I think I got a trojan virus
#905719
08/04/13 11:07 AM
08/04/13 11:07 AM
|
Joined: Nov 1999
Posts: 3,669 New York
Mary
OP
Addicted Boomer
|
OP
Addicted Boomer
Joined: Nov 1999
Posts: 3,669
New York
|
Yesterday after I started up my computer I had all sorts of problems: I would click on a site, AOL for example, and the computer would try and try to open until I finally got an "AOL is not responding" notice on the top of the page. Same thing with MSN, or anything I tried. If I tried to click on a page that was already open, the page would get an opaque white "film" (for want of a better word) all over it, and I couldn't do a thing. Hours later, still working on the computer, I finally got Norton started, but it just stopped after a while without completing. Same with Malwarebytes: started but couldn't finish. Kept trying with Malwarebytes. Though it stopped again, by a stroke of luck, it automatically upgraded itself (I have the PRO version) and that somehow got the scan going again and it finally got all the way through. Near the end of the scan, it found "Trojan.FakeAlert.RRE; it was on my external hard drive! I tried to find some info on this but couldn't find anything on this Trojan with the "RRE" extension.
So far today, I'm getting around okay but I'm curious how this Trojan produced my symptoms. Or how I got it. Or how I picked it up on my external and not my main hard drive.
Is it possible to pick up a virus from an email that I opened? It had no links of any kind in it, only a plea for money.
The answer is....chocolate! Who cares what the question is.....
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905723
08/04/13 11:34 AM
08/04/13 11:34 AM
|
Joined: Jan 2010
Posts: 3,293 Rivellon
traveler
Addicted Boomer
|
Addicted Boomer
Joined: Jan 2010
Posts: 3,293
Rivellon
|
Mary, I found quite a bit about the fake alert trojan, though nothing about it targeting an external hard drive, though I didn't really search far. Here's an explanation of the trojan from Sunbelt. The first notice of this on their website appears to have been in 2006, so this trojan is obviously far from new and I'm surprised Norton didn't pick up on it instantly. No, you can't get a virus from just reading an email. Not yet, anyway. Gil.
"Best not to think about it. I don't want to fall to bits 'cos of excess existential thought."
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905726
08/04/13 11:41 AM
08/04/13 11:41 AM
|
Joined: Jun 2005
Posts: 20,093 Near St. Louis, MO
Draclvr
Reviews Editor - Hints/Glitches Mod - Site Support
|
Reviews Editor - Hints/Glitches Mod - Site Support
True Blue Boomer
Joined: Jun 2005
Posts: 20,093
Near St. Louis, MO
|
If your computer is running better, run at least one more full scan with Malwarebytes and definitely a full scan with Norton. From what I read about the FakeAlert virus, it might take more than one pass with at least two different programs to get rid of it.
It's hard to know how it got there - it could have simply been a "drive-by" download from visiting an infected website. I saw several references to getting this virus after visiting a social website. While they always say NEVER open up emails from someone you don't know, I got one of those emails asking for money from my sister-in-law. Someone had hacked her Facebook account.
Once again, weeds are my life!
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905731
08/04/13 11:53 AM
08/04/13 11:53 AM
|
Joined: Nov 1999
Posts: 3,669 New York
Mary
OP
Addicted Boomer
|
OP
Addicted Boomer
Joined: Nov 1999
Posts: 3,669
New York
|
Draclvr, The email that I opened was from a woman I used to work with. I forwarded her the bogus email using her correct address and she said that it delivered a very quick moving virus when she opened it, but I never heard of getting a virus from just opening an email. The virus supposedly tries to get you to go to other sites to clear up the "security problem", but I didn't see anything like that.
I ran Malwarebytes twice yesterday; I'll run Norton right now. I do READ FaceBook once in a while, but rarely post anything, so I don't know if my catching the virus came from there.
Gil, Thanks for the link; I was trying to find a definition of the specific version of the Trojan I managed to get. I'll keep looking.
The answer is....chocolate! Who cares what the question is.....
