Main Area and Open Discussion > Living Room
Drive by malware ... ouch
Carol Haynes:
I have just spent a day and a half trying to figure out why one machine on my network couldn't access websites that were accessible to other machines on the same network.
The main symptom was that since late yesterday evening every time I tried to log onto this forum I got an error saying that www.donationcoder.com doesn't exist. I panicked and in the end emailed Mouser to ask if there was anything I could do to help since the server seemed to be broken (memories of last years website hack sprang to mind). Having established that it was at my end and that my other computers actually did access donationcoder.com I set about searching for an answer. Now that I think of it i it does seem obvious to use another computer to check but given that my house is currently strewn with the remains of dead computers I had to cobble one together again to check the connection.
Having looked at the TCP/IP settings I noticed the DNS server had shifted from the automatic settings to fixed values (one of which was 85.255.115.51)
Everytime I tried to reset my DNS values or enter an IP for my Router it seemed to work except when Ioned the settings again they had been reset back to the bogus values.
I did a search on the IP causing the issue and found the following article:
http://forums.spybot.info/showthread.php?t=5490&highlight=85.255.115.51
This seems to be what happened to my system and having gone through the steps outlined my system is running normally again.
I really don't know how I managed to acquire this annoyance. I didn't download anything and run it yesterday evening so I can only assume it must have been a drive by problem on a site. If my experience can help anyone else it will have been a useful experience.
As it happens I haven't been spending money online today (so that is a relief) but do I now assume that all my passwords are compromised for sites that I visited - even though most of those sites are accessed via cookies?
VideoInPicture:
Drive by malware is the worst because it's so easy to be redirected to bad sites. What browser are you using on that computer?
It makes it seem sensible to run all web browsers in a virtual machine that gets wiped out every time you close the browser and prevents any file downloads.
Shades:
Cookies are small text files as far as I know, so it shouldn't take too much effort to read their content. What I would do is boot from a linux live CD (or when you feel adventurous, create a Bart's PE bootdisk using your Windows installation CD) and access the websites you need for changing the passwords.
Just to be on the safe (and/or paranoid) side...
Carol Haynes:
My system seems clean now (I have done multiple scans with umpteen scanners).
I have changed all my domain passwords 'cos I spent the day getting frustrated trying to FTP stuff.
I will try to remember what I actually accessed today and change my passwords! Not easy and part of the cleanup removed all cached data/history and cookies so there is no easy way to make sure I know where I have visited!
Why can't someone castrate the b******s - preferably with a blunt stick slowly.
Cloq:
@Carol Haynes - I think you have something similar to what one of my family members had last year, in her case, it was anytime she would click on a web link (usually the first four) it would redirect her browser to some porn site. Spybot and lavasoft didn't detect/remove anything.
I ended up using PC Tools (free 1 year sub) and that worked like a charm. It found the issues and the evil program that kept changing its name and fixed them all. After that, I installed admuncher and a hostsfile, never heard about spyware/malware problems since.
A lot of these drive by malware usually come from various web ads (scripted typically).
Ad Muncher and good a Hostsfile would help prevent 99% of these type of issues.
Admuncher - www.admuncher.com
Hostsfile - www.bluetack.co.uk/forums/index.php?act=dscriptca&CODE=viewcat&cat_id=3
Navigation
[0] Message Index
[#] Next page
Go to full version