Screw you Scott. I probably could give you full access to my entire system, demonstrate it in every conceivable way that I didn't do anything wrong, and you'd still tell me I did something I shouldn't have.
Anyway, Malwarebytes found the problem and eliminated it. Only thing I had to do in addition was to move the files the shitty program moved away.
Yet, you were infected. After some cursory research, I found the specific attack vector most commonly used for the SmartHDD that you say you had been infected with.
Unfortunately, these type of malware attacks are difficult to keep up with because they trick you into letting them install. They usually come from an infected web site, and usually through an advertisement. You get a pop-up from the infection and you click it to close the pop-up - which allows the infection to install. They can also be delivered in a "drive-by" fashion with no action needed by the user due to the system being unpatched, no matter what security software is running.
I all likelihood you were either not completely up to date, or you went to a shady web site and clicked the wrong thing. You thought you were closing an evil pop-up, but actually letting it through.
1. Install Adblock. 2. Uninstall Java if you have it (unless you need it). 3. Stay super on top of Adobe Reader updates 4. Run Microsoft Security Essentials 5. Never visit song lyric sites. 6. Never install warez or "shareware" 7. If an ad makes its way through adblock, NEVER click on it. 8. If someone emails or SMSs you a link, NEVER click on it.
Did you break any of those rules?
1. I have adblock installed. 2. I have Java installed because I occasionally code a program with it for private use. Haven't done it in a while though and might uninstall it. I do keep up with the updates though. 3. I do that. 4. I do that. 5. I occasionally do that but only with sites I have visited before and have not encountered a problem on. 6. I never do that. 7. I never do that. 8. I never do that unless from a trusted source and usually not unless I've visited the site before.
See Scott, at least somebody is actually helpful rather than just simply assuming fault and starting to berate.
On item 5, those sites themselves aren't the problem: the ads they host are. They sometimes host these ads locally though, so adblock will miss them. The ads change, so just because it was safe once doesn't mean it will be safe again.
Also, most malware doesn't make any visible indication of an infection immediately. You've probably been infected for a while.
Are you absolutely sure you haven't clicked on any popups or the like? As Scott noted, that's the primary infection vector for this particular thing.
No, I didn't click on anything unusual, and I also haven't opened any ads. I use Firefox and I have Adblock Plus which doesn't even let me encounter any ads.
I'm going to be blunt. Most of the time, when someone says "never" in response to these questions, it is not actually "never," but simply "almost never."
Most likely, you did indeed visit a shady site and had an unpatched vulnerability. Java is indeed a likely vector. You should have the plugin enabled only for a browser you use locally, and not for the browser you use on the Internet.
It is also likely to have been bundled with something else you installed. Think hard. Have you installed ANY software of any kind in the last six months.
I have only gotten malware twice. Once I got it from clicking on a picture of a pokemon in google image search, and then again from clicking on another picture. Both times it was the fake "Windows Security" scam. Rym and Scott made me feel bad about it, but clicking on google images seemed pretty innocuous. The important thing is that once you are infected, you realize you are and take the appropriate measures to deal with the thing. Also, always keep a backup.
I am the only person using this laptop and I didn't install any new software. The only thing I can think of is that a couple of weeks ago my mom asked me to look up and print a recipe for her. I didn't see any ads on that site and I didn't click on anything on the site, but that is the only unusual and unprecedented behavior I can remember.
Screw you Scott. I probably could give you full access to my entire system, demonstrate it in every conceivable way that I didn't do anything wrong, and you'd still tell me I did something I shouldn't have.
Anyway, Malwarebytes found the problem and eliminated it. Only thing I had to do in addition was to move the files the shitty program moved away.
Yet, you were infected. After some cursory research, I found the specific attack vector most commonly used for the SmartHDD that you say you had been infected with.
Unfortunately, these type of malware attacks are difficult to keep up with because they trick you into letting them install. They usually come from an infected web site, and usually through an advertisement. You get a pop-up from the infection and you click it to close the pop-up - which allows the infection to install. They can also be delivered in a "drive-by" fashion with no action needed by the user due to the system being unpatched, no matter what security software is running.
I all likelihood you were either not completely up to date, or you went to a shady web site and clicked the wrong thing. You thought you were closing an evil pop-up, but actually letting it through.
Ctrl+Alt+Del -> End broswer process. I think a Flash program could still expect you to do this and map to those keys, but they would need focus.
On item 5, those sites themselves aren't the problem: the ads they host are. They sometimes host these ads locally though, so adblock will miss them. The ads change, so just because it was safe once doesn't mean it will be safe again.
Now-a-days, I just visit them on my phone. It's perfectly safe (for now).
I like to browse the web with an outdated version of IE. I browse warez sitez and sketchy foreign porn aggregators exclusively. The problem with all these protection measures is that you never let your computer build up any virus immunity!
I like to browse the web with an outdated version of IE. I browse warez sitez and sketchy foreign porn aggregators exclusively. The problem with all these protection measures is that you never let your computer build up any virus immunity!
If you programmed something that actually worked like a biological immune system for a digital computer, you would be the richest.
I like to browse the web with an outdated version of IE. I browse warez sitez and sketchy foreign porn aggregators exclusively. The problem with all these protection measures is that you never let your computer build up any virus immunity!
If you programmed something that actually worked like a biological immune system for a digital computer, you would be the richest.
Great, then before you know it, there'll be computer AIDS.
Also knows you should use Flashblock in addition to AdBlock.
Yeah, this is something I just started to do; it's nice how that functionality is just a setting in Chrome, too.
Is it? I'll need to check my Chrome settings then. I'm still using a Flashblock extension, but it's a bit flaky sometimes.
Also, I've never liked Adobe Reader; I've been using Sumatra PDF instead for a while now.
Sumatra PDF for the win. I keep Adobe Reader around but only for printing (hence I use it once in a blue moon). This is because at some point in the past, the Sumatra docs said it sometimes had issues printing since it basically just renders a high resolution bitmap and punts that to your printer, as opposed to the more optimized technique Adobe Reader does where it will send the fonts, vector graphics, etc., and so on to your printer driver and let it sort it out (this is why Sumatra has an "Open in Adobe Reader" menu option, I believe).
Also, back in the day, I used to use Lynx (or Links, or Elinks, or whatever derivative is out there) to visit sketchy sites. Nothing like security through lack of functionality! Although, if a site targets your IP address directly and not your browser (assuming it can get by your firewall, etc.), that still won't help that much.
Just search for Sumatra PDF. You trust that shady looking site?
It looks no shadier than a SourceForge site to me. The yellow is a bit eye-razory, and the URL is shady as shit, but the design of the site isn't that shady to me.
Just search for Sumatra PDF. You trust that shady looking site?
It looks no shadier than a SourceForge site to me. The yellow is a bit eye-razory, and the URL is shady as shit, but the design of the site isn't that shady to me.
Extreme lack of information. Nonexistent graphic design. And did you even look at that forum? And while it is a single Google ad, the Google ad is display ads for shady things with fake download buttons for "100% Free Video Converter." I guess that is the sort of thing google thinks is relevant to a free PDF reader. I agree. Both are very similar.
The ad only tells me to download Chrome. That aside, you're seeing ghosts. The forum is as barebones and simple as these, and there's about as much information and graphics design on the homepage as on Google.com.
Sure, the graphic design is a little poor and a little shady-looking, and their forum is terrible, but that doesn't change the fact that it's the best PDF reader I've used.
As for the amount of information, though, it seems to me that that's exactly what ought to be there. Besides, you can always just get the source code from their Google Code project instead of visiting the site, if you like.
Comments
2. I have Java installed because I occasionally code a program with it for private use. Haven't done it in a while though and might uninstall it. I do keep up with the updates though.
3. I do that.
4. I do that.
5. I occasionally do that but only with sites I have visited before and have not encountered a problem on.
6. I never do that.
7. I never do that.
8. I never do that unless from a trusted source and usually not unless I've visited the site before.
See Scott, at least somebody is actually helpful rather than just simply assuming fault and starting to berate.
Also, most malware doesn't make any visible indication of an infection immediately. You've probably been infected for a while.
Are you absolutely sure you haven't clicked on any popups or the like? As Scott noted, that's the primary infection vector for this particular thing.
Firefox or Chrome? Most up to date version?
I really have no clue how I got it.
Most likely, you did indeed visit a shady site and had an unpatched vulnerability. Java is indeed a likely vector. You should have the plugin enabled only for a browser you use locally, and not for the browser you use on the Internet.
It is also likely to have been bundled with something else you installed. Think hard. Have you installed ANY software of any kind in the last six months.
Finally, are you running as an administrator?
Rym and Scott made me feel bad about it, but clicking on google images seemed pretty innocuous. The important thing is that once you are infected, you realize you are and take the appropriate measures to deal with the thing. Also, always keep a backup.
GIS is indeed pretty dangerous unless you're completely up to date with your software.
http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/
Smart guy, knows Rainbow Dash is best pony. Also knows you should use Flashblock in addition to AdBlock.
Also, I've never liked Adobe Reader; I've been using Sumatra PDF instead for a while now.
Also, back in the day, I used to use Lynx (or Links, or Elinks, or whatever derivative is out there) to visit sketchy sites. Nothing like security through lack of functionality!
As for the amount of information, though, it seems to me that that's exactly what ought to be there. Besides, you can always just get the source code from their Google Code project instead of visiting the site, if you like.