psa: megaupload and viruses

[seperis]

Heads up on a new and exciting computer virus for downloaders. Quoting from chopchica here:

chopchica: Yesterday, I went to megaupload to download a new Merlin vid. I've downloaded from megaupload a billion times and never had a problem but yesterday, I immediately ended up with the Virtumonde/Vundo trojan horse on my computer and I am *totally fucked*. From what I can see out there, a new extremely virulent version appeared yesterday. BE VERY CAREFUL WHEN DOWNLOADING *ANYTHING* right now, but *especially* from megaupload! If you think you have it, turn off your internet access (*all* of it)*immediately*, because goes to the web and downloads new malware to your computer for fun.

ileliberte: Hi, coming in through surfing my f-flist. I had a Vundo trojan infection recently and the best program to deal with is Malwarebytes. go to malwarebytes.org and you can download the basic program for free. Quick scan usually gets rid of it all but run a complete one just to check up afterwards. It can run on usual startup mode, but if you want to be extra careful, run it on safe mode and it'll get rid of the trojan. Symantec unfortunately doesn't really recognize this virus. Also, beware of windows popping up that look exactly like My computer windows, be sure you don't mistakenly click anything there before you see the url.

ETA: More here from ileliberte on the virus.

ETA 2: cat_77 has some more info on AVG antivirus program here.

I'm seconding malwarebytes as a possible solution, as it's the one the tech guy at work bullied me into getting for both my work and home computer and it's caught several things that both McAfee and AdAware missed.

If anyone has any other solutions, please feel free to suggest.

Comments

[mrshamill.livejournal.com]

Stinger, by McAfee and Sysclean, by Trend -- both stand-alone virus checker apps, both free, Stinger is a little easier to use than Sysclean. Also? I don't know if you saw my warning the other day, but MAKE SURE YOU'VE GOT ADOBE READER NINE. Another new virus that went live yesterday exploited some damn thing in Reader anythinglessthannine and it's already hit a bunch of people at my office (for which I'm getting blamed, for which they can fire my ass and they won't because I'm the only one stupid enough to work there).

Gah. All I want is ten minutes alone in a locked room with those fuckers who think writing viruses is funny. I wouldn't even need a weapon. Well, okay, a plastic spoon.

[ileliberte.livejournal.com]

Just to add to what I said, one of the things it also does is install a program called Antivirus 360 that pretends to be a legitimate antivirus program and mimics the Windows interface style, just cross it out from the top right corner, don't hit cancel or ok on the body of any pop-up alerts it shows. Malwarebytes should get rid of it all, you won't be able to uninstall it by yourself completely.

[rynia.livejournal.com]

If it's alright with you, I'm c&ping this into an entry in my journal. I use megaupload a lot, so this is really frustrating.

[debbiiraahh.livejournal.com]

Oh shit. I'll be downloading that, I have both McAfee and AdAware and thought both were safe. :( Also I thought megaupload would be safe.

How did you know you have the Virtumonde/Vundo trojan? Is it obvious?

[cat-77.livejournal.com]

When I got hit a little while back, nothing was getting all the hidden crap left in random places on my computer (including my documents folder, for some, odd, reason). Downloaded the free trial version of AVG and it worked wonders. If you go to their main site, it's a bit hidden. Do a search in their helpful little window for "Free Download" and it comes up (was the first option). Good enough I'm thinking of buying the full program.

Also, out tech guys here at The Company just sent out a notice about a new round of email spam that contains links to virus sites. Hopefully no one is stupid enough to click on a random "e-card" from someone they don't know, but apparently enough people were dumb enough that they needed to send out a reminder.

[lexstar29.livejournal.com]

Thanks so much for this post. I've downloaded the Malwarebyes program recommended, and I'll pass it on.

[d-moonchild.livejournal.com]

Hopefully ESET Smart Security will prove to be sufficient protection. It does combine functions of a firewall and antivirus...

But I suppose I should update my Adobe Reader 8.0 to 9.0, just to be on the safe side. Though I'll be sad to part with the previous version, it was the best interface they came up with so far.

Thanks for the heads up!

[mrshamill.livejournal.com]

I just had p_zeitgeist point this out to me: http://www.adobe.com/support/security/advisories/apsa09-01.html which means that Adobe 9 is vulnerable now, too! I'll post in my own damned LJ about it, but... just... GAH!

