Thanks, byofrcs. In any case I don't appear to be infected. Not like poor IC.

Ironclad wrote:OK, i've finally gotten the .zip but I need a pointer, I always have trouble with these files even though I have 7zip.
When I extract the file I am getting a literal wall of folders, extensions, DAT files & text documents. What do I do now? Which of these blasted items do I click on? Even though the .zip was barely 100mb it is jam-packed.

With zip file versions of the .exe then you always run a SETUP.EXE (usually).

Never had any problems. Never do. I wonder why?

byofrcs wrote:

Ironclad wrote:OK, i've finally gotten the .zip but I need a pointer, I always have trouble with these files even though I have 7zip.
When I extract the file I am getting a literal wall of folders, extensions, DAT files & text documents. What do I do now? Which of these blasted items do I click on? Even though the .zip was barely 100mb it is jam-packed.

With zip file versions of the .exe then you always run a SETUP.EXE (usually).

"This programme cannot run because MSVCR100.dll is missing from your computer. Reinstall & try again"

This is killing me now.

OK, I may have Avira up n running now, i've diabled all my firewalls, AV & AMw. Avira seems to like this.

Byo, i'm sending you the rather empty looking report.

Ironclad wrote:OK, I may have Avira up n running now, i've diabled all my firewalls, AV & AMw. Avira seems to like this.

Byo, i'm sending you the rather empty looking report.

Any luck, IC?

So far so good, Nora. Computer seems to be back to normal, for now. Honestly, I have rebooted this thing zillions of times & had to turn it off by hold the power button down far too many times also.
I was surfing by phone and attempting to Mod by tablet, not easy when I need to cut/paste so heavily.

Byofrcs has a report to chew over, to my untrained eye it looks like a pile of adware (from movies i've DLed) but nothing to evil, but also four viruses & one exploit (whatever that means).

Oh, excellent!

Well done Byofrcs for showing IC the way out of the valley of the shadow!

Seems that the storm has passed and its just a matter of mopping up the debris.

I've changed my password after deleting all board cookies. I use this online service to generate a knotty random 12-digit mixed case and symbols password. A search will return a raft of similar sites - note: there should be no need to download and install an application to do this ever! It's advised by those in the know that everybody change their passwords every three months or so just as a matter of personal security, so if you haven't done this yet perhaps now is the time to start. I keep all my passwords in plain text file dumped into an encrypted folder on a usb-stick. This kind of belt and braces approach is also good practice, and there are many free encryption programs out there, and most mid-high end usb-sticks have them already installed on their products. If you have one of these products and haven't taken advantage of it yet, again, perhaps this is the time to think about doings so.

Also, although the evil adz man, or woman, seems only to have inserted a redirecting javascript into the forum template it might be worth just checking over your board preferences in the user control panel to make sure everything is as it should be. Everything is fine for me, but you never know so go and have a look.

Other than that I think its safe to say that we live to fight another day.

...and opera browser, via AVG, has stopped telling me how dangerous this site is.

Ironclad wrote:So far so good, Nora. Computer seems to be back to normal, for now. Honestly, I have rebooted this thing zillions of times & had to turn it off by hold the power button down far too many times also.
I was surfing by phone and attempting to Mod by tablet, not easy when I need to cut/paste so heavily.

Byofrcs has a report to chew over, to my untrained eye it looks like a pile of adware (from movies i've DLed) but nothing to evil, but also four viruses & one exploit (whatever that means).

Byofrcs may overrule me, and do stick with your successful practice of listening to him and him alone here - but you do want a firewall in addition to a scanner/realtime av like Avira. I like Comodo firewall with Avira on XP, V, 7, although the built-in Windows firewall is a very good and quite capable of doing just about whatever you want to do with a packet filter.

A firewall would likely not have helped anyone in this case. It's just bad when a site gets pwnd and sends malware right down Port 80 or rebinds DNS to resolve a good site to a bad IP.