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905732
08/04/13 11:53 AM
08/04/13 11:53 AM
|
Joined: Jan 2010
Posts: 3,293 Rivellon
traveler
Addicted Boomer
|
Addicted Boomer
Joined: Jan 2010
Posts: 3,293
Rivellon
|
A good browser, a good AV and/or Malwarebytes will generally stop you from visiting a dubious website. Sometimes mistakenly and irritatingly but most often they're probably right.
Your SIL's FaceBook account was hacked, Draclvr? No, really? I am astounded.
Gil.
"Best not to think about it. I don't want to fall to bits 'cos of excess existential thought."
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905741
08/04/13 12:14 PM
08/04/13 12:14 PM
|
Joined: Jun 2005
Posts: 20,093 Near St. Louis, MO
Draclvr
Reviews Editor - Hints/Glitches Mod - Site Support
|
Reviews Editor - Hints/Glitches Mod - Site Support
True Blue Boomer
Joined: Jun 2005
Posts: 20,093
Near St. Louis, MO
|
Yes, Gil, I too was simply shocked.. shocked I say! I can't tell you how many people I've helped get their Facebook accounts back from hackers. Usually a simple change of password does it, but in her case the hacker actually got into her Hotmail account and trashed it plus was carrying on Facebook conversations with other family members. It was very creepy.
Mary, there are a gazillion variations of this virus, so it's pointless to look for a specific one. It's been around for several years.
Once again, weeds are my life!
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905742
08/04/13 12:19 PM
08/04/13 12:19 PM
|
Joined: Jan 2010
Posts: 3,293 Rivellon
traveler
Addicted Boomer
|
Addicted Boomer
Joined: Jan 2010
Posts: 3,293
Rivellon
|
Mary, Kioskea.net has some information on this trojan. I had a little difficulty figuring out what they meant exactly since the website is French though written in English (Kioskea gets a Safe rating from Norton and others, I checked since tortured English, even a little bit, always raises a red flag for me); however, it looks as if the infection is passed through a removeable drive. Gil. speaking of tortured English
Last edited by traveler; 08/04/13 12:19 PM.
"Best not to think about it. I don't want to fall to bits 'cos of excess existential thought."
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905770
08/04/13 03:08 PM
08/04/13 03:08 PM
|
Joined: Oct 2000
Posts: 40,644 southeast USA
Jenny100
GB Reviewer Glitches Moderator
|
GB Reviewer Glitches Moderator
Sonic Boomer
Joined: Oct 2000
Posts: 40,644
southeast USA
|
Draclvr, The email that I opened was from a woman I used to work with. I forwarded her the bogus email using her correct address and she said that it delivered a very quick moving virus when she opened it, but I never heard of getting a virus from just opening an email. Infection by email was one of the earliest methods of infection (though not as early as infection by floppy disks). When I first started using computers years ago, we were warned never to open emails we weren't expecting. The infamous "I Love You" worm from year 2000 spread by email. http://en.wikipedia.org/wiki/ILOVEYOUIt wasn't the first, but it was one of the most well-known email worms. Strictly speaking it was a "worm" rather than a "virus," but few people bother distinguishing between virus and worm -- especially since modern malware can be both. As others have said, don't rely on one anti-virus or anti-malware program to get rid of it all. If you only get rid of one part, the parts you didn't find can easily replace what you removed. Modern malware often uses multiple methods of infection. So you could have gotten the virus by email and had it spread to your external drive, where it's all set to infect any computer you plug the external drive into. I wouldn't be too surprised if it was also sending out infected emails without your knowledge.
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905780
08/04/13 04:04 PM
08/04/13 04:04 PM
|
Joined: Jan 2010
Posts: 3,293 Rivellon
traveler
Addicted Boomer
|
Addicted Boomer
Joined: Jan 2010
Posts: 3,293
Rivellon
|
Jenny,
The article on the I Love You worm may have been badly written, but, as it is, it indicates to me that you had to open "the attachment" in the email to become infected, not simply open and read the email itself.
