Just had to share this infected gem

[antharr]

I work for an ISP and deal with all sorts of issues when people run into internet connectivity issues. I run into malware issues quite often but ones like this machine shown below never cease to amaze me. This was a scan in progress with Superantispyware. Please keep in mind that this was not the first we have helped this individual clean their machine. This machine has Avast and Malwarebytes installed. This goes to prove that the most valuable security tool is the user.

 

[richc46]

TY for sharing and of course, I agree 100%. Just a little common sense goes a long way.
Stay away from the alluring sites, that we know have a virus for all visitors.

 

[alwinwinjoe]

I believe that client regularly visit adult sites...

 

[DigitalDeviant]

I believe that client regularly visit adult sites...

Worse... Facebook. From just a glance without looking each one up I'd say it's Facebook and maybe some free games. I'm guessing they got a lot of those "Your infected install our A/V" type pop-ups. I doubt any of this was of any significant threat. I work tech support for an ISP myself and I've seen far worse.

 

[antharr]

I believe that client regularly visit adult sites...

Worse... Facebook. From just a glance without looking each one up I'd say it's Facebook and maybe some free games. I'm guessing they got a lot of those "Your infected install our A/V" type pop-ups. I doubt any of this was of any significant threat. I work tech support for an ISP myself and I've seen far worse.

You are right. I have seen machine much worse myself. There's nothing like logging into a machine to see that 50% of the browser window is covered with tool/search bars.

 

[Corrine]

Setting the rogue showings aside and safe/unsafe surfing habits, with the Vundo variants in that image, I would look at Java to make sure the old, vulnerable versions are uninstalled. Even if the most current version is installed, if the old version remains on the computer, the computer is vulnerable to Virtumundo.

 

[Thorsen]

lol I have seen all these except the first one listed. I haven't seen Vundo in a while though. there is a specific program to get rid of Vundo called Vundofix. you can find it here. If the infection comes back use this: |MG| VundoFix 7.00 Download

Also, I have seen many replies on this forum that suggest MSE instead of Avast. that might help this character not be infected as much.

 

[antharr]

Setting the rogue showings aside and safe/unsafe surfing habits, with the Vundo variants in that image, I would look at Java to make sure the old, vulnerable versions are uninstalled. Even if the most current version is installed, if the old version remains on the computer, the computer is vulnerable to Virtumundo.

That could be the issue now that you say that. I keep getting unrecognized windows command when I tried to use ping or ipconfig. The system path in Advanced Settings was hosed and the file path was pointing to the Java program folder. I had to change it back to c:\windows\system32 to so that commands would work.

 

[CarlTR6]

That is an untrained, ignorant user.

 

[Corrine]

lol I have seen all these except the first one listed. I haven't seen Vundo in a while though. there is a specific program to get rid of Vundo called Vundofix. you can find it here. If the infection comes back use this: |MG| VundoFix 7.00 Download

FYI, Atri hasn't updated Vundofix in a long time -- probably since he started working for Lavasoft, which he has since left to work for Prevx.

Best course of action is uninstalling all old versions of Java and installing the latest version (although it too has issues -- see Serious New Java Flaw Affects All Versions of Windows) and scanning with MBAM.

 

[Thorsen]

Lol thanks Corrine, I haven't seen Vundo in a while. Last time I cleaned it from a comp, VundoFix was still up-to-date. I was looking today after posting to see if MSE and newer programs do the same thing VundoFix does, but had no luck in finding the info so far.

Thanks for the heads up.

Snippet from website:
-------------------------------
Vundofix Update Written by Administrator Jan 28, 2007 at 10:03 AM
-------------------------------

 

[Jacee]

Use JavaRa if older versions won't uninstall normally
JavaRa Updates and Removes Old and Redundant Java Versions - Windows - Lifehacker

 

[antharr]

lol I have seen all these except the first one listed. I haven't seen Vundo in a while though. there is a specific program to get rid of Vundo called Vundofix. you can find it here. If the infection comes back use this: |MG| VundoFix 7.00 Download

FYI, Atri hasn't updated Vundofix in a long time -- probably since he started working for Lavasoft, which he has since left to work for Prevx.

Best course of action is uninstalling all old versions of Java and installing the latest version (although it too has issues -- see Serious New Java Flaw Affects All Versions of Windows) and scanning with MBAM.

I always recommend following up with a SAS scan as well. There have been instances where it picked up a few things that MBAM did not and vice versa.