May 09, 2009
So, I followed a google link to their main page.
Five or six antivirus alerts later, all hell was breaking loose in my computer. Multiple trojans, backdoor thingies, vundo deposits, and something that prevented me from visiting any of the anti-virus program manufacturers and Microsoft but allegedly wasn't the Conficker worm. This was at 2pm.
It's now 903pm, and I think I've gotten all of it. Five or six runs of malwarebyte's Anti-Malware, three of my antivirus program, two of my spyware program, and repeated banging of my head against a wall, everything seems to be back to normal. Maybe. Perhaps.
I'm still not sure, to be honest.
But do NOT go to animeondvd.
Seems like there are two possibilities. First, an unscrupulous advertiser. Two, someone broke into Mania's server. I wonder which it was.
But I'm not going there to find out.
Posted by: Steven Den Beste at May 09, 2009 09:17 PM (+rSRq)
Posted by: Avatar at May 09, 2009 10:01 PM (vGfoR)
Posted by: Wonderduck at May 10, 2009 12:08 AM (rvJXE)
My three indispensable malware utils: McAfee Rootkit Detective 1.1, Malwarebytes, and Process Explorer. If I can't get rid of it with a combination of those three, it's time to nuke the site from orbit.
The trick is that ProcExp can be used to suspend all of the offending processes first, before killing them, neatly getting around the "buddy system" effect. Once the processes are gone, I break out MBAM. If it doesn't catch everything, I break out the Detective, zot any suspicious-looking files it finds, reboot, then let MBAM have another crack (at which point it finds the formerly-rootkitted files).
Posted by: GreyDuck at May 10, 2009 07:16 AM (o5Lvb)
Posted by: Steven Den Beste at May 10, 2009 09:38 PM (+rSRq)
That's what it was, all right. Thank you, Steven! Again, not that I use IE at all, but it's nice to have it working, just in case.
Posted by: Wonderduck at May 10, 2009 10:00 PM (UdB9M)
Posted by: Steven Den Beste at May 10, 2009 10:30 PM (+rSRq)
To be clear, by the way, I set it up so that it ISN'T running through a proxy, and it worked again. I made the same change to Firefox, and it's running nice and smooth, too.
Posted by: Wonderduck at May 10, 2009 10:39 PM (rvJXE)
Posted by: Wonderduck at May 10, 2009 11:09 PM (rvJXE)
"No proxy" is usually the right answer.
Posted by: Steven Den Beste at May 10, 2009 11:48 PM (+rSRq)
Posted by: Anthony DiSante at May 11, 2009 09:17 AM (xJ4r5)
47 queries taking 0.1314 seconds, 246 records returned.
Powered by Minx 1.1.6c-pink.