Had a virus scare.

Started by Wolfy, August 21, 2014, 01:28:55 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Wolfy

False Java installer thing...took me to what looked like a java home page/download page, then installed itself into my downloads folder through chrome. Luckily it didn't do anything else after that, from what I can tell, and I shredded it with my Webroot Antivirus.

Still, has anyone heard of this? It kept giving a message that my browser was insecure without it...sounds like the general scare-ware kind of crap.

kylie

       I've passed one of those recently too.  I think it was on some archive downloading page.  I don't remember much about it, though.  I managed to realize it wasn't the proper Java page and didn't click it.

      However, on the same subject...  I have been getting an Avira notice for something supposedly accessing a tmp folder that looks empty now.  It had a virus before (maybe W32R.GEN or something like that?) and I tried to manually delete that folder, as Avira couldn't quite remove it.  Now I only see the folder with nothing apparently in it and Avira has quarantined it...  Still I get these messages pretty often.  A little odd, as usually Avira has been very good and not left things behind.
     

Psi

#2
Hit the windows key, search the snip tool and take a screenshot and save it - makes it much easier when trying to describe an error message, and you can send it as well if required.

This is why I deploy Java and Adobe Flash updates at work.

If you are concerned and have done a full AV Scan, download Spybot Search and Destroy (Spybot S&D), and Malware Bytes Anti Malware (MBAM) and let the non-resident, non real time protection options do a full scan of your computer.

The problem with RT Protection, is that they don't advertise that having more than one causes problems.

kylie

Quote

The problem with RT Protection, is that they don't advertise that having more than one causes problems.

        Oh I've heard that...  Though I do find that certain "full system" scanners take ages (like, a day or two on end) to complete before giving you any report -- so it can be very difficult to both address the problem that's actually driving you up the wall immediately, and also get your "full" scan to actually complete.  It's not merely tempting to pause or cancel and run something faster, but it becomes a matter of practicality.  The question is whether the average user can run something faster and not encounter a conflict between the various programs when one is paused and the second one is just being installed or given priority to take over and often all under some considerable pressure caused by the malware.   

            I've also found that some of the realtime scanners are not transparent at all about how to turn the whole program off.  They seem designed more to make sure the user has little chance of actually shutting them down, even intentionally!  You may follow what few instructions they give, and the program seems to resist or menus are not forthcoming about just where to actually kill it.  Then you think you have turned it off, only to find it's still going in the background with certain "core" functions that were not included in that one very suggestive menu option...

     

kylie

#4
         Not to take over the whole thread myself, but this is the thing I was referring to.  It can pop up easily a few times a day.  I had the virus name confused with another that came up in that scan.  The folder it references is empty as far as I can see (including filtered for hidden files)...  Yes, I keep hitting "Remove" and this just keeps reappearing later. 

         But the folder is already listed as quarantined from the scan, Avira doesn't say what is trying to get to it and Avira wouldn't touch the folder skeleton itself. 

         Thanks for reminding me that I had Malware Bytes on this machine, ha.  So much stuff.  Trying that.

     

kylie

         Wolfy, I wonder if what you have might be something like PUP.tidynetwork ... 

         I did find it on my computer as I was working various issues (and MB just found it again now, gah)...  And I saw it mentioned along with the fake Java site message situation here for one.  Though I didn't find that page particularly useful (unless maybe, you are good at picking through others' Malware Bytes logs).

          Maybe you could get some other info on that.  I can't say whether other virii are being distributed through that same trick page now, though.
     

Inkidu

Clear out your temp folder every once and a while.

Lots of Ransomware likes to sneak in there.
If you're searching the lines for a point, well you've probably missed it; there was never anything there in the first place.

kylie

#7
       I tried to manually delete it when the check found things inside, but the folder shell itself won't go away.  I tossed everything I could see inside it. 

        Malware Bytes doesn't seem to have removed it either -- actually it only gave quarantine, exclude or ignore options for everything I found (at least in the free version).  I'll try Spybot.