Encyclopaedia Metallum: The Metal Archives

Message board

* FAQ    * Register   * Login 



Reply to topic
Author Message Previous topic | Next topic
Rainer1
Mallcore Kid

Joined: Sat Mar 10, 2007 6:37 am
Posts: 29
Location: Canada
PostPosted: Wed Jan 21, 2009 4:13 am 
 

In light of the recent hacker attack on MA; I thought I'd offer some crapware removal and prevention tips to my fellow MA users. It’s basic but should be helpful. Everything in this post is free some have payment options but none require it.

First Run a Full Service Scan from Windows Live One Care.
http://onecare.live.com/site/en-US/default.htm

It’s completely free, reasonably effective and works on at least some versions of the fake antivirus crapwares.

Note 1: On the results page for the scan it will ask if you want to get the full program just click “I’m not ready to be protected yet” (or whatever they are saying now)

Note 2: If it says it needs to restart to remove something after you click restart, Pull ALL internet and/or network connections immediately and do NOT reconnect them until your computer is fully restarted. Don’t question it just do its important.

----------------------------

Now update and run full scans with your antivirus/antispyware program(s)

----------------------------

The following helps prevent future infections and as a side effect blocks a lot of ads

Now Download, Install and Update SpywareBlaster ( http://www.javacoolsoftware.com/spywareblaster.html ) make sure all the protections in SpywareBlaster are enabled

Now Download and Install ZonedOut ( Link.). Next go download ie-spyad ( http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD ) I like the zip version but both work.

Open ZonedOut change you current key to “local machine” and your current zone to “Restricted Zone” now Click Menu->Import/Export Sites->Import from File then find the text files from ie-spyad and import at a bare minimum ie-ads but ie-nfe and adult in the adult folder are a good idea as well since if they block a site you really want you can unblock it by finding it’s URL in the list and click that entry to select it then right click it then go to “Remove Sites” ->Delete Entry(s). Once you have imported the list(s) change your current key back to current user and close ZonedOut.

Now open Internet Explorer. Click Tools->Internet Options->Security then click “Restricted Sites” Set that to High if you have the option make sure that your “Enable Protected Mode” box is checked.

Note 3: If you followed my steps above ZonedOut works for everyone that uses the computer BUT SpywareBlaster MUST be installed for each user.

This is a quick help file I tossed together if you guys want it I’ll write up a proper guide at a less ungodly hour.

Rainer1

Top
 Profile  
anticipate
Mallcore Kid

Joined: Thu Dec 13, 2007 10:27 am
Posts: 1
Location: Poland
PostPosted: Thu Jan 22, 2009 5:19 am 
 

I'm using FREE Dr.Web CureIt! Utility to clean my PC from any spyware and malware or other infections.
You can find it here: http://www.freedrweb.com/cureit/.

The utility contains the most up-to-date add-ons to the Dr.Web virus databases going up to twice per hour frequency at periods of high malware submissions.

Dr.Web CureIt! automatically detects the language of the OS it is installed to and sets the scanner interface accordingly (if the local language is not supported, English is enabled). The utility supports the following 34 languages: Russian, Arabic, Armenian, Belarusian, Bulgarian, Chinese (Simpl.), Chinese (Trad.), Czech, Dutch, English, Esperanto, Estonian, Finnish, French, Georgian, German, Greek, Hungarian, Italian, Japanese, Korean, Latvian, Lithuanian, Norwegian, Persian (Farsi), Polish, Portuguese, Slovak, Slovenian, Spanish, Thai, Turkish, Ukrainian, Vietnamese.

Dr.Web CureIt! detects and removes
* Rootkits * Mass-mailing worms * E-mail viruses * Peer-to-peer viruses * Internet worms * File viruses * Trojans * Stealth viruses* Polymorphic viruses * Bodiless viruses * Macro viruses * MS Office viruses * Script viruses * Spyware * Spybots * Password stealers * Keyloggers* Paid Dialers * Adware * Riskware* Hacktools * Backdoors * Joke programs * Malicious scripts * Other malware*

You have nothing to install, just download the file and launch it.

So, stay protected and Keep Metal Alive!

ANTICIPATE

Top
 Profile  
Zythifer
RP's left nut tastes like breastmilk

Joined: Wed Apr 04, 2007 12:28 am
Posts: 122
PostPosted: Thu Jan 22, 2009 8:19 am 
 

It could just be a coincidence, but around the time this site was attacked I experienced a rootkit infection. The symptoms were google links redirecting me to spam/spyware sites and all firewall/antivirus/anti-spyware programs being unable to update themselves.

