Daily newsletter has link to virus infected site
-
code_junkie wrote:
I've been programming for 30 years now, I know a virus when I see one
While I do believe you, I just had to make sure ;P So, I expect you to do what I do, clean the virus up without a stinking anti-virus :)
xacc.ide
IronScheme - 1.0 RC 1 - out now!
((λ (x) `(,x ',x)) '(λ (x) `(,x ',x))) The Scheme Programming Language – Fourth Editionleppie wrote:
So, I expect you to do what I do, clean the virus up without a stinking anti-virus
On the rare occasion that I have got a virus, I have often just reinstalled the OS... I just don't take the risk that Anti-virus didn't totally clear the virus up!
"People demand freedom of speech to make up for the freedom of thought which they avoid."
-
code_junkie wrote:
LOL, It's my fault. I don't run anti-virus, never have never will. This is the first virus to get to my computer in quiet some time. It's a pain to clean them by hand but I enjoy finding out how the hackers are operating these days.
Sounds just like me, I already like you! :)
xacc.ide
IronScheme - 1.0 RC 1 - out now!
((λ (x) `(,x ',x)) '(λ (x) `(,x ',x))) The Scheme Programming Language – Fourth EditionNow, go and get a room, you two.
-
The link in the daily news letter: 7 Interface Design Techniques to Simplify and De-clutter Your Interfaces For your interfaces, which are cluttered. installed a virus on my computer located in: C:\documents and settings\\application data\systemproc called lsass.exe. It's size is 78 KB. It also set itself to start in the registry under: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run I just started looking into it and I'm not sure if it's anywhere else. I just went to the web page and didn't click on anything but it got in.
-
code_junkie wrote:
I know a virus when I see one
and yet you insist on using IE? :)
Luc Pattyn [Forum Guidelines] [Why QA sucks] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, and improve readability.
LOL, I use IE because I refuse to write code for every new browser that comes out. Heck, keeping up with Microsoft is a full time job in itself. Then add in Firefox, Safari and Chrome, there just isn't enough time in the day X| .
-
How do you know the virus came from that site and didn't just decided to manifest when you visited that site (i.e., you got it somewhere else and it just looks like it came from there)?
Actually I think it came from an infected Advertisment server...
-
The link in the daily news letter: 7 Interface Design Techniques to Simplify and De-clutter Your Interfaces For your interfaces, which are cluttered. installed a virus on my computer located in: C:\documents and settings\\application data\systemproc called lsass.exe. It's size is 78 KB. It also set itself to start in the registry under: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run I just started looking into it and I'm not sure if it's anywhere else. I just went to the web page and didn't click on anything but it got in.
The last time I got a virus I wrote a little explanation about it here. That is, I described what I did to squash it. It acted quite a bit like what you are describing. It also started a guard thread to continually restart it and replace its registry entries. I stopped it by starting up in safe mode and deleting all traces of it. Then I copied a zero-byte file to where it made its directory and set attributes to be read-only, hidden, system. That thing won't be back and I know it has tried. It was one of the only MSN-IM virii I have ever heard of. You might want to copy a file to C:\documents and settings\(user)\application data\ named systemproc and setting to have attributes of RHS just to make sure it has a harder time coming back. I did.
-
The last time I got a virus I wrote a little explanation about it here. That is, I described what I did to squash it. It acted quite a bit like what you are describing. It also started a guard thread to continually restart it and replace its registry entries. I stopped it by starting up in safe mode and deleting all traces of it. Then I copied a zero-byte file to where it made its directory and set attributes to be read-only, hidden, system. That thing won't be back and I know it has tried. It was one of the only MSN-IM virii I have ever heard of. You might want to copy a file to C:\documents and settings\(user)\application data\ named systemproc and setting to have attributes of RHS just to make sure it has a harder time coming back. I did.
That's a really great idea! Thanks! :-D
-
Actually I think it came from an infected Advertisment server...
I think you missed the point. What if it didn't come from the website or the ads on the website? It may have come from somewhere else and only showed up when you went to that website. It could have come from, for example, the website you visited before that website.
-
I think you missed the point. What if it didn't come from the website or the ads on the website? It may have come from somewhere else and only showed up when you went to that website. It could have come from, for example, the website you visited before that website.
I did note the file and directory creation times matched with the site visit. I keep my computer very clean and use several methods to keep track of the health of my computer. Always good to be skeptical though :thumbsup:
-
I've gotten nasty viruses from links on this site in the past. Links from which other people did not. I do not think it was the site, but possibly the random advertisements in the site... explaining why I got it an others did not.
Pualee wrote:
I've gotten nasty viruses from links on this site in the past
Do you mean links to other sites that members have posted on CodeProject.com? That I can understand, and it's not something we can control. However, all our ads are served from either our own ad serving system, or from reputatable advertisers (eg Microsoft) using standard ad delivery networks (Atlas etc). The chances of a virus getting through either of these is extremely, extremely low.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
LOL, It's my fault. I don't run anti-virus, never have never will. This is the first virus to get to my computer in quiet some time. It's a pain to clean them by hand but I enjoy finding out how the hackers are operating these days.
Previously virus writers wrote viruses that were intended to be found. That's changed. How do you know you're being infected when the virus writers are getting smarter and smarter about hiding their presence?
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
Previously virus writers wrote viruses that were intended to be found. That's changed. How do you know you're being infected when the virus writers are getting smarter and smarter about hiding their presence?
