http://www.posetteforever.com/viewtopic.php?f=21&t=1269 ----------------------------------- The Mighty Zeus Wednesday, 09 February 2005, 12:51 AM Beware the evil that is Google ----------------------------------- Just so everyone is aware there is a new form of spyware floating around google that is the biggest pain in the butt I have ever had the misfortune to stumble across. (I am currently using my wifes computer to type this if that is any indication. Mine is in the shop. And that says alot coming from the guy most of my hacker buddies turn to for help when something goes wrong on their systems.) It all started when I was teaching my daughter about fighter jets and went to google search to pull up a pic of a MIG 29 "fulcrum." The link while not only not able to display a picture infects your system with a ddl file that buries itself in your system files and auto executes on start up installing no less than 36 pieces of spyware (including 7 registry key changes) and 5 DSO exploits. While my spyware sweepers were able to remove the installed files (until I start up again, so I have to keep sweeping for it every time I do a start up) the main ddl file is merged into your OS which does nasty things when you try to remove it. So just a warning for all of you that look to google for stock images. Be careful. (If you don't have spybot search and destroy and Webroot spysweeper get them. Especially webroot that will prevent your home page from being hijacked.) ----------------------------------- guiltypleasures Wednesday, 09 February 2005, 01:29 AM ----------------------------------- Thanks for the headsup Zeus, I would hate to have to re-do my computer all over again after just starting to get things installed again :pray: Your msg also reminded me I should run my spybot since I haven't done so in awhile. I'm using Mozilla fire fox and that seems to help a lot more than IE did, but I'm having some trouble with my computer freezing and I think it might be due to my antivirus software I'm using (Avast) might have to switch back to AVG again :-k :) ----------------------------------- The Mighty Zeus Wednesday, 09 February 2005, 03:02 AM Re: Beware the evil that is Google ----------------------------------- Try using RAV (http://www.ravantivirus.com/scan/indexie.php) It is an online scan similar to kespersky but is free. (The best part about online scans is that they can't be disabled by trojans because they are not ran from your computer.) I use both AVG and RAV. ----------------------------------- Hawktoey Wednesday, 09 February 2005, 03:17 AM ----------------------------------- Sorry to hear about the misfortune! And as it really doesn't matter just curious as to what browser you where using at the time. I do three or four google image searches a day, and if this is going to be a problem I must check into it deeper.... ----------------------------------- pangor Wednesday, 09 February 2005, 04:42 AM ----------------------------------- Wow, that is really saying something about how damaging that trojan horse/virus or whatever software is. Do you have any idea which delivery system in the browser that it exploited? I take it that you are familiar with Windows networking? If so, why are there so many Windows networking connections initiated by Windows boxes across the internet? I keep seeing so many of these incomming connection attempts that it is not even funny. Are they all being created by infected software, or is this normal for Windows boxes? A little while back, I set up a honey pot to see what they were trying to do. I found a few directory searched in "windows" and "Program Files", but most of connections were for directory searches in "My Documents". Pangor ----------------------------------- Posy Wednesday, 09 February 2005, 04:42 AM ----------------------------------- I'm glad you're impressed. Makes sense to me. I understand your meaning. Where do you take it :-? Interesting observation. Reductionism. I know what you mean, pangor. I've been there. As far as I know they are. Little as in not too much, or not too big? How did you feel when you found a few directory searched in windows and Program Files but most of connections were for directory searches in his or her Documents ? ----------------------------------- pangor Wednesday, 09 February 2005, 04:43 AM ----------------------------------- Irritated, Pangor ----------------------------------- Tormie Wednesday, 09 February 2005, 11:19 AM ----------------------------------- :-k 8-[ 8-[ 8-[ ... I'm using Norton and I hope nothing will happen... 8-[ 8-[ 8-[ ----------------------------------- Den Tracy Wednesday, 09 February 2005, 06:37 PM ----------------------------------- Simple solution: Get an old PII or PIII pc , 300 - 800MHz and use it to surf. Put on any operating system you wish. Install your favourite anti-spy and anti-virus software. If your internet PC gets wiped out, just reformat the drive and put the operating system back. Why use one PC to do everything ? Makes no sense to me to use one PC with all of your software on it only to have "shithead hackers" infect your system. Transfer your files to your main PC over a network once you verify the integrity of the files. I have an old 233MHz PII for internet use with a 10GB HD. They can hack away all they want, but they can't get at my main PC. ----------------------------------- Posy Wednesday, 09 February 2005, 06:37 PM ----------------------------------- OK I will put it there. Because you asked me to -- SHRDLHU. Where did you get old 233MHz PII for internet use with a 10GB HD ? Who does "they" refer to? ----------------------------------- The Mighty Zeus Thursday, 10 February 2005, 12:50 AM ----------------------------------- I actually use mozilla firefox as a web brouser. The problem isn't a trojan, which surprises me as it is fairly nasty for simple spyware. If you ever looked at my system you would notice that I am paranoid as all get out. First, everything is run through a router with 128 bit encryption. My system is protected by McAfee, AVG, and RAV, and I use Spybot Search and Destroy, Ad Aware, Webroot spysweeper, Spyblaster, and Xsoft. I even have a DOS sweeper for viruses if there is something really nasty. The problem is with this piece of spyware is that nothing I have touches it. I have even went into safe mode and manually deleted files to no avail. It is times like this I just call in professionals. ----------------------------------- Den Tracy Thursday, 10 February 2005, 01:16 AM ----------------------------------- Well. my friend... All the more reason not to subject your PC and all the hard work that you put into what you do, to be left to the perils of the Internet and the idiots who take pleasure and pride in causing grief to the unsuspecting. Adios and I hope that you will not lose much data. ----------------------------------- Posy Thursday, 10 February 2005, 01:16 AM ----------------------------------- Well what? How well do you know this person? Perhaps there are a few exceptions. ----------------------------------- pangor Thursday, 10 February 2005, 08:21 AM ----------------------------------- Zues, I don't know which operating systems you use. However, here is a method that could help you in such situations. Partition your harddrive into at least four partitions. In the first partition, called C: by Dos and Windows, install your systems level software, this drive should hold no more than the C: files for boot time and the C:windows directory. Put your Applications level software into the second partition. Put your datafiles into the third partition, and your swapfile into the fourth partition. Once so installed, make a snapshot backup of your installation and store it somewhere Windows can not access it. On backup media or as a file in a partition containing a filesystem that Windows does not understand. Also use some software that can determine which files have been changed. Then if anything goes wrong, just recopy the backup copy right over the infected files. By dividing the installation this way you can bulk restore the Windows installation and/or your Applications software without touching your data files that are safely stored on their own partition. This layout is based on that of unix boxes, in this case, C: is like /, D; is like /usr; E: is like /home; and F: is a dedicated swap partition. I don't run my system that way. In my case, all my data is stored under unix. A copy of it is moved to the Windows partition when needed before booting into Windows. Then copied back to unix afterwards. My Windows partition is much smaller than the capacity of my harddrive, so when I installed Windows and my major software installation, I made a compressed snapshot of the partition with a command like this: [b]gzip /mnt/backOS/Windows.img.gz[/b] If Windows becomes too unstable for whatever reason, I restore the entire partition this way. [b]gzip -d /dev/hda1[/b] Yes, these examples are using Linux devices for the partition names. No the file and directory names shown are not the ones I use, I altered them make a better example command line. If I need to restore a few files I can mount an uncompressed copy of the backup file as though it were an actual partition by using the loopback virtual block device. The ultimate virus checker for a syetem in the condition that your system is now in is the [b]diff[/b] that compares on a byte per byte basis your existing installed files with copies known to be good. Then for cleaning copy back from backup all the files known to be bad, and delete any unneeded or suspicious files. Pangor ----------------------------------- Tormie Thursday, 10 February 2005, 11:29 PM ----------------------------------- 8-[ Crackers have attacked http://phpbb.com ... It seems something about some server's old functions and not related to our software... Anyway I'm backing up very, very often, just in case... 8-[ 8-[ 8-[ ----------------------------------- pangor Friday, 11 February 2005, 10:02 AM ----------------------------------- :-( Pangor ----------------------------------- Akura Monday, 18 April 2005, 12:00 AM ----------------------------------- Thanks for the warning. I ever got it but at least now I know whats out their. ----------------------------------- Tormie Monday, 18 April 2005, 12:20 AM ----------------------------------- Hi Akura :bigrinnin: !! Welcome to Posetteforever :banana7: ! ----------------------------------- pangor Monday, 18 April 2005, 03:59 PM ----------------------------------- Yes, hello and welcome. Pangor ----------------------------------- The Mighty Zeus Monday, 18 April 2005, 04:09 PM ----------------------------------- Welcome Akura. Always nice to see some new faces. ----------------------------------- Posy Monday, 18 April 2005, 04:09 PM ----------------------------------- Thank you for your kindness.