OT ? Zeus trojan/hijacker OT? you decide

While surfing a page yesterday that I have visited in the past I got one of those screens we all hate to see ... I saw the "you've been had" notice that I was infected with a zeus trojan/hijacker and that I would have to call a number and pay to have it removed . Rather than click on *anything* on that page , I held the power button down until the comp shut down . My next step was to use a peripheral hookup to use a different comp to run scans on the hard drive that has my OS on it . No threats found by either MalwareBytes or Avira antivirus , so I hooked it back up and booted the comp , then performed the same scans again with the same results . So far , no problems ... But here's the kicker . One or more variants of this nasty little bug is designed to steal your banking and other sensitive information and send it off to "them" , "they" will then use that info to steal your hard earned money . Multiple scans have found nothing but I'm still a bit leery of accessing my bank accounts, paypal , etc from this comp . What do y'all think , can this thing hide that well ? Am I risking everything if I use this comp to access my accounts without a total OS wipe and reinstall ? Reset to an earlier date , or is this thing hiding in the restore files too ?

Reply to
Terry Coombs
Loading thread data ...

replying to Terry Coombs, Smd wrote: Real infections are not announced. Dont be a sucker...

Reply to
Smd

Without seeing some logs with specific software executed on the machine, I'd say you almost fell victim to a script based advertising scam. IE: nothing actually present on your computer.

Both packages uptodate?

Reply to
Diesel

Further research indicates that what I saw was a popup that would have been a problem had I clicked on it . My forced shutdown apparently aborted the attack . And yes , my software is kept up to date . No sense in having the protection if it's not kept up to date .

Reply to
Terry Coombs

I have had the same thing hapen to me twice in the last 3 months. When it comes up I did like you and held down on the power button to shut down the computer. Sofar I do not seem to have any ill effects from that.

Reply to
Ralph Mowery

Usually just necessary to close the browser. If the X button does not do it, Alt + F4 or Ctrl + Escape usually work.

I had a mess yesterday installing Java where I followed their path to installation not paying attention to them wanting to make all my browsers homepage Yahoo. I shut down the computer but then had to delete the partially created folder and start from scratch with the Java installation without Yahoo.

You always have to think before you click.

Reply to
Frank

"Terry Coombs" wrote

| Further research indicates that what I saw was a popup that would have | been a problem had I clicked on it . My forced shutdown apparently aborted | the attack .

Why do you say that? If they want to install a keylogger they're not going to tell you. If it's ransomware it would be too late when they tell you. Diesel's theory of a scam sounds more likely.

| And yes , my software is kept up to date . No sense in having | the protection if it's not kept up to date .

If you're using PayPal and doing online banking, while browsing the Internet with script enabled, then you don't have protection. Malware has become a big business and often uses 0-day exploits that may not be recognized by AV. This recent story about the DNC hack is a good example:

formatting link

That one required people to open an attachment or click a link, but some malware is driveby installed from major websites through things like rigged ads. If you bank online or store any files with such things as credit card numbers then you have no reason to assume you can protect yourself.

Reply to
Mayayana

Same here. I've had it happen a couple of times and I just do a reboot and never had anything bad happen.

Reply to
trader_4

And what Terry just posted is consistent with a scam. They send you a popup saying you've been infected, tell you to call a number to get it removed, but in reality they probably haven't installed anything on your system and rebooting is all that's needed.

Reply to
trader_4

Actually sometimes they are. It's been in the news many times where people or business's computers have been infected, where they lockup the drive so that you can't use it unless you pay them ransom money to unlock it.

I think what Terry had is the same thing I've seen a couple times, a variant of that where they tell you that you're screwed but they haven't done anything.

Reply to
trader_4

I was helping a friend with his computer. He had about 6 toolbars on his browser and no idea where they came from or how to get rid of them.

Reply to
Ed Pawlowski

NoScript

formatting link

nb

Reply to
notbob

AKA a 'scareware malvertisement'.

Reply to
FromTheRafters

It's to the point where I have one PC for the serious stuff And another for routine email and browsing. The serious PC stays off the internet MOst of the time and is setup to run as not an administrator.

Reply to
mkolber1

wrote

| It's to the point where I have one PC for the serious stuff | And another for routine email and browsing. The serious PC stays off the internet | MOst of the time and is setup to run as not an administrator.

I once read that's the way the CIA operates. Each agent with an internal and an external machine. I do something similar but instead of having two machines I just don't do anything risky on my computer. In addition to routinely not enabling script, I only buy from online if I can call them on the phone. And I don't have any bank or credit card info on my computer. I don't find that troublesome. It's not a big deal to go to the bank. And I wouldn't want to shop online at a place with no phone, anyway, because that means there's no way to talk to a human if there's a problem.

Reply to
Mayayana

I wasn't asking the question to be a smartass. I deal with a lot of people on a daily basis that don't even check for updates, let alone make sure the AV/AM software is being updated. So, I generally follow the simple rule of asking the user if they have updated software. I'm glad your responsible in that respect.

Reply to
Diesel

Why not just kill the browser process?

Reply to
Diesel

Rebooting isn't necessary in these cases. Closing your browser is all you need to do if you're that worried about it. Hard shutdowns are not good for the OS and/or files that are still open when you do it.

Reply to
Diesel

Hard shutdowns really aren't good for the OS. It may not have the chance to commit things from cache to disk. So, every time you do a hard shutdown, you do run the risk of file/data corruption. It's better to terminate the browser process instead.

If you're a firefox user, NoScript is your friend. If you aren't already using it, I recommend doing so.

Reply to
Diesel

While looking on the internet I seldom have anything other than my email program running. If the operating system can't stand a hard shutdown every once and a while, it is not much system. Oh, it is MIcrosoft junk. Have an external hard drive that I usually back up the computer every time I make some major changes or add any files/pix that I don't want to loose. I also have a couple of other computers that I can use while one is under a rebuild.

Reply to
Ralph Mowery

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.