Encyclopaedia Metallum: The Metal Archives

[Rainer1]

In light of the recent hacker attack on MA; I thought I'd offer some crapware removal and prevention tips to my fellow MA users. It’s basic but should be helpful. Everything in this post is free some have payment options but none require it.

First Run a Full Service Scan from Windows Live One Care.
http://onecare.live.com/site/en-US/default.htm

It’s completely free, reasonably effective and works on at least some versions of the fake antivirus crapwares.

Note 1: On the results page for the scan it will ask if you want to get the full program just click “I’m not ready to be protected yet” (or whatever they are saying now)

Note 2: If it says it needs to restart to remove something after you click restart, Pull ALL internet and/or network connections immediately and do NOT reconnect them until your computer is fully restarted. Don’t question it just do its important.

----------------------------

Now update and run full scans with your antivirus/antispyware program(s)

----------------------------

The following helps prevent future infections and as a side effect blocks a lot of ads

Now Download, Install and Update SpywareBlaster ( http://www.javacoolsoftware.com/spywareblaster.html ) make sure all the protections in SpywareBlaster are enabled

Now Download and Install ZonedOut ( Link.). Next go download ie-spyad ( http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD ) I like the zip version but both work.

Open ZonedOut change you current key to “local machine” and your current zone to “Restricted Zone” now Click Menu->Import/Export Sites->Import from File then find the text files from ie-spyad and import at a bare minimum ie-ads but ie-nfe and adult in the adult folder are a good idea as well since if they block a site you really want you can unblock it by finding it’s URL in the list and click that entry to select it then right click it then go to “Remove Sites” ->Delete Entry(s). Once you have imported the list(s) change your current key back to current user and close ZonedOut.

Now open Internet Explorer. Click Tools->Internet Options->Security then click “Restricted Sites” Set that to High if you have the option make sure that your “Enable Protected Mode” box is checked.

Note 3: If you followed my steps above ZonedOut works for everyone that uses the computer BUT SpywareBlaster MUST be installed for each user.

This is a quick help file I tossed together if you guys want it I’ll write up a proper guide at a less ungodly hour.

Rainer1

[anticipate]

I'm using FREE Dr.Web CureIt! Utility to clean my PC from any spyware and malware or other infections.
You can find it here: http://www.freedrweb.com/cureit/.

The utility contains the most up-to-date add-ons to the Dr.Web virus databases going up to twice per hour frequency at periods of high malware submissions.

Dr.Web CureIt! automatically detects the language of the OS it is installed to and sets the scanner interface accordingly (if the local language is not supported, English is enabled). The utility supports the following 34 languages: Russian, Arabic, Armenian, Belarusian, Bulgarian, Chinese (Simpl.), Chinese (Trad.), Czech, Dutch, English, Esperanto, Estonian, Finnish, French, Georgian, German, Greek, Hungarian, Italian, Japanese, Korean, Latvian, Lithuanian, Norwegian, Persian (Farsi), Polish, Portuguese, Slovak, Slovenian, Spanish, Thai, Turkish, Ukrainian, Vietnamese.

Dr.Web CureIt! detects and removes
* Rootkits * Mass-mailing worms * E-mail viruses * Peer-to-peer viruses * Internet worms * File viruses * Trojans * Stealth viruses* Polymorphic viruses * Bodiless viruses * Macro viruses * MS Office viruses * Script viruses * Spyware * Spybots * Password stealers * Keyloggers* Paid Dialers * Adware * Riskware* Hacktools * Backdoors * Joke programs * Malicious scripts * Other malware*

You have nothing to install, just download the file and launch it.

So, stay protected and Keep Metal Alive!

ANTICIPATE

[Zythifer]

It could just be a coincidence, but around the time this site was attacked I experienced a rootkit infection. The symptoms were google links redirecting me to spam/spyware sites and all firewall/antivirus/anti-spyware programs being unable to update themselves.

If this sounds like you, check out http://www.myantispyware.com/2007/10/08/combofix-another-free-anti-spyware-tool/

Run combofix and follow its instructions for a quick and painless removal

[mrchris]

What was the malware called that affected MA?

[Willie_Blades]

[Ozenrol]

Out of morbid curiosity, did anyone catch the Vundo/Virtumonde trojan? I seem to have been smote with it around when MA went down.
This thing is a pain in the ass. Hardly any anti-virus programs (avast!, AVG, etc. etc.) are able to remove it.



Not sure if that's just me, or if anyone else caught it. If anyone did, and your Antivirus doesn't catch/remove it, SpywareDoctor is said to be able to get it off. Or Ad-Aware, which I am using right now in an attempt to find and delete it. Ad-Aware has a free version, and SpywareDoctor has a demo (you can scan, but you can't remove).

Edit:
Symptoms for Vundo/Virtumonde include:

-Various to large amount of pop-ups urging you to download a fake anti-virus program
-Slow site loading (even though your download/upload speeds are fine). Some sites also won't load at all.


Here are some files associated with it (the trojan will create hidden folders and stow some of these files in them, which is why you may not be able to find them):

- c:\\windows\system32\WIXWQN.DLL
- difodime.dll
- vundo.ds
- yeneriho.dll

[Rainer1]

I've had Vundo. It made me want to take a sludge hammer to my computer and get a new one.

If you're using a Windows operating system this online scanner can remove it ( http://onecare.live.com/site/en-US/default.htm ) and it's free.

One thing about the Vundo family of viruses is that they have an online component. Which is what makes them so hard to remove and why when the scan finishes and it asks you to restart you should unplug the you network and/or internet as soon as your computer starts shutting down.

Tech Support Forum ( http://www.techsupportforum.com/ ) has a good virus removal help section as well.

[Noktorn]

[weakling_goat]

[Ozenrol]

using MWB right now. Many thanks. Hopefully this will get rid of it.

[unclevladistav]

I downloaded Malwarebytes' Anti-Malware as it's on the main page, the quick scan and removal seems to have gotten rid of whatever I had (scan showed a couple hundred trojans, malware files, and fake/ad alerts).
_________________
Decaying Citadel - Extreme Doom Metal
www.myspace.com/decayingcitadel
New demo out now.
Buy it here:
http://www.bubonicprod.pt.vu/

[Evenfiel]

Hundreds? Seriously, what do you guys do with your computer? Last time I got one was years ago.

[Morrigan]

Ten bucks they're IE users.

[messiah88]

There is no program I can download. I downloaded MBAM from an other PC and now I transported via USB stick to this computer... Clicked on the icon but it won't start...

What can I do? Spywareguard is blocking everything...

[oneyoudontknow]

ever tried the Kapersky online scanner?

or:
HiJack This
Autoruns
gmer
SpyBot Search and Destroy
_________________
If you find any typing errors or ironical comments, then you can keep them.

"Mountains of concrete give the impression humans are in control."

"Talk of heaven! ye disgrace earth."

[aaronmb666]

I use Malmarebytes Anti-malware and Symantec Antivirus. I highly recommend both. Just click automatic updates and it does everything else

[EnjoyCoke]

I love FAQs

www.majorgeeks.com
Check out their anti-shitware section.
Also, www.opera.com
Download, enjoy, be safe.