If this sounds like you, check out http://www.myantispyware.com/2007/10/08 ... ware-tool/

Run combofix and follow its instructions for a quick and painless removal

Top
 Profile  
mrchris
Metalhead

Joined: Wed Sep 28, 2005 7:32 pm
Posts: 873
Location: United States
PostPosted: Thu Jan 22, 2009 6:01 pm 
 

What was the malware called that affected MA?
_________________
The Doom Video Vault

Top
 Profile  
Willie_Blades
Mallcore Kid

Joined: Tue Dec 09, 2008 12:55 pm
Posts: 1
Location: United States of America
PostPosted: Sat Jan 24, 2009 12:03 pm 
 

Zythifer wrote:
It could just be a coincidence, but around the time this site was attacked I experienced a rootkit infection. The symptoms were google links redirecting me to spam/spyware sites and all firewall/antivirus/anti-spyware programs being unable to update themselves.

If this sounds like you, check out http://www.myantispyware.com/2007/10/08 ... ware-tool/

Run combofix and follow its instructions for a quick and painless removal

Top
 Profile  
Ozenrol
Metalhead

Joined: Sun May 04, 2008 11:17 pm
Posts: 511
Location: United States
PostPosted: Sat Jan 24, 2009 2:07 pm 
 

Out of morbid curiosity, did anyone catch the Vundo/Virtumonde trojan? I seem to have been smote with it around when MA went down.
This thing is a pain in the ass. Hardly any anti-virus programs (avast!, AVG, etc. etc.) are able to remove it.



Not sure if that's just me, or if anyone else caught it. If anyone did, and your Antivirus doesn't catch/remove it, SpywareDoctor is said to be able to get it off. Or Ad-Aware, which I am using right now in an attempt to find and delete it. Ad-Aware has a free version, and SpywareDoctor has a demo (you can scan, but you can't remove).

Edit:
Symptoms for Vundo/Virtumonde include:

-Various to large amount of pop-ups urging you to download a fake anti-virus program
-Slow site loading (even though your download/upload speeds are fine). Some sites also won't load at all.


Here are some files associated with it (the trojan will create hidden folders and stow some of these files in them, which is why you may not be able to find them):

- c:\\windows\system32\WIXWQN.DLL
- difodime.dll
- vundo.ds
- yeneriho.dll

Top
 Profile  
Rainer1
Mallcore Kid

Joined: Sat Mar 10, 2007 6:37 am
Posts: 29
Location: Canada
PostPosted: Sat Jan 24, 2009 5:59 pm 
 

I've had Vundo. It made me want to take a sludge hammer to my computer and get a new one.

If you're using a Windows operating system this online scanner can remove it ( http://onecare.live.com/site/en-US/default.htm ) and it's free.

One thing about the Vundo family of viruses is that they have an online component. Which is what makes them so hard to remove and why when the scan finishes and it asks you to restart you should unplug the you network and/or internet as soon as your computer starts shutting down.

Tech Support Forum ( http://www.techsupportforum.com/ ) has a good virus removal help section as well.

Top
 Profile  
Noktorn
Metalhead

Joined: Fri Feb 11, 2005 5:31 pm
Posts: 1712
Location: United States
PostPosted: Sat Jan 24, 2009 6:45 pm 
 

Ozenrol wrote:
Out of morbid curiosity, did anyone catch the Vundo/Virtumonde trojan? I seem to have been smote with it around when MA went down.
This thing is a pain in the ass. Hardly any anti-virus programs (avast!, AVG, etc. etc.) are able to remove it.


Virtumonde is an absolute son of a bitch. I've only been able to find ONE program that gets rid of it, and since I got mine I've been swearing by it:

http://www.malwarebytes.org/mbam.php

Malwarebyte's Anti-Malware. Ridiculously powerful, even the free version.
_________________
Nokturnal Transmissions Records - www.nokturnaltransmissionsrecords.com
Septic Tomb - www.myspace.com/septictomb
Bonescraper - www.myspace.com/bonescraper666

Member #1 of Zarach 'Baal' Tharagh Crew - Fuck off the musical black metal!

