vogon13":38q0xjbd said:
Yes I saw it Vog. Had an idea that might appeal to you. :lol:
It's certainly quite appealing as a deterrent for malware peddlers anyway. :twisted:
- Status
Yes I saw it Vog. Had an idea that might appeal to you. :lol:
It's certainly quite appealing as a deterrent for malware peddlers anyway. :twisted:
Plus que pigé - Because you didn't specify that in your reply it might not be clear to someone who doesn't know about those fake processes' MO. They might not find it in that wrong folder but then go find the authentic process somewhere else and delete that.yevaud":26zkmwgk said:
I've also had viral copycat processes identically named but for one digit that's not too noticeable, running from somewhere in the authentic app's root.
And I don't recommend carelessly saying 'capice' to young men from latin europe.
MeteorWayne":262vu8uq said:
Come to think of it you're right... only on the home page. You'd be amazed how many cookies I get from here and Facebook. I have a program called Spy Hunter that eats them.
Setting your browser to "only accept cookies from the site I visit" (as opposed to "accept all cookies" or "accept 3rd party cookies") will stop most of the tracking cookies (spyware) coming in in the first place. Trouble is, as I mentioned in another thread I started here yesterday, Youtube videos will now only work when played at the Youtube site if your browser is set to accept 3rd-party cookies. :roll:
Smersh":t2k3xsqu said:
That's what I think, and I've seen the same at other sites. When it trys to run itself or tell you to download, you just exit. The real virus is the one that the bad guys- who act like they're good Samaritans concerned with your safety- download when you say okay.
"download when you say okay."
Not the ones I have seen. They try to launch if you click anything on the pop-up, including the corner X button.
Wayne
Not the ones I have seen. They try to launch if you click anything on the pop-up, including the corner X button.
Wayne
Just had one pop up, only has LiveScience and SDC up. I will try to avoid the "kill it" reaction long enough in the future
to do a screen capture so I can start noting what ads are up.
Wayne
to do a screen capture so I can start noting what ads are up.
Wayne
drwayne":3v3vwkwq said:
Right. The ones I've seen try to run when you 'x' out. Then, when it begins to run, you 'x' out again. That's what I've seen anyway. It tries to tell me that my little R2 unit here is highly infected. After 'x'-ing it, I'll run BitDefender then AVG, respectively and separately, which takes a total of 3 or 4 hours, and they both say R2 is clean.
I have the max package of Avg and BD, as well as the standard windows firewall stuff, and I trust that when they all say "clean", that it is correct.
drwayne":45iaxn6b said:
You should try to disable the Popup by right-clicking on the popup window in the taskbar (The gray bar on the bottom of the Windows screen that has the Start button, time and various application icons in it.) and selecting "close" if it's a standard popup. (If it is a system message with some url in it, I think you can still use the "x" to close it.. but, it may be able to masquerade as one and still have some malformed exploit or clickthrough on it)
However, if you don't see it in the taskbar (bottom portion of the screen) then I think the only thing you can do is close the application that is running it. <CTRL><ALT><DEL> , select the browser app and shut it down.
drwayne":33q47lwd said:
Yeah, the date and time would be helpful for whoever is going to track this sucker. Marketing agencies that serve these ads can keep track of them sometimes and will be able to ID what was being pushed. (Not always, though. I'm no expert but it depends on the agency and how they structure their fees. "Good" ones should be able to produce logs for customer assurance that their advertising is being run according to the stipulations of the contract.)
It happened to me again just now, 7:30 p.m. EST Sunday night. Hmm... I wonder what would happen if I patched my computer into my Series I, Psycho-Accoustic Alpha Wave Proton Igniter.
Hi, this exact malware bug got on one of our machines at work and unfortunately, neither McCaffe, nor Norton will catch it. The only way to be sure you kill this (if you get infected) is to download and run Malwarebytes. This is still a free (no hidden crap) application that will repair registry errors and kill malware apps like the SNS.Icon.exe "Your computer is infected" bug.
A little about this bug: You must use task mngr to kill the snsicon.exe process and your browsing session to get rid of it. If you "x" out the popup window when it appears then you have just installed the malware as it behaves just like a print driver. Cancel= run and close and then unfortunately it is too late.. :lol:
http://www.malwarebytes.org/
You can pay for the full version or just use the free version (that's what we used on the infected machine) and it works fine.
A little about this bug: You must use task mngr to kill the snsicon.exe process and your browsing session to get rid of it. If you "x" out the popup window when it appears then you have just installed the malware as it behaves just like a print driver. Cancel= run and close and then unfortunately it is too late.. :lol:
http://www.malwarebytes.org/
You can pay for the full version or just use the free version (that's what we used on the infected machine) and it works fine.
