I smell fodder for a million people's excuses for having porn on their PCs.

submitter: diasbling

oh, bartholomeu, you wacky man. i hope you wore a cape, and i bet it was pirated bling

Kublai Khan: I smell fodder for a million people's excuses for having porn on their PCs.

Haha....I just hope The Mrs. doesn't get into hacking and figure out that 3gb is a bit large for a .txt file (but is perfectly reasonable for a TrueCrypt volume)

I want my 2 mins back
what a waste of a web page

I have a fix for this hack
and it works on all broswers including those that dont exist yet
but wont print it here because bush asked me not to

/idiots

Kublai Khan: I smell fodder for a million people's excuses for having porn on their PCs.

Popup ads got me out of many a sticky situation with my parents.

codewerdna:
Popup ads got me out of many a sticky situation with my parents.
I see what you did there.

Clickroll?

Holy crap, that sounds terrible! I'd better click on that link to the article explaining it right now!

Transparent GIF overlaid on the entire screen, with a link?

This sounds like a Flash problem if Adobe is involved.

Link without exploit (new window)

Link with exploit (new window)

Kublai Khan: I smell fodder for a million people's excuses for having porn on their PCs.

You mean there are people with only a million pieces of porn on their PC? They're not working hard enough at it!

/TFA pic is great

click here for more information on this issue.

yur frend,

mister advertiser

As a network and systems security person, let me be the first to say: HAH! More $ for us. F u, f u, f u, you're cool, f u I'm out...

What a waste of my time.

Of much more import is the fact that I have discovered a new disease! It affects all people, you cannot protect against it with normal means, and nobody knows how to stop it!
I am going to refrain however from describing it in any way. I won't tell you if it's a bacteria or virus or whatnot, nor will I say what symptoms it has or give you any description whatsoever that could possibly be used to verify that it exists.

/I also have a tiger repelling rock to sell you.
//Oh and I represent God as well.

Sounds like a flash problem. The flash clipboard hijacking bug still isn't fixed.

My broswer is diasbled. I ma aslo lysdexic.

/mubsitter needs a carsh coruse in speelchekcing.

Aeonite: Link without exploit (new window)

Link with exploit (new window)

We're doomed. DOOMED.

ZAZ: Transparent GIF overlaid on the entire screen, with a link?

No no no, it's a transparent CSS layer.

"diasbling Javascript"
I can't "diasble" Javascript anyway...I've tried once, but it said no.

And that browser is called 4chan.

who cares? sometimes it sends me to a hotter pron site

aznoohwee: Sounds like a flash problem. The flash clipboard hijacking bug still isn't fixed.

It's not flash, it's just that Adobe Reader borrows some things from other web browsers and the affect on PDFs could be pretty bad because of what they're usually used for in business--think information sensitivity.

My broswer makes mmy keybord stubid

Wait! I've done it! I figured out this force-click exploit!

<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.IJackYourClick.com/haha!.html">

Now... nobody would be dumb enough to put that in this thread with HTML enabled would they?

/Does it actually need to be in the <head> though?

Http redirect? A retarded monkey could do that, and you'd break thousands of websites if you disabled the functionality.

Yes. This is a flash problem and the fix has already been put out. You can find it here. (new window)

That sounded like a terrorist alert message.

"We know there out there, but we aren't sure where. Anyway, we've been instructed not to tell you even if we did know where they were".

aznoohwee: Sounds like a flash problem. The flash clipboard hijacking bug still isn't fixed.

Looks like you could be right, This article (new window) goes into a little more detail

Currently I have something called 'Virtumonde' (shows up in scans as Virtumonde.dll) farking up my computer; causes pop-ups of all sorts of shiat in both my IE and Firefox browsers and reduces the security to zero and accepts even more popupcrap crap. Spybot Search and Destroy does nothing, only detects the thing. It keeps changing my registry keys and affects my rundll32 whatever that is.

Anybody know how to get rid of it? Should I just reformat?

Game over man. Game over.

Aeonite: Link without exploit (new window)

Link with exploit (new window)

Now who didn't see this coming..... anyone..... anyone?

tuxq: It's not flash, it's Adobe Reader...

It's a browser exploit. RTFA.

If anything, my guess is that it involves Flash because of the implications to Adobe.

<b>KipperM<b>
Read here:
http://www.bleepingcomputer.com/malware-removal/remove-vundo-virtumonde

Use these:
http://www.atribune.org/ccount/click.php?id=4
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

/No clicky-poppy for you!

There are plenty of sites out there that, when you click anywhere on the page, will spawn a popup even if you have Adblock and Noscript installed. I consider this to be an exploit as well, since the sites are intentionally bypassing security software.

LtDarkstar: Now who didn't see this coming..... anyone..... anyone?

I saw it, clicked it, and enjoyed it.

KipperM: Currently I have something called 'Virtumonde' (shows up in scans as Virtumonde.dll) farking up my computer; causes pop-ups of all sorts of shiat in both my IE and Firefox browsers and reduces the security to zero and accepts even more popupcrap crap. Spybot Search and Destroy does nothing, only detects the thing. It keeps changing my registry keys and affects my rundll32 whatever that is.

