Author Topic: Warning! Severe Google REDIRECT Virus  (Read 2758 times)

Offline MrRiplEy[H]

  • Persona Non Grata
  • Plutonium Member
  • *******
  • Posts: 11633
Re: Warning! Severe Google REDIRECT Virus
« Reply #15 on: April 11, 2011, 01:13:20 AM »
LOL you're kidding right?

Why would I be kidding? A properly made rootkit will never make any noise about itself, it just generates a little extra traffic on your line while it feeds away your banking information.
Definiteness of purpose is the starting point of all achievement. –W. Clement Stone

Offline guttboy

  • Silver Member
  • ****
  • Posts: 1408
Re: Warning! Severe Google REDIRECT Virus
« Reply #16 on: April 11, 2011, 11:47:40 AM »
MrRipley,

So how does one know if they have a root kit issue and discover it?

That is a no BS question.....seriously would like to know.  I run AVAST, Spybot, Adaware, and Win defender.  Would those catch this?

Thanks,

 :lol

Offline MrRiplEy[H]

  • Persona Non Grata
  • Plutonium Member
  • *******
  • Posts: 11633
Re: Warning! Severe Google REDIRECT Virus
« Reply #17 on: April 11, 2011, 02:19:59 PM »
MrRipley,

So how does one know if they have a root kit issue and discover it?

That is a no BS question.....seriously would like to know.  I run AVAST, Spybot, Adaware, and Win defender.  Would those catch this?

Thanks,

 :lol

You don't. But once you KNOW your system has been compromised the only safe action is to format and reinstall. Trojan downloaders can load and install a dozen viruses with varying functionality. Some badly made viruses may make your system unstable or cause visual problems on purpose. The bad (well made) ones do their best to keep hidden.

There are at least 2 million different viruses and adware out there. The best of antiviruses catch 98% of the KNOWN exploits. Do the math.
« Last Edit: April 11, 2011, 02:22:01 PM by MrRiplEy[H] »
Definiteness of purpose is the starting point of all achievement. –W. Clement Stone

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9891
Re: Warning! Severe Google REDIRECT Virus
« Reply #18 on: April 11, 2011, 03:16:04 PM »
Why would I be kidding? A properly made rootkit will never make any noise about itself, it just generates a little extra traffic on your line while it feeds away your banking information.

That's the point, you have an unknown process running hooked into inappropriate libraries that connects to something on the net. Decent AV will spot it, not to mention personal firewall/border firewall/HIPS.

Oh and at last count my border firewall has 4941745 malware signatures :D


Offline HellFire

  • Copper Member
  • **
  • Posts: 310
Re: Warning! Severe Google REDIRECT Virus
« Reply #19 on: April 11, 2011, 04:05:16 PM »
Tried everything per respondents' suggestions  ... all to no avail ...was unable to reformat PC, reinstalled the Vista disk & lost most of my programs with the exception of Windows.old (had no probs overlaying
Windows XP SP3, no data was lost).

How my PC was infected I've no idea, perhaps I should've paid attention
to my "WOT" symbols which showed as RED, yes, I know, the old, woulda, shoulda, coulda,  this is an expensive lesson for me!

Read about dban.org but am hesitant to try it.... ran TDS Killer approx. 4 times per my attempts at removal of virus.  Shall wrap this up for now & take the errant PC to repair shop.  TY every1 for ur sincerest of assistance, I likewise commented re MSIE today.
"In life there is certain death, and between life and death
  there is a journey, hence in truth nothing is lost in death."

Offline cattb

  • Silver Member
  • ****
  • Posts: 1163
Re: Warning! Severe Google REDIRECT Virus
« Reply #20 on: April 11, 2011, 06:01:06 PM »
Once your PC is operating virus free and correctly, I suggest you use software which will make a shadow copy or a image of your drive. There is pay for software which fairly easy to use. Ghost, Acronis, and Paragon Recovery are some of your choices.
(This will make a full backup of your operating system and software programs and data, mbr etc, etc.)
I also suggest you make daily or weekly backup of your most important data from software programs you use on a regular basis. I use a key drive and a second hardrive for this.
To sum this advise up, it is similar to disaster recovery. Many types of situations can create a situation for recovery , malware, failed hardrive, other failed or failing hardware, etc, etc. Doing the above steps and being diligent about them can save alot of time and headaches.

just my couple cents.
:Salute Easy8 EEK GUS Betty

Offline MrRiplEy[H]

  • Persona Non Grata
  • Plutonium Member
  • *******
  • Posts: 11633
Re: Warning! Severe Google REDIRECT Virus
« Reply #21 on: April 12, 2011, 12:28:35 AM »
That's the point, you have an unknown process running hooked into inappropriate libraries that connects to something on the net. Decent AV will spot it, not to mention personal firewall/border firewall/HIPS.

Oh and at last count my border firewall has 4941745 malware signatures :D



The signature has to be detected first to be added there. You have to realize the AV people are always one step behind. Even the most advanced AVs do not have the ability to detect all viruses and the protection against 0-day exploits is even more marginal.

If you have 1 000 000 viruses and your super good AV detects 98% of them (most of them aren't even that good), how many viruses are you potentially exposed to right now?

Stuxnet is a good example of a widely spread good virus that went undetected for ages.
« Last Edit: April 12, 2011, 12:31:21 AM by MrRiplEy[H] »
Definiteness of purpose is the starting point of all achievement. –W. Clement Stone

Offline guncrasher

  • Plutonium Member
  • *******
  • Posts: 17362
Re: Warning! Severe Google REDIRECT Virus
« Reply #22 on: April 12, 2011, 12:52:14 AM »
but with safe practices you can lower the risk.  on the other hand if you watch pron and jump from site to site then you will get one in a matter of hours or days.


semp
you dont want me to ho, dont point your plane at me.

