PDA

View Full Version : Warning about computer viruses



stillcrazie
01-17-2012, 11:40 AM
Just wanted to let people know that my computer is now being worked on because of some viruses I seem to have gotten on the front row sports link I used to watch part of the game on Sat. I can't prove that that's where it happened, but within a minute or two of going to the site, I started getting pop up windows like crazy on my screen. I ran a couple of malware programs but they were not thorough enough so I have some pros looking at it now.

I've used this site and justin.tv before and did not have a problem in the past. The tech guy told me that these sites are attached to multiple other sites and that it is common to get viruses from them. Just thought I would pass this info along to the DBR community.

UrinalCake
01-17-2012, 12:43 PM
Thanks for the warning! I use these sites often myself, even though they always make me feel dirty. May start running them within a virtual machine as an extra layer of protection.

moonpie23
01-17-2012, 01:11 PM
my macbook pro doesn't seem to suffer any ill effects from it.....

CameronBornAndBred
01-17-2012, 02:37 PM
As a guy who makes his living removing viruses all day long, I can promise you there is no safe site. In fact, it may not have even been the sites you referenced that caused your infection. Our work computers are on a separate network than our clients computers so we (hopefully) don't get infected by them. The other day I was on msn or cnn or yahoo...some safe site that we all go to all the time. I turned my head to work on a client's computer, and when I turned back 2 minutes later I saw on my screen "You are infected!" being shouted at me by "Antivirus 2012" or some such bogus named piece of crap software that got on my computer. Usually, you can see these programs come in..you will see a message such as "you are infected, click here to scan" tossed up by an innocent grey windows box. Click anywhere, and you're doomed. Best thing to do is simply hit the start button and select shut down, without touching anything else..the program itself won't have a chance to execute and you're safe. If you are brave...ctl-alt-del and kill iexplore.exe or whatever process you see related to your browser of choice, and that too will kill it without restarting. Either way, run a scan after with a malware cleaner such as Malwarebytes and you will probably be good to go.
However...in my case it executed without any input on my part and I got to spend the next 2 hours cleaning my pc of the rootkit that had just infected it.
P.S. Just as there is no safe site, there is no fool proof antivirus. Our work bench is full of computers with different programs...Norton's, AVG, Security Essentials, Avast...it don't matter. The best prevention is due diligence and alertness..hopefully you will see it come in and be able to shut down before it installs. The main thing is..if something looks suspicious...take it exactly as that and don't click squat. Don't click "no", "cancel", "ask me later"..because chances are all the buttons do exactly the same thing..which is "install".

BattierD12
01-17-2012, 02:44 PM
Just wanted to let people know that my computer is now being worked on because of some viruses I seem to have gotten on the front row sports link I used to watch part of the game on Sat. I can't prove that that's where it happened, but within a minute or two of going to the site, I started getting pop up windows like crazy on my screen. I ran a couple of malware programs but they were not thorough enough so I have some pros looking at it now.

I've used this site and justin.tv before and did not have a problem in the past. The tech guy told me that these sites are attached to multiple other sites and that it is common to get viruses from them. Just thought I would pass this info along to the DBR community.

Wow, this same exact thing happened to me earlier this week and Saturday as well to both my laptops. And yeah, I was watching some games on feeds too (magic-blazers one night, 49ers-saints the other; both on ilemi.eu). Huh, come to think of it, the initial crashes occurred during the games on both counts. Can't even run system restore, so I'll either get them checked with a pro or just pay $40 for a new hard drive.

wk2109
01-17-2012, 03:01 PM
The other day I was on msn or cnn or yahoo...some safe site that we all go to all the time. I turned my head to work on a client's computer, and when I turned back 2 minutes later I saw on my screen "You are infected!" being shouted at me by "Antivirus 2012" or some such bogus named piece of crap software that got on my computer. Usually, you can see these programs come in..you will see a message such as "you are infected, click here to scan" tossed up by an innocent grey windows box. Click anywhere, and you're doomed. Best thing to do is simply hit the start button and select shut down, without touching anything else..the program itself won't have a chance to execute and you're safe. If you are brave...ctl-alt-del and kill iexplore.exe or whatever process you see related to your browser of choice, and that too will kill it without restarting. Either way, run a scan after with a malware cleaner such as Malwarebytes and you will probably be good to go.
P.S. Just as there is no safe site, there is no fool proof antivirus. Our work bench is full of computers with different programs...Norton's, AVG, Security Essentials, Avast...it don't matter. The best prevention is due diligence and alertness..hopefully you will see it come in and be able to shut down before it installs. The main thing is..if something looks suspicious...take it exactly as that and don't click squat. Don't click "no", "cancel", "ask me later"..because chances are all the buttons do exactly the same thing..which is "install".


