EpicSki › The Barking Bear Forums › EpicSki Feedback/Tech Talk › The Bug Report › Nasty virus received while browsing EpicSki
New Posts  All Forums:Forum Nav:

Nasty virus received while browsing EpicSki

post #1 of 11
Thread Starter 
Hi all--I don't know if this has anything to do with EpicSki or not, but while browsing the site this morning, suddenly my browser and all other open windows shut down, and a new screen popped up. It appeared to be doing a scan for viruses and malware on my computer--and finding a bunch of "threats."

It appears as a very legitimate-looking thing called "XP Antimalware 2010--Unregistered Version," but it largely cripples the computer. It wants you to "upgrade" to a registered version, so it can remove all of the nastiness it "finds" on my drive. I was able to reopen various programs and windows, but persistent and repetitive annoying notices keep popping up about how my computer is extremely threatened and so on, and the original screen comes up again now and then, repeating its "scan."

I've googled "XP Antimalware 2010" and found that it is, itself, a nasty virus. It--and its "scan"--is 100% fake. While Google found a number of helpful sites with instructions on how to remove it, I'm going to just give my computer back to Vail Resorts' IT department, because it needs a rebuild anyway. Meanwhile, I'm using another computer at the moment.

Again, I don't know if this virus was triggered by anything on EpicSki or not. But I thought I'd send out a warning anyway.

Best regards,
post #2 of 11
Did you have other tabs open in other sites?

...anyway, can't say it enough....OpenDNS
post #3 of 11
I have been experiencing problems too. When i was logged in yesterday, something mysteriously turned off my firewall. I immediately shut down. Ever since then, I have had to turn on firewall when i reboot and i get a false warning claiming my computer is compromised and asking me to click on a scan. I did not do it thank goodness. but it keeps coming on. I have scanned my hard drive and did not find resident viruses. Also, when i google anything, instead of going to the page on the google search, my computer gets hijacked and sent to another page asking me to click on something else.
post #4 of 11
NOT a happy camper! My machine has also been compromised. Fixed the intrusion but it screwed up my registry so this will be fun.
post #5 of 11
I had a very similar thing a few weeks ago -- I think I got it from Flickr of all places, through a link from a trip report here.  (The slide show widget, I think).  I didn't report it before because it took me two days to beat the thing into submission, and I figured if Flickr was compromised there would have been a lot of reports while I was offline.  But maybe the problem was actually here... who knows.

I had to use debugging tools (sysinternals stuff), and special software to delete well-hidden files to recover enough so that I could get the Microsoft Live One Care (or whatever the name is) suite to run.  Even after that, the final cleanup took manual registry edits.  Not something your typical victim would be able to do, and if those tools weren't already installed I would have been out of luck.  A nasty, nasty virus.
post #6 of 11
uuum, wow.

If this is a result of the site, and it seems like it is, then hudler needs to get their sh!t together ASAP....
Someone send me a PM when it get's taken care of, I don't have the time or money to deal with a virus.
post #7 of 11
Hey guys,

Thanks for the reports.  I have verified that EpicSki is not serving any malware directly; however, in very rare cases, malware authors are able to sneak infected advertisements in to a site (as the New York Times learned last year).  I have checked with our ad operations team and verified that only trusted ad networks are running on EpicSki, so that is unlikely to be the case here, but sometimes these guys even get their ads in to the Google ad system that occasionally runs here.  I have passed the information you have provided along to them so that they can investigate further and double-check to ensure that EpicSki users are as safe as possible.

As a general rule, the best way to protect yourself is to make sure that you're using the latest version of your Internet browser, with all the applicable security updates.  Doing so will prevent pretty much all of the attacks currently out there on the Internet.  If you are using Firefox, you can grab the latest version (3.6.3) from the Mozilla website; if you are using Chrome, you can grab the latest version from the Chrome website.  If you are using Internet Explorer, your best bet is to run Windows Update.  Similarly, if you are running a Mac, Software Update will allow you to update Safari.  Also, because a lot of malware targets vulnerabilities in Adobe Flash, if you have it installed, be sure you are running the latest version by heading here.  Finally, if you're using Windows, there is no substitute for running an updated antivirus program.  AVG and avast! both offer free high-quality antivirus solutions if you don't already have one.

I'll let you know if I learn more about problems on EpicSki, but at this time, it appears that things are safe.
post #8 of 11
google "rouge software"

I just cleaned up one on my laptop.  And I suspect there are some registry issues left over.

I've had these things on three computers in my family in the past 6 months---I doubt any came from here, but I don;t know that.

The first one I had no idea how to proceed or what to try, so I eneded up reinstalling XP (Pro as I remember), which rendered all the applications unusable until reinstalled.

the next I had a small clue about these rouges, and a failing hard drive to start with---the HD had been giving me warning signs for months, the first thing I  attempted was to install Norton 360---which failed miserably in all aspects except it nailed the final nail in that old HD.....so a new HD was installed, loaded with XP home and all data that meant anything was moved from the old drive.

Then my laptop got it, by then I was a fairly old hand at this stuff.  I used two different freeware malware eliminators and then installed MS security essentials.   All is well at the moment.  but I JUST did this Monday evening. 

generically, these viruses turn off any anti virus software you have installed, and set your browser up to ONLY go to the malware site  -- (something about a proxy server -setting), by doing that you can't go down load and install any other sortware that can kill them! 

Thing to do is google rouge's or any of the names mentioned or "Antivirus Live" was the one I had.  get a couple freeware removal softwares like Super Anti Spyware and Malwarebytes.  Get them on a known clean flash drive or CD.  Boot in safe mode with networking, uncheck the "Use Proxty server" box in the browser setup area, then use the clean drive to install SAS first and run it.

then isnstall malware bytes and run that.

then go to Microsoft and get Security essentials and install that and run that.

then have a moose drool or two

rinse and repeat as necessary
post #9 of 11
skier_j -
That is a pretty accurate description of what hit me.
By the way, even staying current with your antivirus is not an ironclad guarantee.
Both times I had viruses (one a few years ago and then this recent one) I got them as "day zero" infections -- brand new and not in all the antivirus databases yet. 
post #10 of 11
Originally Posted by skier_j View Post

google "rouge software"


Personally, I'd google "rogue software". The color of the rouge would clash with my nice skier tan.
post #11 of 11
Originally Posted by gnjantzie View Post


 thats 'close enough" spelling using the bushwhacker spell checker
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: The Bug Report
EpicSki › The Barking Bear Forums › EpicSki Feedback/Tech Talk › The Bug Report › Nasty virus received while browsing EpicSki