Coffeehouse Thread

14 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

win7 antivirus2011 snuck onto my PC

Back to Forum: Coffeehouse
  • User profile image
    SteveRichter

    I don't know. I have windows security essential installed and running. Using IE9. Yet I browsed to a web site via google that had the picture of a flower. Next thing I know "win 7 antivirus 2011" has taken over my PC.  Could not open new tabs in IE9. It replaced ms security essentials. I am running as a user account.  how does it do what it did?  I got rid of it by killing a few processes.  But I have not rebooted since, so probably it is going to start running again. I have Java on the PC and I think I saw something about Java when I clicked on the images in IE9.  I can certainly see why people don't want to run Windows if your PC can be hijacked like that.

  • User profile image
    blowdart

    Java is certainly one possible way in. However if you're running as a non-admin user account it should not have been able to have global affects, even as an admin user account you should have seen the UAC prompt.

  • User profile image
    beerinbelgi​um

    Java is certainly one possible way in.


    Not without a p12 cert. You have to jarsign it. It would have asked him if he trusts the signer first.

    Generic Forum Image

    If they jarsign it, you can track it down to the publisher through the certificate authority.

    The Java JRE has the same root certificates as IE and Windows.

  • User profile image
    blowdart

    @beerinbelgium:Or you use one of the common java exploits to get past that anyway. Or use an old version of flash, or Reader, or a myriad of other browser plugins. Heck Adobe plugins are now being more commonly targeted than browsers themselves.

  • User profile image
    JoshRoss

    Post the flower link and let's see if it can screw-up beer's computer.

    -Josh

  • User profile image
    beerinbelgi​um

    @JoshRoss: I'll get on the Mac, lets see if it can screw that up.

  • User profile image
    W3bbo

    , JoshRoss wrote

    Post the flower link and let's see if it can screw-up beer's computer.

    -Josh

    He uses a Sony Vaio now, running Windows 7.

    Shock horror, I know; but search for his earlier threads, he posted photos.

  • User profile image
    blowdart

    *sigh* Less of the personally directed messages children. I get fed up closing threads when they descend into attacking or deriding individual users.

  • User profile image
    magicalclick

    Can I tryt the link as well. I am kind of interested to see what will happen on my computer.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    blowdart

    , magicalclick wrote

    Can I tryt the link as well. I am kind of interested to see what will happen on my computer.

    Please do not start posting links to possible viruses here. If you want to swap the links use email.

  • User profile image
    SteveRichter

    , magicalclick wrote

    Can I tryt the link as well. I am kind of interested to see what will happen on my computer.

    search google on "lady slipper" That is the name of the flower. Then in "images for lady slipper" I clicked on the first few images. That got the virus on my pc.  I am running win7 ultimate. IE9. firewall was on. microsoft security essentials was running.

    What I don't understand is why IE allows addins or plugins complete access to the PC. Can't there be some kind of tiered level of access that the user can grant the plugin to have?  Even for desktop apps you load on your PC. Make it so the app cannot update the registry, cannot write to a folder outside of the one it is installed in, can't do anything the brings up a UAC prompt, ...

     

  • User profile image
    spivonious

    @SteveRichter: That's how UAC should be working. The worst an app can do without asking for permission first is screw up the user space.

    My mother-in-law got hit with the same program, but she had thought it was her anti-virus so she clicked OK on the UAC prompt. It wasn't too hard to get rid of (boot in safe mode, take the entries out of HKLM\Software\Microsoft\Windows\CurrentVersion\Run\, and remove the executable), but it shows you that UAC can only do so much.

  • User profile image
    magicalclick

    @SteveRichter:thank. If possible. Can you take a screen shot of the Google page and circle the image? I will try those image up, but, I want double check  Ty.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    magicalclick

    I tried top15 results. Doesn't seems anything bad. Maybe you get the virus somewhere else?

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.