This forum is in permanent archive mode. Our new active community can be found here.

Don't Use Anti-Virus Software

2456710

Comments

  • Screw you Scott. I probably could give you full access to my entire system, demonstrate it in every conceivable way that I didn't do anything wrong, and you'd still tell me I did something I shouldn't have.

    Anyway, Malwarebytes found the problem and eliminated it. Only thing I had to do in addition was to move the files the shitty program moved away.
    Yet, you were infected. After some cursory research, I found the specific attack vector most commonly used for the SmartHDD that you say you had been infected with.
    Unfortunately, these type of malware attacks are difficult to keep up with because they trick you into letting them install. They usually come from an infected web site, and usually through an advertisement. You get a pop-up from the infection and you click it to close the pop-up - which allows the infection to install. They can also be delivered in a "drive-by" fashion with no action needed by the user due to the system being unpatched, no matter what security software is running.
    I all likelihood you were either not completely up to date, or you went to a shady web site and clicked the wrong thing. You thought you were closing an evil pop-up, but actually letting it through.
  • 1. Install Adblock.
    2. Uninstall Java if you have it (unless you need it).
    3. Stay super on top of Adobe Reader updates
    4. Run Microsoft Security Essentials
    5. Never visit song lyric sites.
    6. Never install warez or "shareware"
    7. If an ad makes its way through adblock, NEVER click on it.
    8. If someone emails or SMSs you a link, NEVER click on it.

    Did you break any of those rules?
    1. I have adblock installed.
    2. I have Java installed because I occasionally code a program with it for private use. Haven't done it in a while though and might uninstall it. I do keep up with the updates though.
    3. I do that.
    4. I do that.
    5. I occasionally do that but only with sites I have visited before and have not encountered a problem on.
    6. I never do that.
    7. I never do that.
    8. I never do that unless from a trusted source and usually not unless I've visited the site before.


    See Scott, at least somebody is actually helpful rather than just simply assuming fault and starting to berate.
  • On item 5, those sites themselves aren't the problem: the ads they host are. They sometimes host these ads locally though, so adblock will miss them. The ads change, so just because it was safe once doesn't mean it will be safe again.

    Also, most malware doesn't make any visible indication of an infection immediately. You've probably been infected for a while.

    Are you absolutely sure you haven't clicked on any popups or the like? As Scott noted, that's the primary infection vector for this particular thing.

    Firefox or Chrome? Most up to date version?
  • No, I didn't click on anything unusual, and I also haven't opened any ads. I use Firefox and I have Adblock Plus which doesn't even let me encounter any ads.

    I really have no clue how I got it.
  • I'm going to be blunt. Most of the time, when someone says "never" in response to these questions, it is not actually "never," but simply "almost never."

    Most likely, you did indeed visit a shady site and had an unpatched vulnerability. Java is indeed a likely vector. You should have the plugin enabled only for a browser you use locally, and not for the browser you use on the Internet.

    It is also likely to have been bundled with something else you installed. Think hard. Have you installed ANY software of any kind in the last six months.

    Finally, are you running as an administrator?
  • Did you let anyone other than you use your computer? Did you lock it every single time you walked away from it?
  • I have only gotten malware twice. Once I got it from clicking on a picture of a pokemon in google image search, and then again from clicking on another picture. Both times it was the fake "Windows Security" scam.
    Rym and Scott made me feel bad about it, but clicking on google images seemed pretty innocuous. The important thing is that once you are infected, you realize you are and take the appropriate measures to deal with the thing. Also, always keep a backup.
  • The Internet is a dark place willed with malware.

    GIS is indeed pretty dangerous unless you're completely up to date with your software.
  • Coincidence, here is a guy who is trying to malware you.

    http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/

    Smart guy, knows Rainbow Dash is best pony. Also knows you should use Flashblock in addition to AdBlock.
  • I am the only person using this laptop and I didn't install any new software. The only thing I can think of is that a couple of weeks ago my mom asked me to look up and print a recipe for her. I didn't see any ads on that site and I didn't click on anything on the site, but that is the only unusual and unprecedented behavior I can remember.
  • edited May 2012
    Screw you Scott. I probably could give you full access to my entire system, demonstrate it in every conceivable way that I didn't do anything wrong, and you'd still tell me I did something I shouldn't have.

