Author:
Taxonomy upgrade extras:
DO NOT, in checking on this, click on : news.bbc.co.uk/1/hi/technology/7784908.stm
Immediately after clicking on it to verify more sources, my laptop popped up a message that Windows firewall had found
Name: Win32.Zafi.B,
Risk Level: HIGH
Description: WIN32.Zafi.B is a worm trojan that records ... and takes screen shots of the computer s ... financial information.
It and asked if I wanted to keep blocking it.
(The window was too small for the information, so ... indicates text Icould not read. I was unable to expand the window.
There may not be a problem with the BBC link, BUT, a moment after clicking on the BBC link while trying to track down more information for this blog, my Anti-Virus program told me it had spotted a serious trojan and was shutting down my system.
The system shut down, then came back up, with the Windows Firewall Security Center alert window reduced to less than full size, and the 'keep blocking' button grayed out. I cannot get it to do anything now.
I also cannot start my anti-virus program on that computer, so I've killed it for now, and am using my other computer.
I have tried to vrify the information and found many sources when I googled 'Internet Explorer flaw'
Serious flaw in Internet Explorer not fixed yet
The Associated Press
Posted: 12/16/2008 04:37:46 AM PST
SAN FRANCISCO–Users of all current versions of Microsoft Corp.'s Internet Explorer browser might be vulnerable to having their computers hijacked because of a serious security hole in the software that had yet to be fixed Monday.
The flaw lets criminals commandeer victims' machines merely by tricking them into visiting Web sites tainted with malicious programming code. As many as 10,000 sites have been compromised since last week to exploit the browser flaw, according to antivirus software maker Trend Micro Inc.
The sites are mostly Chinese and have been serving up programs that steal passwords for computer games, which can be sold for money on the black market. However, the hole is such that it could be "adopted by more financially motivated criminals for more serious mayhem–that's a big fear right now," Paul Ferguson, a Trend Micro security researcher, said Monday.
"Zero-day" vulnerabilities like this are security holes that haven't been repaired by the software makers. They're a gold mine for criminals because users have few ways to fight off attacks.
The latest vulnerability is noteworthy because Internet Explorer is the default browser for most of the world's computers. Also, while Microsoft says it has detected attacks only against version 7 of Internet Explorer, which is the most widely used edition, the company warned that other versions are also potentially vulnerable.
Microsoft said it is investigating the flaw and is considering fixing it through an emergency software patch outside of its normal monthly updates, but declined further comment. The company is telling users to employ a series of complicated workarounds to minimize the threat.
Many security experts, meanwhile, are urging Internet Explorer users to use another browser until a patch is released.
Sources.
Associated Press
news.yahoo.com/s/nf/20081216/tc_nf/63586 - 1 hour ago
http://www.guardian.co.uk/technology/2008/dec/16/internet - Microsoft Internet Explorer users told to switch browsers over flaw
http://www.zdnet.com.au/news/security/soa/Avoid-using-IE-if-... - Avoid using IE if possible: AusCERT
I was running Firefox, and it seemed to still be working a right, but the computer is not in ways not associated with Firefox.
Comments
Mostly given up on IE
In the last 6 months, my IE has become less and less functional. I now only use it if I want to watch videos on CNN. For some reason, that is not too important to me, Firefox will not play vids from CNN.
I am becoming addicted to FF, though I used to complain piteously about its lack of graphic quality.
Gwendolyn
Latest Firefox...
At least on a Mac, OS-X 10.5.5, the latest Firefox plays CNN videos quite nicely.
Cheers,
Puddin'
-----------------
I haven't used MSIE for years, and don't even attempt to code for it in HTML these days, instead placing a window on-screen advising users that another browser, one more compliant with Internet standards and at least minimally secure, should be used.
-
Cheers,
Puddin'
A tender heart is an asset to an editor: it helps us be ruthless in a tactful way.
--- The Chicago Manual of Style
Holly, Try An Online Scan
Many of the major AV suppliers provide free online scans. The Symantec Security Scanner is here ( http://security.symantec.com/sscv6/home.asp?langid=ie&venid=... ). It can be a big help if your browser is working. It sounds like whatever you have picked up has disabled your own security applications.
I had to leave for most of the day. I am trying to run such
However, it or something seems to have totally trashed the system.
When I try to run Firefox, it starts by telling me I have a dangerous virus, and to register my antivirus program
Below, it tell me to click here to download an to download an antivirus program (It does not tell me which one ...
below that it tells me to click here to run without it, (Not Recommended )
I did manage to run Google and tried to downloaded a program from bitdefender for this specific virus
Firefox dies.
I tried 2 others. Firefox dies whenever I try to download anything.
I downloaded them on this computer, copied to a thumbdrive, moved it to the laptop, and ran it.
It gets to the opening window then locks up. All buttons are grayed out and the window for entering required information refuses to accept any information, for all three removal tools specific to this virus, from bitdefender, Symantec & McAfee.
The url you pointed to is incomplete on the screen, and I can only get to it on the good computer.
When I try to access McAfee or Symantec or PCCiliin's website, Firefox dies
I'll play with it some more, but I may need a pro to fix this.
One of the most difficult things to give away is kindness.
It usually comes back to you.
