Jump to content
IMD

Would You Believe Infected By Ny Times Ad?

Recommended Posts

This is kind of a public service announcement, if you will.

 

I read the online New York Times daily. I've never had a problem with it until yesterday; my plea is for all of you to keep a careful eye out on all ads. Especially swf files.

 

I clicked on a topic, as the paper comes to me first as an email. As soon as I did, an ad came up and Norton seized upon it seconds later. Graybird. Backdoor Graybird, a trojan.

 

Okay, I thought, fine, Norton took care of it. Then, just to be sure that was where it came from, I went back again to the same page and the same thing happened.

 

Norton took care of it again...but did it? It kept saying "removed". A few minutes later it would come up yet again. NAV 2008 and NIS 2008 are installed on all of my machines. I went into the history of the activities for NIS 2008 and found it had to remove it at least a half-dozen times after it initally said it removed it, and it is a very malicious backdoor, aiming for your keystrokes and everything else on your machine. This despite being behind not only a router with a firewall, but Norton's firewall as well.

 

I went to Symantec and looked for all the files and registries it said to look for. At the time, the (I hope I remember the file name correctly) white pages said to look for svch0st.exe in the processes in the task manager. When I checked, it was not running. The big difference being the zero in the name.

 

But why would it keep coming back? The only other page I visited was my own, and there is no malware or swf or advertisements on my page at all. I do not collect information on it as only friends use it.

 

End result, I did a restore from and image taken two days prior, and now all is back to normal. I deep scanned twice just to be sure.

 

Has anyone else had similar problems with other websites?

 

IMD

Share this post


Link to post
Share on other sites
This is kind of a public service announcement, if you will.

 

I read the online New York Times daily. I've never had a problem with it until yesterday; my plea is for all of you to keep a careful eye out on all ads. Especially swf files.

 

I clicked on a topic, as the paper comes to me first as an email. As soon as I did, an ad came up and Norton seized upon it seconds later. Graybird. Backdoor Graybird, a trojan.

 

Okay, I thought, fine, Norton took care of it. Then, just to be sure that was where it came from, I went back again to the same page and the same thing happened.

 

Norton took care of it again...but did it? It kept saying "removed". A few minutes later it would come up yet again. NAV 2008 and NIS 2008 are installed on all of my machines. I went into the history of the activities for NIS 2008 and found it had to remove it at least a half-dozen times after it initally said it removed it, and it is a very malicious backdoor, aiming for your keystrokes and everything else on your machine. This despite being behind not only a router with a firewall, but Norton's firewall as well.

 

I went to Symantec and looked for all the files and registries it said to look for. At the time, the (I hope I remember the file name correctly) white pages said to look for svch0st.exe in the processes in the task manager. When I checked, it was not running. The big difference being the zero in the name.

 

But why would it keep coming back? The only other page I visited was my own, and there is no malware or swf or advertisements on my page at all. I do not collect information on it as only friends use it.

 

End result, I did a restore from and image taken two days prior, and now all is back to normal. I deep scanned twice just to be sure.

 

Has anyone else had similar problems with other websites?

 

IMD

 

No but always check your Windows restore points. It may be hiding there even after a good cleaning. If this happens again, turn off restore which will delete all the restore points and then turn it on again. This happened to a friends of mine. A virus showed up after she paid one of the geek type people to fix her computer. Getting rid of the restore got rid of the virus.

Share this post


Link to post
Share on other sites

Well, you see, I am one of those geeks that others pay. I do not use Windows restore under any circumstances.

 

The oddity here, the point I am trying to bring out, is that even though I am protected (supposedly) in many ways; somehow the "removal" of the graybird did not completely remove through Norton until after about a half-dozen times.

 

This did not satisfy me.

 

Therefore, checking the history of the activities in my Norton log, and finding that it had to remove it that many times, and going back in that same history to a point where it did not appear at all, I did an image restore from that point.

 

When Windows does a restore, it DOES NOT touch the registry. The registry is where the culprits lay in prey, along with the Windows System 32 folder. Therefore only a complete image restore would wipe my C drive clean and put it back to the point before Graybird hit.

