NAsty Message

Discussion in 'Computer Security' started by Quercus Robur, Mar 23, 2007.

  1. My wife just turned on her computer and up popped a window stating "You need
    to download XXX to clean up your computer. You have visited adult sites."
    Of course we did not download.

    Now a) I don't use my wifes computer, and b) I don't visit A sites.

    My wife is PO'd

    We run Norton AV (always up to date), Trend Micro anti spyware and
    Ad-Subtract plus firewall, so I am curious, what got through and how?

    What do I need to do, am running a full AV scan?

    Martin
     
    Quercus Robur, Mar 23, 2007
    #1
    1. Advertising

  2. Quercus Robur wrote:

    > My wife just turned on her computer and up popped a window stating "You need
    > to download XXX to clean up your computer. You have visited adult sites."
    > Of course we did not download.


    > Now a) I don't use my wifes computer, and b) I don't visit A sites.


    Why do you think this would be related anyway?

    > We run Norton AV (always up to date), Trend Micro anti spyware and
    > Ad-Subtract plus firewall, so I am curious, what got through and how?


    Why do you think this software could have changed anything?

    > What do I need to do, am running a full AV scan?


    You need to do what everyone would have to do: restore from the last
    uncompromised backup. Or flatten and rebuild.

    Why do you think an AV scan could reliably clean the system?
     
    Sebastian Gottschalk, Mar 23, 2007
    #2
    1. Advertising

  3. Quercus Robur

    Wayne. Guest

    Sebastian Gottschalk wrote:
    > Quercus Robur wrote:
    >
    >> My wife just turned on her computer and up popped a window stating "You need
    >> to download XXX to clean up your computer. You have visited adult sites."
    >> Of course we did not download.

    >
    >> Now a) I don't use my wifes computer, and b) I don't visit A sites.

    >
    > Why do you think this would be related anyway?
    >
    >> We run Norton AV (always up to date), Trend Micro anti spyware and
    >> Ad-Subtract plus firewall, so I am curious, what got through and how?

    >
    > Why do you think this software could have changed anything?
    >
    >> What do I need to do, am running a full AV scan?

    >
    > You need to do what everyone would have to do: restore from the last
    > uncompromised backup. Or flatten and rebuild.
    >
    > Why do you think an AV scan could reliably clean the system?


    Spyware S&D might be an easier solution.
     
    Wayne., Mar 23, 2007
    #3
  4. Wayne. wrote:

    >> You need to do what everyone would have to do: restore from the last
    >> uncompromised backup. Or flatten and rebuild.
    >>
    >> Why do you think an AV scan could reliably clean the system?

    >
    > Spyware S&D might be an easier solution.


    Or might not, since it's trivially no solution at all.
     
    Sebastian Gottschalk, Mar 23, 2007
    #4
  5. Quercus Robur

    Zilbandy Guest

    On Fri, 23 Mar 2007 09:41:09 +0100, Sebastian Gottschalk
    <> wrote:

    >>> Why do you think an AV scan could reliably clean the system?

    >>
    >> Spyware S&D might be an easier solution.

    >
    >Or might not, since it's trivially no solution at all.


    You're sure a big ball of encouragement, aren't you. I rarely see you
    offer much in the form of a solution, but you are sure good at
    criticizing others for their attempts at solutions.

    From what I gather, you would only be happy if one installed only new,
    shrink wrapped software on a brand new, freshly built system; never
    connected to the Internet or any network; never loaded anyone else's
    files to your system; and never left your system unattended for any
    reason... ever! Then, you might reasonably expect to remain virus and
    spyware free. Where's the fun in that? LOL.

    Looking on the bright side of that solution. You'd never need to get
    security updates, use an anti virus/spyware program or firewall.... :)

    --
    Zilbandy
     
    Zilbandy, Mar 23, 2007
    #5
  6. Quercus Robur

    JD in TX Guest

    "Quercus Robur" <> wrote in
    news:7aHMh.2050$:

    > You have
    > visited adult sites."
    >
    > Now a) I don't use my wifes computer, and b) I don't visit A sites.


    c) Obviously your wife does.
     
    JD in TX, Mar 23, 2007
    #6
  7. Zilbandy wrote:

    > On Fri, 23 Mar 2007 09:41:09 +0100, Sebastian Gottschalk
    > <> wrote:
    >
    >>>> Why do you think an AV scan could reliably clean the system?
    >>>
    >>> Spyware S&D might be an easier solution.

    >>
    >>Or might not, since it's trivially no solution at all.

    >
    > You're sure a big ball of encouragement, aren't you.


    How exactly should there be any encouragement in telling you that your
    claimed solution simply is none?

    > I rarely see you offer much in the form of a solution,


    Maybe you should track back this thread then.

