New
#1
My PC just got exploited... Wow.
Anyone else experience this?
I was only browsing three sites: webassign.net (Homework), 9gag.com (heh XD), and explosm.net (site for those popular comic shorts). While scrolling through explosm.net, all IE windows suddenly closed and an Adobe Flash UAC prompt popped up (A legit one). Considering Flash's sec rep and the unexpected closing of my windows, I hit DENY. But suddenly, fake scareware stuff popped uped all over! Trying to open any exe file associated with MS gives me a "Win 7 Antispyware 2012 Firewall Alert". I manage to eventually open Task Manager, and I noticed that all the warnings came from an exe in %appdata%/Local. My desktop looked like this:
[Unedited except shortcuts to protect privacy; Action Center Window is a fake one (checked exe location)]
What really baffled me was how it managed to close MSE without even ticking it off. It also managed to somehow associate all .exe files such that it passes through the malicous exe. Deleting the said exe would cause any executable to pop up an "open with" dialog except my computer. That even baffled me even more because last I checked, you need admin privilages to do that and it STILL did it without elevating!
With IE's sandboxing and Win7's security features, you would expect malicious programs to have difficulty doing dirty stuff on your computer...
Nothing beats a quick system restore, but to all of you out there, never let your guard down no matter how good you can be.
This is one valuable lesson I've learned today.