possible virus infection: Antivirus Security Pro

zenstat

Senior Cymbal Nerd
Joined
Feb 5, 2012
Messages
4,226
Reaction score
1,139
Location
Auckland New Zealand
Raising this on behalf of Premierplayer (Glen). A few days ago when CH was temporarily and partially back up he was on DFO in one tab and CH in the other tab (CH was his home page so it opened automatically). His Windows machine caught the "Antivirus Security Pro" virus. Since then the computer has been to the repair people and health is restored. Because of the circumstances we can't tell if the infection came from something on CH or DFO. It seems likely it didn't come from somewhere else because these were the only two tabs open (eg not via email attachments or the like).

CH has had a complete disk wipe (part of the rebuild process anyway) since then, so it would now be safe. Patrice is on high alert and looking for and nasties while working on the CH site.

That leaves a potential followup on DFO. The virus action and dispersal mechanisms are well documented

Microsoft says:

http://www.microsoft.com/security/portal/mmpc/threat/rogues.aspx

and it exploits vulnerabilities in a few pieces of software named here:

http://www.microsoft.com/security/portal/mmpc/threat/exploits.aspx

So it is possible that the infected code is not resident on DFO itself, but hidden in an attachment or a link offsite to somewhere else on the web (say in a PDF or HTML or a Word DOC). Or it could be in something on the DFO site.

I suspect that people with Windows machines who have applied all the updates to the OS are immune. Somebody may still have experienced an alert from their virus checker (presuming they have one installed).

Has anybody else reported anything recently?

Are there tools which can run through DFO and virus check any links offsite?

I presume anything on DFO itself (eg in the Gallery) has been through some checking when it was uploaded, and that the checking software will be up to date so it would catch any infection of "Antivirus Security Pro"?

If this is all in hand please excuse me raising any unnecessary concern.

Steve
 

JDA

DFO Master
Joined
Aug 7, 2005
Messages
14,006
Reaction score
3,040
Location
Jeannette, Pa.
No but I did stay in a Holiday Express last night.
One other recommend. get rid of the 'old' CH bookmark.

Looks like the new one is well new.
think that's a good idea Zen send the old bookmark packing..
 

mlayton

Night Creature
Joined
Jan 4, 2008
Messages
31,842
Reaction score
353
haven't had anyone report any virus problems on our site here at all. thank you for the heads up though..

mike
 

Zeb

Very well Known Member
Joined
Feb 18, 2012
Messages
754
Reaction score
53
Location
SW Virginia
It might be that his antivirus software was scanning in the background and just happened to catch the bug whiile he happened to be on DFO and CH and his being on the two sites at the time were unrelated. AFAIK, most of the nasty viruses still spread the old fashioned way -- via email attachments. Many lie dormant for a certain amount of time and just "wake up" and then the antivirus software (hopefully) catches them.

I haven't noticed anything, but I use a Mac.
 

zenstat

Senior Cymbal Nerd
Joined
Feb 5, 2012
Messages
4,226
Reaction score
1,139
Location
Auckland New Zealand
Zeb said:
It might be that his antivirus software was scanning in the background and just happened to catch the bug whiile he happened to be on DFO and CH and his being on the two sites at the time were unrelated. AFAIK, most of the nasty viruses still spread the old fashioned way -- via email attachments. Many lie dormant for a certain amount of time and just "wake up" and then the antivirus software (hopefully) catches them.

I haven't noticed anything, but I use a Mac.
Thanks Zeb. Ditto on the Mac. And no Microsoft Office on my machine. Microsoft free except for Silverlight which eBay seems to download without my permission every time I remove it then visit Bay. Grrrr.

Yes I asked Glen if it could be email attachments, and in my readings I didn't come across any info on how long it might lie dormant for a certain amount of time before activating. Whatever antivirus software he was running didn't spot the virus so his PC got infected and completely tangled up. The authors were clever in that one thing they do is disable all internet access except to go and purchase their pretend anti virus software. The sneaky devils...
 

Latest posts



Top