    > but you are sure good at criticizing others for their attempts at solutions.


    Right. Your point being? Ah, I guess you'd even bring this nonsensical
    argument when no solutions exists...

    > From what I gather, you would only be happy if one installed only new,
    > shrink wrapped software on a brand new, freshly built system; never
    > connected to the Internet or any network; never loaded anyone else's
    > files to your system; and never left your system unattended for any
    > reason... ever! Then, you might reasonably expect to remain virus and
    > spyware free. Where's the fun in that? LOL.


    There is no fun in you drawing totally wrong conclusions.

    > Looking on the bright side of that solution. You'd never need to get
    > security updates, use an anti virus/spyware program or firewall.... :)


    And even that's wrong.
     
    Sebastian Gottschalk, Mar 23, 2007
    #7
  8. Quercus Robur

    Zilbandy Guest

    On Fri, 23 Mar 2007 12:33:06 +0100, Sebastian Gottschalk
    <> wrote:

    >There is no fun in you drawing totally wrong conclusions.
    >
    >> Looking on the bright side of that solution. You'd never need to get
    >> security updates, use an anti virus/spyware program or firewall.... :)

    >
    >And even that's wrong.


    You've explained it so well! I stand corrected... I guess. :/ Anyway,
    it's been fun here. :)

    --
    Zilbandy
     
    Zilbandy, Mar 23, 2007
    #8
  9. Zilbandy wrote:

    > On Fri, 23 Mar 2007 12:33:06 +0100, Sebastian Gottschalk
    > <> wrote:
    >
    >>There is no fun in you drawing totally wrong conclusions.
    >>
    >>> Looking on the bright side of that solution. You'd never need to get
    >>> security updates, use an anti virus/spyware program or firewall.... :)

    >>
    >>And even that's wrong.

    >
    > You've explained it so well!


    Sorry, I thought it's kinda obvious: Exploits can be carried with data.
    Just give the user a CD full of JPEG pr0n, and his Windows XP with SP1 is
    hosed.

    Thus, you should really qualify in which way a non-networked workstation is
    interchanging data.
     
    Sebastian Gottschalk, Mar 23, 2007
    #9
  10. Quercus Robur

    Moe Trin Guest

    On Fri, 23 Mar 2007, in the Usenet newsgroup alt.computer.security, in article
    <7aHMh.2050$>, Quercus Robur wrote:

    >My wife just turned on her computer and up popped a window stating "You need
    >to download XXX to clean up your computer. You have visited adult sites."
    >Of course we did not download.


    What rock have you been hiding under? This problem has only been around
    for at least 6 years.

    >Now a) I don't use my wifes computer, and b) I don't visit A sites.


    c. Neither one of you have a clue about computers

    >My wife is PO'd


    Glad to hear it. Maybe it will give you some incentive to learn how to
    configure your computer and disable unwanted services.

    >We run Norton AV (always up to date), Trend Micro anti spyware and
    >Ad-Subtract plus firewall, so I am curious, what got through and how?


    You are running windoze, and microsoft thought this service might be
    useful (in spite of the fact that the original service that has been
    available on UNIX for several decades earlier - and was routinely
    disabled just for this reason). They realize it's to hard for a dumb
    user to figure out how to enable this crap if needed, so they enabled
    it for you. Aren't you lucky.

    >What do I need to do, am running a full AV scan?


    Google for "messenger spam" and how to disable the service. It's some
    item on a pull-down menu somewhere - you don't need third party software
    to disable it.

    Old guy
     
    Moe Trin, Mar 23, 2007
    #10
  11. Quercus Robur

    Jim Watt Guest

    On Fri, 23 Mar 2007 15:33:34 +0100, Sebastian Gottschalk
    <> wrote:

    >Just give the user a CD full of JPEG pr0n, and his Windows XP with SP1 is
    >hosed.


    really ? can you support that statement.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Mar 23, 2007
    #11
  12. Quercus Robur

    Tx2 Guest

    In article <>, Jim Watt
    of _way, felt we'd be interested in the following...


    > On Fri, 23 Mar 2007 15:33:34 +0100, Sebastian Gottschalk
    > <> wrote:
    >
    > >Just give the user a CD full of JPEG pr0n, and his Windows XP with SP1 is
    > >hosed.

    >
    > really ? can you support that statement.


    Of course he can't. You can access porn quite safely without
    compromising your PC.


    --
    My reply address is invalid.
    Please post replies to the group.
    Messages sent via Google Groups are 'auto-ignored'
    XPS M1710 / 2.16 GHz dual core / 2Gb DDR2 / nVidia GeForce 7950GTX
     
    Tx2, Mar 23, 2007
    #12
  13. Tx2 wrote:

    > In article <>, Jim Watt
    > of _way, felt we'd be interested in the following...
    >
    >> On Fri, 23 Mar 2007 15:33:34 +0100, Sebastian Gottschalk
    >> <> wrote:
    >>
    >>>Just give the user a CD full of JPEG pr0n, and his Windows XP with SP1 is
    >>>hosed.

    >>
    >> really ? can you support that statement.

    >
    > Of course he can't. You can access porn quite safely without
    > compromising your PC.


    Actually it doesn't even need to be pr0n. Just browsing the content of a
    directory with JPEG or EMF images is already sufficient to exploit an
    unpatched (or even fully patched!) Windows XP SP1.

    How exactly should I support this statement? It's self-evident, since the
    EMF metadata buffer overflow has never been patched on XP SP1 and the JPEG
    Component Reorder Boundary Error hasn't even been publically documented
    (other than SlashDot and the Securityfocus mailing list).
     
    Sebastian Gottschalk, Mar 24, 2007
    #13
  14. From: "Quercus Robur" <>

    | My wife just turned on her computer and up popped a window stating "You need
    | to download XXX to clean up your computer. You have visited adult sites."
    | Of course we did not download.
    |
    | Now a) I don't use my wifes computer, and b) I don't visit A sites.
    |
    | My wife is PO'd
    |
    | We run Norton AV (always up to date), Trend Micro anti spyware and
    | Ad-Subtract plus firewall, so I am curious, what got through and how?
    |
    | What do I need to do, am running a full AV scan?
    |
    | Martin
    |

    Martin:

    What is the EXACT message. Please include what "download XXX" really is.
    If XXX is a URL, plesase obfuscate the URL by using hxxp:// instead of http:// in the
    posted URL.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Mar 24, 2007
    #14
  15. Quercus Robur

    Rick Merrill Guest

    Quercus Robur wrote:
    > My wife just turned on her computer and up popped a window stating "You need
    > to download XXX to clean up your computer. You have visited adult sites."

    ....


    QR that popup is itself the virus and a phish to get you to "download"!!!!

    Do not respond to the popup.

    I recommend SUPERantispyware and PCRescue and of course you
    already have an antivirus for your email, right?
     
    Rick Merrill, Mar 24, 2007
    #15
  16. Rick Merrill wrote:

    > Quercus Robur wrote:
    >> My wife just turned on her computer and up popped a window stating "You need
    >> to download XXX to clean up your computer. You have visited adult sites."

    > ...
    >
    > QR that popup is itself the virus and a phish to get you to "download"!!!!
    >
    > Do not respond to the popup.
    >
    > I recommend SUPERantispyware and PCRescue


    Ehm... it seems like the computer is already infected. Or it's simply
    Windows Messenger spam. In any case, this software is useless. Just like in
    any other case.

    > and of course you already have an antivirus for your email, right?


    Eh... of course not!
     
    Sebastian Gottschalk, Mar 24, 2007
    #16
  17. On Sat, 24 Mar 2007 13:44:05 -0400, Rick Merrill wrote:

    > Quercus Robur wrote:
    >> My wife just turned on her computer and up popped a window stating "You need
    >> to download XXX to clean up your computer. You have visited adult sites."

    > ...
    >
    > QR that popup is itself the virus and a phish to get you to "download"!!!!
    >
    > Do not respond to the popup.
    >
    > I recommend SUPERantispyware and PCRescue and of course you
    > already have an antivirus for your email, right?
    >


    Does anyone else tire of the "Anti-spyware, anti-virus, anti-adware"
    mantra? :)

    Of course, those are regular components of daily life for Windows users,
    so I guess it doesn't really matter if they tire of it or not. It is
    still a pain.

    All you really need are a pop-up blocker (Firefox has one built-in that is
    reasonably good--and you can pretty easily get an ad-blocker for it, too,
    that prevents a good deal more of crud from being able to get in), a
    decent anti-virus program (AVG Free does a decent job and also detects
    many types of malware), and HijackThis, which is a Windows utility to help
    find things that have installed themselves into places like the Windows
    registry.

    You can eliminate two-thirds of that stuff if you don't use DOS or Windows,
    by the way. (DOS viruses are pretty much out of circulation, but they are
    still possible.)

    -- Mike
     
    Michael B. Trausch, Mar 25, 2007
    #17
  18. Quercus Robur

    Leythos Guest

    On Sun, 25 Mar 2007 09:08:00 -0500, Michael B. Trausch wrote:

    > All you really need are a pop-up blocker (Firefox has one built-in that is
    > reasonably good--and you can pretty easily get an ad-blocker for it, too,
    > that prevents a good deal more of crud from being able to get in), a
    > decent anti-virus program (AVG Free does a decent job and also detects
    > many types of malware), and HijackThis, which is a Windows utility to help
    > find things that have installed themselves into places like the Windows
    > registry.


