RE : nwvault and a possible malware

[Legacy_ehye_khandee]

               I was just now, using Mozilla Firefox I browsed the following URL (which may be dangerous).


http://nwvault.ign.com\\View.php?view=Hakpaks.Details&id=7849


This was the cep2.3 entry there.  Immediately my antivirus alerted me to an attempt to modify explorer.exe and flagged the process as a malware attack. Details as follows:

ms0cfg32.exe is trying to modify explorer.exe

further blocked attempts to write to defender.exe and create a .lnk file were thwarted by trusty AVG anti-virus. '>


Now, AT YOUR OWN RISK, could someone maybe look at that same URL and confirm if it is some ad they are pushing or what? I'm thinking it was likely one of the third party ads there, but am not sure and thought I'd put the alert out to anyone of a mind to stay safe or explore the issue.

Be well. Game on.
GM_ODA

P.S. it is NOT a false alarm as far as I'm concerned, NOTHING has any business altering the file explorer.exe on my hard drive, nothing.
               
               

               
            

[Legacy_TSMDude]

               My antivirus kicks in 6 times out of 10 on the Vault. It is indeed one of the third party ads though.
               
               

               
            

[Legacy_Fester Pot]

               Yup, had a HUGE issue two weeks ago from getting this.

It creates a defender.exe file and comes in the form of a fake anit-virus program called WinPC Defender.

You'll know when you have it because ALL your windows will be shut down and WinPC Defender starts up, suddenly having pop-ups in your tray box warning you of false threats. Killing the process must be done in safe mode and any registry entries it creates, as well as the file itself, need to be removed.

It also likes to hide in system restore files, so even if you do remove it, it'll come back on a system restore.

It's always hit me while viewing the vault and comes from the video codec advertisements they have cycling through their system and not from CEP 2.3,  although I do not know which advertisement it is exactly because by the time it hits, all my windows get closed.

There are a few other variants of this application using different .exe files to run the application but whenever I've been hit from the Vault, it's defender.exe that is the associated culprit which gets dumped to WINDOWS DRIVE:\\\\Documents and Settings\\\\All Users\\\\Application Data

It will also need to be removed via msconfig to kill it from the applications loaded on startup.

What anti-virus software do you use?

FP!
               
               

               

                     Modifié par Fester Pot, 06 janvier 2011 - 07:26 .
                     
                  

            

[Legacy_OldTimeRadio]

               I haven't had any problems like that but I also use the NoScript plugin for FireFox.  I can't recommend it enough!  Kind of like a firewall for your browser, script-wise.
               
               

               
            

[Legacy_Jackal_GB]

               Hmm, that link didn't work for me I just got "server not found". I too am using Firefox. Maybe you got re-directed. Sounds suspicious though.



I would like to warn people of a nasty little bug I picked up while browsing on the internet (not a porn site '>). It disquises itself as an anti-virus program (called AVS). Pop-ups appear in the bottom right corner telling you of a virus attack (it got past my Norton firewall and anti-virus). It also blocks you from using anything to combat the attack. The only option given to you is to go to the AVS web site and purchase anti-virus software. DON'T BUY IT!! It's an old little scam going on there. You'd be buying a program from the people who infected your PC!

I found booting up in safe mode and using system restore took care of the problem. '>
               
               

               
            

[Legacy_ehye_khandee]

               Yeah. For the record I never said it was malware in cep, but that i got a malware alert while viewing the nwvault page for cep2.3 - BIG difference. '>      l am not saying anyone accused me of such but just batting that one away before any confusion starts.   '>





AVG is the only AV software I've found worth spit in the last decade. All my white hat friends use it, and I strongly recommend it to anyone.  





http://www.avg.com/us-en/homepage





is the home page for avg (english).



For the record, we swear by AVG and OUTPOST (the latter by agnitum) - best on the market. Only BLACK tools surpass them and you better know what you are doing if you use the BLACK tools. *sage nod*  For the record, AVG stopped the intrusion in its tracks and deleted all the stuff with the click of a button.



