# Warning to TPU members



## TheMailMan78 (Jun 25, 2011)

Just wanted to let you guys know that I am seeing a lot more virus activity. As an artist I am constantly scouring the web for reference using google image search and such. For the past few weeks I have been getting a lot of virus activity by just visiting sites to get an image.

Luckily my virus checker has picked up everything. I don't know why the sudden increase but keep an eye out guys. Keep your stuff updated and stay diligent. Things have definitely picked up as of recent and all I am doing is looking for pictures. 

I just got hit with this one about 20 minutes ago.

http://www.microsoft.com/security/p...=VirTool:JS/Obfuscator.BN&threatid=2147646584

MSE caught it thank G-d. So watch out!


----------



## erocker (Jun 25, 2011)

I shall persevere and continue with my unprotected internet orgy adventure. Pray for me.


----------



## Jstn7477 (Jun 25, 2011)

A place that I am building new computers for (they engrave trophies and such) had the same problem. A few weeks ago, their "advanced graphics" employee got hit with a scareware virus while searching for photos on the internet. Computer was a Dell XPS 700 with Windows XP and Microsoft Security Essentials. Luckily, MSE was able to get rid of it by itself about 30 minutes after the computer was attacked. The virus itself popped up lots of porn and fake alerts about buying fake antivirus during the time (with improper English grammar and typos).


----------



## TheMailMan78 (Jun 25, 2011)

erocker said:


> I shall persevere and continue with my unprotected internet orgy adventure. Pray for me.



lol Just to let you know how much its increased I got hit 6 times this month. Normally I get hit once maybe every three months. Things have increased no doubt.


----------



## 1freedude (Jun 25, 2011)

Clearly didn't obsfucate enough, luckily.  Thanks


----------



## 1freedude (Jun 25, 2011)

erocker said:


> I shall perverse and continue with my unprotected internet orgy adventure. Pray for me.



Fixed


----------



## TheMailMan78 (Jun 25, 2011)

1freedude said:


> Clearly didn't obsfucate enough, luckily.  Thanks



I know. That update was just added last week. I really dodged a bullet. One thing that kinda helps also is my temp files are all off loaded to a secondary drive. Never my OS drive due it being an SSD. I set it up that way to reduce wear.


----------



## erocker (Jun 25, 2011)

Can MSE be easily uninstalled? I'm curious to whether I have any viruses or not. My computer hasn't had any hardware to hardware contact with any other computers so I think I'm safe. Okay, the last part was a joke, the first part was an acutal question.


----------



## TheMailMan78 (Jun 25, 2011)

erocker said:


> Can MSE be easily uninstalled? I'm curious to whether I have any viruses or not. My computer hasn't had any hardware to hardware contact with any other computers so I think I'm safe. Okay, the last part was a joke, the first part was an acutal question.



I have never uninstalled it. Its such a small footprint man its kinda dumb not to use it. The resources it uses are tiny.


----------



## qubit (Jun 25, 2011)

I've noticed this too, MM.


----------



## FordGT90Concept (Jun 25, 2011)

erocker said:


> Can MSE be easily uninstalled? I'm curious to whether I have any viruses or not. My computer hasn't had any hardware to hardware contact with any other computers so I think I'm safe. Okay, the last part was a joke, the first part was an acutal question.


If you're plugged into a modem/router/network, your computer is making all kinds of "hardware to hardware contact." 

MSE looks like it can be uninstalled via the normal method (Control Panel).


----------



## TheMailMan78 (Jun 25, 2011)

FordGT90Concept said:


> If you're plugged into a modem/router/network, your computer is making all kinds of "hardware to hardware contact."
> 
> MSE looks like it can be uninstalled via the normal method (Control Panel).



Good to know. At least your good for something Ford


----------



## the54thvoid (Jun 25, 2011)

Wtf?  I clicked Mailman's link and then went to hotmail and about two seconds later, got the MSE warning about obfuscator:






wtf x2 and wtf again.


----------



## qubit (Jun 25, 2011)

the54thvoid said:


> Wtf?  I clicked Mailman's link and then went to hotmail and about two seconds later, got the MSE warning about obfuscator:
> 
> http://www.techpowerup.com/forums/attachment.php?attachmentid=42717&stc=1&d=1309029548
> 
> wtf x2 and wtf again.



