Starbuck

Another clickjacking scam has hit Facebook, tricking hundreds of thousands of users to post messages to their pages saying that they like the malicious link, security firm Sophos said on Tuesday. Like most of these scams, this one relies on social engineering and piques the interest of prospective victims with messages like: Clicking on the links takes the visitor to what appears to be a blank page with just the message "Click here to continue." However, hidden in the page is code called an iFrame written for Windows-based systems. When a visitor clicks anywhere on the page the iFrame publishes the message to the visitor's Facebook page. "If you believe you may have been hit by this attack, view the recent activity on your news feed and delete entries related to the above links," Sophos' Graham Cluley recommends in his blog post on the attack. "Furthermore, you should view your profile, click on your Info tab and remove any of the pages from your 'Likes and interests' section." There are more technical details behind the attack in this Sophos blog post which dubs the attack "Likejacking." Facebook has been notified and the malicious pages have been suspended, according to BitDefender's Malware City blog. Source: Facebook attack tricks users into 'liking' malicious links | InSecurity Complex - CNET News

Users need to steer clear of HackMSN.exe A hacking tool advertised as being capable of enabling users to hack Windows Live accounts and grab Windows Live Messenger passwords is actually used by attackers to spread their malicious code. According to BitDefencer, HackMSN.exe will not only not permit users to recover Windows Live passwords, but will instead infect them will malware, namely the Backdoor.Bifrose.AADY. “This piece of malicious code affects Windows platforms. The malware injects itself into the explorer.exe process and opens up a backdoor that allows unauthorized access to and control over the affected system,” BitDefender’s Ioana Jelea stated. “Moreover, Backdoor.Bifrose.AADY attempts to read the keys and serial numbers of the various pieces of software installed on the affected computer, while also logging the passwords to the victim’s ICQ, Messenger, POP3 mail accounts, and protected storage.” According to the security outfit, the so-called Windows Live Messenger hack tool is being spread to an email campaign. Obviously, a social engineering tactic is employed in order to get unsuspecting victims to infect their machines with the Backdoor Trojan, in order to have their personal data stolen. Below is the message that attackers are using in emails designed to spread HackMSN.exe and Backdoor.Bifrose.AADY. It’s obvious from the various errors in the text that the email is nothing more but a part of a social engineering strategy to steal sensitive user data. We have a tool called Windows Live Messenger Password Recovery, this tool can be used to recover lost or forgotten passwords of Windows Live Messenger, Windows Live Mail, Windows Messenger and MSN Messenger too,” reads an excerpt of the message employed to convince users to run HackMSN.exe and compromise their machines. “This tool could be used by hackers to hack MSN passwords, it should not because Windows Live password hacking is illegal!. This tool is designed primarily for the use of the owners to hack their own Windows Live accounts when they forgot or lost their MSN password. This tool could also be used by forensic scientists to hack MSN password stored on the local system. This is only valid for those cases when after clicking the ‘Sign-in’ button in your MSN or Windows Live messenger you are able to login without having to enter your password,” it is added in the email. Source: Windows Live Messenger Hack Tool Is Actually Malware - Users need to steer clear of HackMSN.exe - Softpedia

Hi Sam, It's no problem at all. Glad i could be of assistance. As you know you had the AV Soft malware on your system. Although most of the files had been removed by your security programs, there were a few left overs. What probably happened was the definitions you had on the security programs were enough to start the removal process but then the malware started to shut down these programs. This malware also creates a proxy so that it can control the internet... these settings needed to be reset. It was this proxy server that was stopping the security programs from being updated. Combofix removed the fake security folder that the malware had placed on your system. So basically it was just cleaning up the leftovers .... but these leftovers were still causing problems on your system. Any problems in the future.... http://fc07.deviantart.net/fs45/f/2009/102/5/b/I_hate_this_computer_by_SonazeForever.gif you know where we are.

