On 04/04/2010 04:01 PM, David Kaye wrote:
> [...]
> I noted the file date/time and have looked back on this. The exploit appears
> to have come from foxnews, officedepot, or officemax -- the time stamps are
> within a few seconds of each other and show up right before the time stamp
> that was written to the temp directory in my documents and settings tree.
> [...]
See this:
http://www.broadbandreports.com/foru...ime=1240194878
Mumia W. wrote:
> On 04/04/2010 04:01 PM, David Kaye wrote:
>> [...]
>> I noted the file date/time and have looked back on this. The exploit
>> appears to have come from foxnews, officedepot, or officemax -- the
>> time stamps are within a few seconds of each other and show up right
>> before the time stamp that was written to the temp directory in my
>> documents and settings tree.
>> [...]
>
> See this:
> http://www.broadbandreports.com/foru...ime=1240194878
>
>
>
The last post in that thread was most telling! Viz:
"Please note people - you may think you removed it, but really did not.
Malwarebytes and others do not detect Rootkits. You should run
ROOTKITREVEALER. I thought I had cleaned this, and I had really not.
There was a deep and nasty rootkit involved here. Only way to remove was
to boot off a Windows CD, and delete hidden drivers. I would be willing
to bet that half the people think they clean this stuff and its not
really clean."
--
Dave
"Mumia W." <paduille.4061.mumia.w+nospam@earthlink.net> wrote:
>See this:
>http://www.broadbandreports.com/foru...ed~time=124019
>4878
Thank you very much! Fox News. If those rightwingers spent as much money on
fixing their web servers as they do hiring Sarah Palin to show up at their
rallies, there'd be a lot less malware out there.
David Kaye wrote:
> Date: Mon, 05 Apr 2010 08:02:03 GMT
> Injection-Date: Mon, 5 Apr 2010 08:02:03 +0000 (UTC)
>
> Thank you very much! ...
Thank you for fixing your clock.
--
-bts
-Four wheels carry the body; two wheels move the soul
From: "David Kaye" <sfdavidkaye2@yahoo.com>
| "Mumia W." <paduille.4061.mumia.w+nospam@earthlink.net> wrote:
>>See this:
>>http://www.broadbandreports.com/foru...ed~time=124019
>>4878
| Thank you very much! Fox News. If those rightwingers spent as much money on
| fixing their web servers as they do hiring Sarah Palin to show up at their
| rallies, there'd be a lot less malware out there.
They came to most likely a faux conclusion.
"...I now categorize foxnews.com as infested..."
Either of two possibilities but not "infected".
A malvertisement in a flash file or the site was hacked and there is reirection happening.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:hpcdc001eu7@news3.newsguy.com...
> From: "David Kaye" <sfdavidkaye2@yahoo.com>
>
> | "Mumia W." <paduille.4061.mumia.w+nospam@earthlink.net> wrote:
>
>>>See this:
>>>http://www.broadbandreports.com/foru...ed~time=124019
>>>4878
>
> | Thank you very much! Fox News. If those rightwingers spent as much
> money on
> | fixing their web servers as they do hiring Sarah Palin to show up at
> their
> | rallies, there'd be a lot less malware out there.
>
>
> They came to most likely a faux conclusion.
> "...I now categorize foxnews.com as infested..."
>
> Either of two possibilities but not "infected".
>
> A malvertisement in a flash file or the site was hacked and there is
> reirection happening.
Thank you, I was hoping someone would point that out. The idea that one
would have to click on an ad to get infested is erroneous. If someone
(not running as admin) gets one of those "your computer is infested and
we can help you" messages, you can maximize the window using task
manager and see the actual IP address of the malware server in the
address bar. (hint - it won't be foxnews).
~BD~ <BoaterDave@hotmail.co.uk> wrote in
news:zKGdndhkeLGYCyTWnZ2dnUVZ8sadnZ2d@bt.com:
> Mumia W. wrote:
>> On 04/04/2010 04:01 PM, David Kaye wrote:
>>> [...]
>>> I noted the file date/time and have looked back on this. The exploit
>>> appears to have come from foxnews, officedepot, or officemax -- the
>>> time stamps are within a few seconds of each other and show up right
>>> before the time stamp that was written to the temp directory in my
>>> documents and settings tree.
>>> [...]
>>
>> See this:
>> http://www.broadbandreports.com/foru...om-infected~ti
>> me=1240194878
>>
>>
>>
> The last post in that thread was most telling! Viz:
>
> "Please note people - you may think you removed it, but really did
> not. Malwarebytes and others do not detect Rootkits. You should run
> ROOTKITREVEALER. I thought I had cleaned this, and I had really not.
That's not entirely accurate. Malwarebytes does detect some rootkits. As
do the other programs. Some newer rootkits will prevent rootkitrevealer
and/or gmer from even loading.
> There was a deep and nasty rootkit involved here. Only way to remove
> was to boot off a Windows CD, and delete hidden drivers. I would be
> willing to bet that half the people think they clean this stuff and
> its not really clean."
Not very deep or nasty if you only had to delete files. Yes, I'm sure it
was a pain because you couldn't do it while in windows, but it's still
not what I would call deep.
--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior
Dustin Cook wrote:
> ~BD~<BoaterDave@hotmail.co.uk> wrote in
> news:zKGdndhkeLGYCyTWnZ2dnUVZ8sadnZ2d@bt.com:
>
>> Mumia W. wrote:
>>> On 04/04/2010 04:01 PM, David Kaye wrote:
>>>> [...]
>>>> I noted the file date/time and have looked back on this. The exploit
>>>> appears to have come from foxnews, officedepot, or officemax -- the
>>>> time stamps are within a few seconds of each other and show up right
>>>> before the time stamp that was written to the temp directory in my
>>>> documents and settings tree.
>>>> [...]
>>>
>>> See this:
>>> http://www.broadbandreports.com/foru...om-infected~ti
>>> me=1240194878
>>>
>>>
>>>
>> The last post in that thread was most telling! Viz:
>>
>> "Please note people - you may think you removed it, but really did
>> not. Malwarebytes and others do not detect Rootkits. You should run
>> ROOTKITREVEALER. I thought I had cleaned this, and I had really not.
>
> That's not entirely accurate. Malwarebytes does detect some rootkits. As
> do the other programs. Some newer rootkits will prevent rootkitrevealer
> and/or gmer from even loading.
>
>> There was a deep and nasty rootkit involved here. Only way to remove
>> was to boot off a Windows CD, and delete hidden drivers. I would be
>> willing to bet that half the people think they clean this stuff and
>> its not really clean."
>
> Not very deep or nasty if you only had to delete files. Yes, I'm sure it
> was a pain because you couldn't do it while in windows, but it's still
> not what I would call deep.
>
>
>
>
Your comments read and noted, Dustin.
--
Dave
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote