Check out this virus. Man, I'm impressed!
-
- Registered User
- Posts: 12310
- Joined: 28 Nov 2005, 02:00
- Location: That other place
- Contact:
Check out this virus. Man, I'm impressed!
So, my mum called me over, not knowing what the heck was going on with her PC. I got there and saw this:
Now, I don't know about you guys, but at first glance, I thought that was totally legit. Then a couple of things gave it away, like, you know, explorer being open in Chrome, two HDDs being missing, the HDD label being incorrect, the documents folder having the wrong name, etc etc etc It all fell apart after that, but at first, it had me going.
I've seen pop-ups similar to this, I think we all have, but this one was just so, so good. I can totally see how people would fall for this sort of thing.
In case anyone's unsure - in this case, the moment you click that "Remove all" button, the server send your PC a present that keeps your 23 year old son busy for the next few hours formatting and re-installing windows
("present" is a euphemism for "horrible, terrible virus" )
Now, I don't know about you guys, but at first glance, I thought that was totally legit. Then a couple of things gave it away, like, you know, explorer being open in Chrome, two HDDs being missing, the HDD label being incorrect, the documents folder having the wrong name, etc etc etc It all fell apart after that, but at first, it had me going.
I've seen pop-ups similar to this, I think we all have, but this one was just so, so good. I can totally see how people would fall for this sort of thing.
In case anyone's unsure - in this case, the moment you click that "Remove all" button, the server send your PC a present that keeps your 23 year old son busy for the next few hours formatting and re-installing windows
("present" is a euphemism for "horrible, terrible virus" )
That guy that used to mod cases. Now I take photos. True story.
-
- Registered User
- Posts: 14338
- Joined: 04 Sep 2004, 02:00
- Processor: i386DX Sooper
- Motherboard: A blue one
- Graphics card: A red one
- Memory: Hard drive
- Location: On a Möbius strip
- Contact:
Re: Check out this virus. Man, I'm impressed!
I dunno about the rest, but it's fairly obvious to me that it's a scam.
It's running inside the web browser... Immediately red flags should be raised.
It's running inside the web browser... Immediately red flags should be raised.
If I weren't insane: I couldn't be so brilliant! - The Joker
-
- Registered User
- Posts: 12310
- Joined: 28 Nov 2005, 02:00
- Location: That other place
- Contact:
Re: Check out this virus. Man, I'm impressed!
Yeah, I'm aware of that. But when you sit down at a PC and you see that, full screen, it's a little different. Like I said, the moment I saw that it was in a browser, I knew that it was something malicious, but before I saw that, it looked pretty real to me.Bladerunner wrote:I dunno about the rest, but it's fairly obvious to me that it's a scam.
It's running inside the web browser... Immediately red flags should be raised.
That guy that used to mod cases. Now I take photos. True story.
Re: Check out this virus. Man, I'm impressed!
I fell for that thing once. It installed a program that could only be gotten rid of by downloading a special removal tool. Also fell for the "your the millionth visitor" thingy once. The fear of being revealed as an idiot has kept me pretty safe since then.
"It is the mark of an educated mind to be able to entertain a thought without accepting it." - Aristotle
Intel i5 2500; AsRock Z77 Extreme 4; Asus GTX580; 4x 2GB DDR3 1333; Intel 520 240GB SSD + 2x WD 3TB + 2TB Samsung; Samsung 22X DVD/RW; 23" LG W2343T-PF; Huntkey 700W
Intel i5 2500; AsRock Z77 Extreme 4; Asus GTX580; 4x 2GB DDR3 1333; Intel 520 240GB SSD + 2x WD 3TB + 2TB Samsung; Samsung 22X DVD/RW; 23" LG W2343T-PF; Huntkey 700W
- Tribble
- Registered User
- Posts: 88465
- Joined: 08 Feb 2007, 02:00
- Processor: Intel Core i7-4770K CPU@3.50GHz
- Motherboard: ACPI x64-based PC
- Graphics card: GeForce GTX 780 Ti
- Memory: 16GB
- Location: Not here
- Contact:
Re: Check out this virus. Man, I'm impressed!
I can see how that would have someone fooled. Get a pop-up blocker asap.
- rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
Re: Check out this virus. Man, I'm impressed!
meh... seen plenty of these... the number of users who fall for this is depressing...
Most people would sooner die than think; in fact, they do so - Bertrand Russel
-
- Registered User
- Posts: 26022
- Joined: 13 May 2004, 02:00
- Location: Getting there...
