I woke up my laptop, opened my browser, went to the Straight Dope, and looked around for several minutes at various threads. I then started getting “warnings” from a program called “Antispyware Soft.”
All I had looked at online was the Straight Dope, so either it came from here, or it came from somewhere else and waited a while to initiate anything, which is possible for all I know. Just saying–it might have come from here.
More then likely it’s a virus already on your computer, it just happened to pop up while you were here.
Go to malwarebytes.org. Download/update/run, delete everything it finds. Reboot and re-run it and keep doing it until it stops finding things. You may have to go to safe mode to get everything off.
It’s possibly from one of the ads.
There are ads?
Detailed removal instructions: Antispyware Soft (AntispywareSoft) Virus Removal Guide | Virus Removal Guru
You do understand how malware works, right? You have to actually install an application, or at least run a script that alters your registry to load up an exec within that script Nobody can just load a virus into a message board entry for you to download. More than likely it came from some ad site popup script, which you should disable by default anyway.
Stranger
Same thing happened to me recently during a vist to the Dope. Even the same anti-spyware messages. It seemed to happen immediately after I viewed a thread that had something to do with viruses, which made me suspicious.
I don’t know how the heck that thread could have done anything to my computer, since I didn’t click on any links. But the timing was weird.
I told the mods about it just in case they felt it was worth checking out.
Yes, I do, and I have given no indication otherwise. :rolleyes:
You aren’t alone in having malware problems around here.
I have no connection at all to the folks that run the SDMB servers and such, and I haven’t really followed this closely, but here is my take on it.
You posted that you are already aware of this.
From what I’ve seen, this doesn’t seem likely. It is not impossible though.
This seems most likely, and from what I’ve seen most folks have correlated it to the advertising, which is why I don’t think it is coming from the SDMB servers themselves.
Advertising on the straight dope doesn’t come from the straight dope servers. They contract out the advertising to someone like Jim-Bob’s Advertising Service (a completely fictional name since I have no idea who they actually use around here). Jim-Bob then contracts out ads to anyone who is willing to pay.
Let’s say for example that you click on Carol’s latest rant about Cattle Mutes. The SDMB server gives you the thread and points your computer to Jim-Bob’s computer for part of the page content. Jim-Bob’s computer then uses whatever info the sneaky advertisers can use to give you an ad (the page content, any tracking cookies you have on your system, etc). Let’s say it decides to send you to Casey’s Cattle Prods and Bondage Supplies. Your computer then contact’s Casey’s computer, and you get your ad.
Jim-Bob’s computer could be giving you the malware, or Casey’s computer could be giving you the malware. Jim-Bob runs a service and wants to stay in business, so he generally probably keeps his computers fairly clean, because if he gets a reputation for having infected systems people aren’t going to buy his services. Casey, though, could be any random asshole from the internet, so all bets are off for his system. The malware is therefore most likely to be coming from Casey’s system.
There is a thing called DNS cache poisoning, and it is sometimes a major problem on the internet. DNS is how your computer turns names (like boards.straightdope.com) into numbers that the computer can use. Boards.straigthdope.com is meaningless to a computer, so it sends out a DNS request to your computer’s DNS server (typically a computer run by your ISP). The DNS server says boards.straigthdope.com is 209.104.5.198, which the computer can use.
Now here is the problem. DNS follows a hierarchy, which ultimately comes down to a small number of computers which have the “master list” of all of the DNS entries. If some hacker manages to somehow gain access to your ISP’s copy of this list, he can hijack any requests your computer sends to it. So, let’s say the ad happens to come from someplace really popular, like google. Your computer sends out a DNS request for the google ad server, but instead of getting the real DNS entry for that, the poisoned IPS DNS server sends you to Evil Dude’s Malware Computer instead.
So the problem may not even be with the SDMB, your computer, the ad broker, or the advertiser server, but could in fact be a problem with your ISP.
Most likely, though, it’s coming from the ad server (Casey, in this example).
There used to be a sticky for what to do if you see malware around here. They condensed things (apparently in an effort to de-clutter things around here) a while back so it’s not so obvious now, but it is linked to from the FAQ:
If you think you see malware on the SDMB
ETA: I think the OP already understands a lot of this, just posted this info for the benefit of anyone else coming into the thread
The other day someone made a joke and I splortled all over the screen. I think I was coming down with a cold at the time. Sorry.
I got exactly the same thing last night. I tend to have several windows going at the same time, so I didn’t make a SDMB connection.
Rolleyes yourself. In your o.p. you clearly indicate that you believe that the malware maybe have been installed by a message board. However, all image, scripting, and attachment functions in vBulletin have been disabled on the Straight Dope Message Boards, so it could not have been installed from here.
This is actually a very common piece of malware, and is relatively easy to disable, simply by following the instructions above, editing the appropriate registry entries to prevent it from being started automatically as a service, and removing the exec files. While obnoxious and obtrusive, it doesn’t do any real damage to your system (although it can load on other sniffers and viruses that can do damage) and thus should be disabled as soon as possible.
You should also configure your operating system so that your standard login account has minimal permissions to change system configurations in order to prevent any sort of malware from taking hold or controlling the system. Even the security-retarded XP can be readily hardened to make it nearly immune from this kind of attack, and Win7 is actually pretty secure from these types of violation by default configuration provided that users don’t override the security features.
Stranger
I have never seen a message from Antispyware Soft, but I have on at least two occasions within the last week had my screen go black and IE freeze up when I loaded a thread.
I’m running anti-everything software so maybe that’s blocking the message. It’s not clear that this is the same problem, though. No threats have been discovered on my machine from any of the checks.
It has occurred only from clicking on a SDMB thread in IE.
Even a cursory glance at just the title of my post indicates that I’m not saying the message board itself somehow infected me. The suggestion was that “something on the SDMB may be infected.”
There are ads on the SDMB. That’s basically what I had in mind, though I wasn’t sure if there are other elements accessed by viewing boards.straightdope.com that might also have been transmission vectors.
I suppose that where, in the message itself, I used the phrase “it came from here”, I might have phrased it as “it came through here” instead. But it seems to me it would take an oddly large amount of lack of charity to have misread me on that point.
I took care of everything last night, using rkill and Malwarebytes. (Also, in case people are curious for whatever reason, I typically use a minimally permissive account. I opened up a more permissive accout the other day when I was messing with something or other, and I guess that must have been when the thing got through.)
Here is my experience:
I was a charter member for years. My membership expired and now I have ads. Yesterday, I found the “Antispyware Soft” virus on my computer (exactly the same as in the OP).
Coincidence? Maybe. But I can tell you that I am off to find a new browser with an ad blocking function. Any advice?
I’m sorry; I was being pedantic and snippy about a semantic issue of no import. Please accept my apologies.
Stranger
Firefox with either AdBlock Plus or (even better) NoScript installed is what I’d recommend.
Someone has already suggested running a limited user account when on the web. I second that; it’s a lot easier to clean up!