PSA: Behold the Resurrection of EPIC THREAD

IronWing · Feb 17, 2010

I too caught something from the link. I got an oddball popup ad for a survey which just about never happens to me, setting off alarm bells. I tried running Ad Aware but it wouldn't load, which further freaked me out. I ran virus scan which came back clean. I installed the latest version of Ad Aware but it still won't run. Of course, in the mean time VirusScan and Flash decide that now looks like a good time to install an update...

Anyway, I'll run a full Virus Scan and see what comes up.

wedi42 · Feb 17, 2010

the pic is now hosted on a virus free site.
pics.bbzzdd.com

Bignate603 · Feb 17, 2010

IronWing said:
I too caught something from the link. I got an oddball popup ad for a survey which just about never happens to me, setting off alarm bells. I tried running Ad Aware but it wouldn't load, which further freaked me out. I ran virus scan which came back clean. I installed the latest version of Ad Aware but it still won't run. Of course, in the mean time VirusScan and Flash decide that now looks like a good time to install an update...

Anyway, I'll run a full Virus Scan and see what comes up.

The laptop that I was on just finished up running malwarebytes and so far it seems to have killed the files BUT it didn't catch the registry edits that it did that blocked task manager from opening and prevents a normal login after you delete the files. Fix those first BEFORE you reboot or you might end up stuck in an endless login cycle.

MSCoder610 · Feb 17, 2010

Bignate603 said:
The laptop that I was on just finished up running malwarebytes and so far it seems to have killed the files BUT it didn't catch the registry edits that it did that blocked task manager from opening and prevents a normal login after you delete the files. Fix those first BEFORE you reboot or you might end up stuck in an endless login cycle.

Any links to more info about the registry edits? I hardly reboot but I don't want to suddenly be locked out of my PC in a couple weeks after I've forgotten about this.

yh125d · Feb 17, 2010

petition to bring it back or something?

whatever it is, add me to the list

Newbian · Feb 17, 2010

Just post the ftp already before we all forget what was going on.

Kelvrick · Feb 17, 2010

yh125d said:
petition to bring it back or something?

whatever it is, add me to the list

I added it to my sig.

Bignate603 · Feb 17, 2010

MSCoder610 said:
Any links to more info about the registry edits? I hardly reboot but I don't want to suddenly be locked out of my PC in a couple weeks after I've forgotten about this.

http://www.symantec.com/connect/forums/wormwin32netsky?page=1

It's not actually the netsky worm, that's just the fake warning that it spits out. The registry issues are there on that page but it's a relatively long read.

I found that while malwarebytes got some things I've still got something parading as srss.exe and I think as csrss.exe. The suspicious smss.exe is in the i386 directory (everything I've read says it should be in windows/system32) and when if I try to do anything with it it says the drive can't be read.

Jeeebus · Feb 17, 2010

post # 2,999

Post # 3,000 belongs in Epic Thread. Resurrect!

thescreensavers · Feb 17, 2010

go go, PM me pics! lol

ElFenix · Feb 17, 2010

Bignate603 said:
The laptop that I was on just finished up running malwarebytes and so far it seems to have killed the files BUT it didn't catch the registry edits that it did that blocked task manager from opening and prevents a normal login after you delete the files. Fix those first BEFORE you reboot or you might end up stuck in an endless login cycle.

my sister got a fake virus scanner that mimicked windows security center and then decided to install a second fake virus scanner (paladin). took a couple runs of malwarebytes and her regular antivirus to clean all that crap out. she said all she had been browsing was facebook.

GTaudiophile · Feb 17, 2010

I downloaded the file from the link in question and got no warnings using ESET NOD32.

GTaudiophile · Feb 17, 2010

Double Post.

lokiju · Feb 17, 2010

I got a background pop-up also but guess since I'm on Os X it's a non issue.

I'd say it's a megaupload issue, not an issue of the OP though.

JulesMaximus · Feb 17, 2010

Bignate603 said:
Believe it, the laptop I owned it on is currently running malwarebytes because it got something nasty after hitting the link. It keeps on popping up warnings that I've got a virus (all fake, from the malware itself), it sticks things in the registry to screw with your login, and to prevent you from opening task manager.

That happened to me too. Fucking pain in the ass getting that malware off my computer too.

DrPizza · Feb 17, 2010

We just had a message at work from our IT guy last week - apparently there's a pop up out there that if you click on the "x" to close the window - that's conveniently the install button. Sounds like that could possibly be what happened?

JulesMaximus · Feb 17, 2010

wedi42 said:
the pic is now hosted on a virus free site.
pics.bbzzdd.com

How do I get rid of those smiley faces?

Newbian · Feb 17, 2010

JulesMaximus said:
How do I get rid of those smiley faces?

Resurrect the original epic thread for jeeebus 3k post.

szechuanpork · Feb 17, 2010

sjwaste said:
Was there a dutch rudder involved?

destrekor · Feb 17, 2010

Nik said:
allisolm said:

It was reported that the link in there caused a virus.

Click to expand...

By one guy. Which is a lie.

Yeah, it most certainly did not contain any sort of malware. The guy either doesn't know what his system is doing, or blamed the symptoms on the most recent thing he was doing.

mesthead21 · Feb 17, 2010

destrekor · Feb 17, 2010

lokiju said:
I got a background pop-up also but guess since I'm on Os X it's a non issue.

I'd say it's a megaupload issue, not an issue of the OP though.

Yeah I have NO idea how that damn popup sneaked through. I never get popups.
megaupload does suck something fierce though.

Kelvrick · Feb 17, 2010

DrPizza said:
We just had a message at work from our IT guy last week - apparently there's a pop up out there that if you click on the "x" to close the window - that's conveniently the install button. Sounds like that could possibly be what happened?

That is pretty convenient. Now that I think about it, I think there was a popup, but I did a right click on the task bar and close. Almost second nature and I didn't even realize it until now.

Taejin · Feb 18, 2010

thread restore! or a pm please =)

destrekor · Feb 18, 2010

Kelvrick said:
That is pretty convenient. Now that I think about it, I think there was a popup, but I did a right click on the task bar and close. Almost second nature and I didn't even realize it until now.

Hmm.
I closed the pop-under ad with the X button.
Using Windows 7, have Microsoft Security Essentials installed, but more importantly, NoScript and ABP on Firefox 3.5.7 (still haven't upgraded to 3.6, don't know why...)
If this ad was indeed a nasty bitch, I think NoScript saved my PC.

I didn't think to look if NoScript blocked any actions of the ad, I think I was just more in shock at "wait, WTF is this? Aw hell no!"

PSA: Behold the Resurrection of EPIC THREAD

No Lifer

Platinum Member

Lifer

Senior member

Diamond Member

Lifer

Lifer

Lifer

Diamond Member

Diamond Member

Elite Member

Lifer

Lifer

Lifer

No Lifer

Administrator Elite Member Goat Whisperer

No Lifer

Lifer

Senior member

Lifer

Platinum Member

Lifer

Lifer

Moderator<br>Love & Relationships

Lifer