    Anyway, Malwarebytes found the problem and eliminated it. Only thing I had to do in addition was to move the files the shitty program moved away.
    Yet, you were infected. After some cursory research, I found the specific attack vector most commonly used for the SmartHDD that you say you had been infected with.
    Unfortunately, these type of malware attacks are difficult to keep up with because they trick you into letting them install. They usually come from an infected web site, and usually through an advertisement. You get a pop-up from the infection and you click it to close the pop-up - which allows the infection to install. They can also be delivered in a "drive-by" fashion with no action needed by the user due to the system being unpatched, no matter what security software is running.
    I all likelihood you were either not completely up to date, or you went to a shady web site and clicked the wrong thing. You thought you were closing an evil pop-up, but actually letting it through.
    Ctrl+Alt+Del -> End broswer process. I think a Flash program could still expect you to do this and map to those keys, but they would need focus.
    Post edited by MATATAT on
  • On item 5, those sites themselves aren't the problem: the ads they host are. They sometimes host these ads locally though, so adblock will miss them. The ads change, so just because it was safe once doesn't mean it will be safe again.
    Now-a-days, I just visit them on my phone. It's perfectly safe (for now).
  • I like to browse the web with an outdated version of IE. I browse warez sitez and sketchy foreign porn aggregators exclusively. The problem with all these protection measures is that you never let your computer build up any virus immunity!
  • I like to browse the web with an outdated version of IE. I browse warez sitez and sketchy foreign porn aggregators exclusively. The problem with all these protection measures is that you never let your computer build up any virus immunity!
    If you programmed something that actually worked like a biological immune system for a digital computer, you would be the richest.
  • Wouldn't you be better off building a self mutating virus?
  • If you are going to do anything sketchy, do it in a virtual machine.
  • I like to browse the web with an outdated version of IE. I browse warez sitez and sketchy foreign porn aggregators exclusively. The problem with all these protection measures is that you never let your computer build up any virus immunity!
    If you programmed something that actually worked like a biological immune system for a digital computer, you would be the richest.
    Great, then before you know it, there'll be computer AIDS.
  • Great, then before you know it, there'll be computer AIDS.
    Wouldn't that be a rootkit?

  • edited May 2012
    If you programmed something that actually worked like a biological immune system for a digital computer, you would be the richest.
    Coincidentally, I just found this article in my google reader feed.
    Post edited by Pegu on
  • edited May 2012
    Coincidence, here is a guy who is trying to malware you.

    http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/

    Smart guy, knows Rainbow Dash is best pony. Also knows you should use Flashblock in addition to AdBlock.
    Yeah, this is something I just started to do; it's nice how that functionality is just a setting in Chrome, too.

    Also, I've never liked Adobe Reader; I've been using Sumatra PDF instead for a while now.
    Post edited by lackofcheese on
  • Great, then before you know it, there'll be computer AIDS.
    Wouldn't that be a rootkit?
    Pretty much, yeah. Good thinking.
    Yeah, this is something I just started to do; it's nice how that functionality is just a setting in Chrome, too.
    I checked my add-ons, and was surprised to see I actually had Flashblock. I would actually like to see it incorporated into Firefox as well.
    Also, I've never liked Adobe Reader; I've been using Sumatra PDF instead for a while now.
    Adobe Reader, for when you want a bloated, buggy security vulnerability! Evince for me, much, much better.
  • Who needs anti-virus software, anyway?

    image
  • Also knows you should use Flashblock in addition to AdBlock.
    Yeah, this is something I just started to do; it's nice how that functionality is just a setting in Chrome, too.
    Is it? I'll need to check my Chrome settings then. I'm still using a Flashblock extension, but it's a bit flaky sometimes.
    Also, I've never liked Adobe Reader; I've been using Sumatra PDF instead for a while now.
    Sumatra PDF for the win. I keep Adobe Reader around but only for printing (hence I use it once in a blue moon). This is because at some point in the past, the Sumatra docs said it sometimes had issues printing since it basically just renders a high resolution bitmap and punts that to your printer, as opposed to the more optimized technique Adobe Reader does where it will send the fonts, vector graphics, etc., and so on to your printer driver and let it sort it out (this is why Sumatra has an "Open in Adobe Reader" menu option, I believe).

    Also, back in the day, I used to use Lynx (or Links, or Elinks, or whatever derivative is out there) to visit sketchy sites. Nothing like security through lack of functionality! :) Although, if a site targets your IP address directly and not your browser (assuming it can get by your firewall, etc.), that still won't help that much.
  • Just search for Sumatra PDF. You trust that shady looking site?
  • Just search for Sumatra PDF. You trust that shady looking site?
    It looks no shadier than a SourceForge site to me. The yellow is a bit eye-razory, and the URL is shady as shit, but the design of the site isn't that shady to me.
  • Just search for Sumatra PDF. You trust that shady looking site?
    It looks no shadier than a SourceForge site to me. The yellow is a bit eye-razory, and the URL is shady as shit, but the design of the site isn't that shady to me.
    You need to fix your shade-dar.
  • Apreche, could you please explain what you find shady about a mostly empty white and yellow page with a single google ad?
  • Extreme lack of information. Nonexistent graphic design. And did you even look at that forum? And while it is a single Google ad, the Google ad is display ads for shady things with fake download buttons for "100% Free Video Converter." I guess that is the sort of thing google thinks is relevant to a free PDF reader. I agree. Both are very similar.
  • The ad only tells me to download Chrome. That aside, you're seeing ghosts. The forum is as barebones and simple as these, and there's about as much information and graphics design on the homepage as on Google.com.
  • edited May 2012
    Sure, the graphic design is a little poor and a little shady-looking, and their forum is terrible, but that doesn't change the fact that it's the best PDF reader I've used.

    As for the amount of information, though, it seems to me that that's exactly what ought to be there. Besides, you can always just get the source code from their Google Code project instead of visiting the site, if you like.
    Post edited by lackofcheese on
Sign In or Register to comment.