Got a virus, looking for input.

Saosin

Saosin

Saosin

Associate
Joined
15 Jun 2011
Posts
8
Hey guys, So I got a virus from a webpage last night with no input from myself, I didn't give any permissions or download anything.

Firstly I use IE and Im not a fan of FireFox. I run windows 7 with UAC disabled.

So I'm on this webpage and java opens in my windows tray then my pc shuts down, I turn it back on and open task manager quickly, spotted the virus straight away and killed its process tree, I then opened msconfig and removed the entry it had given itself to load upon boot. From there I saw the virus was in appdata roaming folder I then deleted the exe.

Pretty sure its killed but I needed to format anyway so I'll wipe the disc tonight to be safe.

Could you please help me understand how a webpage manipulates java into saving and executing an exe on my pc.

I put IE security from default to max and went back to the site to see what I could learn, I didn't get a virus again, instead It said something like an addon for this site failed to run.

So I'm here to learn, how does it do it and how to prevent it?

I don't want an AntiVirus installed and I want to stick with IE, apart from increase IE security what can I do (dont visit dodgy sites yes yes I know :) )

Thanks in advance.
 
use google chrome and install an AV product...

or

turn the PC off...

or

disconnect your internet and break all your USB / firewire ports / optical drive...
 
Saosin said:
Firstly I use IE and Im not a fan of FireFox. I run windows 7 with UAC disabled.

Could you please help me understand how a webpage manipulates java into saving and executing an exe on my pc.

So I'm here to learn, how does it do it and how to prevent it?
Click to expand...

1) Enable UAC
2) IE gives Java free rein. Any site you visit could initiate Java and exploit it. Disable the Java browser plug-in and only enable it temporarily when you need it.
3) You need to keep software patched. This includes the OS, browser, Flash, Java, etc. By default Java only checks for updates once a month. Go into the Control Panel and set it to check Daily. Secunia PSI will help. http://secunia.com/products/consumer/psi/
 
Saosin said:
Firstly I use IE and Im not a fan of FireFox. I run windows 7 with UAC disabled.

I don't want an AntiVirus installed and I want to stick with IE,
.
Click to expand...

You should join the army, I'd love to see the threads you started then

"so I was deployed to afganistan, and I dont like the camo uniforms, body armour or vehicles supplied.... I like to ride a moped butt naked with a flashing neon sign over my head saying 'member of the UK forces', usually at hight while unarmed and alone"..... can anyone suggest how I can avoid being shot...
 
Saosin said:
I don't want an AntiVirus installed
Click to expand...

Then don't be surprised when you get a virus.

When you go to a website with a Java applet on, and you've got a standard browser, with Java installed it will run the applet.

Its not up to the browser to decide on whether it should run it or not.. you've got Java installed so it automatically will.

At this point, a good antivirus would step in as the applet attempts to write files to your machine and run them.

Without antivirus, they will run and do whatever they blady well want.

It would be so, so, so incredibly easy to setup a website that when you go to with no antivirus, just formats all your drives. Gone. Or even just opens all ports on your pc and uploads all your data.

Good god it makes me angry. Just install an AV!
 
I've been running without an AntiVirus since around 1999 this is the first virus I've ever had unless you count adaware/cookies stuff.
 
Saosin said:
I've been running without an AntiVirus since around 1999 this is the first virus I've ever had unless you count adaware/cookies stuff.
Click to expand...

I ran across the road when I was 5 without looking I never got run over.... I'd not suggest all 5 yr old do it on a daily basis
 
Saosin said:
I've been running without an AntiVirus since around 1999 this is the first virus I've ever had unless you count adaware/cookies stuff.
Click to expand...

I absolutely guarantee with my life, house and family and genitalia that that's not true.

Just because its not jumping up flashing in your face, doesn't mean there's not a virus.

I'd bet everything I had that I could find at-least, at absolute very least a single virus on that machine unless all it does is sit on bbc's website all day long.
 
Thanks for the helpful answers, Ritch after years of scanning and finding nothing but spyware in my cookies I decided the AntiVirus wasn't worth it, If it happens again I will consider avast or something but I'm happy without for now. Thanks for your opinion tho.
 
Saosin said:
Thanks for the helpful answers, Ritch after years of scanning and finding nothing but spyware in my cookies I decided the AntiVirus wasn't worth it, If it happens again I will consider avast or something but I'm happy without for now. Thanks for your opinion tho.
Click to expand...

Anti-virus isn't going to help you. Do it the proper way by patching and securing your system using the methods that I pointed out above.
 
Im still slightly unsure why IE's JIT security didn't work its magic, but I have now started using chrome so hopefuly shouldnt have issues with Java security again. Thanks again.
 
Saosin said:
Im still slightly unsure why IE's JIT security didn't work its magic, but I have now started using chrome so hopefuly shouldnt have issues with Java security again. Thanks again.
Click to expand...

The exploit broke through Java's sandbox.
 
Did you install Java OP?
I have dlash installed on my main machine but never installed Java, didnt see the point, the browsers execute their own things, but I don't hve actual Java installed.
Do you?
 
Hikari Kisugi said:
Did you install Java OP?
I have dlash installed on my main machine but never installed Java, didnt see the point, the browsers execute their own things, but I don't hve actual Java installed.
Do you?
Click to expand...

He must have.

Javascript is not Java, just in case you're confusing the two.
 
Disabled UAC + IE = Protected Mode Off

I don't understand why people disable UAC. There is no reason to do so, especially in Win7.
 
You must log in or register to reply here.
Back
Top Bottom