Malware alert???
01-31-2012, 08:47 AM
#1
Team Owner
Thread Starter
Member Since: Mar 2007
Location: Right Corner Pocket of Illinois
Posts: 32,291
Received 1,497 Likes
on
1,008 Posts
No-IL Events Coordinator
2020 C6 of the Year Finalist - Unmodified
2020 Corvette of the Year Finalist (appearance mods)
C6 of Year Winner (appearance mods) 2019
2018 C6 of Year Finalist
St. Jude Donor '12-'13-'14-'15-'16-'17-'18-'19-'20-'21-'22-'23-'24
Malware alert???
Anyone else getting an antivirus alert every time they open a post here???
"URL: http://simbeppc.com/jscript/pixel.js"
Base of suspicious web addresses:
"URL: http://simbeppc.com/jscript/pixel.js"
Base of suspicious web addresses:
01-31-2012, 11:14 AM
#3
Race Director
Heads up to thise that do not have proper AV software, I browsed the forum last night at about 2am from my 2nd laptop - a new build and had not yet installed AV software. The Malware has a pretty nasty payload.
Injects a System Check utility that looks like a legit Windows program that scans your PC and finds issues with your drive, memory and system and then shows you disk "crashing" - looks like all your files are gone, but what it does is set the +H (hidden attrib) to your drive as it is running its "check".
Took a couple hours to isolate and remove, including pre and post cleanup scans.
Are these rogue malware infections coming via unpoliced banner ads on CF?
ESET Nod32 caught the malware on my main laptop.
Injects a System Check utility that looks like a legit Windows program that scans your PC and finds issues with your drive, memory and system and then shows you disk "crashing" - looks like all your files are gone, but what it does is set the +H (hidden attrib) to your drive as it is running its "check".
Took a couple hours to isolate and remove, including pre and post cleanup scans.
Are these rogue malware infections coming via unpoliced banner ads on CF?
ESET Nod32 caught the malware on my main laptop.
Last edited by RC45; 01-31-2012 at 11:16 AM.
01-31-2012, 12:00 PM
#5
Team Owner
Thread Starter
Member Since: Mar 2007
Location: Right Corner Pocket of Illinois
Posts: 32,291
Received 1,497 Likes
on
1,008 Posts
No-IL Events Coordinator
2020 C6 of the Year Finalist - Unmodified
2020 Corvette of the Year Finalist (appearance mods)
C6 of Year Winner (appearance mods) 2019
2018 C6 of Year Finalist
St. Jude Donor '12-'13-'14-'15-'16-'17-'18-'19-'20-'21-'22-'23-'24
FYI: I am no longer getting the Kaspersky AV alert... 
01-31-2012, 12:12 PM
#8
01-31-2012, 12:27 PM
#10
01-31-2012, 01:28 PM
#11
Race Director
This is from the 8:20am log - the last incident I had.
And this was the activity at 8:05am - the injection and the infection. Both caught by ESET.
http : //forums.corvetteforum.com/c5-parts-for-sale-wanted-53 HTML/ScrInject.B.Gen virus connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.
http : //forums.corvetteforum.com/c5-parts-for-sale-wanted-53 » GZ » file.htm HTML/ScrInject.B.Gen virus
http : //forums.corvetteforum.com/c5-parts-for-sale-wanted-53 » GZ » file.htm HTML/ScrInject.B.Gen virus
1/31/2012 8:05:14 AM HTTP filter archive http : //forums.corvetteforum.com/politics-religion-and-controversy-88 HTML/ScrInject.B.Gen virus connection terminated - quarantined HPLAPTOP1\Administrator Threat was detected upon access to web by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.
1/31/2012 8:05:34 AM Real-time file system protection file C:\Users\Administrator\AppData\Local\Mic rosoft\Windows\Temporary Internet Files\Content.IE5\J8FVHUZT\politics-religion-and-controversy-88[1].htm HTML/ScrInject.B.Gen virus deleted HPLAPTOP1\Administrator Event occurred during an attempt to access the file by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.
1/31/2012 8:05:34 AM Real-time file system protection file C:\Users\Administrator\AppData\Local\Mic rosoft\Windows\Temporary Internet Files\Content.IE5\J8FVHUZT\politics-religion-and-controversy-88[1].htm HTML/ScrInject.B.Gen virus deleted HPLAPTOP1\Administrator Event occurred during an attempt to access the file by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.
Last edited by RC45; 01-31-2012 at 01:35 PM.
