Onlinestability

Fuck fuck fuckitty-fuck fuck fuck with a side order of fuck.

:mad:

While surfing, Mrs M seems to have picked up something that got straight past Norton. It’s an annoying little shitbag of a virus that warns of a security hole on your machine and takes you to a webpage (as per the thread title) where you can buy antivirus software. And then three minutes later it pops up another window saying the same again

And then three minutes later it pops up another.

And another.

And another.

Googling, I find only a handful of references, and they’re in French, which is of limited help to me given that I flounder at anything much more technical than ordering a meal or filling the car up with essence. Seems this is a really new little toy and there’s not much out about it in cyberspace as yet.

I was all set to flame Mrs M for surfing for porn (not that I don’t, but I’ve managed never to bring home a virus, and it seems she couldn’t manage this for five minutes) but in mitigation this appears to be very new and even Symantec don’t know a damned thing about it.

Fuck, once again. :smack: :smack: :smack: :smack: :smack:

…Phew. Think it’s fixed. Had to go into Safe Mode before I could run the restore wizard successfully, but now the flashing exclamation mark has disappeared from the system tray and I’m crossing my fingers…

What’s it called?

I found a very nice little tool which removes this kind of stuff, even if it’s new. It’s called SmitFraudfix, it’s completely free and it’s really aggressive with rooting out this type of rogue software.

Just got to ditto this. Smitfraudfix eventually did clear out my spysherrif infestation after some twiddling, and it hasn’t come back since.

Also - giving mad props for AVGs new professional internet security programme. You have to pay for it, but if you’re going to pay for one anyway it’s a pretty good one to get. Haven’t had a single problem since I installed it.

I don’t know what the virus is called. While Norton was running it seemed to spot something called drivecleaner which is described as behaving similarly, but Norton also thought it had cleared out drivecleaner and when I followed the manual steps for deleting the relevant folders and registry entries, there were none there. The problem persisted, though. Obviously System Restore just takes your system software back to a known-good checkpoint, and you don’t get to learn the differences it found.

As of last night the only reference I found to onlinestability were on a French website, and my technical French sucks like {insert simile of choice}. Looks like it’s a new development, like 4th of March new.

You mean aside from the website? The whois information indicates it was registered on February 12 of this year from the Ukraine.

Not knowing about whois would have kept me from finding that out. A shame for an IT professional of 25+ years’ standing to admit this, but my PC-fu is still only at “Grasshopper” level.

Malacandra, go to Control Panel and check “Add and Remove Programs.” Check for any new programs that you don’t recall installing. The trojan you encountered is in the zlob family, often disguised as a video codec, and seems to be making the rounds right now.

Look especially for “security suite” apps that have suddenly appeared in the program list. Even though an uninstaller is offered, it won’t actually work - clicking on “uninstall” will only pop up a window telling you that your computer has to reboot first.

You may need the Smitfraudfix file that **QED **linked to. That seems to be the best way to remove it.

Here is removal instructions for getting rid of DriveCleaner. Another program from the Onlinestability website that has removal instructions: SystemDoctor 2006.

I went through “Add or Remove Programs” but couldn’t find any likely looking culprits. As for me, I’m fixed already - System Restore did the necessary, once I’d figured out how to do it (wouldn’t work without going into Safe Mode, though it didn’t tell me why it wasn’t working).

Symantec had steps for manually deleting DriveCleaner, but the files and registry entries it referred to weren’t on my computer, so I think Norton must have successfully wiped it for me - I thought it hadn’t as the problem was persisting, but it obviously wasn’t DriveCleaner.

In Ukraine, Trojans put on YOU!

:smiley:

Fuck Norton SystemWorks

Since that thread, I’ve switched to AVG Free Edition. It’s not as configurable as I’d like, but hey, it’s free, and it seems to work well.