PDA

View Full Version : Caution comes 2012 Namm report in infected..crashes Computors



MGM
02-04-2012, 05:59 AM
I am sorry to say Colmes but your site on the 2012 Namm is badly infected and has crashed my home PC. If I were anybody I,d not open it until he gets it fixed....using my iPad for this and staring at a blank black screen on my pc after opening it. I had security alerts and scanned to clean but on reboot system is a black hole.

Susie A
02-04-2012, 06:07 AM
My spyware went wild when I tried to view it. I think I stopped the attacks, no problems so far .. but the mcafee popups were crazy!

kaizersoza
02-04-2012, 06:09 AM
l had an infected warning when i tried to open it but luckily my anti virus blocked it

coolkayaker1
02-04-2012, 06:14 AM
My Windows Security Essentials blocked it and I was able to "back out", seemingly unscathed. I'll let you know if I get charges for Vietnamese massage parlors on my next Visa statement.

CoLmes
02-04-2012, 06:43 AM
I'll take down the link, no idea what happened I tried on all of my computers here and at school and had no problems... might just be the blog post. I had my website guy look at it to and he doesn't see anything. Sorry to all who has had problems

MGM
02-04-2012, 07:12 AM
Any comp experts out there. Turn my comp on I get one prompt then black screen with flashing white dash upper left corner but can't type anything. 75.00 an hour repair tech. What a bummer

austin1
02-04-2012, 08:10 AM
I am really bad at technology, but what I did was as soon as my computer turned on, started hitting the f8 button. Then it asks you how you want to start your computer, and I hit "in safe mode with networking." From there everything comes up stretched out, but everything still works. I went to download.com, searehed for Malwarebytes Anti-Malware, downloaded it, ran it, and it killed everything.

austin1
02-04-2012, 08:14 AM
as back-up I usually run a program called ComboFix, but you have to make sure you turn off all your other anti-virus software, because ComboFix is so overpowerful, it can apparently actually break your computer if you don't. I only run it as a last resort, I find even with my other anti-virus software off, it tends to break my weaker programs.

bongolele
02-04-2012, 08:17 AM
Any comp experts out there. Turn my comp on I get one prompt then black screen with flashing white dash upper left corner but can't type anything. 75.00 an hour repair tech. What a bummer

What prompt do you get?

Is it the windows 'Start in safe mode' options (white on black screen)

Or is it a C:\> prompt?

Or is it just the memory check and then you get a beep and the cursor sits there doing nothing?

CoLmes
02-04-2012, 08:40 AM
Ok, so I had my website person dude run 4 different scans for virus/malware on my website and it came up clean. I called my host company and they are going to go and do a clean sweep and try to find if there is anything in there... bad scripts, other ip addresses signing on that aren't me, viruses... and they should get back to me soon about it. If there's anything wrong I'll let you know.

UncleElvis
02-04-2012, 09:55 AM
Col, if you want me to host the page on my site, let me know... just so folks can read it.

Ground Loop
02-04-2012, 10:03 AM
I am absolutely certain the site offered me an unrequested PDF file for download and auto-open the first time I visited. It does not right now, so it might only do it once.

CoLmes
02-04-2012, 10:09 AM
I am absolutely certain the site offered me an unrequested PDF file for download and auto-open the first time I visited. It does not right now, so it might only do it once.

Found two problems. Someone def hacked into it. One is a redirect which is probably the PDF file. And there's something else but not sure what. My host is trying to find the files to delete so it'll go back to normal. Again sorry for any one that had their computer blow up.

MGM
02-04-2012, 10:57 AM
Thanks for getting onto the problem fast i will try the f8 thing when i get home. At the store now

dkcrown
02-04-2012, 11:01 AM
I had the same thing happen. I was at work when I logged on the other day and now I wait for my tech to come on Monday to take care of it. In the meantime, I can't access any of my files. I hope there won't be any permanent damage.

bongolele
02-04-2012, 11:17 AM
If you can't recover your Windows PC using normal methods (safe mode etc.) and you're stuck with just a flashing cursor, then it's still possible to rescue it (or at least rescue your files from the hard disk) using a Linux boot CD.

This is a cut-down operating system that you burn to a CD. You boot your PC from the CD, so it doesn't touch your hard disk at all. Here's one which has anti-virus and various rescue utilities on it;

http://trinityhome.org/trk/

As I said, use this as a last resort if your IT guy can't fix it for you.

SuzukHammer
02-04-2012, 12:45 PM
About a year and a half ago, I had 2 PCs crash. My work PC and my personal PC hotrod. I then had to pull out my Mac which I had bought in Singapore but didn't use because the battery blew up. I fixed the battery and the Mac has worked out so great that I don't even use the hotrod PC I had repaired. I'm glad I didn't go to the site with my PC.

I'm thinking I may just use my PC to do video editing and not ever use it to surf the web. But that is next to impossible not to surf.