[ender24]

I try to avoid catching those viruses by using for a year now
http://jdownloader.org/home/index

if I do not even go to the MU and otherwise sites in the browser, at least, that should save me from their infected ads.
whether or not the files, that i dl, are infected , is at my own risk.

[tricksterquinn.livejournal.com]

I swear by AVG. Absolutely.

[anjak-j.livejournal.com]

I'd definitely put my weight behind the Malwarebytes recommendation - one of the best pieces of software I've found in a while. Not a fan of AdAware personally - takes up way too many system resources for my liking. Spybot S&D isn't too bad and seems to do a good job at getting most of the nasties, providing you keep the definitions up-to-date.

Also, on an anti-virus note, Avast is pretty good and has kept my computers almost completely virus-free for many years.

[unamaga.livejournal.com]

Just throwing my two-cents in here as well as on chop's post, but I got hit with a virus while I was on a freaking cupcake blog a few weeks ago. After checking back, I found that the google ads - the flash ads, not the text kind - were what apparently did it, so I downloaded this firefox addon (https://addons.mozilla.org/en-US/firefox/addon/433) which does incredible things not only for your safety on sites like MU and mediafire and sendspace, but also website loading speed if you're browsing.

[dr-is-in.livejournal.com]

I'd also like to recommend people visiting http://www.spywarewarrior.com/index.php

They will walk you through, step by step, how to clean and rescue your computer for free. They've saved my computer a number of times. They are big on using Malwarebytes too. BUt Malwarebytes doesn't always get the entire infection. There are usually other things you need to do to get it all. I've gotten the Vundo/Antivirus 2008 infection before and they saved my computer.

[stardust-rain.livejournal.com]

Thank you for this! I have NoScript add-on with Firefox, which I highly recommend for blocking flash-ads and must have saved my ass the few dozen times I DL'ed from MU.

Would you mind me linking to you for a large music-sharing community?

[bienegold.livejournal.com]

Wandered over here from...somewhere, don't remember. But the point is thank you so, so much for both the information that a) there's a fucking virus and b) about the malwarebytes program, which promptly revealed that I was infected, which may explain some recent comp shenanigans.

Thanks again!

[blueskiesagain.livejournal.com]

Thanks so much for this post!

[anjak-j.livejournal.com]

To add something else that people might find useful:

Since most people are going to require their internet connection to actually download things to fix this problem and Vundo does a great job at connecting and downloading more crap, PeerGuardian (http://phoenixlabs.org/pg2/) might be helpful to regain some control over what connections a browser makes. While it won't make Vundo go away, it should help stop it connecting at will to hosts who will infect your PC with more nasties.

[silverrose.livejournal.com]

I got a bug through Megaupload recently and AVG Free completely missed it. Just a caveat! AVG's been my antivirus for years but I think the quality of the free version has declined. Avast seems to have fixed the main problems, although I'm still having some weird little glitches.

[chopchica.livejournal.com]

Thanks for making this post, hon. Spybot caught it but couldn't get rid of it. We're trying malwarebytes but have been warned that it's a50/50 shot and sometimes can't get rid of it. After that, it turns out my laptop apparently has a reset button that will bring it back to its original windows installation - which would be awesome and much quicker. We'll see. Either way, *hopefully* I'll have my laptop back by tomorrow.

I miss you! I'm so sorry I vanished just as you got home!

[iamamidnighter.livejournal.com]

Is anyone else having a problem downloading Malwarebytes? It downloads then it says that some .dll is not found so I can not get it to run. I have tried to download it a few times and its always the same problem. Any suggestions? Thanks

[kel-reiley.livejournal.com]

thanks for the headsup!

[azdaja-dafema.livejournal.com]

Thanks for the warning!

[immortalje]

Got here through vidding... and aside from saying that I didn't have a lot of trouble yet (thanking AVG antivirus) I wanted to pass on something seems pretty helpful:
When using a computer that allows several accounts, you can create one Admin account with all privileges (which shouldn't got online) and one that's actually used with restricted privileges which usually includes installing.
That should at the very least make it more difficult for software to be installed without it being intended to.