For me, MWB cleaned a lot of it, but I also had to resort to Norman Malware to get some of the rest,
in addition, I had to go edit a system file to get rid of the redirects it put in for most major search engines
to the malware site. (It didn't get AltaVista interestingly enough).
Note that Malware Bytes works better when it is NOT launched in safe mode, unlike most cleaners, including
Norman Malware.
The variety of payload it downloaded for me by the way - one of the first things it did was disable the task manager.
in addition, I had to go edit a system file to get rid of the redirects it put in for most major search engines
to the malware site. (It didn't get AltaVista interestingly enough).
Note that Malware Bytes works better when it is NOT launched in safe mode, unlike most cleaners, including
Norman Malware.
The variety of payload it downloaded for me by the way - one of the first things it did was disable the task manager.
nimbus":1gb4zv5m said:
Nah, I'm disgusted. I keep running into this same virus. Over and over again. It's getting tired.
Sorry if I came off cocky with the last comment. It's just 9/10 people who would say it like that will do it to get a rise out of who they're saying it to, and be really pretentious about it. I don't know whether it's a trendy thing in the USA. But it's not something you can say like that, like just saying "ciao".
I get rid of those viral processes the same way you do (task manager > kill process > delete viral .exe immediately after), I just thought it'd be worth pointing out that you have to go after the right one.
Sometimes you do have to restart in safe mode and anyone reading who doesn't know how to do that .. Keep F8 pressed just after your PC's done with the first startup screen, before the windows boot screen shows up. While I'm at it.. Many times I've had the infection disable task manager. You can type a command in the "Run..." dialog from the start menu to re-enable it, but I don't remember it. This page shows how to do it the long way by editing the registry, but it's only for WinXP and you have to do exactly what it says (for anyone who's not used to doing this sort of thing).
I get rid of those viral processes the same way you do (task manager > kill process > delete viral .exe immediately after), I just thought it'd be worth pointing out that you have to go after the right one.
Sometimes you do have to restart in safe mode and anyone reading who doesn't know how to do that .. Keep F8 pressed just after your PC's done with the first startup screen, before the windows boot screen shows up. While I'm at it.. Many times I've had the infection disable task manager. You can type a command in the "Run..." dialog from the start menu to re-enable it, but I don't remember it. This page shows how to do it the long way by editing the registry, but it's only for WinXP and you have to do exactly what it says (for anyone who's not used to doing this sort of thing).
yevaud":27y1vnr2 said:
Is it clearly a case of being reinfected by visiting SDC and getting it from a popup or is it a case of it simply restoring itself after being "cleaned" by anti-malware programs?
How can I help?
Ultimately, that's what I really want to know. Aside from flying up to SDC offices or TopTenReviews and personally yanking the advertising links off the page, what can I do to help people here protect themselves and solve this problem?
You're a tech savvy guy. But, even the most brilliant person misses something once-in-awhile. A very long time ago, I wrote a post detailing general security measures and recommending free packages, ratings for pay packages and safe surfing habits. Would something like that help? Would a guide written by the consensus of knowledgeable community members help? Heck, would a step-by-step, click-your-way-to-safety, html document help those who aren't computer literate enough to do it themselves?
This is a community. Let's "communitize" our way out of this mess and protect our members if "The Man" won't act to protect us itself. IMO, the fact that TopTenReviews or Imagnova/SDC has not yet acted to protect our membership is a very serious sign that the same stewardship exhibited by the Old Guard has not been continued by the New Order...
So, where can I start? Where can we all start? If anything, I can at least volunteer to donate internet ink to such a worthy cause.
EDIT- ADD - On second thought, the heck with that.
I am going to Act. See following post.
Re: Space.com being attacked???
An open note to the current management of Space.com:
Act.
This problem has been going on for several days now. It is not in the best interests of the community nor the site visitors that your company relies on to generate revenue for such a condition to be allowed to continue to exist. Continued exposure to this problem significantly compromises the integrity and reputation of Space.com in the eyes of site visitors.
There is no more important task for a site administrator than to ensure the integrity of their website and its continued safe existence. There is no higher priority than acting immediately to remove the possibility of malware infecting site visitors. If one must unilaterally halt all third party advertising in order to successfully mitigate the problem until a permanent solution is found, then that is what one must do. There are no exceptions to that rule.
Failure to act demonstrates a lack of proper standards of acceptable stewardship. Further, failure to act communicates a willful negligence on the part of the site management. Such a failure establishes an inherently dangerous situation for any business concern. This is now a matter of record that is unmistakable in its import.
In the interests of a strong, healthy and vibrant community..
Sincerely,
a_lost_packet_
An open note to the current management of Space.com:
Act.
This problem has been going on for several days now. It is not in the best interests of the community nor the site visitors that your company relies on to generate revenue for such a condition to be allowed to continue to exist. Continued exposure to this problem significantly compromises the integrity and reputation of Space.com in the eyes of site visitors.
