• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

What the hell? MSN Sasser worm detection?

CZroe

CZroe

Lifer
I read up on the worm initially during the early outbreak and found that it was yet another worm which exploits an already patched vulnerability. One which I certainly would have been patched to prevent if it's true that the patch has been available from Microsoft for as long as they say. Not to mention the fact that enabling XP's built-in firewall is supposed to be enough to prevent infection and though I have not had it enabled, I have been using a non-routable IP address for the last several months (Should be the same effect for any worms scanning for the vulnerable ports).

I usually hibernate instead of shutdown, so it's been a few days since my laptop had a good reboot. I just got to a computer shop (Also using NAT) I sometimes work in at night and booted my laptop. I was a little startled seeing Yahoo Messenger start with Windows until I remembered allowing a friend to temporarily install it (I hate redundant applications and Windows Messenger works just fine). Then I opened Internet Explorer and the homepage, MSN.com began loading. What's this?! A pop-up window appeared and began loading. I began fuming because this sort of behavior is typical of spyware and the only way spyware could have gotten on my system was from the same frined that installed Yahoo Messenger. But instead of loading an ad, my screen went blue and an "OK / Cancel" dialog appeared saying that I was infected with Sasser.D and that I sould click "Yes" to disinfect. Of course, knowing that I had no such scanning software installed, I knew that what I was seeing was certainly a malicious message, but the source still perplexed me. Being malware, I knew that it didn't matter whether I clicked OK or Cancel but I clicked Cancel anyway.

So, is this from a virus, possibly spreading the same way as Sasser? Is this MalWare/Spyware? I updated AdAware and it did find a single new program it did not detect before (Didn't even find a bad cookie) called "VirtuMonde" (Grrr, I'm going to have a little talk with that friend of mine...) but Google can apparantly find no link between it and the message I received.

Has anyone else seen this message?
 
Originally posted by: CZroe
Seen here

Any truth to it?
Click to expand...

Dude seriously now, that is an ad and nothing else. I have seen many like that and have always clicked no and nothing has happened. Dont be suprised when the next big worm hits, there will be another pop up like that.
 
Uh, clearly NO. MSN is a PROFESSIONAL portal. There are absolutely no popups on the main page for msn.com. Same goes for Google. Every time I touch someone else's PC and find pop-ups on the Google index page I snicker because it's so clear that they have spyware... Google will also never have a pop-up on the main page. It's simply not professional and will not be tolerated EVERY TIME you launch your browser. That's not how a portal does business. Especially a full-screen advertisement! The dialog is NOT a fooie (Fake GUI). It certainly is more than that. Either spyware/malware, a backdoor, an infection from within the network at the computer shop or something. I'm pretty sure now that it's the "VirtuMonde" spyware/adware/malware.

PLEASE, if you get these sort of messages you are eith browsing unscrupulous sites with shady affiliates or your PC is doing someone else's bidding (Most likely). It sounds like you are tolerating this rather than doing something about it. Please download a legitimate spyware removal tool immediately. AdAware (lavasoftusa.com) or SpyBot Search & Destroy (Err, Google). Go. Now.
 
I got that message on my sisters computer. Ran a NAV scan no sasser but i has some other random viruses nothing sasser related though.
 
Originally posted by: CZroe
Uh, clearly NO. MSN is a PROFESSIONAL portal. There are absolutely no popups on the main page for msn.com. Same goes for Google. Every time I touch someone else's PC and find pop-ups on the Google index page I snicker because it's so clear that they have spyware... Google will also never have a pop-up on the main page. It's simply not professional and will not be tolerated EVERY TIME you launch your browser. That's not how a portal does business. Especially a full-screen advertisement! The dialog is NOT a fooie (Fake GUI). It certainly is more than that. Either spyware/malware, a backdoor, an infection from within the network at the computer shop or something. I'm pretty sure now that it's the "VirtuMonde" spyware/adware/malware.

PLEASE, if you get these sort of messages you are eith browsing unscrupulous sites with shady affiliates or your PC is doing someone else's bidding (Most likely). It sounds like you are tolerating this rather than doing something about it. Please download a legitimate spyware removal tool immediately. AdAware (lavasoftusa.com) or SpyBot Search & Destroy (Err, Google). Go. Now.
Click to expand...

Wait, so you post the most idiotic question I've ever seen, and now you're giving Spyware removal advice? Here's an idiot if I ever saw one.
 
Originally posted by: RagingBITCH
Originally posted by: CZroe
Uh, clearly NO. MSN is a PROFESSIONAL portal. There are absolutely no popups on the main page for msn.com. Same goes for Google. Every time I touch someone else's PC and find pop-ups on the Google index page I snicker because it's so clear that they have spyware... Google will also never have a pop-up on the main page. It's simply not professional and will not be tolerated EVERY TIME you launch your browser. That's not how a portal does business. Especially a full-screen advertisement! The dialog is NOT a fooie (Fake GUI). It certainly is more than that. Either spyware/malware, a backdoor, an infection from within the network at the computer shop or something. I'm pretty sure now that it's the "VirtuMonde" spyware/adware/malware.

PLEASE, if you get these sort of messages you are eith browsing unscrupulous sites with shady affiliates or your PC is doing someone else's bidding (Most likely). It sounds like you are tolerating this rather than doing something about it. Please download a legitimate spyware removal tool immediately. AdAware (lavasoftusa.com) or SpyBot Search & Destroy (Err, Google). Go. Now.
Click to expand...

Wait, so you post the most idiotic question I've ever seen, and now you're giving Spyware removal advice? Here's an idiot if I ever saw one.
Click to expand...

Hmm, I never took you for an idiot. Perceptions may change. It certainly was malware and NOT a normal advertisement. It was the first time it was ever executed on my system (Executed on the first reboot after installation) and it was not my doing. It was detected IMMEDIATELY on the first boot so who the hell are you trying to fault? It has now been removed. Now, what do you think I did that was idiotic? Because I Googled and could not find a link between the VirtuMonde malware and the message I had received I decided to ask what else may be the source. Typically, I have found such links between malware and specific advertisements which were NOT detected by AdAware or Spybot S&D (GoKing.net is an example). Research. Nothing more. If this were on a spyware identification and response message board I wouldn't have to deal with idiots like you but NO, I underestimated the skill, interest and flexability of the Anandtech community. Apparantly all they want to do is talk about sex and cars in the Off Topic forum and there is no other appropriate forum. If you aren't interested in the topic at hand and can't contribute then BUTT OUT. Needless interferance and misinformation is not helpful.
 
All my friends have been getting Sasser on their nooblar computers with expired virus definitions 😀

<-- has Symantec Corporate Edition riding my back
 
Originally posted by: jdiddy
I got that message on my sisters computer. Ran a NAV scan no sasser but i has some other random viruses nothing sasser related though.
Click to expand...

Well get rid of the adware that's giving you the message. It's either the same one I had or another spyware app which is also dealing with the same shady source.
 
Originally posted by: CZroe
Originally posted by: jdiddy
I got that message on my sisters computer. Ran a NAV scan no sasser but i has some other random viruses nothing sasser related though.
Click to expand...

Well get rid of the adware that's giving you the message. It's either the same one I had or another spyware app which is also dealing with the same shady source.
Click to expand...

Originally posted by: bootymac
All my friends have been getting Sasser on their nooblar computers with expired virus definitions 😀

<-- has Symantec Corporate Edition riding my back
Click to expand...

All of your friends haven't kept their systems up to date. Why haven't you shown them the way? 😉
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top