Daily newsletter has link to virus infected site
-
How do you know the virus came from that site and didn't just decided to manifest when you visited that site (i.e., you got it somewhere else and it just looks like it came from there)?
Actually I think it came from an infected Advertisment server...
-
The link in the daily news letter: 7 Interface Design Techniques to Simplify and De-clutter Your Interfaces For your interfaces, which are cluttered. installed a virus on my computer located in: C:\documents and settings\\application data\systemproc called lsass.exe. It's size is 78 KB. It also set itself to start in the registry under: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run I just started looking into it and I'm not sure if it's anywhere else. I just went to the web page and didn't click on anything but it got in.
The last time I got a virus I wrote a little explanation about it here. That is, I described what I did to squash it. It acted quite a bit like what you are describing. It also started a guard thread to continually restart it and replace its registry entries. I stopped it by starting up in safe mode and deleting all traces of it. Then I copied a zero-byte file to where it made its directory and set attributes to be read-only, hidden, system. That thing won't be back and I know it has tried. It was one of the only MSN-IM virii I have ever heard of. You might want to copy a file to C:\documents and settings\(user)\application data\ named systemproc and setting to have attributes of RHS just to make sure it has a harder time coming back. I did.
-
The last time I got a virus I wrote a little explanation about it here. That is, I described what I did to squash it. It acted quite a bit like what you are describing. It also started a guard thread to continually restart it and replace its registry entries. I stopped it by starting up in safe mode and deleting all traces of it. Then I copied a zero-byte file to where it made its directory and set attributes to be read-only, hidden, system. That thing won't be back and I know it has tried. It was one of the only MSN-IM virii I have ever heard of. You might want to copy a file to C:\documents and settings\(user)\application data\ named systemproc and setting to have attributes of RHS just to make sure it has a harder time coming back. I did.
That's a really great idea! Thanks! :-D
-
Actually I think it came from an infected Advertisment server...
I think you missed the point. What if it didn't come from the website or the ads on the website? It may have come from somewhere else and only showed up when you went to that website. It could have come from, for example, the website you visited before that website.
-
I think you missed the point. What if it didn't come from the website or the ads on the website? It may have come from somewhere else and only showed up when you went to that website. It could have come from, for example, the website you visited before that website.
I did note the file and directory creation times matched with the site visit. I keep my computer very clean and use several methods to keep track of the health of my computer. Always good to be skeptical though :thumbsup:
-
I've gotten nasty viruses from links on this site in the past. Links from which other people did not. I do not think it was the site, but possibly the random advertisements in the site... explaining why I got it an others did not.
Pualee wrote:
I've gotten nasty viruses from links on this site in the past
Do you mean links to other sites that members have posted on CodeProject.com? That I can understand, and it's not something we can control. However, all our ads are served from either our own ad serving system, or from reputatable advertisers (eg Microsoft) using standard ad delivery networks (Atlas etc). The chances of a virus getting through either of these is extremely, extremely low.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
LOL, It's my fault. I don't run anti-virus, never have never will. This is the first virus to get to my computer in quiet some time. It's a pain to clean them by hand but I enjoy finding out how the hackers are operating these days.
Previously virus writers wrote viruses that were intended to be found. That's changed. How do you know you're being infected when the virus writers are getting smarter and smarter about hiding their presence?
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
Previously virus writers wrote viruses that were intended to be found. That's changed. How do you know you're being infected when the virus writers are getting smarter and smarter about hiding their presence?
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
Ultimately there is no way to know for sure. That's my big issue with anti-virus, it only scans for viruses it knows about. "Man in the middle" attacks are completly undetectable and don't even reside on your computer. I currently have to rely on off line scans of my drives, but even with that a malicious program could pop in, get what it's looking for, and be gone in seconds without ever residing on the hard drive. True security is an illusion.
-
Ankurm/ wrote:
After seeing your post, I tried it too.
If he told you traffic was dangerous would you go play in the road?
-
leppie wrote:
So, I expect you to do what I do, clean the virus up without a stinking anti-virus
On the rare occasion that I have got a virus, I have often just reinstalled the OS... I just don't take the risk that Anti-virus didn't totally clear the virus up!
"People demand freedom of speech to make up for the freedom of thought which they avoid."
Lloyd Atkinson wrote:
On the rare occasion that I have got a virus, I have often just reinstalled the OS... I just don't take the risk that Anti-virus didn't totally clear the virus up!
What in case if it has copied itself to another drive. After re-installing the OS, if you access that drive, it's back again. :omg:
..Go Green..
