Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sorry but another WhiteSmoke Silent 3 problem


  • Please log in to reply
8 replies to this topic

#1 WhiteSmokeGotMe

WhiteSmokeGotMe

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 08 February 2011 - 03:59 AM

hello all

yesterday i was looking for a Flv Converter which i went to this site hxxp://forum.videohelp.com/ as i found some other clean useful stuff there before. well this time i seen others suggesting a program called Super 2011 build 44 hxxp://videohelp.com/tools/SUPER , when i started installing it i noticed it said the program will need to connect online to get certain codecs it needs but then as i started getting popups from my firewall some of the companies names i didnt like WhiteSmoke and Zugo so i started blocking them in my firewall. after a reboot i noticed my homepage changed to WhiteSmokeStart.com and whitesmoke was listed in my firewall as a trusted program. so i removed it from my firewall uninstalled Super flv converter and all seemed fine, then as i started looking up whitesmoke i got a little scared. i deleted all entries that i could find in my registry, ran Malwarebytes free, Superantispyware free, Avast free, Tdsskiller. the only one to find anything was SAS but it was tracking cookies that had nothing to do with WhiteSmoke to the best of my knowledge. the concern i have is i obliviously got hit from them like all others but i dont seem to have the symptoms they are having like (blue screen,browser redirect) could i have it or what? i hate for them to have some malicious software installed that is taking all my money from my bank account.

what i have:

Windows Xp - 300 year old computer
service pack 3 fully updated
Avast 5
Sygate Personal Firewall - the last free version from 2005 but passes all leak test and shields up and no loss of internet speeds like i get from comodo and zone so im happy
SpywareBlaster
Firefox 3.5.16 didnt really care for 3.6

i just wish i would have read the comments about Super before i downloaded i see now people were all getting white smoke. i appreciate any help anyone can provide. there were 9 pages of whitesmoke topics here at bleepingcomputers but none of them seemed like me they were all noticeably having serious problems. should i just reinstall my OS as i have the disk just dont know how many more times i can activate it this year alone. i understand you all are backed up here no rush from me

thanks again

Edited by quietman7, 08 February 2011 - 08:02 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 AM

Posted 08 February 2011 - 08:15 AM

Please do not post active links to malware or possible malware related sites to include links which may lead to sites where infections have been contracted and spread. I have disabled the one(s) you posted so others do not accidentally click on them.

The WhiteSmoke web site indicates it makes English grammar correction software, translation software, and other specialized English writing tools. However, many users have reported they did not know how WhiteSmoke was downloaded or installed so its most likely being bundled with other software that is downloaded. From our investigation and dealings with this software we are also finding many cases of it with a TDSS rootkit infection. So depending on the severity of system infection will determine how the disinfection process goes.

From what you describe it appears your attentiveness and corrective action was able to stop the full download in time and did not get the TDSS infection. That explains why you are not exhibiting the usual symptoms we have seen from folks encountering this.

Firefox 3.5.16 didnt really care for 3.6

Keep in mind that older versions have vulnerabilities which may not always get patched to protect your system. Attackers exploit these vulnerabilities when searching for unprotected/unpatched systems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 WhiteSmokeGotMe

WhiteSmokeGotMe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 08 February 2011 - 03:26 PM

hello quietman7 i apologize for posting the links.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 AM

Posted 08 February 2011 - 03:39 PM

No problem...most folks don't realize that doing so can be a hazard for others.


Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 joansmith

joansmith

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 08 February 2011 - 05:27 PM

Whitesmoke is a great software and I recommend everyone to use it. It really has helped me a lot and I have had no problems with it!

#6 WhiteSmokeGotMe

WhiteSmokeGotMe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 08 February 2011 - 07:58 PM

scanning finished Posted Imageno threats found. and thanks again quietman7

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 AM

Posted 09 February 2011 - 12:51 PM

Ok. Anymore issues?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 WhiteSmokeGotMe

WhiteSmokeGotMe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 09 February 2011 - 04:33 PM

no issues. im like alot of people i guess as soon as i see something iffy i go into panic mode. WhiteSmoke looks like a legitimate site, for that matter their homepage opened up faster than googles. maybe its bad guys using their name i dont know. thank you for your help i guess you can close this thread sir.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 AM

Posted 09 February 2011 - 05:09 PM

You're welcome.

:thumbup2: Tips to protect yourself against malware and reduce the potential for re-infection:

Keep Windows and Internet Explorer current with all security updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. When necessary, Microsoft releases security updates on the second Tuesday of each month and publishes Security update bulletins to announce and describe the update. If you're not sure how to install updates, please refer to Updating your computer. Microsoft also recommends Internet 6 and 7 users to upgrade their browsers due to security vulnerabilities which can be exploited by hackers.

Avoid gaming sites, porn sites, pirated software (warez), cracking tools, and keygens. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to wipe your drive, reformat and reinstall the OS.

Avoid peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare). They too are a security risk which can make your computer susceptible to malware infections. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
Beware of Rogue Security software as they are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. For more specific information on how these types of rogue programs install themselves and spread infections, read How Malware Spreads - How did I get infected.

Keeping Autorun enabled on flash drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. One in every eight malware attacks occurs via a USB device. Many security experts recommend you disable Autorun as a method of prevention. Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 967715

Microsoft Security Advisory (967940): Update for Windows Autorun
Microsoft Article ID: 971029: Update to the AutoPlay functionality in Windows

Note: If using Windows 7, be aware that in order to help prevent malware from spreading, the Windows 7 engineering team made important changes and improvements to AutoPlay so that it will no longer support the AutoRun functionality for non-optical removable media.

Always update vulnerable software like Adobe Reader and Java Runtime Environment (JRE) with the latest security patches. Older versions of these programs have vulnerabilities that malicious sites can use to exploit and infect your system.
Change all passwords: Anytime you encounter a malware infection on your computer, especially if that computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised and change passwords as a precaution in case an attacker was able to steal your information when the computer was infected. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.

Security Resources from Microsoft:Other Security Resources:Browser Security Resources:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users