Virus Security Alert

Jeff Kramer · March 22nd, 2010, 09:20 PM

It appears that our ad server was compromised by an automated remote exploit sometime in the last 2-3 days, resulting in security exploits being appended to random banner ads. No user data was compromised but if you visited the forums in the last few days on a Windows PC we recommend making sure your antivirus definitions are up to date and running a full system scan. If you don't have antivirus software installed, you can get free Windows antivirus products from AVG:

AVG Free - Download installation files & documentation

And avast:

avast! Free Antivirus - Download Software for Virus Protection

I personally use avast on my Windows machines and it seems to work well.

We're in the process of transitioning to a hosted ad platform so that we won't risk further security exploits and have turned off ad serving till that transition is complete. We're very sorry for any inconvenience this has caused.

Jack Zhang · March 22nd, 2010, 09:28 PM

Thank goodness I have Adblock for Firefox.

For those on Genuine Windows, Microsoft Security Essencials is a excellent alternative to AVG. MSE paired with Malwarebytes Anti-Malware is more than good enough malware protection.

Bill Busby · March 22nd, 2010, 09:48 PM

Actually the "No Script" add on for Firefox is much more effective, in conjunction with AdBlock.

Ervin Farkas · March 22nd, 2010, 09:57 PM

Quote:

Originally Posted by Jeff Kramer

We're in the process of transitioning to a hosted ad platform so that we won't risk further security exploits and have turned off ad serving till that transition is complete.

Are you sure?

I got this YieldManager intrusion 40 minutes after you reported "ad serving turned off".

Jeff Kramer · March 22nd, 2010, 11:46 PM

The implicated exploits wouldn't be setting tracking cookies, they would be downloading pdfs or other files to your machine. It would really be helpful if you mention what page you're on when you get these alerts, though.

Ervin Farkas · March 23rd, 2010, 05:19 AM

Full system scan (all drives, including external ones connected) turned up nothing. If I get the alert again, I will make a full page screen capture so you can see the page I'm on.

Thanks,

Dylan Couper · March 23rd, 2010, 08:30 AM

Quote:

Originally Posted by Jeff Kramer

It appears that our ad server was compromised by an automated remote exploit sometime in the last 2-3 days, resulting in security exploits being appended to random banner ads. No user data was compromised but if you visited the forums in the last few days on a Windows PC we recommend making sure your antivirus definitions are up to date and running a full system scan. If you don't have antivirus software installed, you can get free Windows antivirus products from AVG:

AVG Free - Download installation files & documentation

Just a note on AVG. I was fully protected by AVG, and the laptop I was using was obliterated by the virus. It did nothing to protect me. This is the second time AVG has failed to protect me in the last 2 years. I'm done with them, and will try Avast from now on.

Ervin Farkas · March 23rd, 2010, 08:37 AM

Remember, antivirus software is always one step behind the attackers. You probably got attacked among the first ones, with AVG not having enough time to shield your computer.

My company pays big bucks for "the best of the best" antivirus - Symantec. For the most part it's OK, but still, every now and then we get hit.

The only way to fully protect yourself is to pull that plug labelled "LAN".

Ron Little · March 23rd, 2010, 08:50 AM

I spent all day Sunday trying to get rid of the virus. I had to dump my anti virus program then reload it then run a deep scan. I had 4 trojan on my system.

The only way my system would work was in safe mode. The virus locked everything down and ran a screen that looked like it was doing a virus scan it then wanted me to pay $50 dollars to fix it. It shuts down your anti virus program then pretends to be your virus software. It shows up in the system tray as a shield. It locks you out of everything until you buy the update. I wonder how many people gave them a credit card number?

Ervin Farkas · March 23rd, 2010, 08:58 AM

I had the same thing several months ago on another computer running both Avast antivirus and Spybot S&D - neither one caught it.

MalwareBytes was unable to clean it, even in Safe Mode.

Googling around I found the name of the actual exe file causing the problem (I forget what it was), shut down Windows, popped in my trusty Linux CD (Ubuntu) and deleted the file.

Switched to AVG.

I don't think that was from this website though...

Alex Chamberlain · March 23rd, 2010, 09:45 AM

Amen to Dylan's assessment of AVG. I've been less than impressed lately. I've been using Malwarebytes Free version to great effect to clean systems that AVG allowed to be compromised. (Although, lately, I've been having to boot off a different Hard Drive before scanning for it to work) I think their paid version is pretty economical too, and it's for a lifetime membership. Anyway, Thanks for the heads up DVinfo, and keep up the good work.

Dave Blackhurst · March 23rd, 2010, 04:30 PM

That virus you guys mention sounds familiar, one of my boys got it on their machine - it's PC scan 2009 or something like that - it's brutal, I've been unable to find very good documentation on it, it morphs, steaths and generally destroys your ability to do anything with your computer by altering system settings so you can't do anything to cure the computer. It also locks or causes every legit virus scanner I could find to crash or reboot or error out...

