I went to Audiogon twice this weekend and was attacked by a trojan both times. No not a mean greek. They have been running a beta version of the new website apparently. Two times scanning thru listings I was attacked by a trojan that disables antivirus and pretends to be the same. Both times I was able to spend a few hours and defeat it, but it is a PITA to remove. If you go there and get a popup about allowing site to download something to you, click out of there fast! immediately!, it will get in without you approving anything. So far they have not responded to my complaints. I was goning thru IE, not firefox or something. I don't think I will test it to see!
Last edited:
I believe it must have gotten in on Java, based on the line of data in the antivirus scan showing what had been fixed. I thought I got it the first time from cllcking a picture from a seller in Singapore, but the second time I was just scanning the listings like I was the first. Popup asked if I wanted to run some program from the site, I clicked cancel or deny or some such but it still took over. Another audio forum replies mentioned that others had had problems from that site very recently. I am not flaming them or something, I have been a member there for a long time but recently have not been going there much. This weekend was the first time I saw the new beta version of it. I had to run safe mode and displayed the list of programs installed, and selected "repair" for the antivirus program before it would function again. Then it did some sort of special safe mode startup and scanned everything to get rid of the trojan.
my antivirus program warned me about the attack too, when I went to AudiogoN page
and I was not able to make posting, weird things were happening, I uploded pictures, filled out the title, zip, price, all the details, went to preview and half was it was blank...red mark all over that those fields are required, and I just filled them
it was all messed up in internet explorer
mozzila worked fine
and I was not able to make posting, weird things were happening, I uploded pictures, filled out the title, zip, price, all the details, went to preview and half was it was blank...red mark all over that those fields are required, and I just filled them
it was all messed up in internet explorer
mozzila worked fine
Is it the Win7 2012 virus? There is a Vista version as well. It pretends to be some sort of anti-virus program that says your infected and tries to do a scan. I thought I had gotten it, but it must have already infected in other places and it slipped by. Screwed thing up pretty well. Fourtunately I backup
. It is some sort of pain in the as$ to try and get rid of tho, slightly more than Freeze Frog. That one is a bit of a niusence if you ever get it.
. It is some sort of pain in the as$ to try and get rid of tho, slightly more than Freeze Frog. That one is a bit of a niusence if you ever get it.
I had a problem with a similar program about a year ago. It started as one of those free scan programs. Best thing is to pull the plug on the computer. It seems extreme but it copies and hides really fast. McAfee was helpless. The only program I found that worked was Malwarebytes. IF it isn't in the computer. Malwarebytes is free to download. I keep a copy on a flash drive because the worm will shutdown most anti-virus software already installed on the hard drive.
From your description that sounds like a JavaScript vector.
There is no need to run Java (a multiplatform application technology from Sun Microsystems) in a web browser unless you want to run online Java applications, like some calculators. I generally disable it in all my browsers; if I come upon some need for it, I re-enable and restart the browser.
Turn it off and restart again after I'm done. You normally do not encounter Java in an average day (or week, or month) of web browsing. There are many people who have never used it in their lifetime on the 'net.
JavaScript, however, is a scripting language that runs in virtually all web pages that offer topical content, or allow you to post comments, etc. It's difficult to disable JavaScript and surf without issues; you probably could not post in a forum without it enabled.
Some plugins (eg "NoScript" for Firefox) allow you to disable JavaScript on a site-specific basis. There are broadly similar browser add-ons for most web browsers commonly used, regardless of the Operating System (OS).
But, back to the point ... Java is not JavaScript, and vice versa. They are so different they have nothing whatsoever in common with each other; the similar name is an unfortunate circumstance.
So, if you do mean JavaScript, please describe it as such. At least that way, we're not compounding the confusion that exists out there.
Last edited:
I had that too a couple of days ago but I was looking at Hifiwigwam at the time - I might have had an audiogon page open too though.
I shut down a load of processes in task manager as soon as the window popped up, taking down things that were using processing power that instinctively looked odd.
When I re-started Firefox it wanted to update which I'm sure I've seen before too, where it then becomes unusable or constantly re-directs.
Still, malwarebytes seemed to sort out some registry things that might have been changed and that was all it found. I re-installed Firefox.
This is on Windows XP so isn't trojan specific to a particular version.
I shut down a load of processes in task manager as soon as the window popped up, taking down things that were using processing power that instinctively looked odd.
When I re-started Firefox it wanted to update which I'm sure I've seen before too, where it then becomes unusable or constantly re-directs.
Still, malwarebytes seemed to sort out some registry things that might have been changed and that was all it found. I re-installed Firefox.
This is on Windows XP so isn't trojan specific to a particular version.
You definitely DO NOT want the special "virus detected, click here" virus. It can be bad trouble to recover from. As someone said previously, shut down your browser ASAP! You do not want to deal with it.
That's why I run Linux. Some limitations every now and then, but for the most part stable and usable for most all applications. Learning is fundamental!
That's why I run Linux. Some limitations every now and then, but for the most part stable and usable for most all applications. Learning is fundamental!
Just an FYI, PSU Designer II runs just fine under Wine, as do many other "Windows only" programs.
That's what you get for using Firefox.
FYI IE9 is better in every aspect, including malware imunity:
IE 9 best option against Web-based malware attacks
That's what you get for using Firefox.
FYI IE9 is better in every aspect, including malware imunity:
IE 9 best option against Web-based malware attacks
Last time I checked IE 9 didn't run on XP, is that still the case? I run linux and windows 7 firefox on both..
Actually, I did try Malwarebytes on this one. First, because it was enabled in safe mode, whereas the AVG was not. I got XP running on this computer still. Mal. did not find it, but I thought it was due to the defs being a month and a half old. So after I recovered, I went to Mal. update and got it fully up to speed, as well as backing up some docs, just in case. The next time I got it there, Mal. still did not spot it for me so I went and repaired the antivirus again and had to set thru another 3-4 hour scan session, I don't know for sure, I fell asleep. I had also updated my restore point so I was good there too. AVG logged the infection as- C: Documents and Settings\Owner\Application\Sun\Java\Deployment\Cache\6.0\60\3cb70a3c-2273f860 Trojan Horse Generic26.CMYR for whatever that is worth.
Is it the Win7 2012 virus? There is a Vista version as well. It pretends to be some sort of anti-virus program that says your infected and tries to do a scan. I thought I had gotten it, but it must have already infected in other places and it slipped by. Screwed thing up pretty well. Fourtunately I backup
I had picked up something like this a month or so a go, comes in , start doing scans advised computer is infected, could nor get rid of it, had to do a complete wipe ...
- Status
- This old topic is closed. If you want to reopen this topic, contact a moderator using the "Report Post" button.