Security Issue

nivrip

Yorkshire Cruncher
Joined
Mar 21, 2007
Messages
11,078
Reaction score
2,161
I logged in to the Fantasy Football site, as I am part of the PCR league, and as it opened a new window opened stating that MSE had detected a trojan and two viruses. It did look like a MSE window and it suggested I delete these intruders.

However, shocked at seeing this I immediately closed the FF window and the "MSE" window also closed. I immediately went to MSE but there was no mention of anything amiss. I therefore ran a full scan on MSE, which took an hour, but nothing turned up. I also went back to FF but this time there was no mention of any problems.

All appears to be OK but should I run any further scans such as Superantispyware or malwarebites?
 
I've just logged on at the FFL site and my AV scanner (Kaspersky) comes up clean. I wonder if it was a false positive?

In the past I've had a Kaspersky warning on a page that I know to be clean (as I coded it!), as it doesn't like the fact that there's the words "MySQL" and other parameters in the page URL.
 
It's happened again today when I've clicked on the FF site and here's what I get


attachment.php



Again, my own MSE shows no evidence of infections and everything seems to be fine. This ONLY appears when I go on to the FF site. :confused:

Any further ideas?
 

Attachments

  • Virus.webp
    Virus.webp
    23.9 KB · Views: 385
Thanks, Ian.

ESET picked up "variant of Win32/Adware.iBryte.D" (which wasn't found by MSE) but I'm not sure it's related to any on the FFsite.

Malwarebytes found nothing.

Hopefully all is well.
 
oh dear, I have ... MSIL/Solimba.F application ... I wonder how that happened. :rolleyes:


:user:


EDIT: eset online scanner cleaned it. nice. :)
 
Blatantly fake Niv, do what Mucks says. ;)

Seems like a lot of viri around recently... ;?
 
I posted this in Feckit's thread, but it could be that this virus came through an exploit too - so it's worth a mention in case you don't already have it nivrip (or others in the same boat):

I'd install "Secunia PSI" (link) if you haven't got it already. I seem to remember you have it, but thought I'd mention it in case anyone else is in the same boat. It will make sure all your 3rd party apps (that are often vulnerable, i.e. Flash, Adobe Acrobat, Java) are up to date.

Hope BleepingComputer get you sorted - they're a good bunch :)
 
Now able to report back.

Bleeping Computer were incredibly helpful. They suggested four different programmes to download and then to use to scan my PC. They then looked at all the logs I sent to them and seem to think that it came from an app named Optimum Installer. This, in turn, seems to be linked with games downloads but I have never downloaded a game in my life. :confused:

Anyway, one of the programmes that they suggested was able to remove the offending article and I am now,hopefully, free of it. :)
 
Last edited:
What were programmes they suggested for reference ?

Rkill
Malwarebytes
ADW Cleaner
MiniToolBox

All produce logs but these need to be assessed by an expert such as those on Bleeping Computer. I don't think your average computer user would know what to do with the info - I certainly didn't. ;)
 
Further info in case anyone else runs into this problem.

Bleeping Computer also suggested Creating a NEW Restore Point (not use a recommended old one) which I had to do manually. Seems it's possible to get a reinfection from old Restore Points.

I also had to use Disk Cleanup to delete all the old Restore Points so they reckon I should be squeaky clean now. :)
 
Back
Top