What, MailMan is the virus?!


----------



## TheMailMan78 (Jun 25, 2011)

the54thvoid said:


> Wtf?  I clicked Mailman's link and then went to hotmail and about two seconds later, got the MSE warning about obfuscator:
> 
> http://www.techpowerup.com/forums/attachment.php?attachmentid=42717&stc=1&d=1309029548
> 
> wtf x2 and wtf again.



That makes zero sense man. I mean really the link I posted is to a MS virus definition website.


----------



## erocker (Jun 25, 2011)

Just installed MSE and Malwarebytes. No problems/viruses detected. Uninstalled.

*Yes, did a full scan.


----------



## TheMailMan78 (Jun 25, 2011)

erocker said:


> Just installed MSE and Malwarebytes. No problems/viruses detected. Uninstalled.



Nice! Did you do a deep scan?

Edit: Kudos!


----------



## the54thvoid (Jun 25, 2011)

No, i'm pretty sure the site is legit but still, wtf!  Hadn't seen it until this post and then kabaam.  MSE removed it though.  The worst thing is i wasn't even surfing anything 'fleshy'.

I'm pretty sure mailman's fairly clean but you can never tell with artists.


----------



## 95Viper (Jun 25, 2011)

erocker said:


> Can MSE be easily uninstalled? I'm curious to whether I have any viruses or not. My computer hasn't had any hardware to hardware contact with any other computers so I think I'm safe. Okay, the last part was a joke, the first part was an acutal question.



Erocker, try this instead, if you don't wanna install any A/V.  It just runs and there is no install.  
Click the link under the download box to get the version for 64 bit.

Microsoft Safety Scanner



> Microsoft Safety Scanner
> 
> Do you think your PC has a virus?
> 
> ...


----------



## TheMailMan78 (Jun 25, 2011)

the54thvoid said:


> No, i'm pretty sure the site is legit but still, wtf!  Hadn't seen it until this post and then kabaam.  MSE removed it though.  The worst thing is i wasn't even surfing anything 'fleshy'.
> 
> I'm pretty sure mailman's fairly clean but you can never tell with artists.



I think you just had a hellava coincidence happen man. lol


----------



## the54thvoid (Jun 25, 2011)

TheMailMan78 said:


> I think you just had a hellava coincidence happen man. lol



Should've played the lottery tonight.. dammit.


----------



## erocker (Jun 25, 2011)

95Viper said:


> Erocker, try this instead, if you don't wanna install any A/V.  It just runs and there is no install.
> Click the link under the download box to get the version for 64 bit.
> 
> Microsoft Safety Scanner



That's a nice program! I've gone virus scanner free for a couple years now and haven't gotten any virus. Of course this is on my play computer that I have nothing important on. On my work computer, I have gotten viruses and that computer uses virus "protection". Baffling. 

Thanks for the link, it doesn't hurt to run it once in a while to make sure.


----------



## 95Viper (Jun 25, 2011)

Yep, you can run a full or quick scan... full takes a while.
The reason it is only good for ten days - is that the definitions are built in and they sorta force you to use the latest to get the new defs.

@MM78 PM ANS.


----------



## InnocentCriminal (Jun 25, 2011)

TheMailMan78 said:


> lol Just to let you know how much its increased I got hit 6 times this month. Normally I get hit once maybe every three months. Things have increased no doubt.



Maybe you're just looking at the wrong stuff. 



Jokes aside, the only time I've had a virus this year was when my partner was using Google image search. Moral of the story is; never let your girlfriend/wife use your PC.


----------



## TheMailMan78 (Jun 25, 2011)

I am re-scanning with Malwarebytes now and when its done Im just going to format and reinstall. I hate having OCD.


----------



## WhiteLotus (Jun 25, 2011)

TheMailMan78 said:


> Just wanted to let you guys know that I am seeing a lot more virus activity. As an artist I am constantly scouring the web for reference using google image search and such. For the past few weeks I have been getting a lot of virus activity by just visiting sites to get an image.
> 
> Luckily my virus checker has picked up everything. I don't know why the sudden increase but keep an eye out guys. Keep your stuff updated and stay diligent. Things have definitely picked up as of recent and all I am doing is looking for pictures.
> 
> ...