Gil.
"Best not to think about it. I don't want to fall to bits 'cos of excess existential thought."
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905785
08/04/13 04:19 PM
08/04/13 04:19 PM
|
Joined: Nov 1999
Posts: 3,669 New York
Mary
OP
Addicted Boomer
|
OP
Addicted Boomer
Joined: Nov 1999
Posts: 3,669
New York
|
There was no attachment in the suspicious email I got. Maybe that email just happened to come in at the same time a website dumped the virus on me. I just really have no clue how I got it.
The answer is....chocolate! Who cares what the question is.....
|
|
|
Re: I think I got a trojan virus
[Re: Jenny100]
#905791
08/04/13 04:36 PM
08/04/13 04:36 PM
|
Joined: Jan 2010
Posts: 3,293 Rivellon
traveler
Addicted Boomer
|
Addicted Boomer
Joined: Jan 2010
Posts: 3,293
Rivellon
|
Oh, boy. Hallelujah for a good AV. I think I'd be giving Norton the boot for not catching that, particularly given how old it is.
Gil.
"Best not to think about it. I don't want to fall to bits 'cos of excess existential thought."
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905811
08/04/13 05:29 PM
08/04/13 05:29 PM
|
Joined: Nov 1999
Posts: 3,669 New York
Mary
OP
Addicted Boomer
|
OP
Addicted Boomer
Joined: Nov 1999
Posts: 3,669
New York
|
Yes, I'm not too happy that I paid dearly for Norton and it just let this virus right in. Then I've got to clean up the mess.
The answer is....chocolate! Who cares what the question is.....
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905830
08/04/13 06:21 PM
08/04/13 06:21 PM
|
Joined: Nov 1999
Posts: 3,669 New York
Mary
OP
Addicted Boomer
|
OP
Addicted Boomer
Joined: Nov 1999
Posts: 3,669
New York
|
After getting a "clean" Malwarebytes scan (my second scan) and a "cleaned" Norton scan (it removed some cookies), can I assume that I can exhale now? Computer seems to be running fine.
The answer is....chocolate! Who cares what the question is.....
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905838
08/04/13 07:21 PM
08/04/13 07:21 PM
|
Joined: Jan 2010
Posts: 3,293 Rivellon
traveler
Addicted Boomer
|
Addicted Boomer
Joined: Jan 2010
Posts: 3,293
Rivellon
|
I'd think so, Mary. Gil.
"Best not to think about it. I don't want to fall to bits 'cos of excess existential thought."
|
|
|
Re: I think I got a trojan virus
[Re: Jenny100]
#905863
08/05/13 01:34 AM
08/05/13 01:34 AM
|
Joined: Apr 2002
Posts: 5,588 Oklahoma, USA
Homer6
BAAG Specialist
|
BAAG Specialist
Joined: Apr 2002
Posts: 5,588
Oklahoma, USA
|
If an e-mail is responsible for the infection then it might be a very good idea to get in physical touch with the sender and set up a specific one word code between each other that will be included in the title of the e-mail. Doing this will help you to know if e-mails from this person are real or phony. And don't store the code on the computer, write it down somewhere. And whatever you do, don't tell anyone what the code word is, no matter the reason.
If something gets your goat, it just proves you have a goat to get.
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#905928
08/05/13 09:25 AM
08/05/13 09:25 AM
|
Joined: Nov 1999
Posts: 3,669 New York
Mary
OP
Addicted Boomer
|
OP
Addicted Boomer
Joined: Nov 1999
Posts: 3,669
New York
|
Homer, Luckily, the person who inadvertently spread this virus to me is a person who I no longer work with nor have any other kind of relationship with, so anything coming my way from her will be automatically deleted by me.
