Comments on: Another virus infection, courtesy of Yahoo News

By: April R

April R — Wed, 05 May 2010 04:05:13 +0000

You are right!! Yahoo gave me an infection that nearly ruined my laptop.

Today I went to yahoo news and was reading about the arrest of the new york bomb arrest. Suddenly my computer was taken over by a rogue fake antivirus program. I didn’t even click on anything or authorize a download! It has taken me ALL DAY to try to get it off. I couldn’t do anything in regular mode, even shut down. I had to remove the battery and put it back in and then reboot in safe mode. Then I ran spybot search and destroy. It found fraud.sysguard on there. I clicked to fix the problem” hoping spybot would fix it. I restarted in regular mode and instantly 20 windows popped up telling me I have a virus and I have to give this fraudulent company money to take it off. I shut down and started in safe mode again. Before it was over I had run AVG, MALWARE BYTEs which found 3 more infected files, run a registry cleaner, and I had to still do a system restore, all from safe mode. I barely got the thing working but it is acting weird. I knew the only page I had open when this happened was yahoo news. I was searching for information when I found your article. I can’t believe such a widely used mainstream site would allow themselves to be infiltrated by such crap! I guess I will be staying on CNN from now on.

fraud.sysguard is an AWFUL one to get.

By: sakolone

sakolone — Sat, 10 Oct 2009 03:04:01 +0000

I’m using Windows and following your instructions i’ve found hundreds or even thousand of dll files in my system32. What does this files do? It doesn’t seems to affect me in anyways. But anyway, how do i get rid of them without buying expensive virus scanners?

By: Russ

Russ — Mon, 03 Aug 2009 07:43:22 +0000

August 2,2009 Norton just blocked aqq.netalbion.net/ptp/in.php frp attacking computer aqq.netalbion.net (66.135.37.21,80). I was amazed that a google search hardly found any sites referencing it.The target was mozilla firefox\firefox.exe according to Norton. I was watching an old movie on Hulu with commercials.

By: Stratagerm

Stratagerm — Tue, 23 Jun 2009 01:38:24 +0000

Months later the advert-base.net clowns are still at it, see my blog Ad servers being used to spread exploits.

By: Christian Donner

Christian Donner — Fri, 10 Apr 2009 21:22:34 +0000

The German C’t magazine requires the purchase of one print issue, so technically, Knoppicillin is not free. I am afraid you will not find it legally. Their downloadable version does not have the virus scanners. I have a magazine subscription and I got it in the mail.

By: Daniel Matalon

Daniel Matalon — Fri, 10 Apr 2009 21:04:37 +0000

pls get a correction my mail is …..

By: Daniel Matalon

Daniel Matalon — Fri, 10 Apr 2009 21:02:48 +0000

Hi Christian

fantastic story, I’ve been searching now for hours the Knopicillin CD – found many sites in German (which I don’t read), can you help me find a place I can d/l lastest version – I assume ver. 7

thanks

Daniel
Tel-Aviv, Israel

By: Christian Donner

Christian Donner — Fri, 10 Apr 2009 01:49:19 +0000

All true. Short of uninstalling Acrobat, I disabled the Acrobat Extension in IE (Tools/Internet Options/Programs/Manage Ad-ons). I also turned on In-Private filtering in IE8, which is supposed to block 3rd party ads.

By: Christian Donner

Christian Donner — Fri, 10 Apr 2009 00:28:59 +0000

I am not an expert in Mac security threats, but I would think that you are probably fine. The malicious code that this PDF wants to download will not run on the Mac.

By: mark anthony

mark anthony — Fri, 10 Apr 2009 00:19:53 +0000

this is what you need to do. go to control panel add remove programs (for xp) and remove all versions of adobe acrobat. download the free adobe reader foxit from foxitsoftware.com, it does not have the scripting vulnerability. download the free virus scanners malwarebyes and combofix. google search for the url’s. both of these utilities do an excellent job of detecting and removing virus. for free virus prevention try avast or avg – search google for urls. make sure you have all the latest windows updates. use the latest firefox browser. also remove all versions of java and download the latest fromjava.com. old java has vulnerabilities.

as far as the infected ad servers I suspect this has an impact on the bottom line so yahoo and others are potentially sacrificing their customers. What is more concerning is what the bad guys are doing with these subverted computers. A site like yahoo is used in corporations so we can assume that the bad guys are getting access to internal corporate networks and their data. Within the last week I repaired a few of my clients computers of various viruses and they were all running old versions of acrobat reader. These same clients had access to a credit card merchant server. This is very bad. Adobe too is to blame for this for not going public with a full recall. I believe that American intellectual property is being siphoned out bit by bit.