Tag Archives: malware

How to Remove the Google Search Results Redirect Virus using Kapersky Lab’s TDSSKiller Rootkit Remover CodeUnit 09 JAN 2012

I picked up a nasty virus infection on my main work development PC, running Windows Vista Business. I don’t know where or how it got picked up, but in all likelihood it was from a poisoned web page running some nasty Javascript payload that got in past a lax Microsoft Security Essentials.

I noticed something amiss when all Google Image Search results stopped scrolling past page one of its ajax-loaded image results listing – across ALL my browsers! Then I began to notice that every now and then when I clicked on a Google search result, I would be automatically redirected to some or other advert site (like Groupon for example), instead of the search result on which I had clicked! And to top it all off, all of a sudden my machine became a lot more non-responsive than what it used to be, plus I was struggling to download and install certain Windows updates!

Something was definitely up in other words!

Scans from Microsoft Security Essentials and AVG turned up nothing, meaning I had to turn to Google with little more than the search term “google search results redirect virus” to go on.

Luckily for me, this was more than enough.

After a fair bit of research, I learned that the most likely culprit was a rootkit infection and to that extent I would need to try and sort it out using a different set of tools from what I had currently been making use of.

The most visible rootkit killers available to me was GMER and Kaspersky Lab’s TDSSKiller, but seeing as TDSSKiller worked for me first time around, I can’t really comment on GMER effectiveness.

At the start of the clean up process I quickly learned that another little nasty trick the rootkit had pulled was to remove the Safe Mode boot option from the system, preventing me from thus loading Windows without loading the troublesome rootkit along with it. Also, it automatically killed any attempts to run TDSSKiller (or GMER for that matter!) from a normal Windows login, highly annoying as you can well imagine!

Luckily Kaspersky is aware of this problem and have released via their support forum a cleaned version of TDSSKiller which doesn’t identify itself and thus blocks the rootkit from stopping it from loading up in the first place! (Again, thank you Google Search)

You can download the modified TDSSKiller from: http://forum.kaspersky.com/index.php?showtopic=212719 (Note, you’ll have to register in order to grab the download)

From there it is a simple matter of extracting and launching the tiny application and running a scan. In my case the tool quickly uncovered a Rootkit.Boot.SST infection which I promptly deleted. A quick reboot and the machine now appears to be running fine again.

Just to be safe though, I did run a couple of additional scans with the latest TDSSKiller, GMER, Microsoft Security Essentials and Malwarebytes Anti-Malware, all of which turned up nothing.

So for now, I reckon I can safely say, “Done”. Stupid annoying virus writers… :(

(Oh, and another tip for if you can’t get either TDSSKiller or GMER to run, RootRepeal gets a nice little picture tutorial via http://en.kioskea.net/faq/18862-rootkit-boot-sst . Useful.)

Free Microsoft Anti-virus for Windows CodeUnit 31 MAR 2010

Free stuff is always good, especially when it is of a good quality nature and while I’ve long used AVG’s free anti-virus offering (after having ditched the very user unfriendly ClamWin) on my personal machines, I’ve now found myself shifting over to Microsoft’s very own offering, namely Microsoft Security Essentials – free to use for anyone running a genuine copy of Windows.

It provides, as all anti-virus packages do, real-time protection against viruses, spyware and other malicious software, is particularly easy to install and integrates rather nicely into Window thanks to the fact it comes from the same software development house. As per the norm, updating is all automatic and in general it runs nice and seamlessly, without bothering you too much at all – and in general is just a pretty efficient, background-running, non-obtrusive Windows application.

And it features a nice shiny green icon too – which obviously must mean it’s on the good side of the Force.

(On the plus side, it seems to work pretty nicely as an anti-virus package as well).

So there you have it. If you are looking for a cheap, powerful way of protecting your PC and are perhaps tired of forking over all your hard earned dosh to guys like Symantec, go ahead and give Microsoft Security Essentials a spin on your home machine! It’s not half bad at all! :)

Related Link: http://www.microsoft.com/Security_Essentials/

Ubuntu: Malware for DDoS Attack CodeUnit 18 DEC 2009

Tux the PenguinAs Linux slowly gains more and more of a foothold in the personal computer market, this sort of thing is bound to happen more often. Last week it was reported that malware was found hidden within a popular (on Gnome-look.org at least), rather innocuous ‘waterfall’ screensaver .deb file, as well as buried in a theme entitled “Ninja Black”.

The code essentially installs a couple of scripts with elevated privileges, with the ability to auto-update themselves and which have the potential to force the system to take part in DDoS attacks.

Needless to say, the malware-infected software has since been removed from the site they were discovered on, though you would still need to clean your machine in the event that you already installed the affected items on your personal computer. Just goes to show, if you don’t know the true source of a piece of software, you’ve got to take precautions when choosing to install it – just like you would on a Windows box!

A solution that has been offered by the way is this:

sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash

sudo dpkg -r app5552

Run it at your own risk (but only if you have in fact installed one of the infected scripts on your machine. Additional help may be found in the Ubuntu Forum.

Return to Sender Blues Tech News 13 JUN 2007

This morning it was brought to our attention that no external mail was reaching us (UCT) and instead was bouncing back to its senders with the message of the UCT mail server being blacklisted. Obviously this meant that the guys at UCTs main IT support department needed to spring into action (mainly to avoid being blamed for the problem like they always do whenever something goes wrong). Well at least this time is appears that it wasnt their fault. In fact, it appears that the problem doesn’t even lie with UCT’s servers for a change.

Thank you hackers for once again making the ordinary mans life more difficult than what it should be :(

This is the notice message that was sent out:

What has happened?

Companies around the world subscribe to spam blocking lists to reduce the amount of spam entering their organisations. – These spam blocking lists show known spammers. – Companies who subscribe to the spam block list will then prevent the delivery of mail if it comes from one of the known spammers shown on the block list.

However, one of the well-known spam block lists has been compromised (hacked) and a number of major email service providers have been falsely added to the spam block list. – These service providers include for example, mweb.co.za, is.co.za, wits.ac.za, vodamail.co.za, absamail.co.za, hotmail.com, gmail.com, yahoo.com. – This means that mail being sent from those service providers is being bounced as potential spam, even though the majority of the mail is not in fact spam. – This is affecting mail delivery world wide.

The problem is NOT caused by UCT, nor can UCT do anything to correct the problem.

What is ICTS or UCT doing about getting mail into the organisation?

In order to accept as much legitimate mail as possible, we have reduced the spam security on our email system. Unfortunately, this will inevitably cause more spam to be accepted as well. – It also increases our vulnerability to attack by malware that can now enter the organisation. – Please make sure that you follow the normal safety guidelines about opening mail and attachments. – (See: “Protect yourself from Phishing attempts” on the ICTS website homepage (www.icts.uct.ac.za) for tips on what to look out for.)

stylish sending e-mail  from a tablet