Smart spam virus

**ItsRobsLife** · 18-03-2011, 06:54 PM

This is a new one to me, I'll remove the link from the url but you can copy/paste it if you want to check it out. http: //kdfrzfti.co.cc/scan3/167

Well I did try to remove the link but it wouldn't have it so I've put a space in there.

I clicked on a link for a picture in google images and it opens a webpage that looks like the 'my computer' control panel and triggers an virus alert that shows your computer getting infected in multiple directories. It's quite convincing, it prompts you to download some software saying Windows Security.

You can't close the prompts and it didn't trigger my Avast AV and seeing then it was a tab not a window and it wouldn't let me copy the url I realised it was a hoax. I ran MalwareBytes and didn't detect anything so I just shut the browser down, as far as I can see there's no infection.

Tricky one though, I'm sure it will convince the less savvy.

**dirtydog** · 18-03-2011, 07:02 PM

Probably just a trojan, they will fuk you later

**Rigger** · 18-03-2011, 07:03 PM

had this the other day,
Restore from another date and run Malawarebytes in safe mode. Will get you back up and running then update all anti virus software and run it again.
It came to me from a Fedex e mail and of course I was waiting on parts and opened it.

**Rigger** · 18-03-2011, 07:07 PM

Originally Posted by ItsRobsLife

You can't close the prompts and it didn't trigger my Avast AV and seeing then it was a tab not a window and it wouldn't let me copy the url I realised it was a hoax. I ran MalwareBytes and didn't detect anything so I just shut the browser down, as far as I can see there's no infection.

I bet it is still there, shut down the computer and restart as some people thought they got rid of it but popped up again after restart

**harrybarracuda** · 18-03-2011, 07:11 PM

That URL didn't look at all suspicious to you? Or was it masked?

**Mid** · 18-03-2011, 07:16 PM

MSIE Fake Antivirus Scan Web Page

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects HTTP redirects and/or web pages which misleading applications use to attempt to lure users into downloading applications which may compromise the target host.

Additional Information

Misleading applications intentionally misrepresent the security status of a computer. Misleading applications attempt to convince the user that he or she must remove potentially malware or security risks (usually nonexistent or fake) from the computer. The application will hold the user hostage by refusing to allow him or her to remove or fix the phantom problems until the 'required' software is purchased and installed. Misleading applications often look convincing - the programs may look like legitimate security programs and often have corresponding websites with user testimonials, lists of features, etc.

MSIE Fake Antivirus Scan Web Page: Attack Signature - Symantec Corp.

**ItsRobsLife** · 18-03-2011, 08:30 PM

I didn't download anything and Avast didn't set off an alarm, it's pretty bulletproof.
I've rebooted and scanned with Malwarebytes and it looks claen, I'll run Adware and Spybot later.

The url must have been 'masked' I'm sure it was somethingorotherblogspot.com but the .cc url was a give away.

Note: "co.cc" is not an official hierarchy; it is a domain (CO.CC - Free Domain name registration + Free DNS service.) owned by a company who offers free subdomain redirection services.
.cc - Wikipedia, the free encyclopedia

**Larn** · 18-03-2011, 08:31 PM

I got hit a few weeks ago when I opened an infected university website.

NOD32 caught a couple but not all. I got rid of the fake windows security window but still had redirects and other stuff hidden.

I run most of the main scan programs like malwarebites, housecall, cwshreader, anti-rootkit etc which caught a few more but still missed some.

Finally downloaded Dr Web CureIt and that done the job. It found backdoors in boot, windows operating and one hidden in a photo. No problems since.

If your having problems CureIt is a free for personal use 55 meg download that i think is worth trying.

**ItsRobsLife** · 18-03-2011, 08:33 PM

Ok I'll take a look with that cheers.

**ItsRobsLife** · 18-03-2011, 09:28 PM

Seems to be a pretty thorough program, it found a hacktool in the system32 directory, I don't know if that was already there though. Cheers.

**Butterfly** · 18-03-2011, 09:32 PM

official link for cureit please ?

**Chairman Mao** · 18-03-2011, 09:36 PM

Originally Posted by ItsRobsLife

you can copy/paste it if you want to check it out.

I think I'll pass.

**Thetyim** · 18-03-2011, 09:46 PM

https://www.freedrweb.com/download+cureit+free/

**Larn** · 18-03-2011, 09:46 PM

^ as he says

**harrybarracuda** · 19-03-2011, 12:50 AM

The filename for that executable is highly suspicious as well.

**baldrick** · 19-03-2011, 07:50 PM

Originally Posted by Larn

when I opened an infected university website.

so what browser are you using ?

do you run an adblocker ? whitelist javascript sources ? block automatic flash etc ?

Thread: Smart spam virus

Thread Tools

Display

Smart spam virus

Thread Information

Users Browsing this Thread

Posting Permissions