Jump to content

Recommended Posts

I read the FAQ, and I know that the tray icon sometimes doesn't show up.

 

It still shows up in task manager, but when I try to end task, it says "access denied" and won't allow me to close it, and re-open it.

 

My question is: when this happens, am I still protected? Have I been protected?

 

I'm concerned, because I didn't have the tray icon, but I had this happen to me last night:

 

https://forums.malwarebytes.org/index.php?showtopic=141539 (not my thread)

 

Skype had an infected ad, and it managed to open an Internet Explorer tab, but before I clicked any of the obvious rogue fake antivirus, I went into task manager and ended iexplore.exe.

 

Then I followed the procedure I always read on here: MBAM, MBAR and Adwcleaner by Xplode. Everything comes back clean. 0 blocked exploit attempts in MBAE, but I know that I was directed to a malicious site.

Link to post
Share on other sites

Hi blackdove83,

 

About your question whether your are still protected or not. Please read How to verify that MBAE is working correctly ? It describes two ways to test whether MBAE (Malwarebytes anti-exploit) is working.

 

Please note that MBAE only protects against exploits. If you willingly download a rogue AV and run it there is nothing MBAE can do for you.

When I read your story an ad opened another tab, I don't think this requires an exploit.

but before I clicked any of the obvious rogue fake antivirus

 

This seems to indicate that the site wants you to download the rogue manually.

 

I'm no malware expert but I don't think any exploits where used in this attempt to infect your computer, so MBAE could not have protected you against this threat. This threat tried to use social engeneering to get on to your machine. Your vigilance and training protected you here as you immediately recognized the rogue and didn't get fooled into downloading and installing the rogue. So your primary defence against this attack vector worked beautifully.

 

So far about what I can deduce from the attack you described.

 

About the missing tray icon. The 'acces denied' error shows up on my computer as well, the trick is to run the taskmanager as administrator (just click "show processes from all users" to do this). Than you can end the process without any trouble.

 

I hope this helped. If you have any questions and/or worries left or run into any problems, please post & ask.

Link to post
Share on other sites

Thanks for the reply. Hopefully it was just social engineering and I don't need to throw my hard drive away.

 

My reason for wondering if it involved an exploit, is that the window opened itself up without me clicking anything. I picked up a Skype call(to screen share and help him fix an issue on his PC ironically), and somehow it managed to open a window.

 

I'm really not into coding or software much, so I don't know what it takes for a program to open up a window like that. People have been reporting that they were AFK and came back to find the same window open, so it must be happening automatically when a specific ad loads.

Link to post
Share on other sites

Hi blackdove83,

 

If you are worried about being infected take a look at I'm infected - What do I do now? and Available Assistance for Possibly Infected Computers.

You can just tell what happened and that you don't know if you are infected and want to be sure.

 

What did the How to verify that MBAE is working correctly lead to? Did MBAE pass the test on your system?

 

As far as I know is Skype not protected by MBAE. But the behavior of an advertisement opening in IE is not unheard of:

http://community.skype.com/t5/Windows-desktop-client/Skype-ads-Forcing-browser-to-open/td-p/1739205

So it could be a "legit feature" of Skype and not an exploit.

IE is protected by MBAE. Did any of your other layers of security raise any bells? (EMET?)

 

Please remember that I am not malware expert. Just an computer security autodidact enthusiast.

 

I hope this helps you out a little. As always, if you have any questions, please post & ask.

 

 

Link to post
Share on other sites

No other things rang any bells. I've come across a lot of other information about this particular attack, since then, including a code analysis.

http://www.invincea.com/2014/01/dailymotion-com-redirects-to-fake-av-threat/
 

I don't know programming or coding at all really, so maybe someone who does can take a look at that and tell me what it means.

 

However, it appears that the attack depends on a user installing the fake antivirus, so people who didn't hopefully aren't infected with anything. I'm pretty paranoid about security, and I have Malwarebytes Pro, and MBAE(although I was using version 0.09.5.0250 at the time) and the icon wasn't showing, but mbae was running in task manager.

Link to post
Share on other sites

Hi blackdove83,

 

That article is a nice find.

 

 

The threat compels the target to download a malicious .exe as a ruse to “clean” their “infected” machine…traditional Fake A/V attack

I think this quote from the article confirms that this 'attack' requires a user downloading and running a file. The video at the URL below confirms this. So I agree with you on that one.

http://www.invincea.com/2014/01/k-i-a-dailymotion-part-2-fakeav-threat/

I am surprised to read that it took dailymotion so long to fix it. (I did't get any redirects to rogues, so I assume they finally fixed it.)

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.