Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. shadowwar, I apologize for the delay in responding to your question. I further regret that my statement to which you are referring was stated too strongly, and I apologize for that. I would have edited out the implication that someone intentionally was dodging a question, i.e. if the forum software would allow it. Now, I did not get the fact that exile's "UAC" reference was actually a direct response to my question about stopping the writing of new .exe files to the hard drive. Your response clarified that. I looked at the link you have provided, but the user comments concerning that program are not encouraging. I wonder if you checked that link recently and the comments associated with it. One thing I found missing in Exile's response was some additional detail, from an informed viewpoint, as to why this simple security measure was not added by Microsoft as a security update to Window's XP? It seems so simple and obvious. The simple ability to approve or disapprove the writing of an .exe file to the hard drive when a web browser is open and operating. It seems to me that this simple functionality would have completely eliminated the XP SECURITY 2012 hijacking that I experienced. What am I missing here? Would you and exile please address this question directly? I would appreciate it. Another previous comment made by exile, I wanted to reply to, which is on the first page of this topic, however, when I try to access the first page of this topic, Google Chrome throws up this warning page: In my initial post I believe it was, I did mention that website, as it was in the avira weblog at the time of the hijacking, and I quoted that entry. I am wondering if that is the only problem. Or if there is something more there. Also, I would report this behavior of Google Chrome, when using the attach file function below the comment box here, I click the "choose file" button, browse to the location of the file, select it, (it was the above gif image), click ok, the dialog box disappears, and Google Chrome then freezes up, and I have to shut it down and restart. That happened two times in a row. Thanks for your time Sincerely, GoldenEagles
  2. Thank you, exile, for the link. Lots of good information there. Though I see that you made a thorough and conscientious effort to not address my previous very specific question. Is there a reason for that? Was the question so dumb, you did not want to shame me further by addressing it? However, one thing that the information at your posted link led me to do was to visit the Windows Update site, which reminded me that I had hidden, over the last 8 months, all security updates having to do with Microsoft .net framework, all versions, 1.1, 2.x, 3.x, as none of them would install, and I could not find a solution to the issue, so I just hid them. (Secunia PSI scan did not catch this either) I spent New Years Day finally dealing with the issue. Many hours. I don't know whether this had anything to do with the XP Security 2012 hijack. But the problem is fixed now anyway. In my research on the .net framework security update problem, I see lots of people have problems in that area, so I just wanted to note here, for the record, something the search engines will list, what the solution was in my case. I used the .net framework cleanup tool, which anybody can find when they do searches on this issue (Method 2 here). Using that tool, which you download from a link from that page, I deleted all of the .net framework installations, all versions. This had to be done because none of them would uninstall through the normal process. After deleting all versions with that tool, I sat back and said to myself, why go further? Who needs this .net framework stuff anyway? And then my eye caught something different in my system tray, where my APC PowerChute program was not working anymore, my APC was not communicating with the computer. That is the uninterruptable backup power source (UPS). I see I had a tangible reason to reinstall. I then reinstalled .net framework 3.5 SP1 (which installs .net framework 2.0 automatically) using the link from the microsoft page noted above. It installed successfully. (I did not reinstall version 1.1.) Then, using the Windows Update site, I applied numerous security patches to the .net framework 3.5 SP1, and all of them installed successfully. In hindsight the solution was simple, though time consuming. As these installs drag on for quite a while. Exile, perhaps you could comment on whether, in your judgment, these uninstalled security patches in .net framework, versions 1.1, 2.x, 3.x, could have contributed to the XP SECURITY 2012 hijacking that I experienced. Thanks.
  3. exile, thanks for your interesting comment. I will have to think about that for a while. In the meantime, I would like to know, when people are surfing the web, why the operating system cannot simply throw up a message box asking the user if they will allow a new .exe file to be written to disk? As far as this XP SECURITY 2012 attack was concerned, a new .exe file was written to the hard drive in the midst of a web browsing session. If the operating system would have just asked me if I wanted that file written, I could have said NO. Why doesn't the Windows XP operating system give the user this simple and very basic level of protection? NO to new .exe files written to the hard drive while web browsing unless approved by the user? This seems like a no-brainer to me.
  4. Thanks, noknojon, for your reply. You say, "XP SECURITY 2012 changes quite often, so MBAM updates several times every day to try and catch up with these people" You make it sound like these hackers have a palette of hacking options that is basically limitless. How accurate is that characterization?
  5. Thanks, Hernan for bring up the "sandbox" principle. So, if XP SECURITY 2012 still managed to get past both AVIRA and MALWAREBYTES, and into the "sandbox", when it executes, and makes those changes to the registry which gives it total control over what happens henceforth on the infected computer, then, in reality, it has only changed the settings in a "virtual" registry? Is that right? And when the sandbox is deleted, EVERYTHING that XP Security 2012 thought it had successfully done to the computer, can be deleted, just by deleting the "sandbox"? (Something like throwing away a disposable hospital glove?)
