Virus from Photobucket!...
- Thread starter ex-member Raikey
- Start date
-
Hey Guest, Early bird pricing on the Summer Moot (29th July - 10th August) available until April 6th, we'd love you to come. PLEASE CLICK HERE to early bird price and get more information.
I wondered where I picked it up from - had to take my pc to a mate at work to sort it out - he also suggested i upload service pack for windows7
I am still getting the odd webpage link from google activating a smiliar scan? but that goes with a mouse click
yeah i got a 2nd bout of it,..
seems the first wipe never worked properly,....
be careful dude,....i get to use the IT dept at work,..but,...................
yep, big time twice, locked up solid demanding $60 for the software to clear it.......Geeks at work sorted it out for me
Been on there uploading lots this week and no issues. I'm on Vista using Chrome and Rockmelt browsers. Mind you, I do lodge at a IT consultants house, so maybe that cr@p is getting blocked before it can get to my system.
.
there are some linux distributions with reduced functionality for netbooks and the like such jolicloud and chrome os. In fact Embedded Systems are dominated by linux. Even Sky + runs it! However Ubuntu is the full thing, and will happily run a supercomputer. It is at the same time noob friendly , non patronising, has a great community, and is gunning for apple's good looks. Time to jump aboard people
there are some linux distributions with reduced functionality for netbooks and the like such jolicloud and chrome os. In fact Embedded Systems are dominated by linux. Even Sky + runs it! However Ubuntu is the full thing, and will happily run a supercomputer. It is at the same time noob friendly , non patronising, has a great community, and is gunning for apple's good looks. Time to jump aboard people
Last edited:
You can get it using Firefox, Richard. I came home from Middlewood to find Mrs Bilmo's pc locked up with this crap. Have done a System Restore today and that seems to have sorted it. For how long remains to be seen ...
It never ceases to amaze me how people hoodwink themselves. The size and popularity of an organization means nothing. It's still staffed by people, and people often behave in stupid and inexplicable ways, sometimes in vast numbers. For example, millions put Microsoft software on their computers.
The Stock Exchange was serving this cr@p months ago, well before before Spotify, and apparently Photobucket, plus another 200,000 Websites were hoodwinked. In this case it's because they farm out advertising. They sell empty space on the pages that they deliver to you, and the advertisers fill in the empty space. In some cases the adverts are served from compromised servers. Oops. Only this morning a site owner asked me to turn off my ad blocking. Sorry, not a chance. My take on it is that it's the height of irresponsibility to send content from a third party to your users. There's just no way to satisfy yourself that it's kosher. Quite apart from the fact that it's extremely irritating for the users to be bombarded with adverts all the time.
Don't confuse the operating system with the user interface. Ubuntu basically uses the same operating system that many Linux distributions use, but the distributors of Ubuntu made certain choices about the way it 'looks and feels' out of the box. You can think of it as a commercial appliance with an industrial core if you like. I looked at it once, but being something of a control freak I found it not to my liking. I like to tell my computer when to mount a storage device, not have it happily announce that it's just done it for me without asking; and I decide what my networks look like, not some blooming network manager script. But on the plus side -- like anything which runs the Linux kernel -- Ubuntu is immune to all this Lizamoon stuff and a couple of million other Microsoft exploits out in the wild.
If you insist on running Windows, now might be a good time to turn off ActiveX, and to make sure your Acrobat Reader is up to date; and Java, and QuickTime, and the Office suite, and ... :yikes:
http://www.sans.org/top-cyber-security-risks/patching.php
I can recommend the following instructions for manually deleting the malware http://www.xp-vista.com/spyware-removal/remove-windows-stability-center
Unfortunately most 'generic' instructions for removing malware will fail with the more aggressive examples I've been seeing in the last couple of weeks. The malware writers take the trouble to link themselves into the system so that when for example you try to run the registry editor it fails to run. Just about everything that you try to do to recover control over the machine has been hijacked by the malware. Often the easiest way is to scan the files on the compromised drive on a different computer, but if you can't do that then you might be able to load something like the MalwareBytes Anti Malware tool onto a memory stick, rename it (for example you can call it "silly.com") and run it from there if you can. If you can't, you're getting into deep water. There are entire forums dedicated to this kind of thing so there's no point in going too deeply into it here. I've mentioned this particular tool because in several years of clearing out literally thousands of viruses it's never let me down. I have no connection with the authors.