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9891
Re: Warning! Severe Google REDIRECT Virus
« Reply #23 on: April 12, 2011, 03:19:14 PM »
The signature has to be detected first to be added there. You have to realize the AV people are always one step behind. Even the most advanced AVs do not have the ability to detect all viruses and the protection against 0-day exploits is even more marginal.

If you have 1 000 000 viruses and your super good AV detects 98% of them (most of them aren't even that good), how many viruses are you potentially exposed to right now?

Stuxnet is a good example of a widely spread good virus that went undetected for ages.

Good AV is behavioral based as well as signature based, as well as block undesired behaviors. So you're totally wrong - you really need to understand all the solutions available before you comment. And this is not new technology.

Offline MrRiplEy[H]

  • Persona Non Grata
  • Plutonium Member
  • *******
  • Posts: 11633
Re: Warning! Severe Google REDIRECT Virus
« Reply #24 on: April 12, 2011, 03:29:36 PM »
Good AV is behavioral based as well as signature based, as well as block undesired behaviors. So you're totally wrong - you really need to understand all the solutions available before you comment. And this is not new technology.


Oh boy are you off the mark there. I suggest you do some studies, http://www.av-comparatives.org/ is a good place to start. Note that the tests are done with _known_ set of viruses, they don't even have access to 0-day ones and still none of the AVs manage to provide a 100% detection rate.

No AV is going to give you a 100% coverage, the simple fact that you noticed you got infected is a strong testament of that in the first place. (And I'm referring to the OP here now)

Once you get a trojan dropper in your system you can't know what it has altered there and no AV is going to provide safety anymore. There can be a 0-day nastie that embeds itself into dll's like stuxnet did and no AV is going to catch it but it WILL catch your banking credentials or re-route your network traffic to hijack the site. Possibilities are endless.

Once you've actually found out you have a problem (lucky, huh?) the only safe solution is to nuke it from orbit, do some voodoo rituals on the harddrive and install from a dvd.

Of course if you're willing to trade 60 minutes of your time to a possible bank account hijack / losing all your money then the choice is all yours! :D

Nothing like a false sense of security provided by the AV software that is usually the first thing the virus attacks and disables.
« Last Edit: April 12, 2011, 03:45:46 PM by MrRiplEy[H] »
Definiteness of purpose is the starting point of all achievement. –W. Clement Stone

Offline cattb

  • Silver Member
  • ****
  • Posts: 1163
Re: Warning! Severe Google REDIRECT Virus
« Reply #25 on: April 12, 2011, 07:49:48 PM »
No AV is going to give you a 100% coverage +1 Ripley

safe practices (safe browsing practice) +1 Semp

Just lookup Zues malware or Zues trojan horse.

Just my 3 cents
:Salute Easy8 EEK GUS Betty

Offline Stoney

  • Gold Member
  • *****
  • Posts: 3482
Re: Warning! Severe Google REDIRECT Virus
« Reply #26 on: April 13, 2011, 06:02:05 AM »
Stuxnet is a good example of a widely spread good virus that went undetected for ages.

Considering what that virus was, and who supposedly created it, I'd say it might be in a different league than your average redirect malware...
"Can we be incorrect at times, absolutely, but I do believe 15 years of experience does deserve a little more credence and respect than you have given from your very first post."

HiTech

Offline MrRiplEy[H]

  • Persona Non Grata
  • Plutonium Member
  • *******
  • Posts: 11633
Re: Warning! Severe Google REDIRECT Virus
« Reply #27 on: April 13, 2011, 09:22:00 AM »
Considering what that virus was, and who supposedly created it, I'd say it might be in a different league than your average redirect malware...

Yet it was an example what can be done and how long it can be in distribution without anyone detecting it. I repeat: The best of AVs get 98-99% detection rates on a sample of known viruses. They can't even catch all of the viruses that are already known to exist, let alone 0-day ones.

No 'cleaning' is going to give you guarantee your system is uncompromised after you get infected that is a simple fact. The infection might not give any clue of its presence and it may have simply blocked your AV from touching it.

Every day millions of pcs that are hijacked run 24/7 as part of Ddos or spam botnets. Most of the users run antiviruses and probably think nothing's wrong.
« Last Edit: April 13, 2011, 09:23:57 AM by MrRiplEy[H] »
Definiteness of purpose is the starting point of all achievement. –W. Clement Stone

Offline Stoney

  • Gold Member
  • *****
  • Posts: 3482
Re: Warning! Severe Google REDIRECT Virus
« Reply #28 on: April 13, 2011, 02:33:45 PM »
Yet it was an example what can be done and how long it can be in distribution without anyone detecting it.

Fair enough...I'll have to make sure I shut down my uranium enrichment centrifuges when I get home...  :)
"Can we be incorrect at times, absolutely, but I do believe 15 years of experience does deserve a little more credence and respect than you have given from your very first post."

HiTech

Offline Wiley

  • Plutonium Member
  • *******
  • Posts: 8081
Re: Warning! Severe Google REDIRECT Virus
« Reply #29 on: April 13, 2011, 03:33:11 PM »
Fair enough...I'll have to make sure I shut down my uranium enrichment centrifuges when I get home...  :)

Be sure that you do! ;)

Ripley's point is still valid though.  Well done malware can be nigh unto undetectable, antivirus is not foolproof, and if you get malware the only way to be certain it's gone is to restart your OS from scratch.

Wiley.
If you think you are having a 1v1 in the Main Arena, your SA has failed you.

JG11