  6. shadowwar, in relationship to your secunia link, I have downloaded the program, installed it, and run my first scan. All of the things that I use on a regular basis show patched. However, there are 16 "end of life" items listed, that I don't use at all. But this brings up a question. For example, take Real Player version 10 for example. (The latest version is 15). I have not updated it, because I don't use it. If I don't use it, I wonder what kind of a security threat it could be. Would it be possible for a website to embed realplayer media content, and actually invoke that older program with <embed> tags, and then exploit whatever weaknesses that older version might have?
  7. Thank you shadowwar for your response. You say, "These [attacks] come down through exploits in windows and other software. Keep up to date on windows updates, Java, Flash and Adobe pdf." Can you explain with a little bit more specificity what kind of weaknesses in Windows or other software XP Security 2012 exploits? Does it have a special door it keeps knocking on again and again? I always update IE8. It always has the most current patches. My Java is the latest version. I was not using PDF at the time, so we can count that out (?). Avira signaled a detection on an .swf file at the time of infection, as I noted above, but that was blocked. The XP Security 2012 exploit was either in progress at that moment, or a fraction of a second later.
  8. Is Google Chrome as Vulnerable to XP Security 2012 malware as other browsers? As noted in a previous thread, my machine was hijacked with the XP SECURITY 2012 malware, or should I say SCAREWARE. In the end, Malwarebytes saved the day. This attack came through Internet Explorer 8. I am exploring the question as to whether a browser change would be a good idea, to reduce vulnerability in the future. To that end, I am taking a close look at Google Chrome. I would like to know if there is anyone out there who uses Google Chrome who has had the experience of falling prey to XP SECURITY 2012, or any of its other variants, on Windows XP, or on other operating systems? Thanks.
  9. In a PC Magazine Review of Google Chrome 15, I noted this interesting statement: "PCMag's security blogger, Larry Seltzer, considers Chrome path-breaking in a safety sense. The entire program architecture is internally sandboxed so that almost all vulnerabilities are unexploitable in any practical way. By integrating Flash, Google automatically updates it, which is certainly an important security advance, and as mentioned, that built-in plugin is now sandboxed in the Windows 7 and Vista versions of Chrome." Does this articulate a valid reason why one might consider switching from Internet Explorer 8 to Google Chrome (running under Windows XP)? I wonder as well, from a security standpoint, whether malware authors create their little poison darts to exploit Internet Explorer mostly, as that is what most people use, and leave the other browsers alone? And perhaps that might be another reason to move away from Internet Explorer [8]?
  10. Thanks Fivealive for your response. This happened in Internet Explorer 8. And Yes, I have decided to run the full version of Malwarebytes from now on. "i also restrict my web browsing" - that is not an option for me. I was doing research, and I was actually very deep into a Google results pagecount. But I am still looking for a technical answer as to how a mature technology like Windows XP and IE8 can be exploited so easily. How does XP SECURITY 2012 do that?
  11. Could Someone PLEASE Explain HOW "XP SECURITY 2012" Hijacked my system? Eight days before Christmas, my computer was hijacked by XP SECURITY 2012. I will not get into the details, as these are well known, and well documented now, and once you figure out how to get a command to run, Malwarebytes cleaned it out. (Well, except for one exe file which I had to delete manually for some reason). This certainly fits the definition of SCAREWARE. With its capacity to take control of everything, and leave the user seemingly with no escape options. After going through this ordeal, I just would like to know, how in the world did this thing get into my computer? I am looking for somewhat of a technical answer. Of course, I know it was through a webpage ... I was doing a google search, and I clicked on one item in the list of search results. When I clicked on the link, I noticed immediately that the page delivered was not the page I expected. I have seen this before, where a page is hijacked by malware, and the user is transferred to another page entirely, and quickly. As the alien page was loading, AVIRA signaled a detection. And yes, this is the URL I remember seeing at the time. This entry is from my Avira webguard log: 12/17/2011,22:03:15 [DETERMINE] Malware found. URL: http://salepharmacy.in/content/field.swf Contains recognition pattern of the EXP/SWF.AH exploit Of course, that is not the link I clicked on. It was the URL I was surreptitiously delivered to. At the time, I clicked OK on the Avira dialog to block the execution of “exp/swf.ah”. However, at that exact moment, my machine was taken over by the most insidious case of malware I have ever experienced. Avira did not detect or block this. It was XP SECURITY 2012. This is my question: By what method does "XP SECURITY 2012" ride in, even under the nose of an Anti-Virus program that is supposed to have its eyes open? Could someone please give me an answer to this question? Thank you. GoldenEagles
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.