Blacklists Files: Malware Infested Sites

Discussion in 'Et Cetera, Et Cetera' started by b.c., Mar 10, 2011.

  1. b.c.

    Gold Member

    Joined:
    Nov 7, 2005
    Messages:
    9,259
    Albums:
    1
    Likes Received:
    1,666
    Gender:
    Male
    Location:
    at home
    It was only after my recent infection of the latest in bogus malware that I became aware of the fact that there need be a good (and reliable) listing of sites to avoid.

    As discussed in the thread Trojan Dropper, many site operators may not even be aware that their sites are overrun with malware: viruses, trojans, hijackers, fraudware, and other such potentially harmful programming.

    In my case, the other night I happened to click on a viddy thumbnail at TubeKitty.com. Well, first of all, I need to kick my own ass for being there, because on past occasions malware attempted to load up on my pc from this SAME site. Guess I was just confident that I could squelch it.

    The first thumb I clicked on something (called Search hijacker proxy) tried to load up, and one of my security programs stopped it. But there was a lot more to this "package". Next thing I knew, bullshit critical disk/no disk error messages popped up and my computer shut down.

    Upon rebooting, it soon became apparent that some dickless designer of the current scum-ware added a new twist to this one: Booting up brought up only a blank screen (no icons) with a (phony) dialog box saying something about bad sectors/clusters "do you want to download (the bogus shit) to scan your hard drive?"

    The infection blocked starting up of task manager, start menus, and after I managed to bring up my scanner programs it blocked my using them too. ("You're not authorized..." it said). In moments after a few more phony critical error alerts it shut down my pc again (part of the "infection" which prevents your having time to figure a way around it.) Hmmm...clever... almost.

    Well, since I wasn't "authorized" to run my scanning shit, I rebooted in safe mode with a C prompt. Then on the windows startup screen I logged in as another user (of course, you should ALWAYS have several user profiles).

    At the C prompt I typed explorer ("YAWN") which brought up my file lists, then I found and started up my scan app (which of course now worked because I was a "different user"). :tongue:

    Part way through the scan another bogus critical error message came up. I knew it was about to shut down (so not to give the scan long enough to run). But by that time the software had already found Fraud.HDDDefragmenter, Fraud.DefenseCenter, Fraud.FastDisk, so I paused the scan and killed these three bozos immediately, which stopped the bogus shit in its tracks. Now able to run scans with all software I found these gems:

    Windows Scan Rogue
    System Policies.Disable Task Mgr (a hijacker)
    Microsoft.Windows.Active.Desktop
    Gen Malware Detection.VV
    Fraud.Sys Guard
    Fake Antivirus.C

    Ridding myself of them all (as well as the usual Right Media, DoubleClick, and Vundo.au) all was back to normal.

    But hey, take my word for it and stay away from TubeKitty.litter. :cool:

    Maybe we can start our own list of sites to avoid.
     
    #1 b.c., Mar 10, 2011
    Last edited: Mar 10, 2011
  2. The Dragon

    The Dragon New Member

    Joined:
    Sep 11, 2007
    Messages:
    6,278
    Likes Received:
    6
    You know I got almost the same thing when I logged into 8tube.

    This came up as a blue screen covered with 1's and 0's and a shitty poorly written warning and it called it's self "System Tool" and I had zero files executable.

    Like you I've split this old dinosaur into two users and so the user I was using at the time of the attack is now fucked but thankfully the other is ok and runs perfectly.

    I tried to load anti-viral software on the other side but it comes up a dialogue box that says they aren't executable and so I'm at a loss as to how to fix it.

    All pre-loaded anti-viral software can't be accessed at all.
     
  3. parr

    parr New Member

    Joined:
    Oct 21, 2009
    Messages:
    434
    Likes Received:
    0
    Gender:
    Male
    Location:
    Florida
    Go to "Control Panel", then click "Add or Remove Prorams", then search
    for program. Click to remove. See if that works.
     
  4. The Dragon

    The Dragon New Member

    Joined:
    Sep 11, 2007
    Messages:
    6,278
    Likes Received:
    6

    I tried on the infected side and I got nowhere.
     
  5. b.c.

    Gold Member

    Joined:
    Nov 7, 2005
    Messages:
    9,259
    Albums:
    1
    Likes Received:
    1,666
    Gender:
    Male
    Location:
    at home
    I ran the initial software (Spybot) from the "uninfected side" (as the other user) and it still found the Fraud.DDDefragmenter et. al. (This was after booting Windows in safe mode).

