Coffeehouse Thread

14 posts

win7 antivirus2011 snuck onto my PC

Back to Forum: Coffeehouse
  • SteveRichter

    I don't know. I have windows security essential installed and running. Using IE9. Yet I browsed to a web site via google that had the picture of a flower. Next thing I know "win 7 antivirus 2011" has taken over my PC.  Could not open new tabs in IE9. It replaced ms security essentials. I am running as a user account.  how does it do what it did?  I got rid of it by killing a few processes.  But I have not rebooted since, so probably it is going to start running again. I have Java on the PC and I think I saw something about Java when I clicked on the images in IE9.  I can certainly see why people don't want to run Windows if your PC can be hijacked like that.

  • blowdart

    Java is certainly one possible way in. However if you're running as a non-admin user account it should not have been able to have global affects, even as an admin user account you should have seen the UAC prompt.

  • beerinbelgi​um

    Java is certainly one possible way in.


    Not without a p12 cert. You have to jarsign it. It would have asked him if he trusts the signer first.

    Generic Forum Image

    If they jarsign it, you can track it down to the publisher through the certificate authority.

    The Java JRE has the same root certificates as IE and Windows.

  • blowdart

    @beerinbelgium:Or you use one of the common java exploits to get past that anyway. Or use an old version of flash, or Reader, or a myriad of other browser plugins. Heck Adobe plugins are now being more commonly targeted than browsers themselves.

  • JoshRoss

    Post the flower link and let's see if it can screw-up beer's computer.

    -Josh

  • beerinbelgi​um

    @JoshRoss: I'll get on the Mac, lets see if it can screw that up.

  • W3bbo

    , JoshRoss wrote

    Post the flower link and let's see if it can screw-up beer's computer.

    -Josh

    He uses a Sony Vaio now, running Windows 7.

    Shock horror, I know; but search for his earlier threads, he posted photos.

  • blowdart

    *sigh* Less of the personally directed messages children. I get fed up closing threads when they descend into attacking or deriding individual users.

  • magicalclick

    Can I tryt the link as well. I am kind of interested to see what will happen on my computer.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • blowdart

    , magicalclick wrote

    Can I tryt the link as well. I am kind of interested to see what will happen on my computer.

    Please do not start posting links to possible viruses here. If you want to swap the links use email.

  • SteveRichter

    , magicalclick wrote

    Can I tryt the link as well. I am kind of interested to see what will happen on my computer.

    search google on "lady slipper" That is the name of the flower. Then in "images for lady slipper" I clicked on the first few images. That got the virus on my pc.  I am running win7 ultimate. IE9. firewall was on. microsoft security essentials was running.

    What I don't understand is why IE allows addins or plugins complete access to the PC. Can't there be some kind of tiered level of access that the user can grant the plugin to have?  Even for desktop apps you load on your PC. Make it so the app cannot update the registry, cannot write to a folder outside of the one it is installed in, can't do anything the brings up a UAC prompt, ...

     

  • spivonious

    @SteveRichter: That's how UAC should be working. The worst an app can do without asking for permission first is screw up the user space.

    My mother-in-law got hit with the same program, but she had thought it was her anti-virus so she clicked OK on the UAC prompt. It wasn't too hard to get rid of (boot in safe mode, take the entries out of HKLM\Software\Microsoft\Windows\CurrentVersion\Run\, and remove the executable), but it shows you that UAC can only do so much.

  • magicalclick

    @SteveRichter:thank. If possible. Can you take a screen shot of the Google page and circle the image? I will try those image up, but, I want double check  Ty.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • magicalclick

    I tried top15 results. Doesn't seems anything bad. Maybe you get the virus somewhere else?

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.