-
Pualee wrote:
I've gotten nasty viruses from links on this site in the past
Do you mean links to other sites that members have posted on CodeProject.com? That I can understand, and it's not something we can control. However, all our ads are served from either our own ad serving system, or from reputatable advertisers (eg Microsoft) using standard ad delivery networks (Atlas etc). The chances of a virus getting through either of these is extremely, extremely low.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
Chris Maunder wrote:
However, all our ads are served from either our own ad serving system, or from reputatable advertisers (eg Microsoft) using standard ad delivery networks (Atlas etc).
When did you start running 3rd party ads? I thought all of yours were self hosted.
3x12=36 2x12=24 1x12=12 0x12=18
-
Lloyd Atkinson wrote:
On the rare occasion that I have got a virus, I have often just reinstalled the OS... I just don't take the risk that Anti-virus didn't totally clear the virus up!
What in case if it has copied itself to another drive. After re-installing the OS, if you access that drive, it's back again. :omg:
..Go Green..
I don't often have other drives attached to my Windows machines, simply because I just don't often need to, and I often format memory sticks to be on the safe side too :) I also download 99% of everything on my Linux machines, at least then theres not as much chance of getting anything nasty :)
"People demand freedom of speech to make up for the freedom of thought which they avoid."
-
Chris Maunder wrote:
However, all our ads are served from either our own ad serving system, or from reputatable advertisers (eg Microsoft) using standard ad delivery networks (Atlas etc).
When did you start running 3rd party ads? I thought all of yours were self hosted.
3x12=36 2x12=24 1x12=12 0x12=18
Technically, for about 8 years :) Specifically: our ad system (AdSignia) is our own and all ads are served from this. Every ad you see has been specifically added to the system and its files are hosted on our servers, with one exception: Some companies have their entire campaigns running through ad management systems such as Atlas so they can manage and track everything in one place. For these ads we have to insert a call to Atlas (et al.) instead of hosting the files ourselves, and then Atles will send down the final images using javascript. The code to serve these ads is standard 3rd party ad serving code used on almost every site on the net and is safe. The files that ultimately get sent down are images and flash files supplied by the advertisers themselves. Nokia, RIM, Microsoft and PayPal have no interest in supplying infected ads. They'd be the laughing stock of the 'net.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
I don't often have other drives attached to my Windows machines, simply because I just don't often need to, and I often format memory sticks to be on the safe side too :) I also download 99% of everything on my Linux machines, at least then theres not as much chance of getting anything nasty :)
"People demand freedom of speech to make up for the freedom of thought which they avoid."
Lloyd Atkinson wrote:
I don't often have other drives attached to my Windows machines, simply because I just don't often need to, and I often format memory sticks to be on the safe side too Smile I also download 99% of everything on my Linux machines, at least then theres not as much chance of getting anything nasty Smile
:thumbsup:
Lloyd Atkinson wrote:
I also download 99% of everything on my Linux machines
You are 99% safe then. ;P :-D
..Go Green..
-
Technically, for about 8 years :) Specifically: our ad system (AdSignia) is our own and all ads are served from this. Every ad you see has been specifically added to the system and its files are hosted on our servers, with one exception: Some companies have their entire campaigns running through ad management systems such as Atlas so they can manage and track everything in one place. For these ads we have to insert a call to Atlas (et al.) instead of hosting the files ourselves, and then Atles will send down the final images using javascript. The code to serve these ads is standard 3rd party ad serving code used on almost every site on the net and is safe. The files that ultimately get sent down are images and flash files supplied by the advertisers themselves. Nokia, RIM, Microsoft and PayPal have no interest in supplying infected ads. They'd be the laughing stock of the 'net.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
Has the mix changed over the last 4 or 5 years then? I normally filter banners out automatically, but when I started paying attention again after reading this thread I noticed that unlike in the past when almost everything got through a lot of your current ads are running afoul of domainbans I've set due to popovers, gross images, intellitext, etc they've served up elsewhere.
3x12=36 2x12=24 1x12=12 0x12=18
-
Has the mix changed over the last 4 or 5 years then? I normally filter banners out automatically, but when I started paying attention again after reading this thread I noticed that unlike in the past when almost everything got through a lot of your current ads are running afoul of domainbans I've set due to popovers, gross images, intellitext, etc they've served up elsewhere.
3x12=36 2x12=24 1x12=12 0x12=18
Ads are new being served from a.lakequincy.com instead of codeproject.com after our move from our old system to our new system. That may be part of it. Another point may be that we are getting more advertising from larger companies, and it's these big boys who like their own toys.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
Ads are new being served from a.lakequincy.com instead of codeproject.com after our move from our old system to our new system. That may be part of it. Another point may be that we are getting more advertising from larger companies, and it's these big boys who like their own toys.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
Chris Maunder wrote:
Ads are new being served from a.lakequincy.com instead of codeproject.com after our move from our old system to our new system. That may be part of it.
