seperis | psa: megaupload and viruses

Heads up on a new and exciting computer virus for downloaders. Quoting from

chopchica: Yesterday, I went to megaupload to download a new Merlin vid. I've downloaded from megaupload a billion times and never had a problem but yesterday, I immediately ended up with the Virtumonde/Vundo trojan horse on my computer and I am *totally fucked*. From what I can see out there, a new extremely virulent version appeared yesterday. BE VERY CAREFUL WHEN DOWNLOADING *ANYTHING* right now, but *especially* from megaupload! If you think you have it, turn off your internet access (*all* of it)*immediately*, because goes to the web and downloads new malware to your computer for fun.

ileliberte: Hi, coming in through surfing my f-flist. I had a Vundo trojan infection recently and the best program to deal with is Malwarebytes. go to malwarebytes.org and you can download the basic program for free. Quick scan usually gets rid of it all but run a complete one just to check up afterwards. It can run on usual startup mode, but if you want to be extra careful, run it on safe mode and it'll get rid of the trojan. Symantec unfortunately doesn't really recognize this virus. Also, beware of windows popping up that look exactly like My computer windows, be sure you don't mistakenly click anything there before you see the url.

ETA: More here from

ileliberte on the virus.

ETA 2:

cat_77 has some more info on AVG antivirus program here.

I'm seconding malwarebytes as a possible solution, as it's the one the tech guy at work bullied me into getting for both my work and home computer and it's caught several things that both McAfee and AdAware missed.

If anyone has any other solutions, please feel free to suggest.

Threaded | Top-Level Comments Only

Stinger, by McAfee and Sysclean, by Trend -- both stand-alone virus checker apps, both free, Stinger is a little easier to use than Sysclean. Also? I don't know if you saw my warning the other day, but MAKE SURE YOU'VE GOT ADOBE READER NINE. Another new virus that went live yesterday exploited some damn thing in Reader anythinglessthannine and it's already hit a bunch of people at my office (for which I'm getting blamed, for which they can fire my ass and they won't because I'm the only one stupid enough to work there).

Gah. All I want is ten minutes alone in a locked room with those fuckers who think writing viruses is funny. I wouldn't even need a weapon. Well, okay, a plastic spoon.

Just to add to what I said, one of the things it also does is install a program called Antivirus 360 that pretends to be a legitimate antivirus program and mimics the Windows interface style, just cross it out from the top right corner, don't hit cancel or ok on the body of any pop-up alerts it shows. Malwarebytes should get rid of it all, you won't be able to uninstall it by yourself completely.

If it's alright with you, I'm c&ping this into an entry in my journal. I use megaupload a lot, so this is really frustrating.

Unfortunately, they don't just think it's funny, they're profiting from the viruses. Botnets are big money.

I say we kill all the spammers. ::nods firmly::

Edited 2009-02-25 19:11 (UTC)

Feel free. I do, too, and it's only luck I think that I didnt' have time yesterday to download like chop did.

No joke. Plastic spork. For tactile purposes.

Added and thank you!

Oh shit. I'll be downloading that, I have both McAfee and AdAware and thought both were safe. :( Also I thought megaupload would be safe.

How did you know you have the Virtumonde/Vundo trojan? Is it obvious?

Ahahha, sorry, I went back and reread your post. You were quoting. *headdesk* Please ignore!

When I got hit a little while back, nothing was getting all the hidden crap left in random places on my computer (including my documents folder, for some, odd, reason). Downloaded the free trial version of AVG and it worked wonders. If you go to their main site, it's a bit hidden. Do a search in their helpful little window for "Free Download" and it comes up (was the first option). Good enough I'm thinking of buying the full program.

Also, out tech guys here at The Company just sent out a notice about a new round of email spam that contains links to virus sites. Hopefully no one is stupid enough to click on a random "e-card" from someone they don't know, but apparently enough people were dumb enough that they needed to send out a reminder.

Used to date someone who thought designing viruses was fun. However, he swore he only launched them on his own computer and only did it to write programs to seek out new viruses and either alert the user to their presence or destroy them outright. He managed to help most of the dorm when they got hit by some new thing, so I don't think he was being entirely malicious.

Heh re: Adobe - we're not allowed to update our versions on our own here at work and have to wait for tech to do it. 89 of us, using the < 9.0 version several times an hour...

I say we kill all the spammers. ::nods firmly::

Well I'm in. Let me know when and where and I'll meet you.

A dull one. To make it last.

I've got one a co-worker made to teach people a lesson, I sent it to a couple of friends who always said "I don't need no stinkin' virus software! I got dial-up!" You run it and a little pop-up window appears that says, "Please wait while I delete your files." There's a progress bar that runs then it says, "Files deleted." After a moment, it adds, "Just kidding." Taught a few people a lesson in DON'T OPEN THAT THING DAMMIT.

As for tech support... I used to work like that. Now that I AM the IT department, I tell my lUsers to go ahead, update it! Sheesh.

Thanks so much for this post. I've downloaded the Malwarebyes program recommended, and I'll pass it on.

Added to entry. Thank you!

I love that program.

Hopefully ESET Smart Security will prove to be sufficient protection. It does combine functions of a firewall and antivirus...

But I suppose I should update my Adobe Reader 8.0 to 9.0, just to be on the safe side. Though I'll be sad to part with the previous version, it was the best interface they came up with so far.

Thanks for the heads up!

I just had

p_zeitgeist point this out to me: http://www.adobe.com/support/security/advisories/apsa09-01.html which means that Adobe 9 is vulnerable now, too! I'll post in my own damned LJ about it, but... just... GAH!

I try to avoid catching those viruses by using for a year now
http://jdownloader.org/home/index

if I do not even go to the MU and otherwise sites in the browser, at least, that should save me from their infected ads.
whether or not the files, that i dl, are infected , is at my own risk.

I swear by AVG. Absolutely.

I'd definitely put my weight behind the Malwarebytes recommendation - one of the best pieces of software I've found in a while. Not a fan of AdAware personally - takes up way too many system resources for my liking. Spybot S&D isn't too bad and seems to do a good job at getting most of the nasties, providing you keep the definitions up-to-date.

Also, on an anti-virus note, Avast is pretty good and has kept my computers almost completely virus-free for many years.

Edited 2009-02-25 22:11 (UTC)

Thanks for that rec. That's a handy piece of software.

something similar happened to me a year ago or so, should one install not legitimate program that cannot be uninstalled there is always this possibility:
http://www.windowvistarepair.com/articles/Malware_Alarm_Removal.php

I had XP before and uninstelled the not so legitimate program through safe mode.

That sounds like a handy app but the link you provided was hijacked. I've got adblock on Firefox which helped, but it looks like their site might have been infiltrated by a BHO. I was able to get more info by choosing their FAQ immediately, though.

Page 1 of 3

psa: megaupload and viruses

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject

no subject