Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

webshots.com


  • Please log in to reply
3 replies to this topic

#1 bass4u

bass4u

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 19 December 2010 - 09:37 PM

Hello all. I installed a program that displays different nice desktop photos however, MS secrurity esentials indicated that it is a problem and requested to remove it. I allowed the removal of this "indicated" threat. I was wondering if anyone here has any experience or has any knowledge of "Webshots.com" and what risks it posed? I also ran the Hijackthis software which also detected remnants of the software. My desktop still displays the last image that the software installed as well as the last date on the calendar which has not changed since MSE has removed it. Can anyone advise? Thanks for your help.

Regards,
Richard

Edited by Andrew, 20 December 2010 - 08:11 PM.
Mod Edit: Moved from General Chat to AII - AA


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:12 PM

Posted 20 December 2010 - 11:44 PM

Webshots is a large free online photo sharing site owned by American Greetings...Unbeknownst to its users, Webshots employed its Webshots Desktop Application (a free program that users can download from their site to manage their online pictures) to install the Kiwee Toolbar as part of a software update for this program. Once infiltrated in the user's computer, this piece of malware cannot be removed by regular means....Kiwee toolbar is potentially dangerous because it may install additional malware onto the compromised computer and collect user-identifying information possibly resulting in privacy violations and identity theft...

About Webshots

Some anti-virus and anti-malware programs detect the toolbar as a non-viral threat or Potentially Unwanted Program, while others may detect or remove individual files and registry entries. However, even after these security tools remove files/registry entries, remnants previously undetected may still be found during subsequent scans.

I would be more concerned about encountering innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 bass4u

bass4u
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 21 December 2010 - 03:04 AM

Thanks for the heads up, Quietman7. Do you have any recommendations for removing any remaining threats from this Malware and how to accomplish this? I want to be sure that whatever I do, that I do it right and not further compromise this PC. Thanks again. :-)
Richard

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:12 PM

Posted 21 December 2010 - 11:07 PM

Please download Malwarebytes' Anti-Malware (v1.50) and follow these instructions for doing a Quick Scan in normal mode.

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.


Please download SUPERAntiSpyware Free and follow these instructions for performing a scan.

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • Be sure to update the definitions before scanning by selecting "Check for Updates".
    If you encounter any problems while downloading the updates, manually download them from here.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Click Close to exit the program.
  • Please copy and paste the Scan Log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.

-- Alternatively, you can try downloading and using the SUPERAntiSpyware Portable Scanner or performing the SUPERAntiSpyware Online Safe Scan (both listed under Popular Links) instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users