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
Ultimately there is no way to know for sure. That's my big issue with anti-virus, it only scans for viruses it knows about. "Man in the middle" attacks are completly undetectable and don't even reside on your computer. I currently have to rely on off line scans of my drives, but even with that a malicious program could pop in, get what it's looking for, and be gone in seconds without ever residing on the hard drive. True security is an illusion.
-
Ankurm/ wrote:
After seeing your post, I tried it too.
If he told you traffic was dangerous would you go play in the road?
-
leppie wrote:
So, I expect you to do what I do, clean the virus up without a stinking anti-virus
On the rare occasion that I have got a virus, I have often just reinstalled the OS... I just don't take the risk that Anti-virus didn't totally clear the virus up!
"People demand freedom of speech to make up for the freedom of thought which they avoid."
Lloyd Atkinson wrote:
On the rare occasion that I have got a virus, I have often just reinstalled the OS... I just don't take the risk that Anti-virus didn't totally clear the virus up!
What in case if it has copied itself to another drive. After re-installing the OS, if you access that drive, it's back again. :omg:
..Go Green..
-
Pualee wrote:
I've gotten nasty viruses from links on this site in the past
Do you mean links to other sites that members have posted on CodeProject.com? That I can understand, and it's not something we can control. However, all our ads are served from either our own ad serving system, or from reputatable advertisers (eg Microsoft) using standard ad delivery networks (Atlas etc). The chances of a virus getting through either of these is extremely, extremely low.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
Chris Maunder wrote:
However, all our ads are served from either our own ad serving system, or from reputatable advertisers (eg Microsoft) using standard ad delivery networks (Atlas etc).
When did you start running 3rd party ads? I thought all of yours were self hosted.
3x12=36 2x12=24 1x12=12 0x12=18
-
Lloyd Atkinson wrote:
On the rare occasion that I have got a virus, I have often just reinstalled the OS... I just don't take the risk that Anti-virus didn't totally clear the virus up!
What in case if it has copied itself to another drive. After re-installing the OS, if you access that drive, it's back again. :omg:
..Go Green..
I don't often have other drives attached to my Windows machines, simply because I just don't often need to, and I often format memory sticks to be on the safe side too :) I also download 99% of everything on my Linux machines, at least then theres not as much chance of getting anything nasty :)
"People demand freedom of speech to make up for the freedom of thought which they avoid."
-
Chris Maunder wrote:
However, all our ads are served from either our own ad serving system, or from reputatable advertisers (eg Microsoft) using standard ad delivery networks (Atlas etc).
When did you start running 3rd party ads? I thought all of yours were self hosted.
3x12=36 2x12=24 1x12=12 0x12=18
Technically, for about 8 years :) Specifically: our ad system (AdSignia) is our own and all ads are served from this. Every ad you see has been specifically added to the system and its files are hosted on our servers, with one exception: Some companies have their entire campaigns running through ad management systems such as Atlas so they can manage and track everything in one place. For these ads we have to insert a call to Atlas (et al.) instead of hosting the files ourselves, and then Atles will send down the final images using javascript. The code to serve these ads is standard 3rd party ad serving code used on almost every site on the net and is safe. The files that ultimately get sent down are images and flash files supplied by the advertisers themselves. Nokia, RIM, Microsoft and PayPal have no interest in supplying infected ads. They'd be the laughing stock of the 'net.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
I don't often have other drives attached to my Windows machines, simply because I just don't often need to, and I often format memory sticks to be on the safe side too :) I also download 99% of everything on my Linux machines, at least then theres not as much chance of getting anything nasty :)
"People demand freedom of speech to make up for the freedom of thought which they avoid."
Lloyd Atkinson wrote:
I don't often have other drives attached to my Windows machines, simply because I just don't often need to, and I often format memory sticks to be on the safe side too Smile I also download 99% of everything on my Linux machines, at least then theres not as much chance of getting anything nasty Smile
:thumbsup:
Lloyd Atkinson wrote:
I also download 99% of everything on my Linux machines
You are 99% safe then. ;P :-D
..Go Green..
-
Technically, for about 8 years :) Specifically: our ad system (AdSignia) is our own and all ads are served from this. Every ad you see has been specifically added to the system and its files are hosted on our servers, with one exception: Some companies have their entire campaigns running through ad management systems such as Atlas so they can manage and track everything in one place. For these ads we have to insert a call to Atlas (et al.) instead of hosting the files ourselves, and then Atles will send down the final images using javascript. The code to serve these ads is standard 3rd party ad serving code used on almost every site on the net and is safe. The files that ultimately get sent down are images and flash files supplied by the advertisers themselves. Nokia, RIM, Microsoft and PayPal have no interest in supplying infected ads. They'd be the laughing stock of the 'net.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
Has the mix changed over the last 4 or 5 years then? I normally filter banners out automatically, but when I started paying attention again after reading this thread I noticed that unlike in the past when almost everything got through a lot of your current ads are running afoul of domainbans I've set due to popovers, gross images, intellitext, etc they've served up elsewhere.
3x12=36 2x12=24 1x12=12 0x12=18
-
Has the mix changed over the last 4 or 5 years then? I normally filter banners out automatically, but when I started paying attention again after reading this thread I noticed that unlike in the past when almost everything got through a lot of your current ads are running afoul of domainbans I've set due to popovers, gross images, intellitext, etc they've served up elsewhere.
3x12=36 2x12=24 1x12=12 0x12=18
Ads are new being served from a.lakequincy.com instead of codeproject.com after our move from our old system to our new system. That may be part of it. Another point may be that we are getting more advertising from larger companies, and it's these big boys who like their own toys.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP