If you believe you have been victimized by malware while visiting the SDMB, please post a report to About This Message Board so we can investigate. For best results, malware reports should include the following:
Time/date of occurrence, your geographic location, and browser/operating system you are using.
Whether you were looking at an SDMB page or a column archive page. These are hosted on different servers and see different ads.
If possible, provide a screen shot of the page you were on when the incident occurred. With WinXP this can be done with Alt-PrintScreen and with Win7 you can use the Snipping Tool. If you can’t do this, please describe any ads or popups that were visible.
If you get hit more than once, are at least moderately tech savvy, spend a lot of time on our site, and are willing to run bug tracker software in the background, we’d be grateful if you did so - this has proven to be an effective way to identify the source of rogue software. Let me know if interested.
Each time, I was on this site. The last time, maybe a half hour ago, I was composing a new thread in Cafe Society and hit ‘enter’, then my IE session closed I got the ‘XP Security 2012’ fake ‘virus removal’ instructions. I have Symantic endpoint security and part of the business IE security. I also had MalwareBytes running. I was able to get IE back up but cannot get Malwarebytes to open now .
it put an executable (this one called epu.exe) in C:\Documents and Settings\user name\Local Settings\Application Data. I renamed the .exe then was able to end that task. I am still hosed.
Try renaming the malwarebytes executable from mbam.exe to mbam.scr and double click on it. It might throw up an error dialogue, but it should still run and get you cleaned up.
I was surfing SD on Friday, 1/6/12, about 11 AM central time. Geographic location = central Minnesota. Browser = Internet Explorer 8, 64 bit edition. Operating system = Windows 7. I would have been in one of the forums at the time. I had Microsoft Security Essentials running, updated and actively monitoring the computer.
I started getting popups that tried to look like an antivirus program…Windows 7 Antivirus, something like that. Sorry I didn’t get the exact names. It was a bugger to remove. It disassociated file types with the program that runs them. Any attempt at running malware removal programs would actually erase the program I tried to run.
I finally managed to run ComboFix from a CD that got rid of it, after two runs. Then I was able to do a system restore. In hindsight, I think this has happend two other times in the last three months or so. Never quite so bad, but similiar circumstances.
Sorry to hear you had problems. Since you may have had this happen more than once, you’re a good candidate for running the Fiddler debugger in the background and capturing a log if this happens again. Would you be willing to do this? Logs are the one proven method we have of tracing malware. Let me know - you can reply by e-mail to edzotti at aol dot com. Thanks.
I was surfing a few pages in MPSIMS, and when I clicked to go to a ‘last post’ in a thread, I got a strange redirect. Come to find out it was a ‘Scour Redirect’ which also hijacked my google searches. Symantec Endpoint keeps blocking/quarantining a Bloodhound.Exploit.346 trojan (apparently).
I cannot guarantee I picked it up here, but it only first appeared when I went to go to a ‘last post’.
I run Symantec Endpoint antivirus, and Malwarebytes’ Anti-Malware, both of which I’m running with a barrage of other programs to isolate and kill this particularly sticky little bastard of a virus.
gets a pop op windows dialog box spawned by the ie frame.
I use task manager to shut down all instances of IE so it doesnt get further, and I don’t click the box. This time IE threw an error that gave me the above frame url. I’ll add it to my hosts blacklist. But it IS spawning from SDMB.
I just got the fake virus messages from the straight dope, about two minutes before this post. It was not an archive
It was a pop-up and it mimicked the look of Microsoft Security Essentials. I’m sorry I did not get a screen shot, but my ahbit is to close the window as soon as this happens lest I accidentally click on something that will really infect my machine.
Just got a re-direct to a porn site when reading the game room, on my ipad (pretty sure I hadn’t touched anything on the screen). It sounds like the same redirect that these guys are discussing on another forum (same dodgy site):
