|
Post by Werehound Silverfang on Jun 3, 2011 1:41:38 GMT
One of the malicious ads ate my OS. Going to spend all night trying to get my comp back up and running. This one appeared as "MS Removal Tool", Wretched thing. Worst I've seen to date. Whatever happens if Windows users get this: DO NOT RUN THE CHECK DISK UTILITY. That's the first thing it attacks, and corrupts it irrevocably.
|
|
|
Post by FunkySwerve on Jun 3, 2011 3:04:02 GMT
One of the malicious ads ate my OS. Going to spend all night trying to get my comp back up and running. This one appeared as "MS Removal Tool", Wretched thing. Worst I've seen to date. Whatever happens if Windows users get this: DO NOT RUN THE CHECK DISK UTILITY. That's the first thing it attacks, and corrupts it irrevocably. Any idea what ad got you? Thanks, Funky
|
|
|
Post by dynneroth on Jun 3, 2011 3:32:40 GMT
I know this sounds very noobish, but do I have to click on the ad for it to do something malicious? Or can it just autostart by coming to proboards? And Were, was it a misclick on your part?
|
|
|
Post by Werehound Silverfang on Jun 3, 2011 4:19:18 GMT
It happened as soon as the page loaded. I strongly advise getting all the ad-block software you can (or at least the most efficient). My antivirus didn't even flinch: it died on contact.
Some of the .exes I've had thrown into my temp folder from these ads:
whn.exe qgf.exe hgv.exe cgr.exe
"whn.exe" was the latest, the one that crippled my OS. All of them change your file associations to re-open the virus. Only this "MS Removal Tool" changed EVERY file extension. Even after resetting my registry via another computer, my core files were corrupted enough to get a BSOD on even the slightest attempt to boot from the infected hard disk.
ProBoards isn't the only site to be hit with this. FreeForums and other social sites have been hit as well.
|
|
|
Post by FunkySwerve on Jun 3, 2011 5:30:10 GMT
Their response, to which I replied: How does this user 'know' this game from an ad? Did they click on an ad and download something? Is there a screen shot of the alleged ad in question? I'll be forwarding on this information to the company that manages advertising on our site. Please note, however, that we use SiteScout.net to automatically screen advertisements to avoid any problems like this. This system automatically scans ads to detect and blocks any threats. I would have to say unless we receive further reports regarding this, though, that it is unlikely that it came from a third party ad.
|
|
|
Post by FunkySwerve on Jun 3, 2011 5:44:01 GMT
|
|
|
Post by Yojimbo on Jun 3, 2011 12:39:16 GMT
Were what AV do you use? I have yet to have any problems or see anything of the sort on these board ever. I admit that most of the time I am on here from work where I am behind a firewall w/ gateway anti-virus and we have anti-virus running. I also typically am using Opera if that makes any difference even when I access from home.
|
|
|
Post by Werehound Silverfang on Jun 3, 2011 16:43:32 GMT
I *had* CA Secuirty Suite on my system.
|
|
|
Post by Yojimbo on Jun 3, 2011 17:33:04 GMT
The best paid solution I have come across IMO is Kaspersky Internet Security. I am sure others have their preferences but I have yet to find any compelling reason to switch.
|
|
|
Post by rainwalker on Jun 3, 2011 19:01:41 GMT
I just had to clean this nasty thing off a system at work. I had to use all 3 free tools that I know of to completely clean it. MS security essentials, Super Anti-spyware, and Malwarebytes. Luckily the user called us before clicking on any of the popup asking to run check disk so no damage to the hard drive, but it did hide all of their folders on the C: drive.
Best advice to anyone that does get infected by this is don't click on any part of the popups, just work around them. If your having problems launching or finding any of your cleaning spyware tools because your folders are hidden and\or your start menu is blank. Use command prompt to find and launch your programs. Everything still exist it's just hidden from the user.
|
|
|
Post by dynneroth on Jun 3, 2011 21:05:10 GMT
My computer just started acting weird. Getting popups but have clicked the X in the upper right corner and it will go away. I'm running McAfee AV.
Now popups are going crazy. Using Malwarebyte's Anti-Malware. Hope it works.
|
|
|
Post by tomaan on Jun 3, 2011 21:59:52 GMT
Had the same one, but it looked suspicious so I checked it out on my other comp.
The fix is pretty easy but it's really annoying.
|
|
|
Post by dragonledak on Jun 4, 2011 4:04:52 GMT
I got this too Attempting to remove it right now using webroot, which I own and have loaded. Wish me luck.
|
|
|
Post by dynneroth on Jun 4, 2011 4:21:02 GMT
I followed the instructions in Funky's link and it seems to have worked.
|
|
|
Post by MightyKhan on Jun 4, 2011 7:11:14 GMT
not sure if it's applicable, but if the adds are made with flash, a flashblocker might help
|
|