Everything you try to do pretty much brings up a screen asking you to go buy their "virus software"...

I couldn't find any indication on the web that anyone had sucessfully eradicated it from an infected system, I "cleaned" it twice, the third time it shut me out completely (like I mentioned, it morphs... making eradication way more fun that any other virus I've ever seen). Finally just disconnected the machine and put it in the reformat and reinstall queue...

It's obviously a scam to get credit card#'s by pretending to be a virus scanner, but if you get it, your machine is toast... makes klez.h look like a walk in the park by comparison. If you get caught by it, you'll know it though...

BTW, I ran housecall virus scan, nothing turned up on my Win7 box.

Alex Chamberlain · March 23rd, 2010, 04:42 PM

Dave,
That's the exact same problem I've been using MalwareBytes to deal with, but it won't work if the machine is booting off the disk you're trying to clean. You have to put the HDD into a clean computer and scan it with MalwareBytes (or maybe something else, I've only used MalwareBytes) after booting off the clean Hard Drive. Hope this saves you some trouble! Good luck!

Ron Little · March 23rd, 2010, 04:42 PM

McAfee was able to isolate and delete the virus. But it trashed my version of McAfee I had to go in under safe mode uninstall McAfee then reinstall it and run it in safe mode after that I was able to boot up normally.

Adam Gold · March 23rd, 2010, 05:51 PM

I got hit twice this weekend as well while reading posts here. Didn't want to cry wolf as I wasn't sure it came from here but it seems likely now. Got it Saturday morning first and symptoms were as Ron described --- it kills everything including your AV SW. Rebooting into safe mode allowed Malware Bytes Anti Malware to run and clean thoroughly, but I still had to do a system restore to get the browsers working again.

Then after cleaning, I got hit again while here. Same process worked fine.

I've now disabled all Active X and Java/Javascript and things are fine, although the browsing experience is somewhat hindered. Probably being over-paranoid but I killed a whole day.

It's brilliantly evil.

March 22nd, 2010, 09:20 PM	#1
Jeff Kramer Warden Join Date: Dec 2000 Location: Austin, TX Posts: 390 Images: 1	Virus Security Alert - Weekend of March 20th It appears that our ad server was compromised by an automated remote exploit sometime in the last 2-3 days, resulting in security exploits being appended to random banner ads. No user data was compromised but if you visited the forums in the last few days on a Windows PC we recommend making sure your antivirus definitions are up to date and running a full system scan. If you don't have antivirus software installed, you can get free Windows antivirus products from AVG: AVG Free - Download installation files & documentation And avast: avast! Free Antivirus - Download Software for Virus Protection I personally use avast on my Windows machines and it seems to work well. We're in the process of transitioning to a hosted ad platform so that we won't risk further security exploits and have turned off ad serving till that transition is complete. We're very sorry for any inconvenience this has caused.

March 22nd, 2010, 09:28 PM	#2
Jack Zhang Trustee Join Date: May 2005 Location: Burnaby, BC, Canada Posts: 1,381	Thank goodness I have Adblock for Firefox. For those on Genuine Windows, Microsoft Security Essencials is a excellent alternative to AVG. MSE paired with Malwarebytes Anti-Malware is more than good enough malware protection. __________________ I wait for the day 3x1920x1080 global shutter CMOS sensors and proper 1080p60 recording emerge. Rolling Shutters are a plague.

March 23rd, 2010, 05:19 AM	#6
Ervin Farkas Inner Circle Join Date: Aug 2005 Location: Atlanta/USA Posts: 2,239	Full system scan (all drives, including external ones connected) turned up nothing. If I get the alert again, I will make a full page screen capture so you can see the page I'm on. Thanks, __________________ Ervin

March 23rd, 2010, 08:37 AM	#8
Ervin Farkas Inner Circle Join Date: Aug 2005 Location: Atlanta/USA Posts: 2,239	Remember, antivirus software is always one step behind the attackers. You probably got attacked among the first ones, with AVG not having enough time to shield your computer. My company pays big bucks for "the best of the best" antivirus - Symantec. For the most part it's OK, but still, every now and then we get hit. The only way to fully protect yourself is to pull that plug labelled "LAN". __________________ Ervin

March 23rd, 2010, 08:58 AM	#10
Ervin Farkas Inner Circle Join Date: Aug 2005 Location: Atlanta/USA Posts: 2,239	I had the same thing several months ago on another computer running both Avast antivirus and Spybot S&D - neither one caught it. MalwareBytes was unable to clean it, even in Safe Mode. Googling around I found the name of the actual exe file causing the problem (I forget what it was), shut down Windows, popped in my trusty Linux CD (Ubuntu) and deleted the file. Switched to AVG. I don't think that was from this website though... __________________ Ervin

March 22nd, 2010, 09:48 PM	#3
Bill Busby Major Player Join Date: Dec 2006 Location: Los Angeles, CA Posts: 954	Actually the "No Script" add on for Firefox is much more effective, in conjunction with AdBlock.