 

I IMPLORE all of you to have a truly reliable image backup system. Of all those I have experimented with on my many machines, Ghost and Norton Save and Restore are the only truly reliable ones that I can recommend to the people I serve.

 

I'd love to try Ghost 12...but then I'd have to get yet another computer and this house is only so big and no bigger! Of course I could shoot my husband and then have his space, but somehow that doesn't seem quite ethical ;) j/k

 

I haven't yet tried Vista; one of the things I must do is take control of the computers of other people, and they are not on Vista. I guess sooner or later I'll have to make the leap, but it won't be on any of my daily working computers. I'll prolly pick up a Vaio or something for that. In that case I'll put Norton 360 on it....

 

Please, folks, if you never listen to a word any of the Guru's give you...listen to them and listen to me on this one point: Current image backups are a COMPLETE necessity if you don't want to lose your computer or go through grief.

 

My one son is and has always been IT to the hilt. He is past 38 y/o, and his early days found him in a large computer room where the disks were piled one atop the other, like pizzas, and inserted into things that looked like washing machines. They didn't hold what your standard CD holds...(okay, so embalm me already ;) ). This is where *I* worked, and I brought him in, as a child, and he was completely entranced. When I brought home the first IBM PC, he had it together within minutes. He is innovative and sucks up dry manuals as I do. He does NOTHING without image backups, and he can build computers from nothing, from the ground up, if you get my drift. He can sniff out your packets and do anything else (although we are a law-enforcement type family so we don't do that, we only prevent others from doing that...but in order to prevent others, you have to know how to do it yourself).

 

When I tell you that Ghost (and I only have v.10) has not failed me, and Norton Save and Restore 2.0 has not failed me, take it from someone who eats, sleeps, drinks and lives computers (and cameras).

 

This isn't for me, I'm protected. This is for you. For the newbies, for those just opening up their computer for the first time.

 

BUT what I'd like to know, is if any of YOU have come across ads/pages without having the full protection, or if you have had the full protection and seen the same warning.

 

IMD

Edited by IMD

Share this post


Link to post
Share on other sites

Yes Java and active x files can access and embed them selves into your PC with out little efort, allways make sure you have a very good Antivirus and allways have backups done of your PC

 

i own a small to medium sized PC service company in New Zealand and i can say without any lies iv seen many people losse all there data from virus's and PC crash's, so do backup and do have a very good Antivirus, and sorry to say Mcafee and Nortons dont make it in that leage.

 

Have a read done by a crowd called top100

 

http://anti-virus-software-review.toptenreviews.com/

Edited by The Highlander

Share this post


Link to post
Share on other sites

Here I am replying to myself: Lethally blonde and a victim of working in darkrooms for a very, very long time. Problem with that is, being Irish, you not only talk to yourself, but you argue with yourself; no one wins.

 

Please do not count on Windows Restore Points...especially if your registry is involved, and if it is a malicious thing, the registry has been affected.

 

I love Windows. It was hard to get me to move from DOS, where I could command everything because I knew the commands. But multitasking was impossible. Now, sitting here with all these monitors and several computers, I've come to embrace Windows, but I know where you can be trapped.

 

If you mess with your administrative tools, something I must continually do, Windows Restore is NOT going to change what you might have screwed up, or some interloper may have inflicted upon you.

 

The only sure-cure is to go back to an image backup before the damage was done.

 

I highly recommend that you also check your ports, ones that are vulnerable to stealth attacks. This is something Norton has taken great care with.

 

Please, go to Symantec and check the false and misleading lists for programs that will trick you into thinking they are cures for your registries. I have completely checked out RegCure and find it to be without flaw, even though some nay-sayers (I suspect they are evil-doers), have said there are trojans in that, although there are not.

 

Symantic, Norton, all the same...not perfect...but they TRY. And as far as I am concerned, they do a very good job. True, the subscriptions are expensive and they start haunting you thirty days before your subscription is up...but would I be without? How does "NO" sound?

 

I have tried several other registry repair software programs and found them lacking. RegCure was the one that I settled on.

 

While we're at it...and I'm sure the gurus here will agree...SnagIt is invaluable. It not only catches windows on your screen, but scrolling windows with link intact, and records videos of your screen. So if someone is trying to hack into your machine, you can report it along with the proper information to stop the bad guys dead in their tracks.

