Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Web searches hijacked by malware

Reply
Thread Tools

Web searches hijacked by malware

 
 
Charles Packer
Guest
Posts: n/a
 
      12-07-2009
My wife's Windows XP system has suddenly acquired some
malware that, basically, intervenes in any Web search
she does for information about computer viruses, etc.,
i.e. the very information she would need to remove it.
It also intervenes when ahe attempts to go directly to
an anti-virus vendor, e.g. symantec.com.

As a long-time Linux guy, this is the first time I've
ever seen a seriously infected computer. It seems to want to
route her to Stopzilla.com, because that's the page
the usually is the endpoint of the hijacking. I learned
that Stopzilla is apparently a legitimate vendor.
So what's going on? There's a ton of information on
the Web about how to deal with viruses. Does anybody
here recognize this particular problem and know
a shortcut to finding a solution to it? Or, let
me know if more details are needed for a useful
discussion here.

--
Charles Packer
http://cpacker.org/whatnews
mailboxATcpacker.org
 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a
 
      12-07-2009
From: "Charles Packer" <(E-Mail Removed)>

| My wife's Windows XP system has suddenly acquired some
| malware that, basically, intervenes in any Web search
| she does for information about computer viruses, etc.,
| i.e. the very information she would need to remove it.
| It also intervenes when ahe attempts to go directly to
| an anti-virus vendor, e.g. symantec.com.

| As a long-time Linux guy, this is the first time I've
| ever seen a seriously infected computer. It seems to want to
| route her to Stopzilla.com, because that's the page
| the usually is the endpoint of the hijacking. I learned
| that Stopzilla is apparently a legitimate vendor.
| So what's going on? There's a ton of information on
| the Web about how to deal with viruses. Does anybody
| here recognize this particular problem and know
| a shortcut to finding a solution to it? Or, let
| me know if more details are needed for a useful
| discussion here.

The Vundotrojan/Virtumonde adware has been known to redirect to StopZilla.

Download, install, update and then execute, Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
 
 
 
Charles Packer
Guest
Posts: n/a
 
      12-08-2009
On Dec 7, 4:10 pm, "David H. Lipman" <DLipman~(E-Mail Removed)>
wrote:
> The Vundotrojan/Virtumonde adware has been known to redirect to StopZilla.
>
> Download, install, update and then execute, Malwarebytes' Anti-Malwarehttp://www.malwarebytes.org/mbam/program/mbam-setup.exe
>



Thanks very much for the name of the thing. I did a
Google search (on my Linux box, of course) and found
the article on Vundo to be informative and apparently
up to date. It did say that the thing attacks the
MalwareBytes product, but it also had a reference
to a site with detailed instructions --
http://www.wikihow.com/Delete-Virtumonde
that listed several other products. At any rate, it
looks like I'll have to budget a couple of hours for
the process, so it may be a few days before I can
get around to it and report back here.

--
Charles Packer
http://cpacker.org/whatnews
mailboxATcpacker.org
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      12-08-2009
From: "Charles Packer" <(E-Mail Removed)>

| Thanks very much for the name of the thing. I did a
| Google search (on my Linux box, of course) and found
| the article on Vundo to be informative and apparently
| up to date. It did say that the thing attacks the
| MalwareBytes product, but it also had a reference
| to a site with detailed instructions --
| http://www.wikihow.com/Delete-Virtumonde
| that listed several other products. At any rate, it
| looks like I'll have to budget a couple of hours for
| the process, so it may be a few days before I can
| get around to it and report back here.

| --
| Charles Packer
| http://cpacker.org/whatnews
| mailboxATcpacker.org

Charles:

Dealing with malware is nothing that should be dealayed UNLESS... the PC is kept off
during that period.