    After it removed them I was able to access my other virus scanners as the original user and they found the rest.

    So that's two on the list: TubeKitty and 8Tube. Anyone care to offer more "blacklist" sites?
     
  6. The Dragon

    The Dragon New Member

    Joined:
    Sep 11, 2007
    Messages:
    6,278
    Likes Received:
    6
    No dice using spybot from the uninfected side to give me wiggle room on the infected side to use spybot.

    Shut down the computer and restarted ...created a third account and wiped the infected account and all it's files completely.

    <sigh>
    What a pain in the arse.
    Thank goodness I had made duplicates of almost everything on my external hard drive last week before all this happened so I didn't loose much.
     
  7. b.c.

    Gold Member

    Joined:
    Nov 7, 2005
    Messages:
    9,259
    Albums:
    1
    Likes Received:
    1,666
    Gender:
    Male
    Location:
    at home
    Good for you. Don't know why I was able to remove it from my other profile. My theory is that the one that got compromise was not the administrative account, and so I was able to run the Spybot. A good idea might be to make sure you're able to run your software from every account you create. (One way might be to give all of your "entities" full access to the virus/malware detection programs.)
     
  8. The Dragon

    The Dragon New Member

    Joined:
    Sep 11, 2007
    Messages:
    6,278
    Likes Received:
    6
    Well one things for certain I'm not returning back to 8tube, but how am I going to watch lesbian bondage porn now?
    All my favs are on 8tube.:frown1:
     
  9. b.c.

    Gold Member

    Joined:
    Nov 7, 2005
    Messages:
    9,259
    Albums:
    1
    Likes Received:
    1,666
    Gender:
    Male
    Location:
    at home
    I've found some sites that seem to maintain their stuff relatively virus free. Best one I've found (other than LPSG, of course :smile: ) is xhamster.com. They contain a wide array of viddy's, including full length vintage stuff, and I haven't caught squat from them yet (knock on wood).
     
  10. parr

    parr New Member

    Joined:
    Oct 21, 2009
    Messages:
    434
    Likes Received:
    0
    Gender:
    Male
    Location:
    Florida
    I regret my approach didn't work, I hope you solve the problem.
     
  11. Rikter8

    Gold Member

    Joined:
    Jun 30, 2005
    Messages:
    4,488
    Albums:
    3
    Likes Received:
    51
    Gender:
    Male
    Location:
    MI
    Lately the only services I have been able to find to remove Rogue Malware are:

    Malwarebytes
    Avast Antivirus 6

    The other tools are helpful, but not strong enough to pull them out.
    Spybot Search and Destroy
    Glarysoft Utilities
    I still recommend using these free utilities as they have many good useful tools.


    Don't forget to shut off your system restore BEFORE you attempt to remove these viruses. Otherwise system restore will just back up the virus.

    Sadly, there are a few sites that I have visited that should not have been infected, but were from advertising bots on the webpage.
    Many come in as Java applets and self-install with popups.

    Myspace is full of crap with all their "Free" cutsie profile customizations.
    Photobucket is bad too.
     
  12. gamma475

    gamma475 New Member

    Joined:
    Mar 9, 2011
    Messages:
    12
    Albums:
    1
    Likes Received:
    0
    Gender:
    Female
    Location:
    midwest
    hey i can help you all. depending what virus program you have you can up date it, costs around $60 and then after you install it and go into your email where you get a verfication type email you get the code and it fixes it self. hope that helped!
     
  13. Mr. Snakey

    Gold Member

    Joined:
    Apr 9, 2006
    Messages:
    24,702
    Likes Received:
    25
    Very good Advice. Malwarebytes and Avast are the best. If people would only stop using Internet Explorer and run Firefox. Delete their browsing history every day. Once you get viruses or Malware in your computer, you can never get rid of it. Unless you reformat or erase the drive clean. 90% of all the malware and viruses get in the through the browser. So use Firefox and choose don't remember history and report attack web sites and block pop ups. Also keep in mind, the more you scan for viruses and malware it destroys the firmware and you end up with a piece of junk computer in a very short time.
     
    #13 Mr. Snakey, Mar 12, 2011
    Last edited: Mar 12, 2011
Draft saved Draft deleted