RetouchPRO

Go Back   RetouchPRO > Community > Salon
Register Blogs FAQ Site Nav Search Today's Posts Mark Forums Read


Salon Just hanging around...
(Social area, where non-retouching talk is encouraged)

infection in Action

Reply
 
Thread Tools
  #1  
Old 01-10-2007, 03:00 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
infection in Action

For those of you who know, I spend a lot of my time removing Malware from other people's computers.

This clip at UTube gives you an idea of why you should browse cautiously and pay attention to your security.

It shows a typical "Spy Sherriff" install, which is one of the "Smitfraud" family of infections, an extremely common infection, usually contracted by downloading an infected codec.

Enjoy!

http://www.youtube.com/watch?v=MaKv_...elated&search=


PS. This is an Add for McAfee Site Advisor, which is a tool for giving indication of which sites contain infected links.

McAfee AV funnily enough (though not surprisingly) does not remove this infection.

Last edited by Gary Richardson; 01-10-2007 at 03:31 AM.
Reply With Quote top
  #2  
Old 01-10-2007, 04:52 AM
chrishoggy's Avatar
chrishoggy chrishoggy is offline
Senior Member
 
Join Date: Dec 2004
Location: Yorkshire
Posts: 578
Blog Entries: 1
Re: infection in Action

Nice clip Gary
Reply With Quote top
  #3  
Old 01-10-2007, 08:40 AM
Craig Walters's Avatar
Craig Walters Craig Walters is offline
Senior Member
 
Join Date: Apr 2005
Location: somewhere over there
Posts: 8,786
Blog Entries: 4
Re: infection in Action

hehe, never had one quite that bad, but close
Reply With Quote top
  #4  
Old 01-10-2007, 01:52 PM
CJ Swartz's Avatar
CJ Swartz CJ Swartz is offline
Senior Member
 
Join Date: Sep 2001
Location: Metro Phoenix area, Arizona
Posts: 3,345
Blog Entries: 19
Re: infection in Action

Gary, thanks for the clip -- if it wasn't so scary I'd say I enjoyed it. The music really adds to the drama. I hope I never let my poor computer get that sick...

I really like McAfee's SiteAdvisor add-on to Firefox -- I like that the free version gives me info about potential threats at a particular website (getting bugged with emails if you sign up on that page, spyware attached to downloads from a site, etc.), and I feel much better when I see that nice green color saying that a site is relatively safe.
Reply With Quote top
  #5  
Old 01-10-2007, 05:24 PM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Re: infection in Action

Yeah, I like Site Advisor too, though it is not always totally reliable.

Some good sites were recently listed as red because some of the tools there had processes which could be used maliciously, they weren't, but Site Advisor relies on a bot system to gather data, and tends to err on the side of caution.

The good thing is that McAfee responded quickly when their error was pointed out to them, and the site listing was revised.

Full marks therefore to McAfee, now if only they could do something about the over bloated pile of junk they sell as an Anti-Virus.
Reply With Quote top
  #6  
Old 01-16-2007, 12:52 AM
T Paul's Avatar
T Paul T Paul is offline
Moderator
 
Join Date: Aug 2001
Location: USA
Posts: 2,987
Re: infection in Action

My sister's computer now looks like the YouTube clip...her's was spysoldier and ultimately Win32.MatrixHasYou. She gave up in defeat tonight and we are going to try to tackle it tomorrow.
Reply With Quote top
  #7  
Old 01-16-2007, 10:31 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Re: infection in Action

Hi T,

Get her to run a HJT (HijackThis) scan and I'll look it over for you, if we know what the infection is, it'll probably save you hours of possibly fruitless endeavour. (Sounds like one of the Smitfraud varients offhand, but I'll be better placed to help her if I can see a HJT log).

Click here to download HJTsetup.exe, and save it to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Copy and paste the log here
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
Reply With Quote top
  #8  
Old 01-16-2007, 10:53 AM
T Paul's Avatar
T Paul T Paul is offline
Moderator
 
Join Date: Aug 2001
Location: USA
Posts: 2,987
Re: infection in Action

Thanks so much Gary! I haven't heard back from her today, but I will let her know about your extremely kind offer!!!!
Reply With Quote top
  #9  
Old 01-16-2007, 01:24 PM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Re: infection in Action

You're welcome. Just post it in this thread and I'll see it.
Reply With Quote top
  #10  
Old 01-17-2007, 02:09 PM
T Paul's Avatar
T Paul T Paul is offline
Moderator
 
Join Date: Aug 2001
Location: USA
Posts: 2,987
Re: infection in Action

Well I just talked to my sister. She ended up purchasing SpyDoctor and I think it found over 600 infected files. She is trying to install HiJackThis right now but gets the following error:

Quote:
an error occured while trying to rename a file in the destination directory Movefile failed; code 5 Access denied

Last edited by T Paul; 01-17-2007 at 02:23 PM.
Reply With Quote top
Reply

  RetouchPRO > Community > Salon


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sheri's Sketch - HELP NEEDED! tonyt Software 7 06-28-2007 05:22 AM
How Do I Record "Save As" as an Action Without a Filename? steiny Software 1 10-30-2006 11:24 AM
Another Action Question Scribe Software 8 11-02-2005 08:16 AM
Combining Photoshop Actions Into a Set Scribe Software 6 10-24-2005 11:19 AM
Free B&W Toning action set gmitchel Photo Restoration 3 10-20-2005 09:56 AM


All times are GMT -6. The time now is 11:31 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
Copyright © 2016 Doug Nelson. All Rights Reserved