Additionally, there is NO reason to wipe the PC and reinstall the OS from scratch at this
time. No web search hijacking trojan rises to this level of draconian action.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
Fugazi
Guest
Posts: n/a
 
      12-08-2009
"David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:
> From: "Charles Packer" <(E-Mail Removed)>
>
> | Thanks very much for the name of the thing. I did a
> | Google search (on my Linux box, of course) and found
> | the article on Vundo to be informative and apparently
> | up to date. It did say that the thing attacks the
> | MalwareBytes product, but it also had a reference
> | to a site with detailed instructions --
> | http://www.wikihow.com/Delete-Virtumonde
> | that listed several other products. At any rate, it
> | looks like I'll have to budget a couple of hours for
> | the process, so it may be a few days before I can
> | get around to it and report back here.
>
> | --
> | Charles Packer
> | http://cpacker.org/whatnews
> | mailboxATcpacker.org
>
> Charles:
>
> Dealing with malware is nothing that should be dealayed UNLESS... the PC is kept off
> during that period.
>
> Additionally, there is NO reason to wipe the PC and reinstall the OS from scratch at this
> time.
>
> No web search hijacking trojan rises to this level of draconian
> action.


Well, as far as David assumes. It's mighty hard to prove that
negative he's attempting to pawn off as fact.

As such, if you wanna sleep without many worries, flatten and
rebuild. If you're a gamblin man, remove the malware you know about,
and do some hoping there isn't malware that you can't detect, and go
about your day with lingering doubts.

Note also that attackers are getting very good at search optimization
so if you go looking for solutions using web searches for a problem
you have, it's not hard to end up with rogue anti-malware products as
well as an offered solution to your problem.

From today's wire feeds, as just one example
http://news.yahoo.com/s/ap/20091208/..._engine_safety

 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      12-08-2009
From: "Fugazi" <(E-Mail Removed)>

| Well, as far as David assumes. It's mighty hard to prove that
| negative he's attempting to pawn off as fact.

| As such, if you wanna sleep without many worries, flatten and
| rebuild. If you're a gamblin man, remove the malware you know about,
| and do some hoping there isn't malware that you can't detect, and go
| about your day with lingering doubts.

| Note also that attackers are getting very good at search optimization
| so if you go looking for solutions using web searches for a problem
| you have, it's not hard to end up with rogue anti-malware products as
| well as an offered solution to your problem.

| From today's wire feeds, as just one example
| http://news.yahoo.com/s/ap/20091208/..._engine_safety

All that "example" shows is the nature of the Internet as being the Wild Wild West and NOT
World Wide Web.

In actuality we do NOT know what is on the OP's PC. For all we know there could be a
Mebroot or even a Parite infection. All we have to go on is the OPs words.

Not all malware requires a wipe and rebuild and if that was the case, EVERYONE would need
to be doing it once per week.

Investigation first, cost benefit analysis second and course of action third. If the CBA
determines wipe a rebuild fine. However such a draconian action can also lead to loss of
user data, loss of applications and even MORE time than removing a Vundo trojan or Browser
Helper Object.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      12-09-2009
I'm somewhat confused by the positions in these discussions.

Moe Trin wrote:
> David H. Lipman wrote:
>> "Fugazi"


>>> As such, if you wanna sleep without many worries, flatten and
>>> rebuild. If you're a gamblin man, remove the malware you know
>>> about, and do some hoping there isn't malware that you can't
>>> detect, and go about your day with lingering doubts.


Fugazi sez - one could go either way, flatten/rebuild or just apparent
malware removal.

>> In actuality we do NOT know what is on the OP's PC.


> Users are notoriously unable to describe technical problems, and are
> even less able to _notice_ that something is wrong.
>
>> Not all malware requires a wipe and rebuild and if that was the
>> case, EVERYONE would need to be doing it once per week.


DHL seems to be arguing against the flatten/rebuild side of the
argument, but that was only one side of Fugazi's position.

> You are assuming the user can make a rational technical decision.
> Were that the case, the incidence of mal-ware infestations would be
> much lower.


> Given that the average user has no clue what is happening with the
> computer, the alternative is trying to install ``something'' else
> that the user hopes (but has no guarantee) will do something useful,
> and isn't another version of mal-ware. But for the same reason, the
> average user is also quite incapable of a wipe/reinstall.


MT seems to be arguing with DHL, except to say that the same infected
user can neither make a rational decision about whether to target
malware remove *NOR* be able to flatten/rebuild.