Thanks for the heads up. I've not done a scan since god knows when. Doing a full scan now with MSE.


----------



## streetfighter 2 (Jun 25, 2011)

So how exactly is it that the virus in the image file works?  I'd imagine you have to open it with a particular program (read: browser) right?



erocker said:


> I shall persevere and continue with my unprotected internet orgy adventure. Pray for me.


Ditto.  Except don't pray for me . . .


----------



## AsRock (Jun 25, 2011)

erocker said:


> Can MSE be easily uninstalled? I'm curious to whether I have any viruses or not. My computer hasn't had any hardware to hardware contact with any other computers so I think I'm safe. Okay, the last part was a joke, the first part was an acutal question.



Yes it can be uninstalled.  I had to remove it from another computer as it was slowing it down way to much and pissing my wife off endlessly..


----------



## qubit (Jun 25, 2011)

AsRock said:


> Yes it can be uninstalled.  I had to remove it from another computer as it was slowing it down way to much and pissing my wife off endlessly..



I'll tell you what pisses me off about it: it doesn't update silently and automatically like any other internet security software (I have Kaspersky). Oh no, it asks you _every time_ if you want to install the damned update!  I was gonna recommend it to a friend as a decent free a/v, but scrapped it just for that.


----------



## garyinhere (Jun 26, 2011)

TheMailMan78 said:


> Things have definitely picked up as of recent and all I am doing is looking for pictures.



Still on your search for the Holy Grail ~ David Carradine self erotic asphyxiation pictures?


----------



## Easy Rhino (Jun 26, 2011)

imagine if men did not like porn.


----------



## TheMailMan78 (Jun 26, 2011)

garyinhere said:


> Still on your search for the Holy Grail ~ David Carradine self erotic asphyxiation pictures?



A man can dream can't he?



streetfighter 2 said:


> So how exactly is it that the virus in the image file works?  I'd imagine you have to open it with a particular program (read: browser) right?
> 
> 
> Ditto.  Except don't pray for me . . .
> http://img819.imageshack.us/img819/8723/c402apoliticalpicturese.jpg



No you just click on the image and when it loads the site the images its on the virus is downloaded.


----------



## AsRock (Jun 26, 2011)

qubit said:


> I'll tell you what pisses me off about it: it doesn't update silently and automatically like any other internet security software (I have Kaspersky). Oh no, it asks you _every time_ if you want to install the damned update!  I was gonna recommend it to a friend as a decent free a/v, but scrapped it just for that.



Wife hates it as it stops her game all the time it checks for a update.  I like aVast a way more tbh. 

And it's always a good idea to have 2 anti virus programs on a system too even if one don't run at boot.

Last virus i found was though MSI updater program lol. And i did think about it ssome maybe it was a false alert so i went to there site and downloaded the file directly of them without issue.


----------



## streetfighter 2 (Jun 26, 2011)

TheMailMan78 said:


> No you just click on the image and when it loads the site the images its on the virus is downloaded.


I'm aware that the virus can hide in an image but how does it get executed?

Put another way, I have several viruses in zips on my computer.  They're not doing anything because I didn't run them.


----------



## Easy Rhino (Jun 26, 2011)

streetfighter 2 said:


> I'm aware that the virus can hide in an image but how does it get executed?
> 
> Put another way, I have several viruses in zips on my computer.  They're not doing anything because I didn't run them.



a sophisticated fapping algorithm detects client fapping and executes the malicious code.


----------



## streetfighter 2 (Jun 26, 2011)

Easy Rhino said:


> a sophisticated fapping algorithm detects client fapping and executes the malicious code.


I installed Faplock.  It's a program that runs in the corner of the screen and does a picture slideshow with Rodney Dangerfield, Margret Thatcher, Janet Reno, Condoleezza Rice, Mussels and the product box for Windows ME.  That prevents malicious code execution . . . somehow.


