Author Topic: Warning! Severe Google REDIRECT Virus  (Read 2778 times)

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9891
Re: Warning! Severe Google REDIRECT Virus
« Reply #30 on: April 14, 2011, 04:20:12 AM »
Oh boy are you off the mark there. I suggest you do some studies, http://www.av-comparatives.org/ is a good place to start. Note that the tests are done with _known_ set of viruses, they don't even have access to 0-day ones and still none of the AVs manage to provide a 100% detection rate.

No AV is going to give you a 100% coverage, the simple fact that you noticed you got infected is a strong testament of that in the first place. (And I'm referring to the OP here now)

Once you get a trojan dropper in your system you can't know what it has altered there and no AV is going to provide safety anymore. There can be a 0-day nastie that embeds itself into dll's like stuxnet did and no AV is going to catch it but it WILL catch your banking credentials or re-route your network traffic to hijack the site. Possibilities are endless.

Once you've actually found out you have a problem (lucky, huh?) the only safe solution is to nuke it from orbit, do some voodoo rituals on the harddrive and install from a dvd.

Of course if you're willing to trade 60 minutes of your time to a possible bank account hijack / losing all your money then the choice is all yours! :D

Nothing like a false sense of security provided by the AV software that is usually the first thing the virus attacks and disables.

Did you even read what I wrote?

You know I do IT security for a job right?

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9891
Re: Warning! Severe Google REDIRECT Virus
« Reply #31 on: April 14, 2011, 04:21:34 AM »
Stuxnet is a good example of a widely spread good virus that went undetected for ages.

err Stux wasn't widely spread.

Offline MrRiplEy[H]

  • Persona Non Grata
  • Plutonium Member
  • *******
  • Posts: 11633
Re: Warning! Severe Google REDIRECT Virus
« Reply #32 on: April 15, 2011, 09:44:38 AM »
Did you even read what I wrote?

You know I do IT security for a job right?

Ok you do your job trusting antivirus programs after the machine has been infected and I wish you luck. That's all.  :O

You know the infection already got past your active antivirus when you get in the OP position in the first place!  :rolleyes:

First it fails to protect you and then it SAVES THE DAY!  :D
« Last Edit: April 15, 2011, 09:47:35 AM by MrRiplEy[H] »
Definiteness of purpose is the starting point of all achievement. –W. Clement Stone

Offline HellFire

  • Copper Member
  • **
  • Posts: 310
Re: Warning! Severe Google REDIRECT Virus
« Reply #33 on: April 15, 2011, 04:49:08 PM »
Hello every1:

Took PC to be repaired, after an extensive diagnostic, no virus' were ever found, no fee was charged.  PC brought home.

Plugged PC in & ran a few hours of programs noticing that the PC was slow.  Ran "ESET online" (AV Pgm) discovered the following:

      A variant of Win32/Adware Virtumonde. NKO appication.

Ran Housecall (AV Pgm) & yet another virus was found:

      Rogue AV749

Both virus' were cleaned  & removed.  Should anymore virus' be found over the weekend I plan to have my PC wiped clean.
"In life there is certain death, and between life and death
  there is a journey, hence in truth nothing is lost in death."

Offline MrRiplEy[H]

  • Persona Non Grata
  • Plutonium Member
  • *******
  • Posts: 11633
Re: Warning! Severe Google REDIRECT Virus
« Reply #34 on: April 16, 2011, 01:20:19 AM »
Hello every1:

Took PC to be repaired, after an extensive diagnostic, no virus' were ever found, no fee was charged.  PC brought home.

Plugged PC in & ran a few hours of programs noticing that the PC was slow.  Ran "ESET online" (AV Pgm) discovered the following:

      A variant of Win32/Adware Virtumonde. NKO appication.

Ran Housecall (AV Pgm) & yet another virus was found:

      Rogue AV749

Both virus' were cleaned  & removed.  Should anymore virus' be found over the weekend I plan to have my PC wiped clean.

Just remember that just like in Aces High, the one that you don't see is the one that gets you.  :salute
Definiteness of purpose is the starting point of all achievement. –W. Clement Stone

Offline HellFire

  • Copper Member
  • **
  • Posts: 310
Re: Warning! Severe Google REDIRECT Virus
« Reply #35 on: April 17, 2011, 05:59:52 PM »
So far so good ... no virus' detected & u are correct MrRiplEy[H] am keeping a very close watch on my pgms, thx 4 ur suggestions & help.
 :cheers:
"In life there is certain death, and between life and death
  there is a journey, hence in truth nothing is lost in death."

Offline HellFire

  • Copper Member
  • **
  • Posts: 310
Re: Warning! Severe Google REDIRECT Virus
« Reply #36 on: April 18, 2011, 01:50:05 PM »
WOOPS!!!!!!!!!!!  my error, the virus reared it's ugly head this A.M., redirecting my queries to different sites ,,, it certainly is deep rooted, it's
off to the PC Repair for me for a thorough wipe of the hard disk  :uhoh
"In life there is certain death, and between life and death
  there is a journey, hence in truth nothing is lost in death."

Offline cattb

  • Silver Member
  • ****
  • Posts: 1163
Re: Warning! Severe Google REDIRECT Virus
« Reply #37 on: April 18, 2011, 04:07:16 PM »
PLease refer to my earlier post about making a shadow copy or image, wich ever a person wants to call it.
Making a backup has saved me many times from going and doing a full reinstall.
Just my 3 cents again
:Salute Easy8 EEK GUS Betty

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9891
Re: Warning! Severe Google REDIRECT Virus
« Reply #38 on: April 18, 2011, 06:35:33 PM »
Ok you do your job trusting antivirus programs after the machine has been infected and I wish you luck. That's all.  :O

You know the infection already got past your active antivirus when you get in the OP position in the first place!  :rolleyes:

First it fails to protect you and then it SAVES THE DAY!  :D

What an earth are you talking about?

You're not making much sense you know.

Let me explain...

1. 0 Day exploit is released.
2. User receives email with 0 day exploit based malware attached
3. AV misses it on a signature scan due to no signature existing yet
4. User tries to run attachment
5. AV blocks malware based on behavior at execution (could be any number of triggers)

It's not that hard to comprehend is it?