The answer is....chocolate! Who cares what the question is.....
|
|
|
Re: I think I got a trojan virus
[Re: Draclvr]
#906075
08/06/13 01:15 AM
08/06/13 01:15 AM
|
Joined: Jan 2007
Posts: 1,525
oldmariner
Addicted Boomer
|
Addicted Boomer
Joined: Jan 2007
Posts: 1,525
|
Yes, Gil, I too was simply shocked.. shocked I say! I can't tell you how many people I've helped get their Facebook accounts back from hackers. Usually a simple change of password does it, but in her case the hacker actually got into her Hotmail account and trashed it plus was carrying on Facebook conversations with other family members. It was very creepy.
Mary, there are a gazillion variations of this virus, so it's pointless to look for a specific one. It's been around for several years. What happens is hackers use brute force tools to scan accounts for passwords. unfortunately many people use the same password for Facebook and their e-mail. Once they get into your e-mail they use that address to send out piles of spam. Of course they have access to your address book as well. Forwarding nasty stuff to everybody you know. As Drac said changing the password in your Facebook is the easiest way to shut them out. A problem arises when the theives get into your account they can change your password keeping you out. It is a royal pain but you should use a different password for every account and DO NOT KEEP PASSWORDS ON THE PC. AND NEVER EVER USE A PASSWORD SAVER THOSE INTRUSIVE BROWSERS OFFER, that is askingfor trouble. How easy is it to brute force a password? This password for instance john1422Will take a brute force effort using Offline Fast Attack Scenario (a hacking tool) 29 seconds to find Using the Massive Cracking Array Scenario it would take 0.029 seconds This password JoHn*!4@2!aA!Will take (Offline Fast Attack Scenario hacking tool 1.65 hundred thousand centuries to crack The Massive Cracking Array Scenario tool Will take 1.65 hundred centuries to crack Steve Gibson a security expert has designed a free utility allowing you to design passwords reporting how long it will take using various tools to crack You can create passwords and test them to see how secure they are It is a great tool and of course you use the tool anonymously Here is the tool Password Haystack For those of you who do online transactions of any kind, banking, purchasing etc here is a way to verify the security certificate of the site is legitimate and you are on the right site. This little puppy is worth it's weight in gold. Again this is Gibson at work. There is a long article explain why Mr Gibson built this tool. You simply paste the URL onto his fingerprinter and his site will tell you what the correct certificate id is for that site. You compare that to what your browser reports the certificate id is for that site. He gives you directions how to read the certificate for several browsers. It seems location of the certificate varies between different browsers. Gibson-Certificate Fingerprinting
Last edited by oldmariner; 08/06/13 01:21 AM.
|
|
|
Re: I think I got a trojan virus
[Re: Mary]
#906124
08/06/13 10:14 AM
08/06/13 10:14 AM
|
Joined: Jun 2005
Posts: 20,093 Near St. Louis, MO
Draclvr
Reviews Editor - Hints/Glitches Mod - Site Support
|
Reviews Editor - Hints/Glitches Mod - Site Support
True Blue Boomer
Joined: Jun 2005
Posts: 20,093
Near St. Louis, MO
|
oldmariner, you post is worth its weight in gold! I use Norwegian words with some numbers or characters for passwords and when I plugged a couple of them in to the Password Haystack, they would take several years to hack!
Once again, weeds are my life!
|
|
|
Re: I think I got a trojan virus
[Re: Draclvr]
#906275
08/07/13 12:52 AM
08/07/13 12:52 AM
|
Joined: Apr 2002
Posts: 5,588 Oklahoma, USA
Homer6
BAAG Specialist
|
BAAG Specialist
Joined: Apr 2002
Posts: 5,588
Oklahoma, USA
|
We had to have a twelve character password when I was working, and it had to have a mix of upper and lower case letters, numbers, and any other character we wanted to use. Because of this requirement, the passwords created were the kind that would take years to crack. And some systems we accessed a security fob had to be used, which rotated the pass code every few minutes. All this was a pain, but it did help to keep out the wrong persons.
I do agree with oldmariner to NEVER allow the browser to store/save your password. Keep it written down, it's safer that way.
If something gets your goat, it just proves you have a goat to get.
|
|
|
|
|