Hi Sam, ok, get ready for a big read. :D Step 1 Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will remove any programs we have asked you to download along with there associated folders.. plus itself. Note: MBAM will not be removed Step 2 Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Click on Start... Control Panel... System and Maintenance... System Click on System Protection in the left-hand task list. Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. When you uncheck a disk you will be presented with a screen. You should click on the Turn System Protection Off button. Click Apply and then OK. Reboot your computer. Now: Click on Start... Control Panel... System and Maintenance... System Click on System Protection in the left-hand task list. Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. Click Apply and then OK. Your System restore will now be active again... starting with a new restore point. Optional Download Puran Disc Defragmenter Save it to your 'Desktop'. Run the program. From the main 'Puran Defrag' screen, click on the 'C' drive to highlight it. Then click on 'Defrag'. This program is faster than the built in Windows Defrag and is more efficient. Try not to use the m/c while the defrag is running. This will ensure you have a good fresh start. Recommendation. If and when you decide to change your Anti Virus program from Norton, you may find as most people do that .... it's a pig to remove. Run the uninstaller first and then run the Norton Removal tool to make sure everything has gone. Then install the new AV. here's instructions for the Norton Removal tool if you need it: To remove Norton Products: Go to: Norton Removal Tool Download it to your 'Desktop'. Then click on the desktop icon to run the removal tool. You may be asked to reboot. When complete, install your new AntiVirus program. To find out how you may have been infected....read this topic: So how did i get infected? Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Avira AntiVir ....installation guide Here Avast free Bitdefender Free MS Security Essentials ... see note* ...installation guide Here Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program [*]Update your AntiVirus Software regularly [*]Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below Outpost Firewall Free Sunbelt Personal Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. [*] Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. [*]Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial [*]Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: CCleaner TFC by OldTimer ATF Cleaner [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using and installing SpywareBlaster [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

If they are both run 'On Demand' then there'll be no problem with keeping both. After saying that.... Spybot isn't the program it used to be. MBAM is a much better program and is updated a lot more. I update MBAM everyday and run it twice a week. I removed Spybot awhile back. I really see no need to pay for an Anti Virus program. There's a lot of good programs out there ( all free). On my Vista m/c i'm now running Microsoft Security Essentials. (msse) XP home .... Avira Anti Vir. XP pro ... MSSE. and i never get a problem. Links and information on these will be in my final cleanup speech.

Hi Sam, don't you love it when a plan comes together http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif Nice work, you have done well. It's easy for me to explain what to do, but you're the one that had to do the work. :) Just use it for about 24 hours, just to make sure there's no glitchs. If everything is ok after that time, let me know and we'll finish off the cleaning process.

Hi Sam, No problem, there's more than one way to remove those entries. ;) Step 1 Close any open browsers. Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix: Open Notepad - it must be Notepad, not Wordpad. Copy the text below in the code box by highlighting all the text and pressing Ctrl+C Folder:: c:\users\Sam\AppData\Local\vrarldjjs DDS:: uInternet Settings,ProxyServer = http=127.0.0.1:5555 Go to the Notepad window and click Edit >> Paste Then click File >> Save Name the file "CFScript.txt" (including the quotes) Save the file to your Desktop The main ComboFix.exe program should be on your Desktop Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon as below. http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/cf.gif Now please wait for ComboFix to finish running. Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash Step 2 I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt In your next reply, please submit: new Combofix.txt eset scan report and let me know how things are running and of any problems. Thanks.

Hi lover girl0, Let's take a look at exactly what is on your system. Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. If the files are too big to post here, add them as attachments. Thanks

Hi Jim, Ok, let's take a closer look at your system and see if we can spot anything: Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. If the files are too big to post here, add them as attachments. Thanks

Hi Sam, Sometimes it does throw people when the screen loses it's icons.... but that's because it's easier to remove items if the 'processes' have been stopped. That's done by stopping explorer.exe and then restarting once the m/c reboots. Ok, had to go back and check my notes on this. The fix should be ok as it is, Otl is only reporting what is actually written in the registry. It would seem that the gap is actually there through bad writing on someones part. Because that's how OTL reads it, it'll remove it. The problem with the stalling may be due to Norton. It's a devil to stop from running, it may be that . Try it again and see how it goes. Then move on to the next step.

