Security Issue

[nivrip]

I logged in to the Fantasy Football site, as I am part of the PCR league, and as it opened a new window opened stating that MSE had detected a trojan and two viruses. It did look like a MSE window and it suggested I delete these intruders.

However, shocked at seeing this I immediately closed the FF window and the "MSE" window also closed. I immediately went to MSE but there was no mention of anything amiss. I therefore ran a full scan on MSE, which took an hour, but nothing turned up. I also went back to FF but this time there was no mention of any problems.

All appears to be OK but should I run any further scans such as Superantispyware or malwarebites?

 

[EvanDavis]

Superantispyware or malwarebites?

No harm in running Malwarebytes. Dunno about SAS though. It's a bit old and outdated in my opinion.

 

[Ian]

I've just logged on at the FFL site and my AV scanner (Kaspersky) comes up clean. I wonder if it was a false positive?

In the past I've had a Kaspersky warning on a page that I know to be clean (as I coded it!), as it doesn't like the fact that there's the words "MySQL" and other parameters in the page URL.

 

[nivrip]

It's happened again today when I've clicked on the FF site and here's what I get

Again, my own MSE shows no evidence of infections and everything seems to be fine. This ONLY appears when I go on to the FF site.

Any further ideas?

 

[Ian]

Now that you've posted a screenshot I think that's a fake anti-virus message and not MSE. If you check out the text on the grey background it misspells the word "might" as "mihgt"

Can you try the ESET (free) online scanner: http://www.eset.com/us/online-scanner/

and run MBAM (free): http://www.malwarebytes.org/

 

[nivrip]

Thanks, Ian.

ESET picked up "variant of Win32/Adware.iBryte.D" (which wasn't found by MSE) but I'm not sure it's related to any on the FFsite.

Malwarebytes found nothing.

Hopefully all is well.

 

[muckshifter]

It is a fake popup ... I strongly suggest you pop along to http://www.bleepingcomputer.com/ and get your system checked properly.

MSE was not at fault in failing to detect that Trojan.

 

[muckshifter]

oh dear, I have ... MSIL/Solimba.F application ... I wonder how that happened.





EDIT: eset online scanner cleaned it. nice.

 

[V_R]

Blatantly fake Niv, do what Mucks says.

Seems like a lot of viri around recently... ;?

 

[nivrip]

It is a fake popup ... I strongly suggest you pop along to http://www.bleepingcomputer.com/ and get your system checked properly.

MSE was not at fault in failing to detect that Trojan.

BleepingComputer duly contacted. Will report back with more info.

 

[Ian]

I posted this in Feckit's thread, but it could be that this virus came through an exploit too - so it's worth a mention in case you don't already have it nivrip (or others in the same boat):

I'd install "Secunia PSI" (link) if you haven't got it already. I seem to remember you have it, but thought I'd mention it in case anyone else is in the same boat. It will make sure all your 3rd party apps (that are often vulnerable, i.e. Flash, Adobe Acrobat, Java) are up to date.

Hope BleepingComputer get you sorted - they're a good bunch

 

[nivrip]

Now able to report back.

Bleeping Computer were incredibly helpful. They suggested four different programmes to download and then to use to scan my PC. They then looked at all the logs I sent to them and seem to think that it came from an app named Optimum Installer. This, in turn, seems to be linked with games downloads but I have never downloaded a game in my life.

Anyway, one of the programmes that they suggested was able to remove the offending article and I am now,hopefully, free of it.

 

[EvanDavis]

Anyway, one of the programmes that they suggested was able to remove the offending article and I am now,hopefully, free of it.

What were programmes they suggested for reference ?

 

[nivrip]

What were programmes they suggested for reference ?

Rkill
Malwarebytes
ADW Cleaner
MiniToolBox

All produce logs but these need to be assessed by an expert such as those on Bleeping Computer. I don't think your average computer user would know what to do with the info - I certainly didn't.

 

[nivrip]

Further info in case anyone else runs into this problem.

Bleeping Computer also suggested Creating a NEW Restore Point (not use a recommended old one) which I had to do manually. Seems it's possible to get a reinfection from old Restore Points.

I also had to use Disk Cleanup to delete all the old Restore Points so they reckon I should be squeaky clean now.

 

[V_R]

Niv's thread.....

http://www.bleepingcomputer.com/forums/topic481970.html