Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8


30 posts

Geek

Trusted

  Reply # 508049 17-Aug-2011 16:14
Send private message

and nzherald:
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10745663

BDFL - Memuneh
59623 posts

Uber Geek
+1 received by user: 10781

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 508053 17-Aug-2011 16:16
Send private message
 
 
 
 


3886 posts

Uber Geek
+1 received by user: 161


  Reply # 508070 17-Aug-2011 16:31
Send private message




Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz


721 posts

Ultimate Geek
+1 received by user: 6


  Reply # 508090 17-Aug-2011 16:45
Send private message

Maybe it's the govt using it to spy on us. Like they trying to do.




               The Biggest and the Best.

4123 posts

Uber Geek
+1 received by user: 842
Inactive user


  Reply # 508099 17-Aug-2011 16:59
Send private message

cws82us: Maybe it's the govt using it to spy on us. Like they trying to do.


Bit cold for tin hats aint it?

19 posts

Geek
+1 received by user: 5


  Reply # 508128 17-Aug-2011 17:45
Send private message

I've acquired a sample that Windows Defender is calling "Rogue:Win32/Winwebsec" - it calls itself "Personal Shield Pro" in the popups that it creates.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ame=Rogue%3aWin32%2fWinwebsec&threatid=133077 

BDFL - Memuneh
59623 posts

Uber Geek
+1 received by user: 10781

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 508133 17-Aug-2011 17:50
Send private message

Interesting that was published in 2010, and Microsoft Security Essentials failed to get it...





19 posts

Geek
+1 received by user: 5


  Reply # 508164 17-Aug-2011 18:34
Send private message

I've just re-scanned it with Microsoft Security Essentials, which did detect it, also as http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Rogue%3aWin32%2fWinwebsec&threatid=2147616725

3886 posts

Uber Geek
+1 received by user: 161


  Reply # 508171 17-Aug-2011 18:48
Send private message

kiwitrc:
cws82us: Maybe it's the govt using it to spy on us. Like they trying to do.


Bit cold for tin hats aint it?


* Does the virus have a back door?
* Was the back door put in the OS by someone's government for someones government?
* Is the virus there to highlight the government back door to make the OS provider close the door?
* Is the virus an attempt to get into your computer, or an attempt to draw attention to the open door and make sure you actually do something to close it?
* Is the <Insert Government of choice> spying on me or are they attempting to prevent <Insert another government of choice> from spying on me?

A good friend always tells me the 13th floor has the "antivirus developers" and the 14th floor of the same building has the "virus developers" and it's nothing but a scam to make us spend money on software...

* Or are the hackers being a bit busy because they have to much time on their hands, so infecting a bunch of their customers will give them something else to do for a week or so...

* Or are the sales in <Insert International Cable provider of your choice> down and needing more network traffic to justify <Insert next big upgrade/project of your choice>

* Or .....  pffft...  you're only paranoid if they're not watching you....


Personally security always scares the crap out of me...  is mine good enough?  If it is good enough and no one can look in, then do they start to wonder what I'm hiding in here?  So should I have the doors and windows open so people can see I'm not hiding anything I shouldn't be...  but then does that mean someone could put something here that I shouldn't have... and am I compromising my customers and putting my self at risk of breaching privacy rules for not making enough effort to secure data?  Should I use PGP on my email, for example, but then do others have the perception they can communicate things to me they wouldn't if I just have plan text email?  Do I want those messages? 

We could play the tin foil hat game all day...  do we sleep better for it?











Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz


3886 posts

Uber Geek
+1 received by user: 161


  Reply # 508182 17-Aug-2011 19:18
Send private message

ps - on reading my last post to my wife, she tells me I've got it all wrong...

...it's not governments at all, it's drug companies who make paranoia medicine.





Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz


BDFL - Memuneh
59623 posts

Uber Geek
+1 received by user: 10781

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 508360 18-Aug-2011 09:10
Send private message

Back on topic folks... I want to write instructions on removing this infection. Does anyone has a software recommendation that actually worked?





19 posts

Geek
+1 received by user: 5


  Reply # 508362 18-Aug-2011 09:24
Send private message

Malwarebytes Free, installed and updated in Safe Mode with Networking on Windows XP SP3. Run a Full Scan and delete the found items (in my case there was only 1 found, and removing it did the trick).

Consider though that the site may have served up different malware variants to different people (perhaps based on user agent string or JS version?), or that some people will also have other infections in addition to this one that malwarebytes might find and be unable to fix.

wjw

162 posts

Master Geek
+1 received by user: 3


  Reply # 508364 18-Aug-2011 09:29
Send private message

freitasm: Back on topic folks... I want to write instructions on removing this infection. Does anyone has a software recommendation that actually worked?



I used this:

MalwareBytes Anti-malware

As linked from here:

wjw: From another website I'm on: 

http://deletemalware.blogspot.com/2011/07/how-to-remove-personal-shield-pro.html 

Two people so far have said this removal process works
 

BDFL - Memuneh
59623 posts

Uber Geek
+1 received by user: 10781

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 508379 18-Aug-2011 10:05
Send private message

Folks, on request of MetService I have created this blog post: http://www.geekzone.co.nz/freitasm/7776

Could you please check that the information is correct or closer to what we know, and if there's anything else we can add or change please send me a PM so I can update it?

I guess there will be quite a few readers on that so it would be good to get it as easier as possible for people to follow.

Thanks!




BDFL - Memuneh
59623 posts

Uber Geek
+1 received by user: 10781

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 508397 18-Aug-2011 10:24
Send private message

Just saw the comments on NBR. People complaining about online ads, etc.
  • This was a drive-by download. No need to click ads
  • The problem was probably a SQL Injection in their ad serving database. This means it could affect ANY database driven website. They've done through the ad server because they used a known vulnerability and as MetService admitted a new version has been deployed, fixing it. But still, it's not about the ads themselves (unlike the Trade Me case few months back).
  • It seems the problem was not the browser. The problem was with a Java exploit being used. For example I am using Internet Explorer and visited the MetService many times this week but did not have problems because I don't have Java installed on my computer.
 




1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Fujifilm X beats its best with new top of the range, high-performance camera
Posted 24-Feb-2018 14:05


One million kiwis affected by cybercrime
Posted 24-Feb-2018 13:58


New Zealanders want to engage with government online and via mobile apps
Posted 24-Feb-2018 13:56


Samsung launches Samsung Max
Posted 24-Feb-2018 13:52


CPTPP text and National Interest Analysis released for public scrutiny
Posted 21-Feb-2018 19:43


Foodstuffs to trial digitised shopping trolleys
Posted 21-Feb-2018 18:27


2018: The year of zero-login, smart cars & the biometrics of things
Posted 21-Feb-2018 18:25


Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Appleā€™s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.