I need help with nasty virus? I got while scambaiting.

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Posted: Tue Nov 06, 2007 10:39 pm

Some site I looked at yesterday has messed up my McAfee. It tells me the sigfile is old, but when I attempt to update, there is no update available. Also, McAfee Site Advisor is not functioning. It claims there is a communication problem. I try to contact McAfee, but I can't get anyone. I obviously am not doing something right.

Can anyone help?

Posted: Tue Nov 06, 2007 10:45 pm

Moved here. (From Main Scambaiting to General Chat)

Baiting Guru Joined: 31 Jan 2007 Posts: 12237

I hate to sound facetious but I would recommend dumping McAfee. I used it for several years and had had nothing but problems with it. A total reinstall was the usual recommendation from their customer "support".

If you do choose to dump them, good luck getting all of their software off your computer. It took me over a month to hunt down all the hidden bits that they placed on my HD.

I switched to AVG (Paid version with firewall) a little over a year ago and have never looked back.

Hopefully someone can come along and give advice to your specific problem, but I just wanted to share what worked for me.

Edit: I would also suggest doing a few adware/spyware scans. What OS and browser are you running? Also, did you download anything from the "suspected" site or execute an .exe file in some other way? Just viewing a site usually will not download a nasty, especially if you are running Firefox. If you are using IE, there is a possibility that some bad JS may have run and dropped something on your system.

What makes you sure that the visited site crashed your AV?

Well, ill let you give some more detail and I am sure we can figure it out.

Welcome BTW.

Posted: Tue Nov 06, 2007 11:02 pm

Thanks for your reply. I've never had any problems with McAfee before, I'm surprised now, frankly.

I'm using IE6 and Windoze xp.

Posted: Tue Nov 06, 2007 11:03 pm

I don't think we deal with that on this site, unfortunately. We just play mind games with the guys who play off a "get rich quick" syndrome and scam people over e-mail, and other anti-scam sites handle the phishing/malware scams.

I'm not a security specialist, but I do chase around malicious sites on occasion (a little more than scammers, but I'm not getting a lot of their mail anymore, so go figure). Send me a private message with a link to the site and I'll check it out (don't post it here, or someone might accidentally click the link). I load malicious pages in experimental environments all the time, and can probably tell you personally if it's malicious.

You can submit malicious pages at mirt (link below) or do a lookup/whois inquiry on the IP address to figure out who is hosting it, then send an abuse report to the ISP. Here is the link:
http://www.castlecops.com/mirt

Also, if the site looked like a Halloween theme'd page (or, depending on when you saw it, a "psycho kitty cat ecard"), then it's most likely a worm/trojan, specifically the storm worm, which is what I believe was used to attack our site. Another way to tell is if the link is an IP address (example: http://xxx.xxx.xxx.xxx/ , where xxx is any number from 0 to 255, different for each position), Finally, most of these links come from spam.

Moderators, let me know if any of my action inappropriate, as I'm not entirely sure. If it were me, I'd want some sort of feedback, and I personally chase these around independently anyway, so I'd really like to check it out.

Posted: Tue Nov 06, 2007 11:05 pm

Oh, by the way, I have an enterprise version of McAfee, among a few others. It can be pretty bad when it comes to threats at times, but the access control isn't too bad, unless you rely on the scanner.

Posted: Tue Nov 06, 2007 11:11 pm

For really tough viruses, I've always used what was formerly Ewido Anti-Spyware; it's now AVG Anti-Spyware. I had some friends who had viruses on their computer that withstood both McAfee and Norton. After I hit it with Ewido and removed (get this) 12,000 infected files, it was perfectly clean.

Just use the 30 day trial. Good luck!

Baiting Guru Joined: 31 Jan 2007 Posts: 12237

My first step would be to install Firefox and NoScript. (Both Free)

Dump Mcafee and get AVG (Free) and do a scan.

Download Adware SE and SpyBot S&D and run a scan with both. (Both are free)

And go from there.

I can PM all 4 links if needed, but just type them onto the Google and they will lead you there.

I have some more fancy detection tools on the second page here...

http://bravodelta.servemp3.com/viewtopic.php?t=117865

They are a bit more technical, So your mileage may vary depending on how computer savvy you are.

Posted: Tue Nov 06, 2007 11:18 pm

I'm not sure about how good the different anti-viruses are. I had some failures on the part of McAfee, but everything else failed too. Eventually AVG picked up the ball.

Second, if it's spyware/adware (super-slow computer and/or pop-ups everywhere), SpyBot S&D and Ad-Aware Free Version are good at cleaning it out, and both are free.

Baiting Guru Joined: 31 Jan 2007 Posts: 12237

^^^There are 2 of the links I mentioned.

Here are the other 2.

http://www.mozilla.com/en-US/firefox/

http://noscript.net/

Edit: Waits for the first person to post "... or get a Mac" Laughing

Posted: Tue Nov 06, 2007 11:25 pm

wingman wrote:

... nasty virus? I got while scambaiting. ... Some site I looked at yesterday ...

Huh? Were you baiting a pr0n spammer? Confused

Baiting Guru Joined: 31 Jan 2007 Posts: 12237

^^^

I didn't want to be the first ask...