Wow, this same exact thing happened to me earlier this week and Saturday as well to both my laptops. And yeah, I was watching some games on feeds too (magic-blazers one night, 49ers-saints the other; both on ilemi.eu). Huh, come to think of it, the initial crashes occurred during the games on both counts. Can't even run system restore, so I'll either get them checked with a pro or just pay $40 for a new hard drive.

I got the "Vista Antivirus 2012" virus while watching the Giants-Packers game concurrently with Duke-Clemson. Here's a good site with removal instructions: http://www.2-viruses.com/remove-vista-antivirus-2012. Basically, enter in the registration key for the 'software' (2233-298080-3424 or 3425-814615-3990), which should stop the pop-ups, then run a system restore in Safe Mode.

gsurgeon
01-17-2012, 03:10 PM
Same thing happened to me watching on that site sat.

SupaDave
01-17-2012, 04:12 PM
my macbook pro doesn't seem to suffer any ill effects from it.....

Actually I was directed to another site and had a tab pop up. Immediately closed it all. Macbook seems to be functioning fine however.

Duke Mom in KS
01-17-2012, 07:40 PM
The same thing happened to me, and I figured it was firstrow, although I also had used the site before with no problem. I was able to do a system restore, and all seems to be okay, but I guess I won't be watching the three ESPNU games there this season. Drat!

stillcrazie
01-17-2012, 09:16 PM
The same thing happened to me, and I figured it was firstrow, although I also had used the site before with no problem. I was able to do a system restore, and all seems to be okay, but I guess I won't be watching the three ESPNU games there this season. Drat!

Just got my computer back all cleaned up! Sorry to hear that other people had the same problem. Once I saw that the fake anti-virus windows were popping up, I ran Microsoft Security Essentials, which got rid of two Trojans. Then I ran Malware bytes, which got rid of a few more. Restarted and things looked good, except when I google searched something and clicked on the link I got redirected to other sites. Duke OIT took care of what these other programs could not do.

So while it may be true, as someone suggested, that there are no safe sites, at least three of us seem to have had a problem with first row, which is why I posted originally, to see if others had the same issue. I don't think this was a coincidence, esp since the computer guy told me that these sites are notorious for being linked to hundreds of other sites, advertisers, etc. I don't want to go through this again, so I will wait and watch replays of games in the future. Thanks for all the replies.

P.S. Computer Guy said that Macs come in with viruses on occasion, too, although less frequently.

CameronBornAndBred
01-17-2012, 09:38 PM
Duke OIT took care of what these other programs could not do.
There is one very good program (that still will not always work by itself) called combofix and it will kill these rootkits. (Which is what you had..the google redirection is a classic symptom.) Just don't run it unless you are comfortable with what you are doing, because while it will get rid of the infection, it won't always leave your file extensions intact. Meaning that when you click on a program after running it, it may not work. There is a fix for it, but it requires some forethought ahead of running combofix. (Like saving an .exe registry fix to your computer ahead of time.)

moonpie23
01-17-2012, 10:05 PM
one of the things about first row is the fake "you don't have a plugin" window.......this immediately downloads an.exe file even to the mac....

if you're trying to close that window, or the "this ad will stop in 30 secs" window, look on the LEFT side for a tiny red x.......that one actually closes the windows....regardless, that place is filled with viruses and we all get what we ask for by visiting it...


if the nba would just make a legal site with a $1.00 charge, they'd make millions on it...

gep
01-18-2012, 12:50 AM
one of the things about first row is the fake "you don't have a plugin" window.......this immediately downloads an.exe file even to the mac....

if you're trying to close that window, or the "this ad will stop in 30 secs" window, look on the LEFT side for a tiny red x.......that one actually closes the windows....regardless, that place is filled with viruses and we all get what we ask for by visiting it...


if the nba would just make a legal site with a $1.00 charge, they'd make millions on it...

(bolded) This must be why I didn't experience anything watching the Clemson game on firstrow. When I first saw that I didn't have the plugin, I thought I'd go look for another link for the game on another site. But keeping that webpage open without clicking on anything, the game just started on its own. So I watched the entire game... no problems... yet.

