Malaware Message

Feedback and suggestions for Speculative Vision. This is also where we make site announcements.

Moderator: Bmat

User avatar
Qray
Moderator
Moderator
Posts: 8152
Joined: Sat Apr 09, 2005 12:15 pm
Location: Down in Cognito

Re: Malaware Message

Post by Qray »

A friend of mine got the same thing. If it happens to you again, let me know what URL it is that you get redirected to and what ad was at the top of the SV Page.
I'm going to die the way I've lived...poor, screaming, and naked.

User avatar
The Master
Site Admin
Site Admin
Posts: 2006
Joined: Tue Apr 05, 2005 4:55 pm
Location: California
Contact:

Re: Malaware Message

Post by The Master »

Trying to track it down.

User avatar
Asp Zelazny
True Visionary
True Visionary
Posts: 1919
Joined: Sun Sep 26, 2010 9:17 pm
Location: Arizona

Re: Malaware Message

Post by Asp Zelazny »

Just a bit of a warning: there's a new virus/worm/trojan out there that I fell for ... spent most of today working with the McAfee live service to fix, 'cause I walked right into it. Got an email allegedly from PC Mag yesterday (and I've gotten those regularly), this time touting a new, souped up virus scanner and overall fixer-upper, free scan the first time. Stupid me/trusting me, judging the email to be legit: clicked on the link, read some of the descriptions and the terms of use, noted that the website was not an https:// site so did NOT accept the analysis or download anything. Within the next 30 minutes started getting messages of all kinds of nasty viruses/trojans, infected emails being received and being sent out from the program called OpenCloud Security. These became increasingly frequent, and then the computer would jump to a blue screen, and before it could be read would jump to a version of the Windows "splash screen" WITH THE TIMER BAR SPINNING OVER AND OVER AS IT REBOOTED! Very impressive special effects! It would then pop to a screen that would give you the option of "Buy Now" which connected you to a website that for only $52.95 would allegedly sell you the program to debug (right) or you could click on "continue unprotected" ... this would let you work for about 10 minutes before the cycle would start again. After midnight, the program shut off access to "Add/Remove Programs", Windows security, shut off access to Google, Ask.com and other web sites, and disabled my wireless internet connectivity. The only way I could strike back was to disable the program's access to the internet (which IT had maintained). My existing copies of McAfee Security and Ad Aware were unable to find anything wrong.

Today spent a lot of phone time to Bangalore with McAfee: was able to finally get internet access with a direct line modem, and get a remote analysis in Safe Mode: found an OpenCloud.exe buried deep in my system and removed it. Went to lunch, and on my return, the thing was back. Another hour with Bangalore found the root program "csrss.exe" even deeper in the system, and got that sucked out too. They checked on their data-base, and it's a new virus (Yay! First sucker to fall for it! But no finders fee). But now it seems to be gone.

I've notified PC Mag/Zinio that they are being spoofed. The antivirus community is now aware of this new one out there. And I'm putting out the word.

Gotta say though ... got hooked by better than usually social engineering, and the scary special effects to the computer were very entertaining. But it cost $89.95 to McAfee and about 4 hours to bring my computer back to life.

User avatar
nightlock
Site Regular
Site Regular
Posts: 460
Joined: Fri Sep 05, 2008 1:28 pm
Location: Netherlands
Contact:

Re: Malaware Message

Post by nightlock »

Asp Zelazny wrote:After midnight, the program shut off access to "Add/Remove Programs", Windows security, shut off access to Google, Ask.com and other web sites, and disabled my wireless internet connectivity.

That was BRILLIANT!
:smt105 I mean... Ooh Devious. Those bastards, etc.
Still, gotta admit, that was a stroke of genius.

Good to hear you got your computer back.
Sorry to hear it cost you so much. Mayhaps it was a scheme by the telephone company?
Image

Read New Awakenings

"This is here." :smt104

User avatar
Bmat
Super Moderator
Super Moderator
Posts: 5908
Joined: Tue Apr 05, 2005 5:31 pm
Location: East coast US

Re: Malaware Message

Post by Bmat »

Thank you for the warning. I've had email from an online person I knew years ago. It didn't make sense that she'd be contacting me with the subject of the email, so I've been deleting, assuming it was viral.

Post Reply