Today while I was surfing the Internet I went to one of the sites I usually go to find out information about Science Fiction, Syfy.com. My browser, Google Chrome, gave me a warning about the site hosting malware. This has never occurred before, thus I doubted the message. I ignored the warning, and sure enough, my virus scanner popped up identifying viruses. I was quite shocked, as this site is for a cable television station.
I decided to be stupid and click the link, and now it appears my computer has been infected, I get random Internet Explorer pages pop up, which means a virus. I am cleaning my system now, but I think it is time for a format. Thus, trust no site with this warning, even if it is well known. I do not see myself ever going back there now. If this is occuring for me, it is for others as well. Avoid Syfy.com at all costs.
About the author: Psychcomp is owned and maintained by Nathan Driskell, a Licensed Professional Counselor - Intern and Internet Addiction Specialist. Nathan has worked for the past five years creating and maintaining websites, and has experience managing small business networks.
Contact Nathan at the following locations:
ndri...@psychcomp.com">E-Mail
Twitter
Related Posts
- Meet George, the Hypnotherapist
- Why I Use Google Chrome
- Libox Reviewed: A Beginning to Sharing Your Media
- Geocities Closing Tomorrow
- Is Broadband Internet Access a Right?
- The Trappings of Addiction
- Want Windows 7? Go to Ebay
- How to Establish Yourself Online – Part 1: Plan
Loading ...
Wow thats just downright scary stuff dude.
Lou
http://www.anon-web-tools.es.tc
FYI, if you look at http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=syfy.com it points to http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=goldvilew.info as being the cause of the problem. The latter site contains the malware, but I don’t know why syfy.com has that url on their site. (It’s visible if you view the source code). I got hit with the same malware in Chrome on Win7, but was saved by UAC which prevented anything from running with Admin powers. AVG was able to cleanup the rest of the infection which put some programs into my startup list.
It looks like the vector was a Java plugin based on a log I found in my temp directory.
Also, syfy acknowledges this issue: http://twitter.com/Syfy/status/13329226716
I am doing a full virus scan, found 3 so far. If this occurs, I will reformat. As of 9:50 PM Central time the site still shows up containing malware.
Also check your temp directory for any files created near the time you visited the site. You will see a java_install_reg.log file for the Java exploit along with some hidden files named notepad.exe, win.exe, etc. and some dlls. Also, it installs a proxy on port 5555 so make sure you check your LAN settings for IE and Chrome so that they are not going through any proxy. If you can log out and log back in without any strange popups, I think you are safe.
BTW, I find it ironic that you posted about Chrome’s Security a month ago
Though, this isn’t completely Chrome’s fault because it was a crappy plugin that was used as a vector, Chrome still gets some of the blame.
this also happened to me not more than 30 min ago. my antivirus caught one of them, but two ended up on my system. luckily for me, i have memorized the correct list of processes that should be running on my system, so i found the two viruses right away.
my take home lesson from this is to always trust chrome when it tells me not to visit a site.
The file was there. I deleted everything that occurred close to the time I visited the site and onward. Proxy server is not in use, so that is good. I am doing more virus scans, I may need to switch to AVG again, I do not think Advira is keeping up, as it let this in to begin with, and did not appear to delete the virus as the popups keep occurring.
Agreed. I may reformat now, just to be 100% sure it is gone. Pathetic this can occur to such a large site. Will never ignore Chrome’s warning again.
This happened to me at at 8:02 PM PST and Google Chrome did not flag it as malware util at least 9 PM. For me, the only warning I got was UAC which contained the malware.
I\\\’m not so good with computers so trying to find some of the stuff you guys are talking about is hard for me. I have been running windows defender which did catch part of the virus, but didn\\\’t remove it completely. I also used spybot search and destroy, Ad aware, and my Mcaffe that cox provides it\\\’s customers. I got rid of the pop up windows which it tries to do overnight while asleep, 10-12 per night. I just want to warn you guys that even with no popups, the virus is still not gone. My file sharing has been activating on it\\\’s own, then the next day password protected filesharing was activated. Every time I run Windows defender in full scan mode it picks up the virus again. It will kill it and then it comes back again every night. This is with my computer not being connected to the net. I lock down the firewall in Mcaffe and turn off the manual switch for my wireless. I\\\’m totally stumped on how to get rid of this completely.
To be honest, I did not find a way to remove it completely. I ran through many different virus scans, it still always reappeared. I ended up formatting my system, then installing AVG’s free edition, then updated it and scanned everything. For me it was not to hard, as I format my systems every 2-3 months anyway, but for some this may be a nightmare to consider. If you are going to format, backup your data, but be SURE to scan all this data once you have formatted for the virus. I found no virus, and everything now is fine. This virus from Syfy was a nightmare, that could repeat at anytime, so be sure to listen to all warnings.
Just an update. I found a file in mine that is the one that will keep coming back even after the virus software kills it. I found it running in my tasks tracked via windows defender. It’s in the C:\users\tom\ appdata\local\temp\yrl.exe.
Thats the file that allows this virus to keep coming back. I was able to select and remove it in the defender program under the history. I have not been back online to do anything but do virus updates, then lock the firewall down. I have scanned the computer every night for the last 2 and the virus seems to be gone and none of the virus software are picking up any more problems.
If someone with this issue still has a problem, go delete and shred the file and let me know if that did it for you too. I also turned off 2 other files that were running as unknown and will post them up when I can find them.