Sign in to follow this  
Followers 0
m2mike

Mininova gave me a virus.

15 posts in this topic

In my most recent visit to mininova.org, I downloaded a virus that was forwarding my yahoo and google search results to various websites. I just wanted to share the news here. Lock down those browser settings, guys. It affected IE and Firefox. I had to hunt down the problem with various anti-spyware utiliites. I finally found the culprits with RootRepeal and then was able to boot off a Live CD and erase the files that were the cause of the problem.

Yes, I am back from the dead. How is everyone doing?

1

Share this post


Link to post
Share on other sites
In my most recent visit to mininova.org, I downloaded a virus that was forwarding my yahoo and google search results to various websites. I just wanted to share the news here. Lock down those browser settings, guys. It affected IE and Firefox. I had to hunt down the problem with various anti-spyware utiliites. I finally found the culprits with RootRepeal and then was able to boot off a Live CD and erase the files that were the cause of the problem.

Yes, I am back from the dead. How is everyone doing?

Something which remains unclear to me, did you get the virus through your browser (by loading a page that contains code to exploit a particular flaw in the browser) or did you download something with bittorrent that contained a virus?

1

Share this post


Link to post
Share on other sites
In my most recent visit to mininova.org, I downloaded a virus that was forwarding my yahoo and google search results to various websites. I just wanted to share the news here. Lock down those browser settings, guys. It affected IE and Firefox. I had to hunt down the problem with various anti-spyware utiliites. I finally found the culprits with RootRepeal and then was able to boot off a Live CD and erase the files that were the cause of the problem.

Yes, I am back from the dead. How is everyone doing?

Something which remains unclear to me, did you get the virus through your browser (by loading a page that contains code to exploit a particular flaw in the browser) or did you download something with bittorrent that contained a virus?

I did not download any illegal or copyrighted software from any links provided there. Google "virus mininova" and you will discover that this is not the first time that mininova has spread a virus.

1

Share this post


Link to post
Share on other sites

I have experienced getting viruses from TPB and Demonoid through what I assume are the advertisements. Sometimes I would nav to a page and my antivirus would start freaking out about something in my firefox folder. There was a big thing about the occurrence in TPB on a few torrent news sites.

0

Share this post


Link to post
Share on other sites

Yeah, it's a virus in one of the ads on that site.

People, don't surf the net without active AV protection (well, if you're on WIndows I mean) It seems to me that the most common delivery methods for viruses these days are advertisements and comments on web sites. My AV (Avast) blocked viruses on such diverse web pages as Mininova, the Guardian (UK paper), and some other places which I can't remember at the moment for some reason.

0

Share this post


Link to post
Share on other sites

I want to note that I use Avast and that stops it. I had it happen a few times while running AVG, and my box got hosed.

0

Share this post


Link to post
Share on other sites

I may sound like a masochist, but in a way, the removal of the virus was fun. I got to learn some new techniques for cleaning a system of malware/spyware. It was kind of an old trick that was used though. They tried to hide the virus as two hidden driver files that were kept in c:\windows\system32\drivers. It have seen it before with Smitfraud spyware where they change one letter of a legitimate driver file in an attempt to disguise it.

I can't complain. All clean now.

You guys should check out the Secured2K Boot CD when you get the chance.

1

Share this post


Link to post
Share on other sites
I may sound like a masochist, but in a way, the removal of the virus was fun. I got to learn some new techniques for cleaning a system of malware/spyware. It was kind of an old trick that was used though. They tried to hide the virus as two hidden driver files that were kept in c:\windows\system32\drivers. It have seen it before with Smitfraud spyware where they change one letter of a legitimate driver file in an attempt to disguise it.

I can't complain. All clean now.

You guys should check out the Secured2K Boot CD when you get the chance.

Besides RootRepeal and Secured2K, did you use anything else to clean your system? I usually result to re-imaging a system to rest assure the integrity of the OS hasn't been compromised.

I have only encountered a virus on a warez site once, the exploit was the latest adobe reader sploit on katz.cd, symantec bloodhound sniffed up the code right away.

0

Share this post


Link to post
Share on other sites
I want to note that I use Avast and that stops it. I had it happen a few times while running AVG, and my box got hosed.

AVAST is the bomb...been using it for years. It's free to individuals. They make their money with corporate clients. It was/is better than any McAffee or Norton paid for bloatware.

-1

Share this post


Link to post
Share on other sites

This is the reason I use iceweasel(firefox underlying code) It so far has not got me infected from Torrent sites etc. but one day it will which is why i have avira but it is about worthless but it is better than avg.

0

Share this post


Link to post
Share on other sites

This is the reason I use iceweasel(firefox underlying code) It so far has not got me infected from Torrent sites etc. but one day it will which is why i have avira but it is about worthless but it is better than avg.

First, anything that effects Firefox will effect Iceweasel.

Second, if you're using Linux, you're not going to get "infected" with anything. I doubt any malware you'll find on a site has or ever will target Linux. It's not that Linux is so uber-secure, it just makes no sense to target an OS that has one half of one percent of the market share.

And if you really are using Iceweasel for Windows... why? That's probably a bigger risk. Who maintains the Iceweasel Windows port? How quickly do they get patches out the door? You're less safe using Iceweasel on Windows. It's the same as Firefox anyway, all they've done is taken out the artwork (which wasn't Debian license friendly) and changed the name.

0

Share this post


Link to post
Share on other sites

It happened to me.

Now I am using Nod32 which automatically kill connections which are requesting for malicious code

0

Share this post


Link to post
Share on other sites

I may sound like a masochist, but in a way, the removal of the virus was fun. I got to learn some new techniques for cleaning a system of malware/spyware. It was kind of an old trick that was used though. They tried to hide the virus as two hidden driver files that were kept in c:\windows\system32\drivers. It have seen it before with Smitfraud spyware where they change one letter of a legitimate driver file in an attempt to disguise it.

I agree that I find virus removal to be fun as I tend to learn something, but usually I end up completely redoing the computer from scratch. There is that old saying that no matter how clean you make it after infection, it is still going to be dirty and something may be hiding out.

0

Share this post


Link to post
Share on other sites

In my most recent visit to mininova.org, I downloaded a virus that was forwarding my yahoo and google search results to various websites. I just wanted to share the news here. Lock down those browser settings, guys. It affected IE and Firefox. I had to hunt down the problem with various anti-spyware utiliites. I finally found the culprits with RootRepeal and then was able to boot off a Live CD and erase the files that were the cause of the problem.

Yes, I am back from the dead. How is everyone doing?

I'm kinda back too (life has still got me though, and I never really was here), and I still have your files on my server :)

Edited by Andrew
0

Share this post


Link to post
Share on other sites

People, don't surf the net without active AV protection (well, if you're on WIndows I mean)

I use Windows on my gaming system and I have not AV on it.

I had Vista for 1 year with no Anti-Virus and I had never gotten a virus on it. I still feel safe with Server 2008 with no AV.

Of course, When I download, I use a laptop that I have that is only meant for downloading.

It has Linux, which I locked down, and I run through a private proxy that me and some of my buddies set up. That is the only way to go if you are every going to download stuff. Have a system dedicated for that.

Now I know after I post this, I am going to get a virus on my server 2008 system. :P

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0