*Warning* Virus Alert ...For those who use Photobucket.

Jaxx

Jaxx

Moderator
Joined
Jan 18, 2006
Messages
19,857
Be careful. As I was preparing my post for the stonewash finish thread with pix of my hammered AD, my screen went green with a black square in the middle with some warning about my system being infected with spyware. Having never seen this before, I went offline and ran my copy of Malwarebytes. It found 10 infected files and reg keys. This slipped right through my firewall and AV running updated defs. Unfortunately, I now have a login-logoff loop problem even in safe-mode and until I can remember my freakin' 4 year old, never used admin password, I'm completely screwed.

The only other site I opened today was Photobucket, so I believe, but am not sure if this is where I was attacked and infected. However, I was hit Wed. night also and had Photobucket open in a tab then too. That I was able to resolve completely, unlike today. I believe the names of the culprits are (IIRC) Trojan.FakeAV & Trojan.Blotter.
Be vigilant, and hopefully you won't experience the same fate. Oh, and refresh your memory on your admin password!! Seems that it's needed to access Windows via Recovery Console. :(

Other than checking in via this phone, I'll be offline until I can get this sorted out, and if any of you tech savvy HOGs have any suggestions... PLEASE feel free to post or PM/email me with 'em!! :) TIA if you can help.
 
ya , the photobucket is a rogue , put a Trojan program in the pages .
when i brwose the site , my computer will no response for few seconds .
 
Jaxx, Sorry to hear about this.
I would immediately download Microsoft Security Essentials from Microsoft's website.
Just do a google search for it. Probably the best Free AV out there right now, I use it all the time.

If you want to change the Admin password do the following:
Right click My Computer
Click on Manage
Double click on Local Users and Groups
Click on Users
Right click on Administrator and choose Set Password
Click on Proceed
Change the password to whatever you want, you have to enter it twice
Click OK
Click OK once more
Close any open windows, your done.

*If you can not do this send me a PM, I have a CD that you can reset the Admin or any account password with and I will mail you one.

Good Luck.
 
I just re read your post JAXX and the endless loop was one I came across the other day on a CoWorkers Laptop that I did as a side job, I tried everything and ended up rebuilding the WIndows OS because of it.
Same thing click on the profile you want to access and it almost goes to the desktop and then logs you right off, yes even during safe mode.
It is a nasty trojan that effects all profiles on the PC and is also associated with the Fake AntiVirus trojans that are all over the place now.
When ever you see these windows come up you are better off closing them with Task Manager (CTRL, ALT, DELETE) and using the End Task feature than clicking the X to close them, we have seen some here that program the X as an install button for the program instead of actually closing it.
 
=MAX= said:
I just re read your post JAXX and the endless loop was one I came across the other day on a CoWorkers Laptop that I did as a side job, I tried everything and ended up rebuilding the WIndows OS because of it.
Same thing click on the profile you want to access and it almost goes to the desktop and then logs you right off, yes even during safe mode.
It is a nasty trojan that effects all profiles on the PC and is also associated with the Fake AntiVirus trojans that are all over the place now.
When ever you see these windows come up you are better off closing them with Task Manager (CTRL, ALT, DELETE) and using the End Task feature than clicking the X to close them, we have seen some here that program the X as an install button for the program instead of actually closing it.
Click to expand...

Thanks for reaching out, man! I may need your help learning how to slave one drive to another... Can you do this notebook to notebook or do I need access to a desktop? I believe my data is intact, so I'm thinking about getting a new notebook 'puter anyway since this one is getting older, but I need to retrieve the contents off this drive before anything else can be done to it..

I didn't click on anything, that much I knew to not do. :) Malwarebytes prompted a restart once it completed the scan & actions I initiated, and the rest is history, LOL
 
I really like SuperAntispyware also for virus\spyware\malware removal...and it is free...run it before or after malwarebytes and it will find things that the other missed.

First thing to do is get the hard drive out of the laptop, usually located on the side or bottom. On the botton of the laptop it will usually have an icon that looks like discs to indicate where the drive is. If it is a dell it usually slides out either right or left depending on how you are holding the laptop. Some hard drives are under the keyboard and are a total dissassembly of the laptop chasis and are a M.F.'er to remove. Really depends on the model\brand of laptop. Most Manufacturers have good manuals online now, google will be a good friend.
Once the drive is out you need a slave tool, I use a VANTEC SATA/IDE to USB slave tool.
One end goes to the hard drive one end goes to the PC or laptop through USB, it will appear as a device and then you can access it as another hard drive under my computer. You will have to browse to your profile for the data.

Windows XP:
C:\Documents and settings\JAXX
The get to My documents, desktop, favorites, etc...

If it is Vista or Windows 7:
C:\Users\JAXX
 
Jaxx
do you have access to another computer? (what operating system on it?)
what operating system is on the infected computer?
 
fugawee said:
Jaxx
do you have access to another computer? (what operating system on it?)
what operating system is on the infected computer?
Click to expand...