Top
 Profile  
weakling_goat
Metalhead

Joined: Wed Mar 26, 2008 8:34 pm
Posts: 727
PostPosted: Sat Jan 24, 2009 8:08 pm 
 

Noktorn wrote:
Ozenrol wrote:
Out of morbid curiosity, did anyone catch the Vundo/Virtumonde trojan? I seem to have been smote with it around when MA went down.
This thing is a pain in the ass. Hardly any anti-virus programs (avast!, AVG, etc. etc.) are able to remove it.


Virtumonde is an absolute son of a bitch. I've only been able to find ONE program that gets rid of it, and since I got mine I've been swearing by it:

http://www.malwarebytes.org/mbam.php

Malwarebyte's Anti-Malware. Ridiculously powerful, even the free version.

I had Virtumonde and I used that software to get rid of it too.

Top
 Profile  
Ozenrol
Metalhead

Joined: Sun May 04, 2008 11:17 pm
Posts: 511
Location: United States
PostPosted: Sat Jan 24, 2009 9:15 pm 
 

using MWB right now. Many thanks. Hopefully this will get rid of it.

Top
 Profile  
unclevladistav
Metalhead

Joined: Mon Mar 03, 2008 8:33 pm
Posts: 1247
Location: United States
PostPosted: Sun Jan 25, 2009 12:15 am 
 

I downloaded Malwarebytes' Anti-Malware as it's on the main page, the quick scan and removal seems to have gotten rid of whatever I had (scan showed a couple hundred trojans, malware files, and fake/ad alerts).

Top
 Profile  
Evenfiel
Heavy Metal Hunter

Joined: Tue May 27, 2003 9:50 am
Posts: 4619
Location: Brazil
PostPosted: Sun Jan 25, 2009 8:16 am 
 

Hundreds? Seriously, what do you guys do with your computer? Last time I got one was years ago.

Top
 Profile  
Morrigan
Crone of War

Joined: Sat Aug 10, 2002 7:27 am
Posts: 10528
Location: Canada
PostPosted: Sun Jan 25, 2009 1:36 pm 
 

Ten bucks they're IE users. :D

Top
 Profile  
messiah88
Mallcore Kid

Joined: Thu Nov 06, 2008 3:16 pm
Posts: 1
Location: Germany
PostPosted: Mon Jan 26, 2009 11:17 am 
 

There is no program I can download. I downloaded MBAM from an other PC and now I transported via USB stick to this computer... Clicked on the icon but it won't start...

What can I do? Spywareguard is blocking everything...

Top
 Profile  
oneyoudontknow
Cum insantientibus furere necesse est.

Joined: Sun May 21, 2006 6:25 pm
Posts: 5343
Location: Germany
PostPosted: Mon Jan 26, 2009 11:32 am 
 

ever tried the Kapersky online scanner?

or:
HiJack This
Autoruns
gmer
SpyBot Search and Destroy
_________________

My website which contains reviews as well as interviews:
https://adsol.oneyoudontknow.com
My podcast:
https://adsolmag.bandcamp.com/

Top
 Profile  
aaronmb666
Veteran

Joined: Mon Jan 03, 2005 3:37 am
Posts: 2837
PostPosted: Tue Feb 03, 2009 8:51 am 
 

I use Malmarebytes Anti-malware and Symantec Antivirus. I highly recommend both. Just click automatic updates and it does everything else

Top
 Profile  
EnjoyCoke
Mallcore Kid

Joined: Wed Nov 07, 2007 9:41 pm
Posts: 6
Location: Denmark
PostPosted: Sat Apr 11, 2009 7:41 am 
 

I love FAQs

www.majorgeeks.com
Check out their anti-shitware section.
Also, www.opera.com
Download, enjoy, be safe.

Top
 Profile  
rachel12
Mallcore Kid

Joined: Tue Jan 25, 2011 5:31 am
Posts: 1
Location: United States of America
PostPosted: Tue Jan 25, 2011 5:38 am 
 

Hi. I am also using Malmarebytes Anti-malware but not Symantec Antivirus. Now i will use Symantec Antivirus also. Thanks for sharing.
_________________
pandora jewelry sale
pandora jewellery sale
pandora jewellery sale
pandora jewellery sale

Top
 Profile  
Display posts from previous:  Sort by  
Reply to topic


Who is online

Users browsing this forum: No registered users and 14 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

 
Jump to:  

Back to the Encyclopaedia Metallum


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group