Help
Forgive me if I overlooked this information, however:
I'm having quite a few incidents of this piece of malware. Does anyone know via what method it is propagating?
Such as: Is it an exploit using some service bound to a TCP/IP port that isn't properly secured, thus requiring no user interaction? Or is this requiring user interaction and exploiting maybe a Java or other 0day exploit?
It's one thing to remove it. I want to now prevent it.
Windows 7/XP/Vista Antivirus 2012 outbreak
Back to top
#47
- Forum Regular
-
- Group: Members
- Posts: 345
- Joined: 17-April 11
Posted 05 March 2012 - 07:14 PM
Most of these rogue antivirus programs come from edge.quantserve.com or from ads served by ad.doubleclick.net. Edge.quantserve.com uses a Javascript file called quant.js to display a message asking the user if they want to scan the computer for viruses, and ad.doubleclick.net uses Flash or Javascript to immediately redirect the user to the download page as soon as the page containing the ad is opened. These redirections occur randomly when these files are accessed, so there is no way of knowing if the redirection will occur when the page is accessed. Blocking ads does not prevent the infection from occurring because the infection comes from elements that would normally be invisible to the user and ad blockers only block the visible ads.
#48
- New Member
-
- Group: Members
- Posts: 3
- Joined: 05-March 12
Posted 05 March 2012 - 09:25 PM
Thank you for the background info. I assume the impact of this is severely limited if the user is not an administrator on their PC?
#49
- Forum Regular
-
- Group: Members
- Posts: 165
- Joined: 06-January 05
Posted 06 March 2012 - 09:37 AM
Unfortunately no, even plain old user only permissions accounts get infected too. Keep your Adobe Flash and Java up to date, I usually just uninstall both of these then reinstall the latest and greatest versions.
#50
- New Member
-
- Group: Members
- Posts: 3
- Joined: 05-March 12
Posted 06 March 2012 - 01:48 PM
Adobe - Never fully understood why a document viewing program needs a process running at SYSTEM permissions level.
Thanks for the insight.
Thanks for the insight.
#51
- Member
-
- Group: Members
- Posts: 45
- Joined: 22-February 12
Posted 13 March 2012 - 11:27 PM
yup these kind of problems emerging out then and there,not only following the virus removal guide but also we should go with genuine antivirus software, i came to know about AV s/w, from many blogs and articles that Comodo is the best genuine antivirus.
#52
- Forum Regular
-
- Group: Malware Study Hall Sophomore
- Posts: 205
- Joined: 13-December 11
- Gender:Male
- Location:I like turtles
Posted 14 March 2012 - 05:12 PM
The first time I saw this virus, was on my own website. It came from the GoogleAds.. lol, no surprise there i suppose.
#53
- Member
-
- Group: Members
- Posts: 17
- Joined: 23-April 12
Posted 24 April 2012 - 05:08 PM
scottai, on 20 December 2011 - 08:29 PM, said:
I've had a half a dozen customers in this last week come in with this. Does anyone know the source websites for this? I had one customer say he clicked on an ad on MSN's website and had the malicious ad popup.
Does anyone know a place that documents sources for this stuff? I'd love to have list of specific malicious sites to go to just to test whether or not the antivirus we use blocks it.
Does anyone know a place that documents sources for this stuff? I'd love to have list of specific malicious sites to go to just to test whether or not the antivirus we use blocks it.
I used a program in facebook that everyone was using coupons.com, I see so many people use it I thought it was safe.
They ask you to download a printer software, that's when I got trojon tracker and had the redirect problems.
This post has been edited by frances0055: 24 April 2012 - 05:16 PM