Btw: what do you mean by 'crashed'?? do you mean the icons on your desktop disappeared?

Hi Sam, Ok, have just noticed that you posted the Otl report inside a quote box. Sometimes this can alter the text of a report. Please post the main.txt again.... but this time just post in straight into the reply box don't add quote or code boxes. Then i can get the proper unaltered text. Thanks

Hi Sam, Although the program crashed, the fix seemed to have worked the first time. Your fix report shows files missing, which would have happened if the 1st fix was successful. 2 more entries to get rid of, then we'll dig a little deeper. Step 1 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = http=127.0.0.1:5555 [2010/05/16 21:24:06 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\vrarldjjs :commands [emptytemp] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista, you may not see this screen Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. In your next reply, please submit: New OTL fix report Combofix.txt Thanks.

Hi Sam, Thanks for the reply. Ok, i have a bit of work for you to do. Take your time with this: Step 1 Please disable Spybot S&D’s TeaTimer protection, because it is known to interfere with our fixes. You can enable it again after you're clean. Open Spybot and click on 'Mode' then click 'Advanced Mode'. Click on 'Tools' in bottom left hand corner. Click on the 'System Startup' icon. Uncheck 'Teatimer' box and/or uncheck 'Resident'. Then, check next to the computer clock to see if the icon for Spybot is still there. If it is, right click it and choose 'exit Spybot-S&D Resident'. Reboot the computer. Step 2 Start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options Click on the Connections tab Click on the Lan Settings button Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen Then press the OK button to close the Internet Options screen. Step 3 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O33 - MountPoints2\{2c2b20a0-32b1-11df-9ddf-001377927192}\Shell - "" = AutoRun O33 - MountPoints2\{2c2b20a0-32b1-11df-9ddf-001377927192}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found [2010/01/04 15:31:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\AnvSoft :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 4 Double click on OTL.exe to run it. Under Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. In your next reply, please submit: OTL fix report fresh OTL reports There's still a little more to do, but we'll take it one step at a time. Thanks.

Hi Sam, Let's take a look and see what may be still on your system: Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Thanks

@tristan, Malwarebytes report was given in post #10.

Latest spam runs looking to fool unsuspecting fans. Security experts are warning of yet more internet related scams designed to capitalise on this summer's World Cup tournament in South Africa by parting unsuspecting users from their cash. Gelo Abendan, of Trend Micro's technical comms team, wrote in a blog post of two separate spam runs exploiting the upcoming event. The first arrives in a .doc email attachment informing recipients of a 'Final Draw' competition run in part by the FIFA Organising Committee and offering a $550,000 (£380,000) prize. "To claim this, however, the 'winner' must immediately co-ordinate with the releasing agent via the contact information indicated in the email. The email also asks the recipient to give out personal information," wrote Abendan. The second scam arrives as a poorly written email and PDF attachment which employs 419 tactics to try to get the recipient to part with fund transfer banking information to get their 30 per cent share of a non-existent $10.5m (£7.3m) jackpot. "Both scams do not directly ask for cash, but request information or for the recipients to co-ordinate with a fake contact accompanied by a call to action to send in their contact details," said Abendan. Source: Trend Micro warns of 419-style World Cup scams - V3.co.uk - formerly vnunet.com

To be honest, i think 'Facebook' is getting out of control now but they would never admit it. Even with these recent attacks, they haven't even mentioned them on their security page: Facebook Security | Facebook But 'Websense' has identified at least 100 different malicious applications used in the two weekend attacks. Using Facebook is like becoming a game of Russian Roulette now. Because some people using it are willing to click on anything that stays still long enough.... it's a malware guys paradise.