- Contact:
Re: Check out this virus. Man, I'm impressed!
Pity 'mum' isn't a forumite. Epic Fail would've been epic...
MOOD - Thirsty
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
-
- Registered User
- Posts: 102
- Joined: 16 Apr 2010, 10:01
Re: Check out this virus. Man, I'm impressed!
The big question is, how do you get to a fake antivirus websites by searching for cupcakes? And the answer is, they have selectively targeted mums and grandpa's (who will fall for the scam) cause those are probably the only ones that will search for pictures of cupcakes
-
- Registered User
- Posts: 12310
- Joined: 28 Nov 2005, 02:00
- Location: That other place
- Contact:
Re: Check out this virus. Man, I'm impressed!
Right?! This is the one thing I didn't get. My mom uses the net specifically for baking related stuff (she bakes epic cakes as a hobby), and she landed at this pop-up from a cupcake google searchStudio Touch Visagie wrote:The big question is, how do you get to a fake antivirus websites by searching for cupcakes?
That guy that used to mod cases. Now I take photos. True story.
Re: Check out this virus. Man, I'm impressed!
ah, the number of times someone at work has called me to say something along the lines of "see, i told you the company antivirus was ****, look how many viruses I have". as said, getting rid of it is a pain in the rear.
| Intel C2D E7300 | Asus Striker Extreme | CL X-Fi ME | Asus 8800GTS | Aopen 700W |
| 2*Seagate 1TB Raid | Samsung 2232GW 22" LCD | Team Extreem 2GB DDR2 800 |
Re: Check out this virus. Man, I'm impressed!
I've encountered this as well, my sister had it on her machine a while back, it was fairly easy to remove but still annoying nonetheless. I remember when I opened her browser again it was still there. So long as you close the tab you can't get infected or at least shouldn't. I've also had to remove it from a work machine once. The thing is it doesn't hide itself very well, but it does make it hard to open anything as it blocks most programs from running.
With regards to how people who look at innocent things can come across this it's all exploits on weak websites. I have a friend who played around with the exploits on some websites, he would do harmless things like change the name of the song currently being played on a local radio station or add products that don't exist to an online shop for a ludicrous amount of money. He also knew how to make legit websites load then redirect to another site which is most likely what happened to your mom, she clicked a link and saw her cupcakes load then the site redirect kicked in and came to what you see above.
To be safe make sure users know what the interface for the AV you have installed looks like, then tell them if it doesn't look like that then don' click on anything or just close the browser, knowing the Alt-F4 shortcut can also help them.
With regards to how people who look at innocent things can come across this it's all exploits on weak websites. I have a friend who played around with the exploits on some websites, he would do harmless things like change the name of the song currently being played on a local radio station or add products that don't exist to an online shop for a ludicrous amount of money. He also knew how to make legit websites load then redirect to another site which is most likely what happened to your mom, she clicked a link and saw her cupcakes load then the site redirect kicked in and came to what you see above.
To be safe make sure users know what the interface for the AV you have installed looks like, then tell them if it doesn't look like that then don' click on anything or just close the browser, knowing the Alt-F4 shortcut can also help them.
-
- Registered User
- Posts: 244
- Joined: 20 Aug 2010, 15:55
- Location: somewhere
Re: Check out this virus. Man, I'm impressed!
yip, that is a good ol trojan right there, and malwarebytes takes care of it.
i7 930 (4 GHz)
Gigabyte X58A - UD3R
Kingston HyperX DDR3 1600Mhz (3 x 2Gb)
Huntkey 900W Modular PSU
Sapphire Radeon HD 6870 1Gb
CoolerMaster HAF 922
Samsung 2494 HS
Gigabyte X58A - UD3R
Kingston HyperX DDR3 1600Mhz (3 x 2Gb)
Huntkey 900W Modular PSU
Sapphire Radeon HD 6870 1Gb
CoolerMaster HAF 922
Samsung 2494 HS
Re: Check out this virus. Man, I'm impressed!
I got two of them one had something with a bee and said it was some antivireus, the other was the one shown at the top.
System restore worked on them!dunno why but after sys restore i could uninstall them normally!
System restore worked on them!dunno why but after sys restore i could uninstall them normally!