Posted: Tue Nov 06, 2007 11:31 pm

Quote:

"I need help with nasty virus? I got while scambaiting".

What a strange topic title.
What the hell has scambaiting got to do with you getting a virus?

Why didn't you entitle your thread "I got a virus"
Keep it simple and you may even get simple and straightforward responses.

Posted: Tue Nov 06, 2007 11:38 pm

In response to what Pastor Frank says, don't worry too much about removing McAfee yet, unless it interferes with the other ones. Just worry about cleaning off the crapware (if any). If you uninstall McAfee, you'll have to wait a while for it to finish (time better spent running a scan with something else), then you'll have to restart the computer. Plus, you might have to deal with the residue from McAfee's framework service.
Edit: McAfee can have very poor customer service. It doesn't mean you're doing anything wrong.

You say you're running Internet Explorer 6? Seriously, use Firefox instead. Internet Explorer, especially version 6 (more so if you have ActiveX enabled) is just asking for trouble. Firefox (especially if it has NoScript) is far more secure. Always use protection when surfing.

kleindoofy, it doesn't necessarily have to be p0rn. Signing up for the shuttle got me a whole bunch of viral e-mail, usually with links to a (non-p0rn) site that has a well-done exploit. The Storm Worm, which is what I think was responsible for the DoS, usually operates that way, and by my experience, it can be very good at disabling anti-virus software, if it runs first.

Posted: Tue Nov 06, 2007 11:40 pm

I'm pretty sure I got it while checking out a PayPal phishing site.

Off to try the scan suggested.

Baiting Guru Joined: 31 Jan 2007 Posts: 12237

^^^If one is dumb enough to open the attachment.

Posted: Tue Nov 06, 2007 11:44 pm

^^^^

Pastor Frank wrote:

^^^

I didn't want to be the first ask...

Ditto.

Posted: Tue Nov 06, 2007 11:47 pm

wingman wrote:

I'm pretty sure I got it while checking out a PayPal phishing site

So . . . . . . . . back to my previous post . . . . . . why the " . . . . I got while scambaiting" suggestion?
What has scambaiting got to do with your problem?

Baiting Guru Joined: 31 Jan 2007 Posts: 12237

Or try this.

kleindoofy wrote:

Wrap, crush, and tape

Posted: Tue Nov 06, 2007 11:54 pm

You could say the same thing about scammers' victims' stupidity for sending Western Union money orders, but it doesn't help the matter much. Many computer users don't think anything about their anti-virus suddenly ceasing to function, or don't want to say anything out of embarrassment, or some combination of the 2. I don't think it's really very nice to call someone dumb when they come looking for help, however off topic it may be. If I had a virus (and weren't running experiments on them) or got scammed, then I certainly wouldn't want to get called that when I asked for help. No offense, that's just my personal view. Feel free to take it or leave it.

Getting a virus off a PayPal phishing site doesn't make much sense. e-mail attachments maybe, and I'd suspect a keylogger if that same e-mail had an attachment, but I couldn't really say unless I personally got the e-mail, or at least knew which site it was.

Posted: Tue Nov 06, 2007 11:57 pm

I don't open attachments unless I know the person in RL. I haven't opened any attachments in weeks.

I suspect an Active X or something similar snuck in.

Posted: Wed Nov 07, 2007 12:02 am

^^ Right! That explains the "I got while scambaiting." part of your title!

You were busy scam-baiting, totally distracted, and an Active X control sneaked in there while you weren't looking. Of course!

Posted: Wed Nov 07, 2007 12:05 am

Jesus H Christ. Sorry I asked.

I never had any problems before I started playing around with these scammers, and OBVIOUSLY I wasn't sufficiently protected. I'm trying to fix it, and all you ^$%$# want to do is give me a hard time about how I posed the GD question....

Baiting Guru Joined: 19 Mar 2007 Posts: 2628

I usually use AVG free ( grisoft ) but try Avast
Its also free and the one good thing about it is that the first time you use Avast it will go through the screening before windows boots up.

Some viruses are nasty in that they get in and disable your security then stop you getting onto any site that may help get rid of them.

I also have firewall ( PC tools ) and Spybot S D on my main pc

Posted: Wed Nov 07, 2007 12:16 am

^---<<re-emphasizes my point about calling someone dumb when they ask for help>>

wingman, I sent you a private message asking for some more details. Though I think the many scanners pointed to earlier have a decent shot at fixing the problem. I can't tell what it is unless I can look at it.

I think the title was just from a confused Windows user who isn't sure why their anti-virus stopped working, and rightfully suspects foul-play online. However, wingman, malware is rarely connected to 419 scamming. Identity theft maybe, but most of the scammers we deal with are just stupid guys sending out mass e-mails with horrible grammar convincing some fraction, however small, to send them money to "get rich", not the ones who write viruses or create phishing sites. Some create fake sites of their own (not the same as phishing) to help them trick users, or otherwise get information, but I've never seen any that distributed viruses.

I hope nobody is offended by anything I said.

I need help with nasty virus? I got while scambaiting.	View next topic View previous topic