The W
Views: 100771526
Main | FAQ | Search: Y! / G | Calendar | Color chart | Log in for more!
23.11.14 1409
The W - Internet & Computers - Tools to prevent rogue anti-virus?
This thread has 32 referrals leading to it
Register and log in to post!
Pages: 1(104 newer) Next thread | Previous thread
User
Post (5 total)
cranlsn
Liverwurst








Since: 18.3.02
From: Sussex, WI

Since last post: 19 days
Last activity: 15 hours
#1 Posted on

I've become very good at removing these...I'd like not to have to.

My daughter's netbook running WinXP SP3 caught a particularly nasty one "XP Antivirus 2011". It pops up the usual warning screens, but it also hacks the registry to kill file associations for .exe files. It also shuts down the firewall and turns off automatic updates.

I've saved a permanent copy of the registry fix, and have bookmarked the dll's that I need to re-register in order to start the automatic updates back up. Malwarebytes, CCleaner, Microsoft Malicious Software removal tool and Spybot S&D clean everything up.

So...here's my problem. My daughter is an artist, and likes the community Deviant art. However, many of the images are re-directing to this crapware. AVG has gotten better at stopping the sites, but it the registry hack and automatic updates shutdown still occurs. I could blacklist it in the hosts file, but there aren't any odd entries. How do I pinpoint what site I need to catch? I've got her using Firefox...are there any add ons that might help prevent this? Or any standalone tools that would help?

I've come across some message boards claiming that Google image searches are also doing this fairly often.

My last resort is to tell my daughter to stay off of Deviant Art...which I'm trying to avoid.

Any suggestions, thoughts are welcome. I'm getting good at fixing this, but every other day is kind of a pain in the ass.

**One Thought**

This might be lack of sleep, but would Virtualbox run on a netbook? I could setup a Virtualbox running Puppy Linux so she could browse Deviant Art without fear of Windows Malware correct? Or is that too much overhead for a Netbook?

(edited by cranlsn on 23.4.11 0025)
Promote this thread!
JALman
Boerewors








Since: 7.7.02
From: Almost there

Since last post: 115 days
Last activity: 19 hours
#2 Posted on
Hmm, DeviantArt never gave me problems. However, after reading through some research does she have the latest version of Flash installed? It seems that some attacks are coming through Flash banner ads. Example of discussion: http://forums.furcadia.com/lofiversion/index.php/t66771.html?furcadia_session_id=568916-mjrx-ker&



cranlsn
Liverwurst








Since: 18.3.02
From: Sussex, WI

Since last post: 19 days
Last activity: 15 hours
#3 Posted on

OK...I can give noscript and ad block plus a try on Firefox. She is using the most current version of Flash. I try to keep all of that up to date.

I've got no experience with these Firefox add ons however. I try to keep my installs as lean as possible. Have they been known to cause issues with legitimate Flash applications? Or do they primarily block ads?
JALman
Boerewors








Since: 7.7.02
From: Almost there

Since last post: 115 days
Last activity: 19 hours
#4 Posted on
    Originally posted by cranlsn

    I've got no experience with these Firefox add ons however. I try to keep my installs as lean as possible. Have they been known to cause issues with legitimate Flash applications? Or do they primarily block ads?

AFAIK if the Flash applet originates from a different site or even subdomain NoScript blocks it by default. Sometimes I have to set NoScript manually to allow obviously useful non-ad Flash content.

My concern with having both ADP and NoScript running at the same time is the possibility of their combined aggressiveness blocking too much real content or slowing down Firefox.



cranlsn
Liverwurst








Since: 18.3.02
From: Sussex, WI

Since last post: 19 days
Last activity: 15 hours
#5 Posted on

Thanks, we'll give NoScript a shot first, as most of the research seems to point towards url hijacking for this crap.

We'll see if this helps her out. If not...I've got the removal down to an (admittedly pain in the ass) science.


Well I've got no-script in place now...so far so good...but not before the damn thing came back again. But it is definitely coming from one of two sites she visits, as I was able to browse to hell and back with no issues before that. Hopefully the NoScript catches it.

I've gone through the registry, startup, and cookies with a fine tooth comb. I'm eventually getting a Windows 7 family pack this summer to get all of the PC's on the same OS, so if it comes to a complete wipe it's not that big of deal.

If they ever find a way to trace back these things and physically hurt the parties responsible...I want a front row seat.

(edited by cranlsn on 24.4.11 2357)
Pages: 1Thread ahead: Using NES controller on PC
Next thread: Web hosting solutions?
Previous thread: PowerEdge 800 Power Supply
(104 newer) Next thread | Previous thread
You guys always have great advice, so I need some recommendations. I work in a call center and we are issued plantronics brand headsets. They're fairly comfortable, it they let a lot of ambient noise through.
- StaggerLee, need advice (2013)
The W - Internet & Computers - Tools to prevent rogue anti-virus?Register and log in to post!

The W™ message board

ZimBoard
©2001-2014 Brothers Zim

This old hunk of junk rendered your page in 0.066 seconds.