Page 1 of 1

Post here if you think your computer is affected by the hack

Posted: Thu 15 Oct 2009 17:54
by admin
If you think your computer is affected by the hack (which sometimes displayed fake antivirus messages while visiting LNE during the last few weeks), then please post about it here.

Re: Post here if you think your computer is affected by the hack

Posted: Thu 15 Oct 2009 18:59
by Claudia
Raising my hand.

I received the phony pop up antivirus message, looking like it was from Microsoft, claiming I had a virus. I knew it was probably suspect and clicked out of it, but I still think it has affected my computer.

Here's some of the wacky things that have happened:

- when I'd click on LNE from my history cache of sites visited, instead of linking to LNE I'd be sent to various sites I'd never visited before, often related to music/bands.

- I'd also get random various advertising pop ups even though I have these blocked.

- my legitimate security program (McAfee) was regularly disabled and I'd get an error message when I'd run their "Fix" program.

- weirdest of all, I was reading a fashion/style related blog a couple of days ago and when I clicked on the "comments" link and got the comments page, at the top of these comments was a yellow highlighted, large bold face block of text, which contained the exact wording of a Lyme related Google search I had done at least a week before. I closed out of the blog and then went back to it and this block of text appeared again.

Re: Post here if you think your computer is affected by the hack

Posted: Sun 18 Oct 2009 23:05
by admin
Do you still have these problems, Claudia?

The following video shows what kind of fake malware messages appeared sometimes when visiting LNE a few weeks ago: http://www.youtube.com/watch?v=wjiP0XLcpgg

I have also seen those messages, but I closed the windows (not by clicking fake cancel buttons, but by forcefully closing the windows) and so didn't install anything.

That video also demonstrates what happens when you download and run a program (Total Security 2009, and perhaps other names), and then you are really ****ed.

The video is created by malwarehelp.org, which seems a legitimate site. On the youtube video page they link to http://www.malwarehelp.org/total-securi ... -2009.html which contains instructions on how to remove this rogue security software:
Total Security 2009/System Security Removal (How to remove Total Security 2009/System Security)

The free versions of MalwareBytes’s Anti-Malware and SuperAntiSpyware appear to remove this rogue security software in Windows safe mode.

1. Download and Install either MalwareBytes’s Anti-Malware or SuperAntiSpyware from the links above.
2. Also download CCleaner.
3. Boot in to Windows Safe mode.
4. Click to scan with your chosen software. Check mark all instances of the rogue security software and delete them.
5. Turn System Restore off and on.
6. Install, scan and clean the temporary files with CCleaner.

You should now be clean of this rogue.
Check source for links and more info. Following the instructions is on your own risk. I don't guarantee that it works and that malwarehelp.org is a legitimate site. (yes, there are also fake helper site out there, that pretend they can help you removing rogue software).

Re: Post here if you think your computer is affected by the hack

Posted: Mon 19 Oct 2009 18:07
by Claudia
Thank you for the info Martian.

I still have the occasional advertising pop-up, and the disabling of some of my security features. This may not be related to the LNE hack.
I have also seen those messages, but I closed the windows (not by clicking fake cancel buttons, but by forcefully closing the windows) and so didn't install anything.
What do you mean by forcefully closing the windows? I didn't click on the fake cancel button, but on the upper right hand corner "X" to close the message box. Was that not the way to close out?

Re: Post here if you think your computer is affected by the hack

Posted: Mon 19 Oct 2009 23:13
by admin
Claudia wrote:What do you mean by forcefully closing the windows? I didn't click on the fake cancel button, but on the upper right hand corner "X" to close the message box. Was that not the way to close out?
Yes, clicking the "X" seemed to be sufficient, but you needed to close windows 2 or 3 times (due to new windows popping up) and then it was gone. I think that's always better than clicking potentially fake "cancel" buttons.

What I did later, was pressing CTRL+ALT+DELETE and then finish the process that belongs to the browser (e.g. iexplorer.exe or firefox.exe). Then no new windows appeared.

Re: Post here if you think your computer is affected by the hack

Posted: Tue 20 Oct 2009 0:35
by Fin24
here is a new thing

I dont think I was directly affected--I did not get the virus messages. My son had recently installed AVIRA software so maybe that protected me. BUT as of today this happened several times:

when leaving this website I cant get it to close. I click the "X" and it tries to close and never does. If instead, I type something else into the url and hit "enter", it will try to get to the new url but cant

this website's window is still there and the little circle that runs around showing me its "working on it" remains--as if the machine is "thinking" and cant quite get there

I use google chrome as a browser, which is fine for all other sites and even this one before today.

To finally get it closed I had to exit the browser. This happened with many windows open and again just before, with only one window open--this one.

I popped back here to post this in case you have any idea whats happening, now.or if this may be part of the old problems?

thanks

Re: Post here if you think your computer is affected by the hack

Posted: Wed 28 Oct 2009 16:03
by admin
Fin24 wrote:I popped back here to post this in case you have any idea whats happening, now.or if this may be part of the old problems?
I don't know, but you are the only one who reported such problems.

In my experience LNE works fine again, in fact probably faster than before. And all looks normal.

Re: Post here if you think your computer is affected by the hack

Posted: Wed 28 Oct 2009 17:19
by Fin24
after 2 days problem resolved itself--so it was most likely the browser/my PC

thank you! :)