Core i5 760
Palit NVIDIA GTX 470
Gigabyte GA-P55A-UD4
G.Skill 1600mHz DDR3 Ripjaws
Samsung 1TB
Coolermaster Elite 430
Coolermaster Hyper 212 Plus
Coolermaster Silent Pro 700w
Buffalo 3 TB USB 3.0 External
Palit NVIDIA GTX 470
Gigabyte GA-P55A-UD4
G.Skill 1600mHz DDR3 Ripjaws
Samsung 1TB
Coolermaster Elite 430
Coolermaster Hyper 212 Plus
Coolermaster Silent Pro 700w
Buffalo 3 TB USB 3.0 External
Re: Check out this virus. Man, I'm impressed!
erm...get a MAC
- rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
Re: Check out this virus. Man, I'm impressed!
Most people would sooner die than think; in fact, they do so - Bertrand Russel
-
- Registered User
- Posts: 14338
- Joined: 04 Sep 2004, 02:00
- Processor: i386DX Sooper
- Motherboard: A blue one
- Graphics card: A red one
- Memory: Hard drive
- Location: On a Möbius strip
- Contact:
Re: Check out this virus. Man, I'm impressed!
I've heard good things about macs from several homosexuals...
If I weren't insane: I couldn't be so brilliant! - The Joker
Re: Check out this virus. Man, I'm impressed!
Good to know you associate with several homosexuals...Bladerunner wrote:I've heard good things about macs from several homosexuals...
Re: Check out this virus. Man, I'm impressed!
Bladerunner wrote:I've heard good things about macs from several homosexuals...
~ LMPA
Kanete naki mi koso yasukere yuki no michi
- Spoiler (show)
-
- Registered User
- Posts: 14338
- Joined: 04 Sep 2004, 02:00
- Processor: i386DX Sooper
- Motherboard: A blue one
- Graphics card: A red one
- Memory: Hard drive
- Location: On a Möbius strip
- Contact:
Re: Check out this virus. Man, I'm impressed!
Well certainly you have nothing against homosexuals?
If I weren't insane: I couldn't be so brilliant! - The Joker
Re: Check out this virus. Man, I'm impressed!
No, but apparently you do as your statement was a clear attempt to insult Mac users by likening them to homosexuals. Allowing your computer to not be infected by a virus comes down to user prevention first and foremost and not the specific hardware or OS you're running, although obviously Windows is targeted more than Linux or Mac OS by malware attempts and viruses considering it has over 90% of the OS market share.
-
- Registered User
- Posts: 12310
- Joined: 28 Nov 2005, 02:00
- Location: That other place
- Contact:
Re: Check out this virus. Man, I'm impressed!
Bladerunner wrote:I've heard good things about macs from several homosexuals...
Wow. Just wow.
That guy that used to mod cases. Now I take photos. True story.
-
- Registered User
- Posts: 4754
- Joined: 06 Aug 2003, 02:00
- Processor: PHENOM II 945
- Motherboard: Asus M4A78
- Graphics card: HIS ICEQ 4850 1GB
- Memory: 4GB CORSAIR XMS II 1066
- Location: , location, location!
Re: Check out this virus. Man, I'm impressed!
on the one hand: shame on you BR.DAE_JA_VOO wrote:Bladerunner wrote:I've heard good things about macs from several homosexuals...
Wow. Just wow.
on the other: ha ha ha
"Every normal man must be tempted at times to spit on his hands, hoist that black flag, and begin slitting throats."
- H. L. Mancken
- H. L. Mancken
-
- Registered User
- Posts: 14338
- Joined: 04 Sep 2004, 02:00
- Processor: i386DX Sooper
- Motherboard: A blue one
- Graphics card: A red one
- Memory: Hard drive
- Location: On a Möbius strip
- Contact:
Re: Check out this virus. Man, I'm impressed!
I do not.ryanrich wrote:No, but apparently you do...
If I weren't insane: I couldn't be so brilliant! - The Joker
Re: Check out this virus. Man, I'm impressed!
Right... That's why the following exists:chowzen wrote:erm...get a MAC
Because Macs are the perfect example of an OS that doesn't fall victim to viruses.
-
- Registered User
- Posts: 12310
- Joined: 28 Nov 2005, 02:00
- Location: That other place
- Contact:
Re: Check out this virus. Man, I'm impressed!
The fact that an anti virus app exists for the Mac doesn't mean it's necessary. 99.9% of Mac users are "unprotected" and have never had a virus.Xiphan wrote:Right... That's why the following exists:chowzen wrote:erm...get a MAC
Because Macs are the perfect example of an OS that doesn't fall victim to viruses.
That guy that used to mod cases. Now I take photos. True story.