Jump to content

PLEASE Explain HOW "XP SECURITY 2012" Hijacked my system.


Recommended Posts

For example, take Real Player version 10 for example. (The latest version is 15). I have not updated it, because I don't use it. If I don't use it, I wonder what kind of a security threat it could be. Would it be possible for a website to embed realplayer media content, and actually invoke that older program with <embed> tags, and then exploit whatever weaknesses that older version might have?

At the risk of another tangential thread, an observation on the current "RealPlayer" installation...which I had an occasion to recently update. Despite selection of options which I thought would preclude any element of "RealPlayer" loading at startup, "Process Explorer" reveals that "realsched.exe" continues to load despite selected options to the contrary (unless I've somehow managed to screw the pooch on that election). The degree to which this irritates the heck outta me is substantial and, because of this ancillary issue you've raised, I'm FOREVER removing "RealPlayer" from residence on any computer I might own or administer.

Link to post
Share on other sites

  • 3 weeks later...

UAC is what you were talking about in your previous response having the ability to authorize running starting applications. XP does not have this built in. There are other programs to add it though.

...

Unless i missed it too he seems to have answered your questions. Would you mind restating what you would like answered?

Thanks

shadowwar, I apologize for the delay in responding to your question. I further regret that my statement to which you are referring was stated too strongly, and I apologize for that. I would have edited out the implication that someone intentionally was dodging a question, i.e. if the forum software would allow it.

Now, I did not get the fact that exile's "UAC" reference was actually a direct response to my question about stopping the writing of new .exe files to the hard drive. Your response clarified that. I looked at the link you have provided, but the user comments concerning that program are not encouraging. I wonder if you checked that link recently and the comments associated with it.

One thing I found missing in Exile's response was some additional detail, from an informed viewpoint, as to why this simple security measure was not added by Microsoft as a security update to Window's XP? It seems so simple and obvious. The simple ability to approve or disapprove the writing of an .exe file to the hard drive when a web browser is open and operating. It seems to me that this simple functionality would have completely eliminated the XP SECURITY 2012 hijacking that I experienced. What am I missing here? Would you and exile please address this question directly? I would appreciate it.

Another previous comment made by exile, I wanted to reply to, which is on the first page of this topic, however, when I try to access the first page of this topic, Google Chrome throws up this warning page:

ScreenCapture.gif

In my initial post I believe it was, I did mention that website, as it was in the avira weblog at the time of the hijacking, and I quoted that entry. I am wondering if that is the only problem. Or if there is something more there.

Also, I would report this behavior of Google Chrome, when using the attach file function below the comment box here, I click the "choose file" button, browse to the location of the file, select it, (it was the above gif image), click ok, the dialog box disappears, and Google Chrome then freezes up, and I have to shut it down and restart. That happened two times in a row.

Thanks for your time

Sincerely, GoldenEagles

Link to post
Share on other sites

  • Staff

All i can say is i use this version personally on my research box and it works great on prompting to allow files to run or not.

http://www.softpedia...ess-Guard.shtml

It works great here and no adware. The problem is the pro version cant be registered any more cause company is out of business.

There are other similiar programs available i am just not familiar with the alternatives.

This thread at wilders although older seems to list some alternatives.

http://www.wilderssecurity.com/showthread.php?t=183040

Link to post
Share on other sites

Armorize Malware blog shows you how the hackers accomplish these driveby infections via Flash. There are other methods. Using Google, search on: "armorize flash driveby" and the top result title is "Newest Adobe flash 0-day used in new......". Good writeup there and even more info on the blog.

I'm going to second Chrome as a good pick here. More secure than Firefox and you can use the Adblock add-in for yet another layer of protection. Armorize explains how hackers use "ad networks" to spread their malware.

Sounds like your infection wasn't a driveby, but still used Flash vunerabilities. Chrome with Adblock might have saved you.

Link to post
Share on other sites

Suggestion to avoid getting kidnapped to a web site that you did not click on!

1. It's not a great idea to use IE as your primary browser, I recommend FFox instead because it does not have the stupid active-x vulnerabilites and therefore is not only faster but probably more secure.

2. Get a copy of SpywareBlaster (free) which protects IE and FFox from varioius malicious websites and some active-x stuff, so you are less likely to be sent to web sites that you did not choose.

3. Get a copy of Spybot (v 1.62 is current, free) and since that overlaps with SpywareBlaster by updating your HOSTS file with malicious websites, it also protects you from known malicious web sites. As far as I know this protection applies to any browser. Spybot scans are also quite good at removing stuff that MalwareBytes has missed and vice versa. Be sure to read the instructions and do the 2 step immunization to get the updates into the HOSTS file.

4. AVG AV (free version) is one of the anti virus programs that looks ahead and puts a green checkmark on search results to let you know if a link is safe to click. I don't know how well it works in practice but it sounds good. I've also had good protection with AVAST (free). However, the AVAST does not get along with

5 Be sure to update the programs (#2 and #3) once a week manually and apply the protection.

In the last two weeks 5 clients brought me their computers infected by XP Security 2011 or 2012 (same Fraud Antivirus stuff, also called Rogue AV) and I removed all the viruses. All the existing security programs were either messed up or just would not load.

None of the machines had Malwarebytes Pro, so I can't tell how effective the memory resident component would have been. I am now recommending the Pro upgrade to everyone -if for no other reason than the hourly update and flash scan.

In SAFE mode I was able to manually remove the malicious program from memory ( I had to guess what file name it was using), and before it snuck back I ran Spybot, or Malwarebytes, whichever was able to start successfully. Whichever program started up found and removed some of the stuff, then I ran the other one and the second always found something the first one missed.

Once you can run your security programs update them if needed and run them again using the most thorough scan mode until you fail to find any more crap. It is best to use 2-4 different anti spyware programs because what one misses another may detect and or remove.

Some of these infected machines had very up to date Windows security others did not -so those updates are clearly not the end all of protection. A number of them were running Panda Cloud AV -which in the past appeared to work really well, but not this time. Some had old versions of AVG (v 9) which they failed to update to 2011 or 2012. They really were not paying much attention to security and were pretty sorry.

I hope this is helpful to someone.

Dan

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.