There is no more important task for a site administrator than to ensure the integrity of their website and its continued safe existence. There is no higher priority than acting immediately to remove the possibility of malware infecting site visitors. If one must unilaterally halt all third party advertising in order to successfully mitigate the problem until a permanent solution is found, then that is what one must do. There are no exceptions to that rule.
Failure to act demonstrates a lack of proper standards of acceptable stewardship. Further, failure to act communicates a willful negligence on the part of the site management. Such a failure establishes an inherently dangerous situation for any business concern. This is now a matter of record that is unmistakable in its import.
In the interests of a strong, healthy and vibrant community..
Sincerely,
a_lost_packet_
The community must act.
This is obviously an ongoing problem. Suggestions can be given but they are not good if they are not acted on. So, those who are interested in helping to solve the problem and who have the necessary knowledge to do so must act in a cohesive and organized manner to help their fellow community members.
This we must do. So, if nobody else is going to do it, I will. Any are welcome to assist, lead, follow or, barring that, get out of the way.
Objective: To act in the best interest of community service and enthusiastic fellowship by providing a context specific security resource and guidance concerning the immediate problem presented by obvious malware intrusions into Space.com's hosted advertising with continued applications for future security concerns presented by general internet browsing activity.
Short Term Goal: To minimize the risk of fellow community members being susceptible to security risks generated by current and future problems revolving around malware generated by site visits to Space.com.
Long Term Goal: To instruct fellow members concerning safe surfing habits, security precautions, and to provide general information and limited support concerning free and meaningful security tools that require a minimum level of knowledge in order to provide effective online security within the scope of their designers' interpreted intent.
Critical Time Sensitive Tasks: Mitigate the risk associated with visiting Space.com for the near term until a permanent solution is found.
In keeping with the above standards, for now I can give one major piece of advice:
Stage One: Until we are in receipt of notice that site management has successfully diagnosed and corrected the problem or has successfully falsified our suspicions, do not visit the Space.com home page. In order to access the forums where necessary updates concerning this problem can be found, please use a direct link:
http://www.space.com/common/forums/index.php
Click the above link and bookmark it. Use it instead of accessing the forums through the main page until further notice.
Further information in keeping with the above condensed scope description will be forthcoming.. once I've had a chance to get some sleep and construct something suitable. However, anyone can provide information or guidance in keeping with the above. Please tell me you wish to do so and I will organize it as best I can with your concerns in mind in order to present a cohesive document. Anyone else wishing to volunteer to lead this effort is more than welcome to take the initiative and I will fully and enthusiastically support them by whatever means at my disposal.
To provide a specific inclusion in the above project, please include "Inclusion" in bold letters at the beginning of your post so I can be sure to notice it.
If you don't want any submissions included in any unofficial community effort, you can still post your advice, links or answers to questions without worrying some enthusiastic yet unstable idgit will copy/paste your words into some ridiculous community manifesto on internet security.
This is obviously an ongoing problem. Suggestions can be given but they are not good if they are not acted on. So, those who are interested in helping to solve the problem and who have the necessary knowledge to do so must act in a cohesive and organized manner to help their fellow community members.
This we must do. So, if nobody else is going to do it, I will. Any are welcome to assist, lead, follow or, barring that, get out of the way.
Objective: To act in the best interest of community service and enthusiastic fellowship by providing a context specific security resource and guidance concerning the immediate problem presented by obvious malware intrusions into Space.com's hosted advertising with continued applications for future security concerns presented by general internet browsing activity.
Short Term Goal: To minimize the risk of fellow community members being susceptible to security risks generated by current and future problems revolving around malware generated by site visits to Space.com.
Long Term Goal: To instruct fellow members concerning safe surfing habits, security precautions, and to provide general information and limited support concerning free and meaningful security tools that require a minimum level of knowledge in order to provide effective online security within the scope of their designers' interpreted intent.
Critical Time Sensitive Tasks: Mitigate the risk associated with visiting Space.com for the near term until a permanent solution is found.
In keeping with the above standards, for now I can give one major piece of advice:
Stage One: Until we are in receipt of notice that site management has successfully diagnosed and corrected the problem or has successfully falsified our suspicions, do not visit the Space.com home page. In order to access the forums where necessary updates concerning this problem can be found, please use a direct link:
http://www.space.com/common/forums/index.php
Click the above link and bookmark it. Use it instead of accessing the forums through the main page until further notice.
Further information in keeping with the above condensed scope description will be forthcoming.. once I've had a chance to get some sleep and construct something suitable. However, anyone can provide information or guidance in keeping with the above. Please tell me you wish to do so and I will organize it as best I can with your concerns in mind in order to present a cohesive document. Anyone else wishing to volunteer to lead this effort is more than welcome to take the initiative and I will fully and enthusiastically support them by whatever means at my disposal.