 

Also, remember that to report abuse, phishing, spoofing, scamming...you need the FULL header. Whatever email client you are using, find out how to view and forward the full header.

 

IMD

 

Share this post


Link to post
Share on other sites

Cannot argue about McAfee, but Norton I am well versed with.

 

There was a time when I would not have anything Norton on my machines. But this has changed.

 

Remember, I was doing computers more than 30 years ago, and have continually done so throughout the years, along with the photography.

 

Also remember the quote from "The Godfather". "I have a specialized practice, I have only one client." This is me. I can't make mistakes.

 

Part of my job is to purposely screw up machines and then unscrew them, and this is appropos because I'm screwy to begin with, thus it comes naturally to me ;)

 

Unfortunately, or fortunately (because learning is always fortunate), I also help many others...that is why I let some machines do the Windows updates automatically, and others I download the updates and install at my convenience. In other words, I have to allow myself to be in THEIR situation, so that I can unscrew it. Make sense? Well, consider...I'm not quite balanced to begin with ;)

 

However, this is my field. Has been for longer than most. Many sit down and play video games on their computers, whilst I have a manual opened in front of me...a "bible" of sorts, but not in the religious sense.

 

I have to be able to take remote control of their computers to see what damage is there. Many of their problems could have been avoided if they bothered to take a look at the Norton events in their logs. But they don't.

 

Do I think Norton could use improvement? Of course. But remember that they are but one company, dealing with many countries with many malicious people of various intelligences and intents. If you are not evil, sometimes you cannot profile nor anticipate what will be coming at you next. If you are not of malicious intent yourself, you cannot fathom others that are.

 

I do have a problem with the difficulty of removing some Norton software to accomodate other Norton software, but they are progressing.

 

Have you tried the latest Norton programs? Comprehensive. They have come a long, long way. This was the ONLY questionable activity to the point where I only felt safe with an image restore and then going back in and closing ports and services through Administrative Tools and IIS to solve.

 

IMD

 

One cannot depend on any software alone. Intelligence and dilligence cannot be replaced.

Share this post


Link to post
Share on other sites

Yes, but on one of the machines, the Lenovo (IBM) T43p, I found that the removal tool didn't do the trick unless I went through the control panel first, did add/remove...and THEN use the Norton Removal Tool.

 

There is an oddity in the configuration there, every few days I have to go to the Norton Website and use the Intelligent Updater from the site, the one that is built into the program and in fact into the "technical help" section of the program itself, does not do it. Found this out the hard way. In other words, you can either have "Live Update", which was having problems, or you can use the tool built into the program which claims it is using the Intelligent Updater, but it wasn't working on that machine. I had to actually go to the website itself and do it manually. That is the only machine it happens on.

 

Since then, if I need to remove it, I just go ahead and follow the same procedure. Remember, I have many different types of machines and configurations here.

 

IMD

Share this post


Link to post
Share on other sites

When you remove it , just to see a few things try this

 

 

Its the no:1 antivirus called bitdefender

(this is there free version and it works very nicely)

you get 1 year free use of there good software (i love Free)

 

post-293-1209369149.gif

http://download.bitdefender.com/windows/desktop/free/final/en/bitdefender_free_v10.exe

 

im sure you may even be shocked after you have updated bitdefender and ran a FULL scan (only use full) on what it may find on your PC that nortons have left.

Edited by The Highlander

Share this post


Link to post
Share on other sites

Well thanks very much for that information. To be perfectly honest, I had never heard of the program.

 

I cannot put it on these computers as I have to be able to replicate problems, but I did mention I was thinking of picking up yet another notebook, this time with Vista, and I may very well just put that on there and be sure that no other AV's are installed on it first.

 

Free is good. I agree! ;)

 

Once or twice I was broadsided by "free" software, many years ago. Now they get thorougly checked first. Wrote it down though, and will certainly give it a try to run side by side with the NIS 2008 and NSW 2008 I have running on the machines now. Three of the machines were only re-subscribed yesterday, and the others still have nearly a year left on the subscriptions. Even with that, I still have to replicate.

 

IMD

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×