Computer Viruses

  • Posted by a hidden member.
    Log in to view his profile

    Feb 14, 2009 11:15 PM GMT
    The last couple of times I was over at photobucket to get a picture to post on this website my Norton blocked a Malicious Toolkit that says it is a high risk virus.

    When I pulled up the details it listed that my computer as the attacking computer and the destination is the other persons if I am reading it correctly. Could someone be using my computer to attack other sites? It did give me a website and number for the destination address but I am hesitant to try to go there. It also gave me the traffic description.

    I periodically run a virus scan and always come clean with an occasional tracking cookie that I get rid of.

    How worried should I be about this and what can I do about it?
  • Posted by a hidden member.
    Log in to view his profile

    Feb 15, 2009 12:22 AM GMT
    Spybot Search and Destroy is good as well as Lavasoft's Ad Aware.

    You'll find them here:

    http://www.safer-networking.org

    http://www.lavasoft.com/

    Make sure you keep any M$ computer with the latest updates.

    If you're using Firefox, makes sure it's updated, too.

    Firefox is much better browser, in many respects, as compared to M$ IE, which routinely has GAPING security issues.

    Don't visit porn sites, as they are notorious for pushing Spyware, and creating zombie PCs.

    Always, always, always, keep your virus checker up to date.

    Grisoft provides an excellent virus checker, AVG, for free.

    You'll find that, here:

    http://www.avg.com/
  • Posted by a hidden member.
    Log in to view his profile

    Feb 15, 2009 3:27 AM GMT
    Sounds like a false positive to me. A lot of antivirus software block webpages or scripts depending on the settings of your AV. There are high-risk websites that do this - notably porn and illegal software sites. Try and avoid those. But with photobucket... I don't know. icon_confused.gif

    How is it possible that the picture becomes a threat though? Did you simply copy the image location or did you embed it? I haven't used photobucket in ages so I don't know what options there are.

    To be safe, look for rootkits and trojans. There are viruses that use your computer to infect others, but if your AV is up-to-date and you scan regularly that shouldn't be a problem.

    http://en.wikipedia.org/wiki/Trojan_horse_(computing)
    http://en.wikipedia.org/wiki/Rootkit

    And I do not like Norton. It's annoying and almost always picks up false positives. But it's good enough.

    Also don't try to run two antivirus software at once, If ever you plan on switching.

    If you still want to find out if you're infected (or if your computer is inexplicably slow lately), you can get expert help from the internet for free (with a few days waiting list, I'm afraid). Download and run HijackThis:

    http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

    Save a logfile and post it in forums like Geeks To Go, SpywareInfo, or in the previously mentioned LavaSoft Support Forums. It will help experts pinpoint exactly what kind of problems you have. Do not attempt to remove items found in the HijackThis yourself. It is merely a snapshot of your system and all the running processes.
  • Posted by a hidden member.
    Log in to view his profile

    Feb 15, 2009 4:15 AM GMT
    I agree with the false positive comment. Sometimes anti-virus and anti-spyware programs are too sensitive.

    Some safe websurfing tips..

    - Use the most current version of Firefox.
    - Install the Adblock Plus extension.
    - Turn off Java in the Firefox options.
    - If you want to visit porn sites or websites that seem iffy, turn off javascript first.

    Also..

    - Make sure you are current with the Windows Update.
    - Enable the Windows firewall or use a firewall program like Zone Alarm.
    - Be suspicious of email or websites that ask for personal information.

  • Posted by a hidden member.
    Log in to view his profile

    Feb 15, 2009 4:31 AM GMT
    You need to get Ad-Aware and Ad-Watch. It will catch a lot of things norton can't like tracking cookies and MRU obejects.
  • Posted by a hidden member.
    Log in to view his profile

    Feb 15, 2009 9:13 AM GMT
    Thanks guys. Some of that stuff I will definitely use. I do have Firefox and it is up to date along with my version of windows.


    Sedative saidHow is it possible that the picture becomes a threat though? Did you simply copy the image location or did you embed it? I haven't used photobucket in ages so I don't know what options there are.


    You can embed a virus inside a picture so every time it is accessed it will try to attack. Scary. All I had was a window open for this website and another for photobucket and I was only viewing the pictures. What anti-virus would you suggest?
  • Posted by a hidden member.
    Log in to view his profile

    Feb 15, 2009 6:21 PM GMT
    We've seen some spyware that loads on the exit event from a document. It does NOT load until you leave. Logan was looking at a site (a torrent site) a while back that did just that and it toasted his "hive" (the registry). I wasn't able to recover it, even using the wide range of tools we have in our office. (I suppose if I had spent days, instead of hours, but, we nuked his pc, and reloaded it). xtube will try to hook you nearly every time, from what we've seen and heard. Porn guys, and spammers, aren't really very nice people.

    While you can interlace information into an image, it's pretty hard to put an active virus into the image itself, unless you're loading it into an image program, like M$, that has problems with how it handles image data. Typically, viruses on pages exploit M$ Active-X technology, run exit events / onload events, or use social engineering in email and get you to load them. The VBA technology of M$ Office has cost American businesses millions of dollars in its bad design and implementation.
  • Posted by a hidden member.
    Log in to view his profile

    Feb 15, 2009 8:39 PM GMT
    ^ What chucky said.

    It's more likely the website itself that you are getting the image from. Attack sites like that sometimes use the link itself not the image file.
  • Posted by a hidden member.
    Log in to view his profile

    Feb 15, 2009 9:11 PM GMT
    Yeah what basically happened to my computer was I closed out my browser, but the page had an "onunload" event trigger attached to it and the virus loaded programmatically via JavaScript while the browser shut down. I was also using Internet Explorer at the time: go figure.

    If you've ever gone to a website that pops up an alert box saying "ARE YOU SURE YOU WANNA LEAVE?!?" when you try to close your browser or change pages, that's a JavaScript confirm box attached to an onunload event.