To provide a specific inclusion in the above project, please include "Inclusion" in bold letters at the beginning of your post so I can be sure to notice it.
If you don't want any submissions included in any unofficial community effort, you can still post your advice, links or answers to questions without worrying some enthusiastic yet unstable idgit will copy/paste your words into some ridiculous community manifesto on internet security.
Re: Space.com being attacked???
The SAME thing just happened to me.
SDC, fix your site!
StarRider1701":i5y130cv said:
The SAME thing just happened to me.
SDC, fix your site!
Re: Space.com being attacked???
I've asked someone from the IT/helpdesk area to come and respond to the complaints, and have forwarded the thread to them. Apologies for the continued frustration.
-dh
I've asked someone from the IT/helpdesk area to come and respond to the complaints, and have forwarded the thread to them. Apologies for the continued frustration.
-dh
Re: Space.com being attacked???
Morning readers,
There has been a recent abundance of malicious software attacks all across the internet. These attacks that may appear to be coming directly from Space.com I can assure you are not coming from our source code. However, the malicious software that is circulating on the net is usually pushed through the ad networks of which nearly every major website contain. While we control the location of the ad network on the page, we do not control the content they push. Unfortunatly, if there is a bug coming through an ad network, it is impossible to figure out which one is doing it, as it is VERY intermittent and random.
We have been working frantically to figure out where its coming from, as you guys here on SDC are reporting it, but we are getting reports from many other sites across the net as well. I have a PC at my desk that continually refreshes the home page for all of out sites within the TechMediaNetwork, and have not gotten a popup, but again, its so intermittent, even if I did get one, I couldn't tell which ad network is causing the issue only the site. It seems the the Malicious software is not dropping cookies on the system. Also, while it could be coming from an ad network, sometimes the popup/redirect can be result of previously installed malicious software.
I can assure you this, the servers hosting these sites are our own, and were a serious upgrade to the system they previously were on. The hardware is faster, more powerful and can serve up much more content than the previous system was capable of. On the downside, the cost of those servers, as well as the bandwidth, personnel to maintain them would be impossible without the Ad networks to help bring revenue to pay for this. You figure a SDC article hits the homepage of Yahoo and suddenly 5 million views generate in 3 hours.... That is a lot of bandwidth.
I will ask this. Those of you that are experiencing issues while visiting SDC, please run a complete scan of your system with your AV software, and save a log file. Those log files are crucial in helping us determine a location of the infection. You can submit those to my e-mail address - jborglund@toptenreviews.com.
Thank you for your patience during this transition.
Morning readers,
There has been a recent abundance of malicious software attacks all across the internet. These attacks that may appear to be coming directly from Space.com I can assure you are not coming from our source code. However, the malicious software that is circulating on the net is usually pushed through the ad networks of which nearly every major website contain. While we control the location of the ad network on the page, we do not control the content they push. Unfortunatly, if there is a bug coming through an ad network, it is impossible to figure out which one is doing it, as it is VERY intermittent and random.
We have been working frantically to figure out where its coming from, as you guys here on SDC are reporting it, but we are getting reports from many other sites across the net as well. I have a PC at my desk that continually refreshes the home page for all of out sites within the TechMediaNetwork, and have not gotten a popup, but again, its so intermittent, even if I did get one, I couldn't tell which ad network is causing the issue only the site. It seems the the Malicious software is not dropping cookies on the system. Also, while it could be coming from an ad network, sometimes the popup/redirect can be result of previously installed malicious software.
I can assure you this, the servers hosting these sites are our own, and were a serious upgrade to the system they previously were on. The hardware is faster, more powerful and can serve up much more content than the previous system was capable of. On the downside, the cost of those servers, as well as the bandwidth, personnel to maintain them would be impossible without the Ad networks to help bring revenue to pay for this. You figure a SDC article hits the homepage of Yahoo and suddenly 5 million views generate in 3 hours.... That is a lot of bandwidth.
I will ask this. Those of you that are experiencing issues while visiting SDC, please run a complete scan of your system with your AV software, and save a log file. Those log files are crucial in helping us determine a location of the infection. You can submit those to my e-mail address - jborglund@toptenreviews.com.
Thank you for your patience during this transition.
Smersh":3cam76yj said:
Oh, my!
On last nights episode of The Tudors, I think we have portrayed the perfect punishment for hackers!
Death by red hot poker jammed 'you know where'.
I bet we just have to execute 2, at most 3 creeps that way, and the hacking problem will evaporate.
:shock:
I have moved this to Community Talkback. Please see Josh's post and send him log files if/when you run into these virus warnings.
-dh
-dh
- Status
TRENDING THREADS
-
Basic Error: The accelerating Universe conclusion - reason- Started by Gibsense
- Replies: 190
-
-
-
-
Facebook
Twitter
Instagram