Anybody know how to get rid of it? Should I just reformat?

rundll32.exe is what the malware is using to attach the DLLs to explorer.exe process.

The easiest way to get rid of it is by mounting the hard drive on another computer (external or internal) and running a good virus scan on it. Since the files are not in use, its easy to remove them.

There's one little kink in that, you have to go into IE and possibly even Firefox and make sure that it's not using a proxy server. I've had one disinfected and there was a proxy server used that loaded it right back onto it.

The easiest way to get rid of it (and quickest) is to backup your data and format + reinstall Windows.

Aeonite: Link without exploit (new window)

Link with exploit (new window)

Stephen Hawking (new window) discussed that very issue recently.

KipperM: Currently I have something called 'Virtumonde' (shows up in scans as Virtumonde.dll) farking up my computer; causes pop-ups of all sorts of shiat in both my IE and Firefox browsers and reduces the security to zero and accepts even more popupcrap crap. Spybot Search and Destroy does nothing, only detects the thing. It keeps changing my registry keys and affects my rundll32 whatever that is.


Anybody know how to get rid of it? Should I just reformat?

You try to look it up online? There may be a bunch of files you need to delete to get rid of it

Link (new window) This should help ya.

semiotix: Holy crap, that sounds terrible! I'd better click on that link to the article explaining it right now, and fast!

FIFY

nandaiyo: tuxq: It's not flash, it's Adobe Reader...

It's a browser exploit. RTFA.

If anything, my guess is that it involves Flash because of the implications to Adobe.

You didn't really get what I was saying. I was saying that Adobe was upset because it affected the web components of Acrobat and some other software.

I am also a browser agnostic. Browsers may exist, but I don't believe it's possible to ever know for sure...

moralpanic: This sounds like a Flash problem if Adobe is involved.

i think i know what they're are talking about, its probably an old trick. well ever since Macromedia i mean adobe made flash transparent.You can make flash cover the whole page and pop up over other elements.

Hell you could just set width and height to 0 then just put a timer and get url. wa la

really you can make the page redirect anytime you want too.

cough black hat seo cough. but google can read flash files now so its sort of pointless for that purpose. well maybe not i think you can load the links dynamically and still not get them indexed.

The easiest way to get rid of it (and quickest) is to backup your data and format + reinstall Windows.

Nuking the site from orbit is the only way to be sure.

KipperM: Currently I have something called 'Virtumonde' (shows up in scans as Virtumonde.dll) farking up my computer; causes pop-ups of all sorts of shiat in both my IE and Firefox browsers and reduces the security to zero and accepts even more popupcrap crap. Spybot Search and Destroy does nothing, only detects the thing. It keeps changing my registry keys and affects my rundll32 whatever that is.

Anybody know how to get rid of it? Should I just reformat?

A) You should use a reasonable browser such as not to get that kind of crap... Like Opera, or FF with noscript and ad block plus.

B) To get rid of it I would use Spybot S&D.

codewerdna: Kublai Khan: I smell fodder for a million people's excuses for having porn on their PCs.

Popup ads got me out of many a sticky situation with my parents.

eww...

also there is a way to bypass the block pop up feature in browsers.

magtec: codewerdna: Kublai Khan: I smell fodder for a million people's excuses for having porn on their PCs.

Popup ads got me out of many a sticky situation with my parents.

eww...

:D

Quantumbunny: KipperM: Currently I have something called 'Virtumonde' (shows up in scans as Virtumonde.dll) farking up my computer; causes pop-ups of all sorts of shiat in both my IE and Firefox browsers and reduces the security to zero and accepts even more popupcrap crap. Spybot Search and Destroy does nothing, only detects the thing. It keeps changing my registry keys and affects my rundll32 whatever that is.

Anybody know how to get rid of it? Should I just reformat?

A) You should use a reasonable browser such as not to get that kind of crap... Like Opera, or FF with noscript and ad block plus.

B) To get rid of it I would use Spybot S&D.

You fail at reading comprehension

KipperM: Vundo (aka Virtumonde) infects victims' computers by exploiting a vulnerability in Sun Java 1.5.0_7 (aka Version 5.0 release 7),[1] and earlier versions. Many of the popups advertise programs including (but not limited to) Sysprotect, Storage Protector, AntiSpyware Master, and WinFixer. It attaches to the system using bogus Browser Helper Objects and DLL files attached to Winlogon and Explorer.exe.
As the virus is resident in memory and attached to Explorer.Exe and Winlogon, they must be stopped before trying to remove the virus. Without Winlogon, there is no way to reboot the pc, so a forced reboot is needed, as when Winlogon re-starts, the virus files are recreated. Internet Explorer, Mozilla Firefox, and Opera are affected by this trojan, but Apple Safari seems to be unaffected by the Trojan's .dll file. The trojan's DLL files are named with eight random upper- and lower-case characters and stored in the Windows system32 directory. Many virus removal programs will remove some of the trojan-created hidden files but not the actual running DLL. The DLL cannot be removed by conventional means because the file is in use as soon as Winlogon starts. However, utilities (such as Zap and Dr. Delete) exist that will delete files that are in use. If some but not all of the trojan's files are removed, it will make a new DLL with a different random name.

/wikipedia