01-31-2012, 05:06 PM
#12
Moderator
Member Since: Jul 2005
Location: West MI
Posts: 27,704
Received 3,622 Likes
on
1,741 Posts
CF Banner Relay Captain
West MI & JAX/NE Florida
Events Coordinator
St. Jude Donor '11-'12-'13-'14-'15-'16-'17, '21
Heads up to thise that do not have proper AV software, I browsed the forum last night at about 2am from my 2nd laptop - a new build and had not yet installed AV software. The Malware has a pretty nasty payload.
Injects a System Check utility that looks like a legit Windows program that scans your PC and finds issues with your drive, memory and system and then shows you disk "crashing" - looks like all your files are gone, but what it does is set the +H (hidden attrib) to your drive as it is running its "check".
Took a couple hours to isolate and remove, including pre and post cleanup scans.
Are these rogue malware infections coming via unpoliced banner ads on CF?
ESET Nod32 caught the malware on my main laptop.
Injects a System Check utility that looks like a legit Windows program that scans your PC and finds issues with your drive, memory and system and then shows you disk "crashing" - looks like all your files are gone, but what it does is set the +H (hidden attrib) to your drive as it is running its "check".
Took a couple hours to isolate and remove, including pre and post cleanup scans.
Are these rogue malware infections coming via unpoliced banner ads on CF?
ESET Nod32 caught the malware on my main laptop.
I run AVG and keep it updated but no warnings, the system check popped up and could not get rid of it. The Repair place said this has been popping up a lot lately
01-31-2012, 07:26 PM
#13
Team Owner
02-01-2012, 01:01 AM
#14
Race Director
It is unlikely they can delete the system files whil ethe machine is running, that is why I suspected they where running the attrib -h util to fake me into buying their software.
Good AV software - ESET Nod32 is very good. Keep Process Explorer ready to launch to see these malicious bits of code executing.
And above all else, keep all your precious data in a single folder int he root called data with all your folders under there and back it up regularly to a USB stick (they are availabl ein 128GB sizes now) and to external hard drives.
That way if something does fry your laptop/PC, no sweat, you only lose a day or 2 of data.
02-09-2012, 01:58 PM
#15
Moderator
Member Since: Jul 2005
Location: West MI
Posts: 27,704
Received 3,622 Likes
on
1,741 Posts
CF Banner Relay Captain
West MI & JAX/NE Florida
Events Coordinator
St. Jude Donor '11-'12-'13-'14-'15-'16-'17, '21
The key is to not panic when these utils fake data loss.
It is unlikely they can delete the system files whil ethe machine is running, that is why I suspected they where running the attrib -h util to fake me into buying their software.
Good AV software - ESET Nod32 is very good. Keep Process Explorer ready to launch to see these malicious bits of code executing.
And above all else, keep all your precious data in a single folder int he root called data with all your folders under there and back it up regularly to a USB stick (they are availabl ein 128GB sizes now) and to external hard drives.
That way if something does fry your laptop/PC, no sweat, you only lose a day or 2 of data.
It is unlikely they can delete the system files whil ethe machine is running, that is why I suspected they where running the attrib -h util to fake me into buying their software.
Good AV software - ESET Nod32 is very good. Keep Process Explorer ready to launch to see these malicious bits of code executing.
And above all else, keep all your precious data in a single folder int he root called data with all your folders under there and back it up regularly to a USB stick (they are availabl ein 128GB sizes now) and to external hard drives.
That way if something does fry your laptop/PC, no sweat, you only lose a day or 2 of data.
I was having issues prior when I logged in to windows so the system check didn't seem odd at the time. I couldn't get rid of it and then all the files were hidden
Best to keep things backed up! There are plenty of online services that will do it automatically too for those of us who don't always hook up the external hard drive. 
02-14-2012, 01:21 PM
#16
Race Director
Member Since: Mar 2009
Location: Canada's capital
Posts: 19,777
Received 4,583 Likes
on
2,157 Posts
2020 Corvette of the Year Finalist (appearance mods)
C1 of Year Finalist (appearance mods) 2019
Windows security didn't catch any of the TWELVE viruses i picked up, and I mostly only go on here. Machine was s l o w i n g down a lot. I had to load avg to pick them up, and still had to go back 3 days to get rid of them. I hope this isn't going to be a reoccurring problem, I don't need the grief!
02-14-2012, 01:25 PM
#17
I'm not aware of any recent events on CF since the last confirmation approximately 2 weeks ago.
Windows security didn't catch any of the TWELVE viruses i picked up, and I mostly only go on here. Machine was s l o w i n g down a lot. I had to load avg to pick them up, and still had to go back 3 days to get rid of them. I hope this isn't going to be a reoccurring problem, I don't need the grief!