CoLmes
02-04-2012, 01:05 PM
Macs really the safe way to go. I'm an idiot w computers so my Mac saves me w this stuff. I called blue host and submitted two tickets so they should be getting down to it soon.

Ground Loop
02-04-2012, 06:21 PM
I found out more about the malware PDF.
It's described here, and now detected by Security Essentials.
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AWin32%2FPdfjsc.ZM&ThreatID=-2147313654
Unfortunately, it's only detected after being found on the computer. CoLmes web site has it auto-open, so the machine is probably infected before the PDF can be detected.

Good call on taking down the link until cleanup.

MGM
02-04-2012, 06:48 PM
Thank god for my iPad or. No one would get answers to emails etc....this has really caused me a problem having one of my main work Computors go down...my. Biggest newest and fastest one

UkuEroll
02-05-2012, 05:45 AM
Thank god for my iPad or. No one would get answers to emails etc....this has really caused me a problem having one of my main work Computors go down...my. Biggest newest and fastest one
Sorry to hear of your Computer troubles. But as I always say to my friends....backup backup and always backup.

MGM
02-05-2012, 06:02 AM
ITS running again after i tried the F8 trick and then prompted to fix computor

Chap
02-05-2012, 06:03 AM
It gave me the Security Shield virus (also sometimes called System Shield or Security Tool), here's info on it, if anyone ended up with the same thing - http://www.2-viruses.com/remove-security-tool

An easier fix, if you have Windows 7, is to boot into safe mode, and then revert your system to a date before the virus was in your system.

buddhuu
02-05-2012, 06:26 AM
This kind of annoyance is one of the reasons I totally dumped Windows some time ago. It's just too insecure and it's the hackers' and virus writers' OS of choice when it comes to targeting attacks.

Even during those rare periods when Windows itself is relatively free of glaring security holes, users very often don't keep antivirus and firewalls in good shape.

Those of you who like to try new stuff may like to try Ubuntu Linux. For those who don't know, it's an alternative operating system that replaces Windows. It is free, as is most of the software, and very secure. You don't have to give up Windows if you don't want to. Ubuntu will run from a USB stick, or you can install it alongside Windows so you have a choice of which operating system to use.

Personally, I did give up Windows and I now use only Ubuntu. Best thing I ever did with a computer. YMMV.

In case you want to take a look... http://www.ubuntu.com/ubuntu/features.

CoLmes, I feel for you. Hackers are a PiTA. Hope you get your site back in shape soon. :(

CoLmes
02-05-2012, 06:39 AM
Even during those rare periods when Windows itself is relatively free of glaring security holes, users very often don't keep antivirus and firewalls in good shape.



That's the biggest thing, most people don't keep their software up to date so their computers become waiting prey. The guy I talked to on the phone from bluehost was a linux user so he didn't get anything when he went on the website, but there is something so hopefully they are figuring it out soon.

seneystretch
02-05-2012, 09:59 AM
[QUOTE=Ground Loop;861870]I found out more about the malware PDF.
It's described here, and now detected by Security Essentials.
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AWin32%2FPdfjsc.ZM&ThreatID=-2147313654

Follow the link, go to the bottom of the page under summary, click on the virus family link Win23/pdfjsc . On the next page, go down to "Limit user privileges on the computer"

Using your computer in limited user mode is the most productive thing you can do. Linux and all the MacOS versions do this automatically. This is what makes the MacOS so sturdy and virus resistant, not its limited sales. I sysadmin about a dozen Win boxes at work, believe me this will save you an enormous number of headaches.

The tradeoff is convenience. You are disallowing both malicious and desired installation of programs. To install a program you'll have to log out of your limited user account then log in as administrator account, do your installation, log out of admin and then back in as your user account. A hassle? Yes. I'm saying it's worth it.

Caution: Take care to create an additional account as administrator, before you flip your current account from admin to limited user. Windows will let you restrict every account to limited user leaving you with no admin account. This will hose your computer. If this is the first time you've done this ask for help.

One other easy thing you can do is quit using Internet Explorer. Use Firefox with the AdBlocker and NoScript addins. While you're at it, get Scrapbook and DownloadHelper.

CoLmes
02-05-2012, 10:18 AM
Site should be safe... coding got messed up in the java script.. all they did was rename it and presto.

itsme
02-05-2012, 10:32 AM
Site should be safe... coding got messed up in the java script.. all they did was rename it and presto.
Well, the fact is there were apparently some vulnerabilities at the host level that let some malicious code in. If they haven't addressed that issue, it could happen again.

CoLmes
02-05-2012, 10:51 AM
Well, the fact is there were apparently some vulnerabilities at the host level that let some malicious code in. If they haven't addressed that issue, it could happen again.

They went in, did a clean sweep with their stuff and found 1 thing and fixed it. Said it should be fine.