Second weekend in a row Facebook users have had to fend off major malware attacks. Another attack using rogue Facebook applications hit users' PCs Saturday in a virtual repeat of last weekend's massive assault, security researchers said. Like the earlier attack, today's scam uses a sex-oriented video as bait, said Patrik Runald, a Australian researcher who works for Websense Security. The scam is spread through Facebook messages touting "Distracting Beach Babes" videos that include a link to the malicious applications, Runald wrote on his company's blog early Saturday. Users who click on the link are asked to allow the application to access their profiles, and let it send messages to friends and post it on their walls. Once approved, the application instructs users to download an updated version of FLV Player, a popular free Windows media player, to view the video. This new attack is almost identical to the one that generated several hundred thousand malicious software reports to antivirus vendor AVG Technologies a week ago. Source: Rogue Facebook apps launch 'beach babes' attack

Hi jimbo264 When you say: Do you mean that you have already uninstalled the old security program or that it is out of date? You need to uninstall any AntiVirus program you have, before trying to install another one. What protection did you have before? and how long have you been running the system without protection? Have you tried copying the successful download to a disc or usb stick and trying to install it that way?

Hi KosmikGirl, Let's run a couple of programs and see if we can find out what's going on: Step 1 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Step 2 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab: Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 3 Download OTL to your desktop. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in the codebox below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: MBAM scan report Both reports from OTL Note: The OTL reports can be quite large, if you have problems posting them.... add them as attachments. Thanks.

Security experts are warning of a new Facebook security threat which arrives as a 'sexy' video posted on users' walls but installs adware on the PCs of unwary users. Sophos senior technology consultant Graham Cluley said in a blog post that thousands of Facebook users have received messages on their walls, seemingly from friends, with the phrase: 'This is without doubt the sexiest video ever!: :P :P.' However, clicking on the video leads to an application installation page containing malware, warned Websense security research manager Patrik Runald. "Once approved, it claims you have to download an updated FLV player to view the video, and promptly sends an executable file your way," he wrote in a blog post. "This is the Hotbar adware which displays ads in your browser based on your browsing habits etc. In addition, the Facebook application will post messages on your friends' walls on your behalf with the same 'sexiest video ever' message." Runald and Cluley warned users to be wary of clickable links on Facebook, even if they're in messages which appear to come from friends. "You should scan your computer with up-to-date anti-virus software, change your passwords, review your Facebook application settings, and learn not to be so quick as to fall for a simple social engineering trick like this in future," said Cluley. Source: Facebook users warned of 'sexy' video scam - V3.co.uk - formerly vnunet.com

Time to start your upgrades. There are now less than two months left until Microsoft will officially pull the plug on Windows XP Service Pack 2. Come July 13th, 2010, the second service pack for XP will reach the end of support, a point after which Microsoft will no longer offer any updates for the operating system version, or any sort of assistance in resolving issues affecting the product. This doesn’t mean the end of Windows XP, however. Customers running XP SP3 will be able to continue running the platform until 2014, at which point Extended support for XP as a whole will expire. “I want to remind you that support for Windows XP SP2 ends July 13, 2010. If you or your customers stay on Windows XP we will still provide updates for Windows XP SP3. Let’s check out our lifecycle support page to understand how long Microsoft will support SP3, and Windows XP as a whole,” Microsoft’s Rob Waggoner noted. Customers do have a few choices at their disposal. If they are keen on ridding XP for all it’s got, they will need to upgrade to SP3 as soon as possible. In the eventuality that they are considering software/hardware upgrades, they should opt for Windows 7, despite the fact that Windows Vista SP2 continues to remain an option. Windows 7 is simply a superior choice, no question about it. I also want to clarify an aspect related to the future evolution of XP, in the sense that there’s not going to be one. I recently received a question regarding a potential Service Pack 4 (SP4) release for XP. There isn’t going to be one. SP3 was the last service pack for 32-bit (x86) XP, and SP2 was the last upgrade for 64-bit (x64) XP. Windows XP Service Pack 3 (SP3) Final is available for download from: Windows XP Service Pack 3 Download - Softpedia Source: XP SP2 Dies in 2 Months - July 13, 2010 - Start your upgrades - Softpedia

When was the last time you cleaned out your temp files? These can accumulate over time and start to slow down a system. Try this to clean up your system: Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. This may make a difference.

No problem at all.