----------



## Jstn7477 (Jun 26, 2011)

For those who are complaining about Microsoft Security Essentials "not automatically updating" or "not silently updating," I have never encountered those issues. I haven't touched MSE on this computer for months, and here's what clicking on it reveals:







Looks automatically up-to-date to me. No pop-ups, no noises, no user intervention. The only time I've seen MSE popups or notifications was when a computer was off for a week or more, or malware was detected.

I used to use Avast, but I had fun using my laptop in class without turning my volume off and having a pop-up and "YOUR VIRUS DEFINITIONS HAVE BEEN UPDATED" announced to the entire class. Also, the yearly activation key shit was annoying, and scans really bogged down the machine. MSE just displays its little green castle in my taskbar and my computer runs fine.


----------



## TheMailMan78 (Jun 26, 2011)

streetfighter 2 said:


> I'm aware that the virus can hide in an image but how does it get executed?
> 
> Put another way, I have several viruses in zips on my computer.  They're not doing anything because I didn't run them.



Its not the image. But the site that holds the image. Savvy?


----------



## streetfighter 2 (Jun 26, 2011)

TheMailMan78 said:


> Its not the image. But the site that holds the image. Savvy?


Oh I see.  Still don't get it though . . .  

So the malicious page achieves privilege escalation in the browser and then executes the virus?


----------



## twilyth (Jun 26, 2011)

I think sometimes they are exploits of the browser or the OS - part of the reason Microsoft has to release patches every Tuesday.

Most times it's because people don't use plug-ins like no-script, flashblock and adblock+.  You can have a trusted site but they might have a frame or section of the page that grabs content from ad sites.  that's where a lot of malware comes from.

If you simply block javascript by default, you avoid a huge chunk of malware that comes in via your browser.


----------



## Robert-The-Rambler (Jun 26, 2011)

*MSE can be updated through Windows Update*



Jstn7477 said:


> For those who are complaining about Microsoft Security Essentials "not automatically updating" or "not silently updating," I have never encountered those issues. I haven't touched MSE on this computer for months, and here's what clicking on it reveals:
> 
> 
> http://img.techpowerup.org/110625/MSE.png
> ...



So you don't really have to click on the orange or red icon.


----------



## TheMailMan78 (Jun 26, 2011)

twilyth said:


> I think sometimes they are exploits of the browser or the OS - part of the reason Microsoft has to release patches every Tuesday.
> 
> Most times it's because people don't use plug-ins like no-script, flashblock and adblock+.  You can have a trusted site but they might have a frame or section of the page that grabs content from ad sites.  that's where a lot of malware comes from.
> 
> If you simply block javascript by default, you avoid a huge chunk of malware that comes in via your browser.



How do you block Java in ie9?


----------



## twilyth (Jun 26, 2011)

TheMailMan78 said:


> How do you block Java in ie9?



I don't know if you can.  I seem to recall that there are some plugins for IE.  Do a search on ie plugins.  I found a couple of sites but didn't look too closely.  I searched on noscript and it didn't find anything at this site - http://www.ieaddons.com/en/

I went to the noscript site here - http://noscript.net/ - and it just seems to be for firefox.

There really isn't any substitute for firefox and the huge range of addons you can get for it.


----------



## RejZoR (Jun 26, 2011)

It's not a virus, it's a JavaScript obfuscation tool. What it means is that this thing is not viral by itself and doesn't do any damage by itself either. JavaScript obfuscation can be used as a legit method of obfuscating JavaScript actions to the end user so he/she cannot see what JS is actually doing in the background, they can only see the end result which is what's usually important to the end users. But can also be used to hide malicious JS code underneath it, doing the same and obfuscating it for antivirus programs.
I wouldn't really worry about it if you get it during usage of webpages that rely heavily on JavaScript. Just pay attention when other warnings appear and don't have "Virtool" string mentioned in it but do have Trojan/Worm/Virus names mentioned.