Maybe MT's ultimate argument is that the user should be using an OS less
vulnerable to such problems, which OS has been installed by the
'factory' -- maybe a Mac


--
Mike Easter

 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      12-09-2009
~BD~ wrote:

> What advice would you give to 'the average user' who wishes to

*attempt*
> to wipe/reinstall Windows successfully?
>
> Let us assume that the MBR is infected too!


None of the last 4 computers which I bought with an OS installed 'from
the factory' came with a genuine MS OS disk. 2 of them came with
Linspire preinstalled and 'genuine' linspire disks; 2 of them, 1 XP and
1 Vista, came only with manufacturers' restore function on/from a
separate partition on the hdd, no disks, MS or OEM. If you wanted
disks, the installed OS had a function so that you could burn CDs or
DVDs to reinstall from the burned opticals instead of from the hdd
partition. Or you could order such disks from the manufacturer.

In both of those windows cases, the entire disk image including MBR
would be rewritten by the restore.

Back in the old days when buying a computer with windows installed
actually came with a MS CD or DVD to install with instead of an image
'pre-packaged' - or 'pre-imaged' - with bloatware, one would format the
drive prior to the install. The formatting wipes out the boot sector
which MBR is restored during the course of the install.



--
Mike Easter

 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      12-09-2009
From: "Moe Trin" <(E-Mail Removed)>

| On Tue, 8 Dec 2009, in the Usenet newsgroup alt.computer.security, in article
| <(E-Mail Removed)>, David H. Lipman wrote:

>>From: "Fugazi" <(E-Mail Removed)>


>>| As such, if you wanna sleep without many worries, flatten and
>>| rebuild. If you're a gamblin man, remove the malware you know
>>| about, and do some hoping there isn't malware that you can't
>>| detect, and go about your day with lingering doubts.


>>In actuality we do NOT know what is on the OP's PC.


| So how then do you assume that the anti-mal-ware tool will be able
| to remove all of the bad stuff?

>>For all we know there could be a Mebroot or even a Parite infection.
>>All we have to go on is the OPs words.


| Users are notoriously unable to describe technical problems, and are
| even less able to _notice_ that something is wrong.

>>Not all malware requires a wipe and rebuild and if that was the
>>case, EVERYONE would need to be doing it once per week.


| Not everyone is brain-dead and either clicks OK without reading, has
| disabled warning messages, or has enabled "auto-install" because it
| improves their ``internet experience''.

>>Investigation first, cost benefit analysis second and course of
>>action third.


| You are assuming the user can make a rational technical decision.
| Were that the case, the incidence of mal-ware infestations would be
| much lower.

>>If the CBA determines wipe a rebuild fine. However such a draconian
>>action can also lead to loss of user data, loss of applications and
>>even MORE time than removing a Vundo trojan or Browser Helper Object.


| Given that the average user has no clue what is happening with the
| computer, the alternative is trying to install ``something'' else
| that the user hopes (but has no guarantee) will do something useful,
| and isn't another version of mal-ware. But for the same reason, the
| average user is also quite incapable of a wipe/reinstall.

| Old guy

Mo Trin:

Using the same logic, the average user would have no clue how to backup their data, wipe
the PC, reinstall the OS, patch it, install all applications, restore their data and setup
the PC to the same relative working condition.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      12-09-2009
From: "Mike Easter" <(E-Mail Removed)>

< snip >

| Maybe MT's ultimate argument is that the user should be using an OS less
| vulnerable to such problems, which OS has been installed by the
| 'factory' -- maybe a Mac


| --
| Mike Easter

There 'ya go Mike !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
delete web searches Colin Mckechnie Computer Support 3 04-21-2005 09:24 PM
17167 Mining the Web: eigenVectors, Kriging, Inverse DistanceWeighting Searches 17167 Web Science MCSE 0 11-16-2004 10:01 PM
M$N filters web searches Kneewax Firefox 1 11-04-2004 07:52 PM
How to add my site to web searches like Yahoo Galsaba HTML 5 12-05-2003 02:52 AM
Web Searches Trevor HTML 1 11-21-2003 07:17 PM



Advertisments