Holly
Suggestions
idea 1) If you don't have any irreplaceable data on the drive, fdisk it -- remove all the partitions, put them back, reformat, reload. (That's the ultra paranoid method that's designed to even get rid of boot viruses.)
idea 2) Remove the drive and put it into another computer -- but don't run any programs that are on it. Use a good virus scanner. Or, remove all valuable data and do the fdisk thing mentioned above.
idea 3) Boot something like Linux from a CD, move all good stuff to a USB drive, then do the fdisk thing.
idea 5) Tie a ribbon around it and mail it to me so I can replace my old Thinkpad 233. ;-)
Good luck! I offer my sympathies as a fellow virus sufferer. (As soon as I figure out how to get Linux Mint to talk to my US Robotics USB modem, I'm going to use Linux for all my surfing, most of my writing, most of my web developing, and most of my image processing. I'll still need M$ for Visual Foxpro, and my scanners and printers. Oops... and, of course, my shoot-em-up games.)
MS is Publishing an Update Wednesday
MS is going to patch Internet Explorer Wednesday. Here's an article about the update from Computerworld online: http://www.computerworld.com/action/article.do?command=viewA...
suggestion
Next time you click on such a link, may I suggest you do it from a non-windows system ? Such as Linux or Solaris ? That way you can safely access that link and see what it is trying to do.
Kim
I do not have Linux etc, and
am not about to try and switch to something with a majorp learning curve, that may not run most of my software.
I have backed this up less than a week ago on a now non-attached hard drive, so if I have to, I can clean this up and reload everything.
Or, I may just scrap the laptop. It has some other physical problems.
One of the most difficult things to give away is kindness.
It usually comes back to you.
Holly
One of the most difficult things to give away is kindness.
It usually comes back to you.
Holly
Linux
I have about two decades of computer experience -- most of it Microsoft. (I used a Sinclair and a CP/M machine before that -- then a Vax at school.) Most of the programming I did after college was using Foxbase, then Foxpro. I therefore have quite a lot of time invested in the MS DOS/Windoze world.
I just got a copy of Linux Mint and started using it. It's similar enough to Windows that it should be easy for any MS user to make the switch -- especially if they already use Mozilla and Open Office.
I'm still trying to grock the whole 'unified file theory' thing -- especially where to look for everything. Still, I'm digging into the innards of the thing more than your average Windows user.
(And, it comes complete with a free DVD player.)
Anyhow, switching isn't necessary. I'm using a dual boot system and slowly using Linux more as I become comfortable with it.
Ray Drouillard
Nerd at large
Anti-Malware
Holly, you might try Malwarebytes Anti-Malware, available at Cnet's Downloads dot com:
"Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
Version 1.31 adds Heuristics for newer infections"
I used it awhile back when I picked up a nasty bit of something while looking at StickySite one evening. Cleaned it right up. Here is the link to download the free version:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_...
KJT
"Being a girl is wonderful and to torture someone into that would be like the exact opposite of what it's like. I don’t know how anyone could act that way." College Girl - poetheather
"Life is not measured by the breaths you take, but by the moments that take your breath away.”
George Carlin
Trying it
I actually got it to load on the infected computer ...
One of the most difficult things to give away is kindness.
It usually comes back to you.
Holly
One of the most difficult things to give away is kindness.
It usually comes back to you.
Holly
Thanks oodles and oodles, Karen
I'm now back as Holly Hart on the laptop, thanks to your suggestion.
I run some pretty tight anti-virus stuff, and have never had a problem before. Most of the time when I see a warning like this, I try to check it out, and if there is a fix from any of the big AV people, run it if it seems necessary. But to have the system lock up, so I can't even run any browser, or if I get one running, refuse to download, and refusing to let me run my anit-virus software, is something new and scary, to me, at least.
I said above, that I got it to load. Actually, it would not download on this, the laptop. I downloaded it on the desktop, transferred it to the laptop by thumbdrive, and installed it from there.
After a long slow update, I ran it, and in about 25 minutes, it located three 'trojanfake's and when I asked it to, cleaned them off.
This is being written on the laptop, which seems to be very happy now,
It’s not given to anyone to have no regrets; only to decide, through the choices we make, which regrets we’ll have,
David Weber – In Fury Born
Holly
It's nice to be important, but it's more important to be nice.
Holly
scary trojan/virus
You can usually get an online antimalware/virus ( eg Symmantec ) while running in Safe Mode. Safe mode usually only allows essential known Windows stuff to run and nothing else. The fact you could not do anything even in Safe Mode was Really bad.
Kim
some more info
It sounds like you got yourself a rootkit. The newest that i found that is easly infected are fake antivirus.
While you surf you get a pop-up claiming you got a virus in your system and suggests downloading their software to fix it. After download it usually shows as pretty convincing windows security center (if you don't know how to look), but its very much a fake. That's just one of dose things, they are plenty more of them with different kind of symptoms.
Anyway i was to suggest Malwarebyte, but Karen J already did. That program is quite powerful at finding these kind of pesky trojans. Plus its free! You only have to pay if you want to active protection in your background.
Another good tools to have and to scan your system with, are:
VundoFix:
http://vundofix.atribune.org/
F-Secure Blacklight Rootkit Eliminator:
http://www.pcworld.com/downloads/file/fid,72632-order,1-page...
and SpyBot S&D:
http://www.spybot.com/index2.html
I suggest getting them all and scanning your system, just to be sure that its clean.
Hope this helps.