I never click on these "missing something" webpages unless I totally know and trust the website... which is usually never:cool:

snowdenscold
01-18-2012, 09:57 AM
I never click on these "missing something" webpages unless I totally know and trust the website... which is usually never:cool:

Exactly - make sure you never download any plugins or extensions from sites that you don't fully trust. So I'll download a video plugin for CNN or ESPN, but never anywhere semi-shady or worse.

stillcrazie
01-18-2012, 11:09 AM
Exactly - make sure you never download any plugins or extensions from sites that you don't fully trust. So I'll download a video plugin for CNN or ESPN, but never anywhere semi-shady or worse.

P.S. I didn't try to download a plug in on front row sports, but that is good to know. These sites typically have ads pop up right on the screen in the middle of the game, which is extremely annoying. What I think I did was click on an ad to get rid of it and may have clicked on a fake x in my haste. Lesson learned. But these sites are booby trapped with stuff like that, so I will be avoiding them in the future.

Dr. Rosenrosen
01-18-2012, 12:22 PM
If you have an iPad, the espn iPad app works pretty well and allows access to broadcasts from all of the different ESPN networks. And you can avoid all the nonsense of trying to watch on these other sites which clearly can be dangerous. I've even used this approach over airport wifi without issue.

NSDukeFan
01-18-2012, 12:26 PM
If you have an iPad, the espn iPad app works pretty well and allows access to broadcasts from all of the different ESPN networks. And you can avoid all the nonsense of trying to watch on these other sites which clearly can be dangerous. I've even used this approach over airport wifi without issue.

My problem is that I am not in an ESPN area, so can't watch games on their site. I have had to resort to Justin.tv, channelsurfing, adthe and frontrowsports to watch most games the past couple years.

UrinalCake
01-18-2012, 01:09 PM
A virtual machine is one way to protect against viruses. This is basically a hosted instance of an O/S installation that runs in software. Virtual machines are typically used for product testing, as they allow you to launch a clean image of your system and then trash it and restart it as many times as you want. But they can be useful for other things too. Since the whole image is virtual, you can fire up your virtual machine, browse to your contaminated websites, and if a virus is caught then you just shut down the virtual machine and rerun it the next time you need it.

I like VirtualBox (https://www.virtualbox.org/) the best, but Microsoft also makes a product called Virtual PC (http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=4580) if you prefer to stick with them.

gep
01-18-2012, 01:28 PM
P.S. I didn't try to download a plug in on front row sports, but that is good to know. These sites typically have ads pop up right on the screen in the middle of the game, which is extremely annoying. What I think I did was click on an ad to get rid of it and may have clicked on a fake x in my haste. Lesson learned. But these sites are booby trapped with stuff like that, so I will be avoiding them in the future.

Also, if the pop-up ad is in a separate window, with its own "button" in the taskbar, it's better to right-click on the "button" in the taskbar, and close the window that way. Sometimes, the window looks "normal" with the red-X at the top-right corner, but the entire "window" is an image, and clicking *anywhere* on that window/image triggers the problem. If a pop-up ad is really an image and not a window (no "button" in the taskbar), I shut-down the browser instead of clicking on anything that says "close", "close this", or an "X" in a corner.

sagegrouse
01-18-2012, 01:47 PM
A virtual machine is one way to protect against viruses. This is basically a hosted instance of an O/S installation that runs in software. Virtual machines are typically used for product testing, as they allow you to launch a clean image of your system and then trash it and restart it as many times as you want. But they can be useful for other things too. Since the whole image is virtual, you can fire up your virtual machine, browse to your contaminated websites, and if a virus is caught then you just shut down the virtual machine and rerun it the next time you need it.

I like VirtualBox (https://www.virtualbox.org/) the best, but Microsoft also makes a product called Virtual PC (http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=4580) if you prefer to stick with them.

Hey, UC! I like what you say, and I appreciate your explanation. But would you mind explaining your explanation? ;)

sage

snowdenscold
01-18-2012, 01:48 PM
If a separate window has launched for a pop-up (as opposed to the annoying in-screen versions), use Ctrl+W to close it instead of chancing clicking with your mouse.

stillcrazie
01-18-2012, 02:31 PM
If a separate window has launched for a pop-up (as opposed to the annoying in-screen versions), use Ctrl+W to close it instead of chancing clicking with your mouse.

This is a great tip. Thanks.

JNort
02-17-2012, 03:35 AM
I use firstrow almost every single day and I have no anti virus what so ever. Never had one problem. Although I have never clicked on anything on the site except the game I want to see.