I remember Gumblar. A Trojan worm that laid a rootkit of about 30 lines of heavily-obfuscated javascript that would run as a service, listening for instructions from Russian Business Network-hosted servers to slowly and steathily assemble itself.
Over time, it could become a full RAT, echoing keyboards and displays over multiplexed encrypted tunnels. Control for the botnet of infested computers was through IRC. The botnet master had his net segmented vertically and horizontally. Probably so he could sell it in pieces or close off hatches when it got hot.
It was a nasty little fucker. I doubt the diabolical VXsonofabitch who coded it is still breathing though. Dangerous business that. At that scale especially. The stuff of novels.

Most of that went right over my head, I'm afraid.

I'm thinking I may start using Hijack This! as an extra surprise for anyone trying to insert keyloggers. But I'm not sure this programme would have helped, in this recent case.

Change to Ubuntu. It's painless, really. You'll never notice after a week.

THWOTH wrote:Change to Ubuntu. It's painless, really. You'll never notice after a week.

Don't you have to be clever n stuff to use that thing?

Ironclad wrote:

I'm thinking I may start using Hijack This! as an extra surprise for anyone trying to insert keyloggers. But I'm not sure this programme would have helped, in this recent case.

Bounce the HJT thing off byo. He's giving out the good stuff here.

Most of that went right over my head, I'm afraid.

"Trojan" - a virus you download as a legit script or program. From the Trojan Horse of The Odyssey. "Beware of Greeks bearing gifts."
"Worm" - malware that can migrate to other places and other computers. Like the Sandworms from Dune, you just never know where they'll pop up.
"Rootkit" or "Persistent Rootkit" - malware that hides itself and seeks elevated privledges to run commands (like to delete things, or to open up a backdoor and upload your bank account info from your browser cache to whoever).
"RAT" - Remote Access Terminal - just like it sounds. Like LogMeIn for the bad guys. Over a special badguy VPN hosted by your computer. Bad.

"Russian Business Network" - Web hosting by the Russian Mob. "Bulletproof", as long as you pay up and don't mind the puns. - Where to host your Nike Viagra spam site or malware loader without the inconvenient hassle of dealing with noncriminals and their pesky little rules about legitimate web hosting.
You exploit a website. "Arbitrary Code Execution" means that website's computer will run any software you load on it. You put a java or php script (series of commands) on that site's home page that makes a visitor's browser go to your illegal RBN server and download a buttload more scripts and run more commands.
Happens every day.



"Segmented network" - A scalable, redundant, distributed high-availability and failover cluster solution for the bad guys, vertically integrated with badguy tech through the edges,cores, and backbones. Engineered for max life cycle and rapid redeployment. Distributed database and middleware scattered over the planet.
For you and your infected computer, it's like Folding@Home, except you didn't volunteer for any of this shit.


Gumblar was special because it could morph itself completely with its next communication with its control net. This greatly prolonged it's attack window in the wild because its attack signature, its M.O., varied whenever it sensed the jig was up. Gumblar was not one signature, but hundreds. An inspired piece of criminal code that's still running in labs and "Out there".



The VX Lifestyle:
Nerdy little aspies named Eugen with enough stick time to build a software structure as big and tight as Gumblar are specialists who generally don't have the street smarts to capitalize on it before Interpol kicks in the door. They also generally need partners to protect them and their intellectual products from opportunists who can beat anything they want to know out of just about anyone, with a hammer.
They either live double and triple lives of cloak and dagger, or retire early. Gangsta-style or shot up by lawful authorities. Retired.

Ironclad wrote:

THWOTH wrote:Change to Ubuntu. It's painless, really. You'll never notice after a week.

Don't you have to be clever n stuff to use that thing?

Mint Cinnamon Edition is what I've recommended lately to Aussies. YMMV.

Ironclad wrote:

THWOTH wrote:Change to Ubuntu. It's painless, really. You'll never notice after a week.

Don't you have to be clever n stuff to use that thing?

You’re aged 9 - my kids from 4 up have used Linux (Mandrake and now Ubuntu) (I'm serious on my kid's ages. Linux boxes are called generically "penguin" computers verses Windows computers. Kids know certain games work in Windows, others in Linux so they dual boot.

Never noticed a thing.

I just got a warning from Zone Alarm that this is a phishing site?

Did it give you any more indication as to why Scotty?