March 22nd, 2010, 11:46 PM	#5
Jeff Kramer Warden Join Date: Dec 2000 Location: Austin, TX Posts: 390 Images: 1	The implicated exploits wouldn't be setting tracking cookies, they would be downloading pdfs or other files to your machine. It would really be helpful if you mention what page you're on when you get these alerts, though.

March 23rd, 2010, 08:50 AM	#9
Ron Little Major Player Join Date: Feb 2003 Location: Pensacola Fl. Posts: 471	I spent all day Sunday trying to get rid of the virus. I had to dump my anti virus program then reload it then run a deep scan. I had 4 trojan on my system. The only way my system would work was in safe mode. The virus locked everything down and ran a screen that looked like it was doing a virus scan it then wanted me to pay $50 dollars to fix it. It shuts down your anti virus program then pretends to be your virus software. It shows up in the system tray as a shield. It locks you out of everything until you buy the update. I wonder how many people gave them a credit card number?

March 23rd, 2010, 09:45 AM	#11
Alex Chamberlain Regular Crew Join Date: Nov 2007 Location: Hurricane, UT Posts: 160	Amen to Dylan's assessment of AVG. I've been less than impressed lately. I've been using Malwarebytes Free version to great effect to clean systems that AVG allowed to be compromised. (Although, lately, I've been having to boot off a different Hard Drive before scanning for it to work) I think their paid version is pretty economical too, and it's for a lifetime membership. Anyway, Thanks for the heads up DVinfo, and keep up the good work. __________________ Get rid of the "Aspiring" in "Aspiring Filmmaker." Shoot it; you're a filmmaker. After that you're just negotiating your budget. (James Cameron paraphrased)

March 23rd, 2010, 04:30 PM	#12
Dave Blackhurst Inner Circle Join Date: Feb 2007 Location: Apple Valley CA Posts: 3,290	That virus you guys mention sounds familiar, one of my boys got it on their machine - it's PC scan 2009 or something like that - it's brutal, I've been unable to find very good documentation on it, it morphs, steaths and generally destroys your ability to do anything with your computer by altering system settings so you can't do anything to cure the computer. It also locks or causes every legit virus scanner I could find to crash or reboot or error out... Everything you try to do pretty much brings up a screen asking you to go buy their "virus software"... I couldn't find any indication on the web that anyone had sucessfully eradicated it from an infected system, I "cleaned" it twice, the third time it shut me out completely (like I mentioned, it morphs... making eradication way more fun that any other virus I've ever seen). Finally just disconnected the machine and put it in the reformat and reinstall queue... It's obviously a scam to get credit card#'s by pretending to be a virus scanner, but if you get it, your machine is toast... makes klez.h look like a walk in the park by comparison. If you get caught by it, you'll know it though... BTW, I ran housecall virus scan, nothing turned up on my Win7 box.

March 23rd, 2010, 04:42 PM	#13
Alex Chamberlain Regular Crew Join Date: Nov 2007 Location: Hurricane, UT Posts: 160	Dave, That's the exact same problem I've been using MalwareBytes to deal with, but it won't work if the machine is booting off the disk you're trying to clean. You have to put the HDD into a clean computer and scan it with MalwareBytes (or maybe something else, I've only used MalwareBytes) after booting off the clean Hard Drive. Hope this saves you some trouble! Good luck! __________________ Get rid of the "Aspiring" in "Aspiring Filmmaker." Shoot it; you're a filmmaker. After that you're just negotiating your budget. (James Cameron paraphrased)

March 23rd, 2010, 05:51 PM	#15
Adam Gold Inner Circle Join Date: Jan 2007 Location: Woodinville, WA USA Posts: 3,272	I got hit twice this weekend as well while reading posts here. Didn't want to cry wolf as I wasn't sure it came from here but it seems likely now. Got it Saturday morning first and symptoms were as Ron described --- it kills everything including your AV SW. Rebooting into safe mode allowed Malware Bytes Anti Malware to run and clean thoroughly, but I still had to do a system restore to get the browsers working again. Then after cleaning, I got hit again while here. Same process worked fine. I've now disabled all Active X and Java/Javascript and things are fine, although the browsing experience is somewhat hindered. Probably being over-paranoid but I killed a whole day. It's brilliantly evil. __________________ "It can only be attributable to human error... This sort of thing has cropped up before, and it has always been due to human error."

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search