didnt come up, her anti virus (AVG) came up with an alert with some random .exe file and it was removed.





freitasm
BDFL - Memuneh
80672 posts

Uber Geek
+1 received by user: 41123

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #506406 14-Aug-2011 19:46
Send private message

kyhwana2: And people wonder why I use noscript/etc to block ads!


You are only really at risk if you don't keep your PC up to date. Some drive-by downloads use a mix of vulnerabilities, most of them old. If you have a machine that is up-to-date is less likely anything like that would affect you, script or no script.
 




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

DonGould
3892 posts

Uber Geek
+1 received by user: 164


  #506413 14-Aug-2011 19:55
Send private message

Nice - after debate, wife is now installing adblocker :)





Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

graciem

32 posts

Geek

Trusted

  #506415 14-Aug-2011 19:58
Send private message

malwarebytes found 2 infected files and removed them.  However, it's still not right.  All the google search results point to some random URL.  IE. nzherald site, if you move cursor over the link, you will see in the status bar it's pointing something like 178.12.343/something/something.  it goes to a travel site.  tried some others, goes to some gossip sites.  something's still there :(  interesting though, when I run google.co.nz on chrome, clicking on "search" it just won't go anywhere. 

 1 | 2 | 3 | 4 | 5 | 6 | ... | 8
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright