You are either not logged in or not registered with our community. Click here to register.
 
December 08, 2016, 06:15:10 PM

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

Click here if you are having problems.
Default Wide Screen Beige Lilac Rainbow Black & Blue October Send us your theme!

Hark!  The Herald!
Holiday Issue 2016

Wiki Blogs Dicebot

Author Topic: Had a virus scare.  (Read 351 times)

0 Members and 1 Guest are viewing this topic.

Offline WolfyTopic starter

Had a virus scare.
« on: August 21, 2014, 01:28:55 AM »
False Java installer thing...took me to what looked like a java home page/download page, then installed itself into my downloads folder through chrome. Luckily it didn't do anything else after that, from what I can tell, and I shredded it with my Webroot Antivirus.

Still, has anyone heard of this? It kept giving a message that my browser was insecure without it...sounds like the general scare-ware kind of crap.

Offline kylie

  • Bratty Princess of Twisty, Creeping Secrets. Frilly | Fussy | Framed | Dreamy | Glam | Risky | Sporty | Rapt | Tease | Ironic | Shadowed | Struggling | Whispery | Bespelled
  • Liege
  • Enchanter
  • *
  • Join Date: Apr 2005
  • Location: Somewhere in the future.
  • Darkly sweet femme for rich & insidious scenarios.
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 1
Re: Had a virus scare.
« Reply #1 on: August 21, 2014, 03:29:30 AM »
       I've passed one of those recently too.  I think it was on some archive downloading page.  I don't remember much about it, though.  I managed to realize it wasn't the proper Java page and didn't click it.

      However, on the same subject...  I have been getting an Avira notice for something supposedly accessing a tmp folder that looks empty now.  It had a virus before (maybe W32R.GEN or something like that?) and I tried to manually delete that folder, as Avira couldn't quite remove it.  Now I only see the folder with nothing apparently in it and Avira has quarantined it...  Still I get these messages pretty often.  A little odd, as usually Avira has been very good and not left things behind.

Offline Psi

  • Between Heaven and Hell and having a great time playing the middle.
  • Lord
  • Enchanted
  • *
  • Join Date: Jul 2008
  • Gender: Male
  • Lost within your pretty green eyes
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 1
Re: Had a virus scare.
« Reply #2 on: August 21, 2014, 06:07:56 AM »
Hit the windows key, search the snip tool and take a screenshot and save it - makes it much easier when trying to describe an error message, and you can send it as well if required.

This is why I deploy Java and Adobe Flash updates at work.

If you are concerned and have done a full AV Scan, download Spybot Search and Destroy (Spybot S&D), and Malware Bytes Anti Malware (MBAM) and let the non-resident, non real time protection options do a full scan of your computer.

The problem with RT Protection, is that they don't advertise that having more than one causes problems.
« Last Edit: August 21, 2014, 06:10:09 AM by Psi »

Offline kylie

  • Bratty Princess of Twisty, Creeping Secrets. Frilly | Fussy | Framed | Dreamy | Glam | Risky | Sporty | Rapt | Tease | Ironic | Shadowed | Struggling | Whispery | Bespelled
  • Liege
  • Enchanter
  • *
  • Join Date: Apr 2005
  • Location: Somewhere in the future.
  • Darkly sweet femme for rich & insidious scenarios.
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 1
Re: Had a virus scare.
« Reply #3 on: August 21, 2014, 07:46:37 AM »
Quote

The problem with RT Protection, is that they don't advertise that having more than one causes problems.

        Oh I've heard that...  Though I do find that certain "full system" scanners take ages (like, a day or two on end) to complete before giving you any report -- so it can be very difficult to both address the problem that's actually driving you up the wall immediately, and also get your "full" scan to actually complete.  It's not merely tempting to pause or cancel and run something faster, but it becomes a matter of practicality.  The question is whether the average user can run something faster and not encounter a conflict between the various programs when one is paused and the second one is just being installed or given priority to take over and often all under some considerable pressure caused by the malware.   

            I've also found that some of the realtime scanners are not transparent at all about how to turn the whole program off.  They seem designed more to make sure the user has little chance of actually shutting them down, even intentionally!  You may follow what few instructions they give, and the program seems to resist or menus are not forthcoming about just where to actually kill it.  Then you think you have turned it off, only to find it's still going in the background with certain "core" functions that were not included in that one very suggestive menu option...


Offline kylie

  • Bratty Princess of Twisty, Creeping Secrets. Frilly | Fussy | Framed | Dreamy | Glam | Risky | Sporty | Rapt | Tease | Ironic | Shadowed | Struggling | Whispery | Bespelled
  • Liege
  • Enchanter
  • *
  • Join Date: Apr 2005
  • Location: Somewhere in the future.
  • Darkly sweet femme for rich & insidious scenarios.
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 1
Re: Had a virus scare.
« Reply #4 on: August 21, 2014, 08:19:25 AM »
         Not to take over the whole thread myself, but this is the thing I was referring to.  It can pop up easily a few times a day.  I had the virus name confused with another that came up in that scan.  The folder it references is empty as far as I can see (including filtered for hidden files)...  Yes, I keep hitting "Remove" and this just keeps reappearing later. 

         But the folder is already listed as quarantined from the scan, Avira doesn't say what is trying to get to it and Avira wouldn't touch the folder skeleton itself. 

         Thanks for reminding me that I had Malware Bytes on this machine, ha.  So much stuff.  Trying that.

« Last Edit: August 21, 2014, 08:21:38 AM by kylie »

Offline kylie

  • Bratty Princess of Twisty, Creeping Secrets. Frilly | Fussy | Framed | Dreamy | Glam | Risky | Sporty | Rapt | Tease | Ironic | Shadowed | Struggling | Whispery | Bespelled
  • Liege
  • Enchanter
  • *
  • Join Date: Apr 2005
  • Location: Somewhere in the future.
  • Darkly sweet femme for rich & insidious scenarios.
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 1
Re: Had a virus scare.
« Reply #5 on: August 21, 2014, 08:40:28 AM »
         Wolfy, I wonder if what you have might be something like PUP.tidynetwork ... 

         I did find it on my computer as I was working various issues (and MB just found it again now, gah)...  And I saw it mentioned along with the fake Java site message situation here for one.  Though I didn't find that page particularly useful (unless maybe, you are good at picking through others' Malware Bytes logs).

          Maybe you could get some other info on that.  I can't say whether other virii are being distributed through that same trick page now, though.

Offline Inkidu

  • E's Resident Girlomancer, Dedicated Philogynist, The Compartive of a Superlative, SLG's Sammich Life-Giver
  • Lord
  • Addict
  • *
  • Join Date: Jul 2008
  • Location: In a staring contest with the Void.
  • Gender: Male
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Had a virus scare.
« Reply #6 on: August 21, 2014, 03:34:33 PM »
Clear out your temp folder every once and a while.

Lots of Ransomware likes to sneak in there.

Offline kylie

  • Bratty Princess of Twisty, Creeping Secrets. Frilly | Fussy | Framed | Dreamy | Glam | Risky | Sporty | Rapt | Tease | Ironic | Shadowed | Struggling | Whispery | Bespelled
  • Liege
  • Enchanter
  • *
  • Join Date: Apr 2005
  • Location: Somewhere in the future.
  • Darkly sweet femme for rich & insidious scenarios.
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 1
Re: Had a virus scare.
« Reply #7 on: August 21, 2014, 04:55:05 PM »
       I tried to manually delete it when the check found things inside, but the folder shell itself won't go away.  I tossed everything I could see inside it. 

        Malware Bytes doesn't seem to have removed it either -- actually it only gave quarantine, exclude or ignore options for everything I found (at least in the free version).  I'll try Spybot.
« Last Edit: August 21, 2014, 04:56:25 PM by kylie »