Has anyone forwarded a complaint to the managers of the vault?  This is dangerous and they should be better stewards of their system.



Be well. Game on.

GM_ODA
               
               

               
            

[Legacy_ehye_khandee]

               

Jackal_GB wrote...

Hmm, that link didn't work for me I just got "server not found". I too am using Firefox. Maybe you got re-directed. Sounds suspicious though.

I would like to warn people of a nasty little bug I picked up while browsing on the internet (not a porn site '>). It disquises itself as an anti-virus program (called AVS). Pop-ups appear in the bottom right corner telling you of a virus attack (it got past my Norton firewall and anti-virus). It also blocks you from using anything to combat the attack. The only option given to you is to go to the AVS web site and purchase anti-virus software. DON'T BUY IT!! It's an old little scam going on there. You'd be buying a program from the people who infected your PC!
I found booting up in safe mode and using system restore took care of the problem. '>

NORTON IS A JOKE. Most hackers USE parts of NORTON to ENTER YOUR SYSTEM. Get rid of that garbage and get some protection.  McAfee is as useless as a stale fart too, so is microsoft's *gag* security (worse than none at all).

Be well. Game on.
GM_ODA
               
               

               
            

[Baaleos]

               Some websites I visit, for social networking, get flagged by avg, just because they use javascript/ajax/flash file upload mechanism's that try to auto execute.



AVG and Norton warn you about these events, because its best safe than sorry. A file upload script on a website, can just as easilly be a file download script, especially via active x. (the wee golden bar that appears at the top of the IE Browser occasionally).



Infact, quite alot of viruses can just be downloaded to your computers cache directory, just by viewing a website.

The website itself, has to get downloaded to your browsers cache directory, so many hackers hide malicous code in their websites to download their own software to your cache directory - once its there, it gets run or executed by various methods.



eg - Windows has services that auto indexes files on ur hard drive, it can infact activate these viruses while it tries to index them.
               
               

               
            

[Legacy_ehye_khandee]

               IE is a liability too, I would sooner use a cheese grater on my buttocks than use IE of any sort. Given microsofts' utter LACK of security, I recommend everyone get a better browser than IE. No offense, just the benefit of my 30+ years of never loosing a computer to malware, though I've repaired countless systems from others over the years. Even search needs nerfed to be utterly safe. Feh, microsoft.



Be well. Game on.

GM_ODA
               
               

               
            

[Legacy_Karvon]

               Second the recommendation for NoScript addon for Firefox, though it's not for the fainthearted to play around with, as it can break pages you do want to use unless you grant permission to the various subsections making up such sites.  WOT is another good Firefox addon to help block bad sites.



There are any number of very good free AV programs that surpass Norton, and the rest of the pay to use crowd.  Secondary security programs to supplement your standard AV program can give you additional screens/levels of protection in catching stuff others might miss. My current secondary collection includes Spywareblaster, Norton DNS, IOBit Security 360, SuperAntiSpyware and Malwarebytes Anti-Malware.



Be safe out there! '>



Karvon
               
               

               
            

[Legacy_ehye_khandee]

               NORTON is a major liability just to have it on your system.



Honest.



Be well. Game on.

GM_ODA
               
               

               
            

[Legacy_FunkySwerve]

               

ehye_khandee wrote...


Has anyone forwarded a complaint to the managers of the vault?  This is dangerous and they should be better stewards of their system.

If you haven't yet, you should. I would, but I haven't seen this issue yet, and am certainly not eager to. '>

Funky
               
               

               
            

[Legacy_ehye_khandee]

               NOTED, and done. I sent them a direct but NICE notice of the malware and requested they update me on the status. I will post here anything I get from them in this matter.



UNTIL SUCH TIME AS IT CAN BE CONFIRMED THAT IGN HAS PROPERLY DEALT WITH THE MATTER AND REMOVED ALL MALWARE FROM THEIR 3RD PARTY ADS, WISE USERS _MAY_ WISH TO STAY WELL AWAY FROM THE nwvault.ign.com SITE.



Be well. Game on.

GM_ODA