Weird YIM link threat

Started by Kurzyk, July 19, 2010, 09:20:46 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Kurzyk

Hey everyone wasn't sure if this was the right place to post this but had a weird experience with YIM that I wanted to share. I got a message from a friend on YIM asking if a pic they had found was of me. It followed with a link.

Don't click on it! It's not from the friend in the contact list. I don't know where it's from, but it seems to use the contact name, asks the question of whether the following link is a pic of you, peaking curiosity. The link has something in it that Norton picked up as a threat but fixed.

I know that a few others have had this happen to them as well so even if you get a message from a friend with a link, make sure it's really them before clicking.

Paladin

Yea its happened to Lynnie, and it happened to me. Thankfully Norton killed the virus that was in it.

Zealously Jaded

It happened on MSN as well the person who's account I was getting the message off was someone on E, since I kept getting the message I had to block the accout...I hate it when theses things come round.

Once your friend has control of their messenger again, tell them what happened and a quick change of password should stop it from happening again.

Kurzyk

*nods* Yea I think the YIM account was compromised. She's changing her password so hopefully that will fix it.

Paladin

Acvtually the LInk leads to facebook at some point so its gotta be orioginating from there or someone on there.

OldSchoolGamer

The problem with Facebook is all the apps.  You have to be VERY careful which apps you authorize, and many users are not.  A rule of thumb I use is if the app doesn't have at least three out of five stars, it ain't getting in the door.  If there are mis-spellings in the app description, no-can-do.  If I have any reason to doubt it's legit, it goes on the Block list.

Unfortunately, many users just authorize stuff left and right because it promises boobies, a "shocking video," free points for Mafia Wars, a Dislike button, or what-have-you.

Paladin

Ok I was hacked. Norton's runing now but my YIM has sent that link out to all my friends and changing my password didn't work. I'm usually very good about this to the point of Paranoia but something got through.

Also Now when I try to sign on to E using IE it gives me popup message saying that unless I confirm I'm not a robot buy choosing  one o0f 5 things to do, I can't log in. Luckily I have firefox and others.

Haibane

Quote from: Paladin on July 20, 2010, 07:28:40 PM
Norton's running now.
That might be your problem right there.

Paladin

Quote from: Haibane on July 20, 2010, 07:31:12 PM
That might be your problem right there.

Ummm no, Norton is worth its price and its not faulty.

Beguile's Mistress

I'm having the same problem.  It's running through YIM and MSN. 

Paladin

Quote from: Beguile's Mistress on July 20, 2010, 08:10:07 PM
I'm having the same problem.  It's running through YIM and MSN.

Virus san should catch it but I want to catch the shit that did it. I'd make him hate the day he met me.

Vekseid

Quote from: Beguile's Mistress on July 20, 2010, 08:10:07 PM
I'm having the same problem.  It's running through YIM and MSN. 

Did you try Microsoft Security Essentials or Avira from the computer help thread I linked you?

This stuff is only going to get more serious.

Paladin

Quote from: Vekseid on July 20, 2010, 08:19:20 PM
Did you try Microsoft Security Essentials or Avira from the computer help thread I linked you?

This stuff is only going to get more serious.

what link man cause Norton aint finding this thing.

Paladin

OK folks this is worse than I thought. It signed me back into YIM while I was across the room on my bed.

Haibane

#14
Quote from: Paladin on July 20, 2010, 07:33:19 PM
Ummm no, Norton is worth its price and its not faulty.
I didn't say it was faulty. And clearly because of the issues you are having it is NOT working in this instance.

Have you tried downloading and running Mbam from Malwarebytes? Free and it has found and cleaned several nasties for me in the past. I'm not going for oneupmanship here or being funny, or trying to trash Norton, this is not the time and place for that. I'm just recommending an app that has worked for me in the past.

http://www.malwarebytes.org/

And here's Vekseid's link

https://elliquiy.com/forums/index.php?topic=25435.0

Paladin

Thank you for Vek'
s link. I am also trying a delete and reinstall of YIM.

Beguile's Mistress

Quote from: Paladin on July 20, 2010, 09:01:16 PM
Thank you for Vek'
s link. I am also trying a delete and reinstall of YIM.

Let us know if that works.

Vekseid

If you have access to a clean computer, the best thing to do is change your Yahoo, MSN, AIM, etc. passwords (and any password reset details like secret questions and so on) on another machine, then work on clearing it out.

Paladin

Ok deletion and reinstall don't work.

Haibane

#19
I've done some digging and this seems to be the same virus you have had:

http://gulaley.blogspot.com/2010/03/yahoo-messenger-ym-virus.html

The page that links to the removal instructions is here:

http://xibex.blogspot.com/2010/05/virus-strike-yahoo-messenger-again.html

The instructions recommend downloading and installing Malwarebytes and running that, as I linked to a while back up the page.

Veks, if you can verify if this is useful, please do. If this is NOT useful advice it is best removed as it may just confuse people.

And please have a think, Paladin, about removing Norton and replacing it with something else. Kaspersky is excellent, I've used it for some years but it hardly gets mentioned here because its a British product. I'd say it's one of the best AV suites on the market.

http://www.kaspersky.co.uk/

Vekseid

Kapersky has some moral issues. It still doesn't have the reputation that MSE and Avira have built.

Unfortunately without having an infected machine at hand it's hard to say, your link might work. These things are getting a lot scarier, and I've been meaning to do a more comprehensive essay about being security conscious, because some of these programs open up backdoors and install keyloggers.

Wahots

Seriously - download http://www.malwarebytes.org/ then restart your computer in safemode. Run a scan. Restart computer normaly.

I had to do that 3 times but it finally worked.

I was blocked from almost any site I had to sign onto.
My website url is to my F-List. Please look there for my kinks. Thanks.

Paladin

Quote from: Haibane on July 20, 2010, 09:54:56 PM


And please have a think, Paladin, about removing Norton and replacing it with something else. Kaspersky is excellent, I've used it for some years but it hardly gets mentioned here because its a British product. I'd say it's one of the best AV suites on the market.

http://www.kaspersky.co.uk/

I paid for a 2 year contract with Norton. Once that is done I will probably switch. Until then though its working fine. This is the first time it hasn't caught something.

Blitzy

Had a virus sweep through my computer though I don't think it was the same thing. It was a Trojan set that automatically tried' scanning' my computer as an antivirus. I caught it but it had flipped the proxy settings on my internet so I couldn't connect. I had to do exactly what was stated earlier: Log in on Safe-mode, run Malewarebytes, and it cleaned it off easy peasy.
One on One stories on hold currently. Apologies to my writing partners.

Paladin

Ok the Microsoft security thing is what has worked.