No access to any others... Not yet.
Win XP SP2, latest critical updates available have been D/L'd from Microsoft but not SP3.
 
Word is, there have been some virus attacks on some other boards too.

More along the lines of a spammer baiting a link on a PM.
 
Last edited:
I got backup with Mac, no infection on Macs yet. So get a Mac as back up platform.
 
Thats really nasty. You weren't using firefox were you? Then I'd be really scared.

Unfortunately, I can't think of a way to clean the registry of an os thats not running.
Have you tried the Last Known Good Configuration? It might still be good. It should be right there with safemode.
 
I have been using firefox, and running spybotsd and avast! I have been pretty lucky lately, with no problems. I was infected on my last computer with spyware sheriff. I never fully recovered from it, lots of problems. A family member recommended what I am using now, but I know some of you guys are pros and wondering if there is something better out there to protect from these problems.
 
This won't help you out much now, but once you get back up and running pick up a disk imaging program and a USB external drive. Image your computer and keep it updated. Next time something like this happens, or if (when) your HD dies it's a snap to get back to a running PC in under an hour. I use Acronis but there's freeware stuff out there as well. I've had to re-image several PC's/laptops due to dead hard drives and corruptions and it's saved countless hours of aggravation.
 
Jaxx said:
Be careful. As I was preparing my post for the stonewash finish thread with pix of my hammered AD, my screen went green with a black square in the middle with some warning about my system being infected with spyware. Having never seen this before, I went offline and ran my copy of Malwarebytes. It found 10 infected files and reg keys. This slipped right through my firewall and AV running updated defs. Unfortunately, I now have a login-logoff loop problem even in safe-mode and until I can remember my freakin' 4 year old, never used admin password, I'm completely screwed.

The only other site I opened today was Photobucket, so I believe, but am not sure if this is where I was attacked and infected. However, I was hit Wed. night also and had Photobucket open in a tab then too. That I was able to resolve completely, unlike today. I believe the names of the culprits are (IIRC) Trojan.FakeAV & Trojan.Blotter.
Be vigilant, and hopefully you won't experience the same fate. Oh, and refresh your memory on your admin password!! Seems that it's needed to access Windows via Recovery Console. :(

Other than checking in via this phone, I'll be offline until I can get this sorted out, and if any of you tech savvy HOGs have any suggestions... PLEASE feel free to post or PM/email me with 'em!! :) TIA if you can help.
Click to expand...

I figured that I should post an update, especially for those who use Photobucket...

I found the vulnerability that allowed the Trojan viruses in and this had something to do with Adobe Acrobat... My version was not updated to the current version and this is what was exploited to allow the hijack. Mine was something like 8.3x and the current is something like 9.3x :o (I'm not sure as I uninstalled my copy and haven't gone back to Adobe to D/L the latest version yet.)

I have been in touch with Photobucket since all of this coincided with mousing over one of their expanding advertisements, and have sent them copies of my Malwarebytes & Norton scan logs. Although it's been determined that they don't use .pdf files, they are checking things from their end with the concern being that they do use Adobe Flash. In any case, if you don't have Acrobat, or you do and it's current, then you're good to go with regards to Photobucket and shouldn't have a problem along these lines. :)

Malwarebytes did do its job in deleting the threat (mostly). What happened was that it deleted an altered registry key that Windows needed the correct version of to load on startup and so it couldn't do anything but log me back out. 15 minutes with a very tech-savvy fellow at GeekSquad (Best Buy) had my computer able to start up normally. :thumbup: Cost? 30 bucks. :D

Along with Norton, I used 3 different malware programs and some 15-20 full scans later, I think that I've finally removed all the offending malware. :yawn: Clean scans again, My eyes are crossed!

the 3 malware programs were Malwarebytes, Spybot Search & Destroy, and Ad-Aware. All of them caught different items with the exception of Ad-Aware, which was last on the scene after many scans from the other 3 (including Norton AV). Once I got clean scans, I wanted to try another scanner that I didn't already have, so I downloaded a fresh copy of Ad-Aware to see if it would hit on anything else missed.

Thank you, =MAX= & Fugawee for your advice and recommendations... You guys rock!! I really appreciate the help from you both, and learned quite a bit from you both. I will be making some changes to my security per your suggestions and have kept my notes on the other possibilities discussed should this problem arise again.

Also thanks to y'all for advice posted here, i.e. disk imaging, Firefox, etc.! I think that I will give Firefox a shot, and as soon as I'm absolutely sure that I have a clean system again, i plan to back up what I need, reformat & rebuild, and then create a disk image + complete backups on a new drive I picked up while at Best Buy.

Anyway, that's about it. I just felt that I should pass along what I learned to hopefully help y'all avoid the same mess. :)

Thanks again, HOGs! :thumbup::thumbup:
 
You must log in or register to reply here.
Back
Top