Had this nasty little thing myself a couple of times. I dont tyhink it's caused by photobucket. Anyway, use ctrl+alt+del to launch task manager, then use task manager to kill the popups and anything that looks like a rogue application. IIRC, this virus has a random string of characters "kjbdfuherjbsjd.exe" sort of thing. I used StopZilla to get rid of it, which worked well, though the virus did kill the SZ definitions database. Using tak manager to stop the virus running, then allowed me to re-download the SZ definitions and launch a scan, which caught it. IIRC, it turns your desktop background black and marks all your image files as hidden/read only. It's not dangerous, it's just a huge PITA.
Dont know if its just a coincidence or not but a lot of PBucket images are currently not linked and the message reads "we are doing some work, your images will be back shortly"
Perhaps they're scanning all the images for malware. If they suspect they've had a serious security issue (and on the face of it that seems very plausible) then it would only be prudent and responsible to take precautions.
Sounds like a different one. There are millions of them about.
We're probably seeing unusual activity because in coordinated raids on 16th March, law enforcement took down about 100 servers which were being used to control 'botnets'. If the reports are to be believed, those servers, and the botnets they controlled, were responsible for truly staggering volumes of criminal traffic. Unfortunately the authorities do not appear to have caught the criminals themselves, who are now expected to be very busy putting their enterprise back together. Fight crime! Run Linux!
Yes, I think there are variations, but the main thing is that it pretends to be a windows scanner and reports all sorts of problems with windows, things like critical errors and hard disc failures etc. The scanner is fake and the problems are not real. It then suggests you download a fix which you have to pay for. All the time you get alert messages for critical errors. It's all part of the virus. The alert messages are fake, but they stop you dealing with it. Task manager allows you to kill all instances of the running virus and start about removing it.
You want malware Bytes on a cd really or if you can make your memory stick read only as a lot of these little nasties will hit the .exe file before it has a chance to install, can't do this if the programme is on a read only cd or stick and always scan with the computer in Safe Mode. Its a cracking little programme.
All correct. The thing that amazes me is that the credit card companies are part of the problem, they process payments for these criminals and pocket their shares of the proceeds. If we had any sense we'd get together and lynch a few of them.
There are several problems here. The average computer user will have very little idea what he's looking for and what he can safely do with the task manager. The example you gave was an easy one to spot, but many malicious programs disguise themselves rather better than that; even to an expert, it isn't always obvious from just looking at the list of running processes what is supposed to be running and what isn't -- more investigation is often needed. Lately I've been seeing malware which is much more tenacious than the earlier versions, it takes over so much of the control of the PC that you can't run things like the task manager, virus scanners and registry editors (sometimes even ANY executable) without resorting to subterfuge and in some cases leverage of what are probably bugs or at least oversights in the malicious code itself. I have to say I'm more and more impressed with the authors of the malicious code, and less and less impressed, if that's possible, with the authors of the legitimate variety. Some of the vulnerabilities being used to attack software now have been published for years and still haven't been fixed. If the hapless user has installed on his PC a couple of dozen miscellaneous utilities published by small firms with no security budget, and he uses it to surf the Internet or work with unchecked data of unknown origin, then he really has little chance of keeping the computer safe from attack. A well-resourced and skilled attacker can defeat the defences of almost any Windows machine which is connected to the Internet.
Aside from consigning Windows to the trash can, probably the biggest single contribution to security would be to stop using Internet Explorer. Second to that, Adobe products (Flash and Acrobat Reader). Thirdly, I think, Java -- but that's more complicated since it's used all over the place without your knowledge.
Absolutely Ged. Both times I got infected, StopZilla and Norton were up to date and active and they failed to catch it. I also agree that it's hard to spot rogue apps running in task manager, but one giveaway with this virus is that it randomly renames itself to avoid detection, so it always looks like a random string of characters in task manager.
