Just had to share this infected gem

antharr · 13 Apr 2010

I work for an ISP and deal with all sorts of issues when people run into internet connectivity issues. I run into malware issues quite often but ones like this machine shown below never cease to amaze me. This was a scan in progress with Superantispyware. Please keep in mind that this was not the first we have helped this individual clean their machine. This machine has Avast and Malwarebytes installed. This goes to prove that the most valuable security tool is the user.

richc46 · 13 Apr 2010

TY for sharing and of course, I agree 100%. Just a little common sense goes a long way.
Stay away from the alluring sites, that we know have a virus for all visitors.

alwinwinjoe · 13 Apr 2010

I believe that client regularly visit adult sites...

DigitalDeviant · 13 Apr 2010

alwinwinjoe said:

I believe that client regularly visit adult sites...

Worse... Facebook. From just a glance without looking each one up I'd say it's Facebook and maybe some free games. I'm guessing they got a lot of those "Your infected install our A/V" type pop-ups. I doubt any of this was of any significant threat. I work tech support for an ISP myself and I've seen far worse.

antharr · 13 Apr 2010

DigitalDeviant said:

alwinwinjoe said:

I believe that client regularly visit adult sites...

Worse... Facebook. From just a glance without looking each one up I'd say it's Facebook and maybe some free games. I'm guessing they got a lot of those "Your infected install our A/V" type pop-ups. I doubt any of this was of any significant threat. I work tech support for an ISP myself and I've seen far worse.

You are right. I have seen machine much worse myself. There's nothing like logging into a machine to see that 50% of the browser window is covered with tool/search bars.

Corrine · 14 Apr 2010

Setting the rogue showings aside and safe/unsafe surfing habits, with the Vundo variants in that image, I would look at Java to make sure the old, vulnerable versions are uninstalled. Even if the most current version is installed, if the old version remains on the computer, the computer is vulnerable to Virtumundo.

Thorsen · 14 Apr 2010

lol I have seen all these except the first one listed. I haven't seen Vundo in a while though. there is a specific program to get rid of Vundo called Vundofix. you can find it here. If the infection comes back use this: |MG| VundoFix 7.00 Download

Also, I have seen many replies on this forum that suggest MSE instead of Avast. that might help this character not be infected as much.

antharr · 14 Apr 2010

Corrine said:

Setting the rogue showings aside and safe/unsafe surfing habits, with the Vundo variants in that image, I would look at Java to make sure the old, vulnerable versions are uninstalled. Even if the most current version is installed, if the old version remains on the computer, the computer is vulnerable to Virtumundo.

That could be the issue now that you say that. I keep getting unrecognized windows command when I tried to use ping or ipconfig. The system path in Advanced Settings was hosed and the file path was pointing to the Java program folder. I had to change it back to c:\windows\system32 to so that commands would work.

CarlTR6 · 14 Apr 2010

That is an untrained, ignorant user.

Corrine · 14 Apr 2010

Thorsen said:

lol I have seen all these except the first one listed. I haven't seen Vundo in a while though. there is a specific program to get rid of Vundo called Vundofix. you can find it here. If the infection comes back use this: |MG| VundoFix 7.00 Download

FYI, Atri hasn't updated Vundofix in a long time -- probably since he started working for Lavasoft, which he has since left to work for Prevx.

Best course of action is uninstalling all old versions of Java and installing the latest version (although it too has issues -- see Serious New Java Flaw Affects All Versions of Windows) and scanning with MBAM.