DON'T CLICK ON THE LINK IN THE "is this 4 real..." THREAD

[Josem]

[ QUOTE ]
Question about what passwords have been comprised:

I never logged into anything after my computer was compromised (was already logged into FTP and changed that pw)

Do I need to be worried aobut like PokerStars password even though I neve ropened it during that time?

[/ QUOTE ]

Any data that you had stored on your pc when it was compromised is now up in the air.

Clearly, it is not possible that your whole hard disk was copied (since transfer speeds and time would have limited the amount of data that can be transferred) - however, there is no way to determine what data was accessed on your hard disk.


It is possible that your passwords were not seen by the hacker. However, it is not (realistically) possible to determine either way. Thus, it would be prudent to change eveyr password you can (apart from anything else, reguarly changing your passwords is a good idea anyway)

[willw9]

Remember to change passwords on a clean machine!

[AJFenix]

[ QUOTE ]
Right. If you opened the thread but did not click the link, you're fine.

[/ QUOTE ]

You're fine if you clicked the link too, just as long as you didn't INSTALL the "java"

[JoeKing]

I checked my task manager and i had a couple of svchost.exe files running under system, network service and local service. However, one of them was taking up 30k mem usuage, so i deleted it (should i have done this?) is there anything else i should check for?

Note: i did not actually play the video off the link, and i do not have the "eMando" software

[adanthar]

Guys,

Sorry for not being around in time to fix this - I'm obv in Vegas etc. If this situation comes up again, though, enough people have my number that someone should call me ASAP (especially if I'm not in a liveament at the time).

[Daddy Warbucks]

STEVE HOLT!

[rothko]

STEVE HOLDTHEM!

[kemystery]

fellow enthusiasts,

I recently contributed a post to the "Beat: Spyware" thread,

Cliff's notes: if you want to check your PC for threats and fix them do this:

[ QUOTE ]
[ QUOTE ]
download hijackthis . install, run scan, copy+paste logfile here and update.

[/ QUOTE ]



[/ QUOTE ]

*not a rickroll

or a virus

[MotorBoatingSOB]

I am going to post a summary of some of the information I posted in the original thread since some people seem to be asking some of the same questions (ie, i did blahblahchowmeow am I infected?)

Disclaimer: I am not an expert in security issues but I have an MS in comp sci. So this information should be accurate, but do not take it as gospel.

--------------------------------------------------------

There are a few ways that malicious code on some random website can be run on your machine.

1) you allow the code to be run by clicking "yes install/run this" in a dialog box. this is how jsnipes and a few others were infected.

2) you run a plugin that allows this code to install/run. plugins should not do this, but the *can*. I'd say it's unlikely for this to have happened to people, but if you are worried you should do some of the things outlined in this thread to try to find out whether you are actually infected. And as always, be careful about the software you download and run, including firefox plugins!

3) firefox has an exploit. This is VERY unlikely to be the case. If this happened, everyone who visited the attacker's poker-cnn site would be infected. Making this even more unlikely is the fact that the attacker actually prompts the victim into downloading a fake version of java. This would not be needed if everyone who just visited the site was already vulnerable.

-----------------------------------------------------------

For those who believe they are infected:

It has been said here that you can rid yourself of this problem by simply deleting some files since this is not a particularly smart trojan. While this is probably the case, there is some chance that this software has rootkit characteristics that allow it to hide from detection/deletion.

There are actually some trojans that have simple stupid-looking "fronts" like having an obvious folder named "trojan" sitting in your Program Files/ directory. These are particularly insidious because the user thinks they get rid of the trojan when they delete the obvious looking files/folders, while the real trojan is left unseen and unfettered.

I don't know whether this trojan is one of the actual stupid ones or one of the really smart ones, but I would err on the side of caution in these matters.

FOR THE PEOPLE WHO ARE INFECTED, I STRONGLY RECOMMEND FORMATTING YOUR HARD DRIVE AND REINSTALLING WINDOWS. I can't state this strongly enough or put it more plainly than that.

--------------------------------------------------------

Cliff Notes: If you didn't click on the video link and install the fake version of java, it is very unlikely that anything bad happened.

If you found out that you have been infected, be on the safe side and freeze your accounts, change passwords, format hard drive, then reinstall windows.

[LGeneral]

[ QUOTE ]

FOR THE PEOPLE WHO ARE INFECTED, I STRONGLY RECOMMEND FORMATTING YOUR HARD DRIVE AND REINSTALLING WINDOWS. I can't state this strongly enough or put it more plainly than that.


[/ QUOTE ]

QFT