Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Photobucket redirected to fake Java virus


  • Please log in to reply
6 replies to this topic

#1 aworrier

aworrier

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 20 August 2014 - 11:25 PM

A few hours ago as I was uploading to photobucket, a redirect occured to a site called securitycleaner, telling me to update java. I knew immediately this was a virus. When I clicked the "x", my system froze for a moment and the "java.exe" downloaded. I did not run it, instead I immediately sent it to the recycle bin and emptied it from there as well. My worry is, could the act of the .exe entering my downloads file infect my computer?

 

I have scanned with malwarebytes, norton 360, and norton power eraser. I also used rkill to terminate any malware, but it found no malware either. Am I in the clear, or could I still be at risk? As my name says, I'm very worried about these attacks.

 

Thank you.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:17 PM

Posted 21 August 2014 - 02:23 PM

Hi I would like to run another

ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Beaker77

Beaker77

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 21 August 2014 - 02:32 PM

A few hours ago as I was uploading to photobucket, a redirect occured to a site called securitycleaner, telling me to update java. I knew immediately this was a virus. When I clicked the "x", my system froze for a moment and the "java.exe" downloaded. I did not run it, instead I immediately sent it to the recycle bin and emptied it from there as well. My worry is, could the act of the .exe entering my downloads file infect my computer?

 

I have scanned with malwarebytes, norton 360, and norton power eraser. I also used rkill to terminate any malware, but it found no malware either. Am I in the clear, or could I still be at risk? As my name says, I'm very worried about these attacks.

 

Thank you.

I use Photobucket very often. Your story is worrying.

 

But because I always use Sandboxie for browsing, nothing can download unless I permit it to. Obviously in the case you describe, I would recognize it as a scam and just ignore it - leave it fluttering around in the sandbox doing no harm at all.  Any remaining contents in the sandbox are deleted on browser closure - gone.

 

I  do not have Java on my PC and have never really needed it.. If a site needs it, then I pass on by. From what I understand, Java is not needed for general computer browsing, it is a declining necessity. Flash has taken over much of Java`s initial roles.

 

I seem to remember that I got a pop-up on Photobucket some time ago saying that my Adobe Flash needed updating. On the assumption that PB needed it in order to carry out their functions, I did update my Flash with no problems.

 

Why did your AV not pick up such a fake alert ?


Edited by Beaker77, 21 August 2014 - 03:23 PM.


#4 aworrier

aworrier
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 21 August 2014 - 04:46 PM

I do not have Java on this computer. I've no idea why Norton 360 didn't say anything when the file was added to my downloads folder. Maybe because I deleted it rapidly Norton didn't get to scanning it? As a whole Norton has failed me on two occasions that I remember. Malwarebytes and Combofix were able to find something to fix those two times. Both were browser hijacks that Norton failed to catch. Fortunately, nothing seems wrong at the moment with browsers and no rogue processes or programs I can find. After this scare, I'm sticking with imgur. I read a review on Norton Website Check of similar malicious redirects on photobucket recently.  

 

I am running the ESET scan as we speak, I will let you know. Thank you.

 

Edit:

The ESET scan completed successfully. No threats were found and no log was created either.


Edited by aworrier, 21 August 2014 - 06:09 PM.


#5 Beaker77

Beaker77

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 22 August 2014 - 01:02 PM

@ boopme

 

Your post 2 is a  superb  tip which should interest everybody, it certainly did me and is a bonus in reading this thread.

 

I followed your directions and now have Eset smart scanner on my  desktop. I ran it and 5 threats popped up, which were quarantined. They  were not much to get excited about, nevertheless Eset picked  them up where none of my other AV`s have done. 

 

I noticed a threat with "virus" in the  description on the first run where I unchecked the delete box, but it was not there on the other two runs with the delete box checked - odd.

 

Anyway, thank you so much for the tip.


Edited by Beaker77, 22 August 2014 - 01:09 PM.


#6 aworrier

aworrier
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 11 September 2014 - 11:57 PM

Sorry to bump this, but I was looking for confirmation that I am okay. Everything has been fine since. Could chrome have blocked the malicious parts of that drive by?



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:17 PM

Posted 12 September 2014 - 11:11 AM

I would say you are good to go..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users