    All you really need is to secure the machine and install a firewall for
    the internet connections that filters crap out of HTTP, HTTPS, SMTP, POP3,
    FTP sessions and 99% of the Windows people will be free from trouble.


    --
    Leythos
    (remove 999 for proper email address)
     
    Leythos, Mar 25, 2007
    #18
  19. On Sun, 25 Mar 2007 09:14:14 -0500, Leythos wrote:

    > On Sun, 25 Mar 2007 09:08:00 -0500, Michael B. Trausch wrote:
    >
    >> All you really need are a pop-up blocker (Firefox has one built-in that is
    >> reasonably good--and you can pretty easily get an ad-blocker for it, too,
    >> that prevents a good deal more of crud from being able to get in), a
    >> decent anti-virus program (AVG Free does a decent job and also detects
    >> many types of malware), and HijackThis, which is a Windows utility to help
    >> find things that have installed themselves into places like the Windows
    >> registry.

    >
    > All you really need is to secure the machine and install a firewall for
    > the internet connections that filters crap out of HTTP, HTTPS, SMTP, POP3,
    > FTP sessions and 99% of the Windows people will be free from trouble.
    >


    Software firewalls aren't that effective, particularly when they are
    running on the machine that they're designed to protect. If one must run
    Windows, all that is really needed is a little bit of thought and the three
    programs that I mentioned above. Most Windows users are sitting behind a
    NAT, which takes care of blocking incoming connections, and those that
    aren't behind a NAT, probably should be.

    Also, you can't really filter HTTPS through a firewall. You would need a
    proxy for that, because all the firewall would see is a stream of
    encrypted packets. Systems should be secure enough, anyway, to not
    require filtration of the protocols that people use on the
    Internet, anyway.

    -- Mike
     
    Michael B. Trausch, Mar 25, 2007
    #19
  20. Quercus Robur

    Leythos Guest

    On Sun, 25 Mar 2007 09:23:59 -0500, Michael B. Trausch wrote:

    > On Sun, 25 Mar 2007 09:14:14 -0500, Leythos wrote:
    >
    >> On Sun, 25 Mar 2007 09:08:00 -0500, Michael B. Trausch wrote:
    >>
    >>> All you really need are a pop-up blocker (Firefox has one built-in that is
    >>> reasonably good--and you can pretty easily get an ad-blocker for it, too,
    >>> that prevents a good deal more of crud from being able to get in), a
    >>> decent anti-virus program (AVG Free does a decent job and also detects
    >>> many types of malware), and HijackThis, which is a Windows utility to help
    >>> find things that have installed themselves into places like the Windows
    >>> registry.

    >>
    >> All you really need is to secure the machine and install a firewall for
    >> the internet connections that filters crap out of HTTP, HTTPS, SMTP, POP3,
    >> FTP sessions and 99% of the Windows people will be free from trouble.
    >>

    >
    > Software firewalls aren't that effective, particularly when they are
    > running on the machine that they're designed to protect. If one must run
    > Windows, all that is really needed is a little bit of thought and the three
    > programs that I mentioned above. Most Windows users are sitting behind a
    > NAT, which takes care of blocking incoming connections, and those that
    > aren't behind a NAT, probably should be.


    You misunderstood - I don't consider software solutions running on
    non-dedicated servers to be firewalls. I was speaking of a firewall
    appliance, although I could have better stated that.

    NAT appliances don't filter HTTP, HTTPS, SMTP, POP3 or FTP content, but a
    firewall with those as proxy services can remove content.

    > Also, you can't really filter HTTPS through a firewall. You would need a
    > proxy for that, because all the firewall would see is a stream of
    > encrypted packets. Systems should be secure enough, anyway, to not
    > require filtration of the protocols that people use on the
    > Internet, anyway.


    Many firewalls have HTTPS proxy services, but you are completely correct,
    most would not be able to filter content in HTTPS.

    --
    Leythos
    (remove 999 for proper email address)
     
    Leythos, Mar 25, 2007
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Doug
    Replies:
    9
    Views:
    724
  2. Boz

    Nasty dialer

    Boz, Apr 7, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    518
  3. william en manon scheffer

    Nasty pop up

    william en manon scheffer, Jan 7, 2005, in forum: Computer Support
    Replies:
    8
    Views:
    771
    Eli Aran
    Jan 8, 2005
  4. william en manon scheffer

    Nasty Pop Up's

    william en manon scheffer, Jan 7, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    571
    Annette Kurten
    Jan 7, 2005
  5. Alasdair Baxter

    The Bear Turns Nasty

    Alasdair Baxter, Mar 22, 2005, in forum: Computer Support
    Replies:
    4
    Views:
    502
Loading...

Share This Page