ImageShack and Trojans?
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: ImageShack and Trojans?

  1. #1
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564

    ImageShack and Trojans?

    So how many of you out there use ImageShack for your pictures?


    Free image hosting is becoming more and more popular, the ordinary user on the internet finds it handy and useful, after all you only need to upload your image to the host and you can then post the link on a forum so that everyone can see the full image or a thumbnail of the image, this is great if you want to share some photos or post a screenshot of a computer problem that you may be having.

    One of the favourite and easy to use hosts is ImageShack. Of course they have to make their money somehow or they wouldn't be able to provide a free hosting service, but seeing a few ads on the site that is serving the image is a small price to pay and something that I can cope with.

    It's all getting a little more sinister than that now I'm afraid, a good friend and moderator at Computer Trouble reported that, after clicking on a thumbnail from ImageShack that had been posted at the forum, he got a pop up that he couldn't close and was subsequently infected with a couple of trojans. He wasn't the only one either, four other forum members reported problems too.
    http://malwareremoval.com/plog/index.php?blogId=4

    Found this blog on this problem, may not end there with ImageShack as I am sure Putfile and Photobucket are just as susceptible as well?......
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Lawdy, I thought WinAntiVirus2006 and SpyFalcon were using gambling sites primarily. I've removed WinAV from a slew of computers lately. The whois puts them in Kiev. SpyFalcon is another rogue app using the same MO.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    yeah...just had my bros laptop in for service...(my desk at home)

    and it had spywarequake....piece of crap that was very hard to get rid of...

    and various trojans

    from his history...all from gambling sites.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Yeah, interestingly enough, these outfits are using a lot of the same rogue apps. WinAV is registered to a party in the Ukraine, SpyFalcon to a party in the Phillipines. Both apps are using the same binaries (updated of course):

    SecurityToolbar.dll
    atmclk.exe
    dcomcfg.exe
    uninst.exe
    regperf.exe
    appmagr.exe

    Panda's scan pegged all of them as infected. It's ironic to see these binaries in May as SpyFalcon, then again in July as WinAV.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Spyware quake used these two that I recognize


    dcomcfg.exe

    atmclk.exe
    Used Trend Micro house call to finally get rid of it...avast found it ..but couldnt do anything "Access denied"


    Stupid thing would pop up everytime you reboot...."you are infected..blah blah blah click here to remove" which took you to a website...to buy a removal tool....

    you couldnt get rid of the window either...without clicking on it...

    Never did find where the piece of crap was hiding....on start up would recreate the files in system 32 directory....

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    I remove the stuff manually. First I let Panda's scan find the stuff, then I make a list and reboot into Safe Mode w/ Command Prompt. Then I use Ye Olde "del" command.

    Panda will turn up some .tmp files as infected if I'm not mistaken. The last WinAV infection I worked had a rogue .tmp in C:\Windows\system32\1024 folder.

    You might also run Ccleaner to clean out all the standard temp folders. Then after manually removing the offending files, use Ccleaner's Issues option to clean up the empty registry entries for those same files.

    Does the trick for me. I can get rid of WinAV in a half-hour or less without waiting out a series of scans.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Yeah...had that 1024 folder too

    Thanks for the tips...Brokencrow

    will use those the next time.

    as for image shack... and other sites along the same flavor.........I am pretty sure thats how my kids computer gets infected ...continually.

    Limited accounts too


    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #8
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    He-heh, I learned most of what I know about viruses and spyware working on my nephew's computers and my friends' teenage sons' machines. Told my sister once if my nephew was having sex anything like the way he uses a computer, he's in trouble.

    “Everybody is ignorant, only on different subjects.” — Will Rogers

  9. #9
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    So is it coming through with the images....?????

    Or is the site doing this???

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #10
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    I'm not sure. My sense is it's often coming in bundled with other software, but that doesn't jibe with dalek's post.

    I'd lay money it's an IE/ActiveX thing...
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •