Malware infected AGAIN!
Yes, I know this is a double post, kinda. I just wanted to let the powers that be know that I actually was infected by a virus that I speculate may have been from MGoBlog, as it popped up as soon as I visited the site and locked down my PC. I've seen posts on this topic, and my antivirus has picked up threats in the past.
Today, somehow, it got past my McAfee. It popped up a fake antimalware program. I'm in IT, so I've seen similar things. Luckily, I was able to establish it as 'conhost.exe'. It was a file located in the App Data folder in my Docs and Settings user folder. I was able to log in as another technician in safe mode and delete my user folder. I'm logged in as myself now and everything seems fine. I'm running MBAM right now to see if anything is left over. Just a heads up. I'm sure you guys are looking into it.
Update:
So I came back to check this thread, and wouldn't you know it, the damn thing hits me again. Stupid me for thinking it was an isolated incident. I guess I'm the clinical definition of crazy. I'm posting this in Safe Mode with Networking. I'm not going to revisit this site from my PC again for a few weeks, to give you guys a chance to fix this stuff. We don't have access to Internet Options on my work PC, as they think we will bypass the proxy, so I cannot ratchet up my security settings to adjust for this.
So MGoBlog, goodbye for now. If fate is on our side, I will be back some day. Probably around when fall practice starts...
I had the same issue last evening and this morning.
mcafee and norton are second rate to BitDefender. Ive had a PC for years and have never had a virus slip the virus screen without getting quarantined
Luckily for us, no need to fall back onto anecdotal experiences.
http://www.av-comparatives.org/en/comparativesreviews/summary-reports
Which shows that Norton is pretty much spot on even with BitDefender. McAfee... yeah, not so much :) (Norton made a complete 180 a few years ago. It's extremely solid now.)
not entirely sure if I am missing something, but I dont see Norton evaluated.
Symantic = Norton :)
care for Mcafee either. It seems to let in stuff that other antivirus stop.
The malware is causing double posts now?
Malware is getting tricky...
A very common Malware attack these days comes through Java. That's why NoScript is such a nice little browser add-on to have. It blocks all Java unless you change settings, and allow Java to be used.
LOOK if you never listen to me about anything, listen to me right now. I use the paid version of malwarebytes which costs around $20. At the same time I also run AVG anti-virus which I think I picked up a 2 year licesnse for about $70.
I surf tons of questionable content on the net. I download shit all day, I come to MGo whenever I want and I've never had a problem with malware. So for $90 you can do anything you want online. Pretty good deal imhe
Fit you so well?
Yeah I get what you're saying, but no one can say I'm not fun
A criticism. Just an observation.
I didn't take it as a criticism. M-Wolve Imma give you an explanation for why I sometimes act like I do on MGo.
You have all of these "die-hard" MICH fans but at the first sign of adversity ~75% of em act like the world is ending. I spent a lot of time around these parts, and never once have I ever said a bad word about a MICH player or corch, or hell any college kids for that matter. The same cannot be said for a lot of the posters on this site.
So about shortly after the 2010 football season, I got fed up with it and decided I was just gonna be a HUGE ass on this site. I don't come here very often other than to read what Brain or Tim writes. I pop in on the board every once in a while.
BOOM EXPLAIN'D
I take it for what it's worth. Sometimes you cross the line from wacky to rude (but then, who hasn't?), but that's the danger when walking the cutting edge. For the most part, "I" don't mind. I just thought that last paragraph was helpful, yet completely in character.
I get this from my personal comp, says proxy settings firefox uses is not responding
My work computer detected a black hole attack the second I opened IE7. mgoblog is set to my homepage and I haven't gone to any other sites.
Yeah I also got the "Blackhole" warning yesterday at work. I've decided that the app is the only way to go for a while.
I think all will be well if Samuel L Jackson comes in and hacks into the computer system to fix the mgoblog virus that the Newman guy put on there before he ran off with the super secret shaving cream vial holder...
In the positive, for "funny"...if I could, you know, log in and stuff....
INSIDE THE HOUSE!
I got one last night as well, defender.exe. I got it taken care of but still thought it was worth a mention
The malware seems to think there are HUNDREDS of hot girls wanting to meet me.
Wait... is that not true?
I haven't had an issue yet, but this is getting a bit old having to constantly worry about visiting a Michigan blog.
Corporations really need to start looking at alternative software. IE (this machine still has IE6 on it) is a joke and a wide open door. I speak to the IT guys at my place all the time and they are frustrated with all the idiots that get stuff, simply because they are forced to use IE and McAfee.
Like the University of Michigan? (People look shocked when I say I can believe they still use IE..."really? That's what our computers have..."
If your corporate IT is still on IE6 I'm guessing you are on XP, and have down versions of Adobe Reader, Flash, Shockwave, and JRE. That combination leaves you open to about 200 different exploits. Microsoft technically supports IE6 because it's within the ten year window but they have publicly advised against using it.
That's why criminal syndicates have zombie armys tha number in the millions.
Job Security for me, thank you lazy sysadmins.
It hit me yesterday. IT is in the process of cleaning my computer. No more MGOBlog at work.
Now my work computer is tweeting 5-star recruits...
My apologies to anyone who responds/asks a question that I don't reply on. It's kind of hard to track what's new in the App. We were promised some App upgrades this summer....I wonder if we can get "new post" in a new version.
Busy with the ipad version... but I'll look into some sort of "new" indication before the season starts. It won't match the web site's indicator, but it could be useful (assuming I can get it to work with decent performance).
Am I ok reading mgboard with the iPhone app? Should I not access the site via my Mac?
<br>
<br>Thanks
The trojan infects Windows machines only. Also, the site appears to be safe (for now atleast)
I love the site, but if I got computer herpes, I would pretty much have to throw my computer in the trash as I would have no idea what to do.
You could just ask someone techy how to fix it. Viruses bringing an end to a computer are nearly a thing of the past. They're all a pretty easy fix.
unless you get a boot virus, or a rootkit. That will take a bit of work to get rid of.
Hey guys. I was attacked by this trojan last night as well. It started installing some "Security Shield" anti-malware thing without my consent. AVG Free quarantined it, but it didn't do any good. Every fifteen seconds some notice about "How my computer is infected with malware" (except in very, very poor English) and I should click the balloon to fix it. Now, every thing I do comes up as this "Security Shield" identifying it as a trojan and it won't open--meaning internet browsers, Word documents, anything. It also seems to have destroyed AVG. It doesn't even exist on my computer anymore.
Would running the computer in safe mode (with networking) and trying to install MalwareBytes or something similar save the computer?
Safe mode + malwarebytes is exactly what you need to do.
I got infected by something here last year (sounds like the exact same thing you have) while at work and that's what the IT guy did to fix my computer.
After you fix it, if you run IE as your browser, ditch it ASAP and download FireFox + AdBlock and NoScript, or Chrome + AdBlock.
I'm running Chrome + AdBlock. In one of the other threads someone noted that of all the reported problems, no one has reported the problems while running Chrome. I don't think you can run NoScript on Chrome (someone correct me if I'm wrong), but, since there's been no reported issues with Chrome users yet, I'm taking my chances with Chrome even though I only have AdBlock and not NoScript.
However, you can go into it's settings and turn off javascript. If you know of a site that is safe and uses it, you can add an exception to the javascript settings.
http://techie-buzz.com/browsers/disable-javascript-images-cookies-in-google-chrome.html
will take care of the issue MgoKereton.
- Turn off system restore
- Install Malwarebytes, boot into safe mode if able (If for some reason the infection prevents you from installing malwarebytes... try renaming the .exe to something else.)
- Run a scan... once it's finished it should clean the system.
- Reboot and run the scan again. You should be good to go.
Install Avast, or Avira free... or Microsoft Security Essentials. Or look into buying NOD 32 antivirus. Personally I use Avast Free and Malwarebytes Free. I have never had an issue with infections.