----------



## TheMailMan78 (Jun 26, 2011)

RejZoR said:


> It's not a virus, it's a JavaScript obfuscation tool. What it means is that this thing is not viral by itself and doesn't do any damage by itself either. JavaScript obfuscation can be used as a legit method of obfuscating JavaScript actions to the end user so he/she cannot see what JS is actually doing in the background, they can only see the end result which is what's usually important to the end users. But can also be used to hide malicious JS code underneath it, doing the same and obfuscating it for antivirus programs.
> I wouldn't really worry about it if you get it during usage of webpages that rely heavily on JavaScript. Just pay attention when other warnings appear and don't have "Virtool" string mentioned in it but do have Trojan/Worm/Virus names mentioned.



Very good info to know. Would you happen to know how to limit and or turn off java in IE9? I really do not like Firefox.


----------



## RejZoR (Jun 26, 2011)

I think IE9 is set pretty well out of the box (especially when using Protected Mode). There are few extra options in the Security tab in the settings. You might want to check that. There are few script related settings that you can fiddle with. Though i can't really tell you much as i haven't used IE for like a decade. If you have some decent antivirus i wouldn't really worry about it.


----------



## RejZoR (Jun 26, 2011)

A small addition and correction of something that i said before:



> I wouldn't really worry about it if you get it during usage of webpages that rely heavily on JavaScript.



What i really wanted to say was:



> I wouldn't really worry about it if you get it during usage of webpages that rely heavily on JavaScript and are known good webpages like Hotmail, Yahoo Mail, GMail etc.


----------



## AsRock (Jun 26, 2011)

twilyth said:


> I think sometimes they are exploits of the browser or the OS - part of the reason Microsoft has to release patches every Tuesday.
> 
> Most times it's because people don't use plug-ins like no-script, flashblock and adblock+.  You can have a trusted site but they might have a frame or section of the page that grabs content from ad sites.  that's where a lot of malware comes from.
> 
> If you simply block javascript by default, you avoid a huge chunk of malware that comes in via your browser.



So true, that's one of the many reasons i use outpost firewall as you can block or allow that kinda shit from the start.


----------



## qubit (Jun 26, 2011)

AsRock said:


> Wife hates it as it stops her game all the time it checks for a update.  I like aVast a way more tbh.



Yeah, I'll bet. Why not put Avast on for her then?



AsRock said:


> And it's always a good idea to have 2 anti virus programs on a system too even if one don't run at boot.
> 
> Last virus i found was though MSI updater program lol. And i did think about it ssome maybe it was a false alert so i went to there site and downloaded the file directly of them without issue.



Indeed, running two is a good idea for that extra bit of security.


----------



## remixedcat (Jun 26, 2011)

OK here's the problem with google image search's design:

1)it only displays thumbnails be default... most users blindly click on one. 
and these are only accessible by hovering with a 1 or 2 second delay... sometimes longer.
2)it doesn't display the file size
3)it doesn't display the resolution
and most importantly:
*4)It doesn't display where the image is from!!! if more people would pay attention to the domains where the image is from there would be less crap. 
*
I would not click a link from an image of, for example, cuddly-cute-kitten-03.jpg from cute-kittens-cuddly-zone.ng   or sexy-hair-02 from sexy-hair-styles.biz  those really look suspicious to me and I never click on those.... most of those type of sites from those kinda domains have infected me. specially the hairstyles ones. I've gotten infected by going to a hairstyles website. 

there's a greasemonkey script to restore the older, nicer and better version of google images here:
http://userscripts.org/scripts/show/82140

however it only redirects, the user must wait a couple seconds for it to kick in. but it's better then the crap they have now. 

I hope this helps.


----------



## BumbleBee (Jun 26, 2011)




----------



## remixedcat (Jun 26, 2011)

I also use a HOSTS  file as well and keep it updated.

oh and KITTY!!!!!!!!!!!!!!!!!!!!! >^_^<


----------



## caleb (Jun 26, 2011)

Somebody once said a smart thing somehwere. To run your browser within a VM if you browse a lot of unknown hosts. Id do that but I just play video games on my PC


----------



## 95Viper (Jun 26, 2011)

TheMailMan78 said:


> How do you block Java in ie9?



How to Disable JavaScript In IE9


----------



## Easy Rhino (Jun 26, 2011)

the community is thoroughly warned. closed.


----------