This is probably it; I've blocked them over stuff they've served elsewhere. Does ABP provide a way to set exceptions (other than completely disabling itself) on a per site basis? Edit: How long ago did you start using lakequincy? I'm curious how long I'd been referring to CP as a site that hosted all its advertising and was spared collateral damage from what was being run on other sites while it was no longer the case.
3x12=36 2x12=24 1x12=12 0x12=18
-
Chris Maunder wrote:
Ads are new being served from a.lakequincy.com instead of codeproject.com after our move from our old system to our new system. That may be part of it.
This is probably it; I've blocked them over stuff they've served elsewhere. Does ABP provide a way to set exceptions (other than completely disabling itself) on a per site basis? Edit: How long ago did you start using lakequincy? I'm curious how long I'd been referring to CP as a site that hosted all its advertising and was spared collateral damage from what was being run on other sites while it was no longer the case.
3x12=36 2x12=24 1x12=12 0x12=18
Dan Neely wrote:
How long ago did you start using lakequincy
Only since last week. It's why we've all been so quiet ;) The upgrade is now complete so we're having some fun time this week.
Dan Neely wrote:
spared collateral damage from what was being run on other sites
Not sure what you mean. The ads we had running early last week are exactly the same we have running this week - we just moved our systems to a new codebase, server and domain name, but the ad data is the same. There will be no leakage of other random ads making their way into CodeProject. No punch-the-monkey ads on our network, thank you very much. [Edit] Sorry - forgot one point: I'm sure Adblock Plus must have a little intelligence built in to allow ads on a site A to be served from site B. Surely...
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
Dan Neely wrote:
How long ago did you start using lakequincy
Only since last week. It's why we've all been so quiet ;) The upgrade is now complete so we're having some fun time this week.
Dan Neely wrote:
spared collateral damage from what was being run on other sites
Not sure what you mean. The ads we had running early last week are exactly the same we have running this week - we just moved our systems to a new codebase, server and domain name, but the ad data is the same. There will be no leakage of other random ads making their way into CodeProject. No punch-the-monkey ads on our network, thank you very much. [Edit] Sorry - forgot one point: I'm sure Adblock Plus must have a little intelligence built in to allow ads on a site A to be served from site B. Surely...
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
Chris Maunder wrote:
[Edit] Sorry - forgot one point: I'm sure Adblock Plus must have a little intelligence built in to allow ads on a site A to be served from site B. Surely...
I can't find any way to do so except completely turning ad blocking off on a site and since there're ad servers like doubleclick that I'm unwilling to ever allow to send content my way that's not an option. This basically flows into what I meant by collateral damage. When SiteWithNastyAds.com hosts an eyesore from randomAdHost.com, the only consistent way to block it is to block *.randomadhost.com/* (I've tried more nuanced blocking in the past but it never stays blocked for long). By default (and apparently without any override available) this blocks randomadhost's ads on every site, with the result that there's no way to block offensive advertising without killing every ad by the provider on every site regardless of if most of what the provider serves is acceptable.
3x12=36 2x12=24 1x12=12 0x12=18
-
Chris Maunder wrote:
[Edit] Sorry - forgot one point: I'm sure Adblock Plus must have a little intelligence built in to allow ads on a site A to be served from site B. Surely...
I can't find any way to do so except completely turning ad blocking off on a site and since there're ad servers like doubleclick that I'm unwilling to ever allow to send content my way that's not an option. This basically flows into what I meant by collateral damage. When SiteWithNastyAds.com hosts an eyesore from randomAdHost.com, the only consistent way to block it is to block *.randomadhost.com/* (I've tried more nuanced blocking in the past but it never stays blocked for long). By default (and apparently without any override available) this blocks randomadhost's ads on every site, with the result that there's no way to block offensive advertising without killing every ad by the provider on every site regardless of if most of what the provider serves is acceptable.
3x12=36 2x12=24 1x12=12 0x12=18
This is all great feedback. One thing we're planning on doing is moving to Amazon S3 for hosting static content, and that would include our ads. If you keep Amazon and CodeProject unblocked then we're good to go. [Post caffeine Edit] You mentioned "since they're ad servers lick doubleclick". For ads served from Atlas or DoubleClick I can totally understand blocking them completely since there seems to be no easy way to block them with a "-CodeProject" setting. However, LakeQuincy.com can be safely added to your whitelist because every ad on that network is an ad sold by our salesteam who work by our own ad guidelines on what's acceptable (ads relevant to software developers) and what's not (anything else)
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP