Gay Porn Virus

Is this possible?

My 12 year old step-son discovered how to get around our content
blocker by using Excel to link to web pages. What he didn't realize
is that these sites have all been logged.

Yes, he has been surfing porn.

There also appears to be msa.exe and b.exe connecting to the web. I
know these are Malware/Trojan.

On a few days, there are a lot of gay/shemale porn links from Excel.
Real hard core stuff. Kind of out of character for him.

I know the easy answer is: "he's gay", but the links appear to be in
rapid succession, 99 links at a time.

I am about to confront him, so here's the question. Can a virus/
trojan cause or initiate a gay porn flood?

The short answer, Yes.

There also appears to be msa.exe and b.exe connecting to the web

These belong to a very nasty infection,

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

The short answer, Yes.

He got around our content blocker by entering links in Excel. The log shows what sites he entered into Excel.

If a virus flooded links to the default browser, they would have been blocked and logged as such.

The gay porn links originated from Excel. I guess if he initiated an unblocked instance of IE through Excel, the virus could have flooded that instance of IE.

Is that a stretch?

You are missing the point of this infection, it's intent is to control your computer.

You are missing the point of this infection, it's intent is to control your computer.

I understand that. You are missing the point of my question.

Is it sophisticated enough to open those links through Excel in order to get around the content blocker?

In the collective experience of this group, I mean.

I doubt it would use Excel at all since it can disable all security and firewall software.

The gay porn links originated from Excel. I guess if he initiated an unblocked instance of IE through Excel, the virus could have flooded that instance of IE.

Is that a stretch?

That's very plausible

I would say yes.

But would really need to know the specifics of the virus. Even then delving into code is a bit beyond my field of knowledge.

I do understand your concern in regards to the type of content and your step-son. IMO, for now let`s figure it was unintentional at best and curiosity at most.

Do what you need to do on a personal level. In the meantime allow the good people here to get your machine cleaned-up. Until then, if it is still on line it is a danger to the Net (possible Bots), and any other PC that has direct contact with it. Client based e mail, chat, etc.

Thanks for all the help.

I imagine it is plausible, which is what needed to know.

There are child safety software which can capture screen and save them in jpeg picture format, with date and time written on it.
Using these you would be able to see if your son intentionally wanted to surf those sites, or it is a work of some malware.

Also I would advise you to use http://www.opendns.com/, to block porn drugs etc and other bad sites at DNS level itself, no matter whether it is intentional access or some malware accessing porn sites.

Personally, I doubt a 12 year old kid would visit gay sites. I think its malware infection.

Edited by Romeo29, 22 August 2009 - 12:32 PM.

We spoke to the boy. He started by denying that he surfed porn. Then he admitted to the porn, but not the gay porn.

He claims that there were NO gay porn popups.

Question for the experts:

Are the virus' msa.exe and b.exe known for pinging gay porn sites?

Could they do so through Excel without the sites popping up?

I have been trying to look at the opendns site, but it is very slow.

Should I be concerned?

This is just my personal view, if when I were twelve I could access porn I would have it's called growing up hormones rule the world. I would be more worried if he wasn't looking. Porn sites link you to all sorts of stuff (so I'm told ) I'm in England and so I may see things in a different way to you I apologise in advance if I have offended you in what I have said in anyway.

If you need your machine cleaning please post away in the appropriate forum General Specific.

R,

Tw

Edited by The weatherman, 22 August 2009 - 06:48 PM.

Opendns must be set up correctly so give it a try. In router use pword he does not know of course.

Vista? Then parental control or if XP Live family safety

Then WOT http://www.mywot.com/

Will make it harder for him. Easy to get infected so force him to log in with limited user account, you are ADM.

Im thinking more computer safety than avoiding body parts but to some degree same thing as you can see from hints to run over to infection forum.

What will you do when he find out he can overrule all that with a Ubuntu live-cd? Set up security cam? Disable cd and usb ports in bios and pword that? Then he knows a friend who is "worse" and have parents who does not worry. Will be a battle uphill almost no matter what you do. There are stealth programs which will log everything but all this protection might make things worse, encourage him. Even if he got logged expect him to be one step ahead.

I have been trying to look at the opendns site, but it is very slow.

Should I be concerned?

Not at all. It was just a suggestion to keep porn away from your kid. You already seem to have some kind of child safety software installed. But you need to ask again, how effective that program is? If you can access porn while its installed and eating your ram and hard disk space, then whats the use of that program.

Could they do so through Excel without the sites popping up?

Good question for a healthy system. Your system seems to be infected by a virus, malware and a trojan. These malware bypass local methods of security to download and display ads and upload information from your computer. So the answer is: forget about excel, these malware can do it on their own. And yes they can access internet without you noticing.

As suggested two times by experts, DaChew and The weatherman, you should post a new topic in right section (Am I Infected) to have BC experts have a look at your system and help you get rid of these malware.