PHOTOBUCKET VIRUS ALERT

[Pete44ru]

Please be aware that Photobucket.com has an imbedded virus, as of last night.

If you have pics there, like I do, and try to copy a link for posting a pic, a "Photobucket Support" window will pop-up to alert you to the possibility of a virus, and advise you to click on it to download the cure.

DO NOT DO IT !

SHUT DOWN IMMEDIATELY, AND GET OUT OF DODGE !

AND DO NOT INSTALL THE MALWAREBYTES "CURE", OFFERED.

The cure is the virus, and it's trying to extort $$$ for the mal(bad)ware download.

I would also immediately run a virus scan on my box ASAP I rebooted.

Read about it further here, where I did, on the Ruger Forum:

http://www.rugerforum.com/phpBB/viewtopic.php?t=45851

If your computer gets infected, (edit) DO NOT USE THIS LINK FOR REMOVAL INSTRUCTIONS:

http://www.removal-instructions.com/rem ... s2009.html
.

[Hobie]

Using Firefox, this didn't happen. Have they fixed it?

[w30wcf]

Pete,
THank you for posting. That happened to me yesterday and, fortunately, Norton stopped it.

w30wcf

[J Miller]

I was just on Photobucket yesterday afternoon and it didn't hit me. I'm running Firefox too. However I did get hit by that virus the day before it became public knowledge early last year and it just about totaled this computer. It took us days of working on it to get rid of that stinking virus.

Joe

[SteveR]

Virus 2009, antispyware 2008, 2009 and all of the different variants are one of the worst to get rid from your computer, it exploits windows internet explorer, and can do the same with firefox if already infected. It tries to trick you into buying there software, which of course allows them to steal your credit card and other personal information. Once you click on the close or any part of the window it self installs. The only effective way of not getting infected when it pops up, hit control,alt,del. Then click on application tab, then click on the program name and end from there.

This is a very, very bad one. I only succeeded in removing it from 1 computer, the others had to be reformatted and the os had to be reinstalled.

Firefox seems to help, but do use the add-on WOT, web of trust for Mozilla Firefox browsers, which will show you that the link Pete44ru used to remove the spyware is itself spyware!!

DONT USE THE LINK PETE HAS PROVIDED!!!!

AVG 8.0, Norton, Advanced System Protector, Spybot Seach and Destroy, and Adaware2008 will find most of this Trojan, but if you are already infected you will not be allowed to download any of these, so you will have to do with a different computer, install on the infected machine in safe mode. It takes a while to run scans when infected so expect a few days to get back up and running without formatting and reinstalling the OS.

Steve

[Old Ironsights]

Another problem with this class of Malware is that it makes it almost impossible to close your browser.

Once you get the PopUp the ONLY thing you can do without installing the Malware is to kill the Browser process in the process tree.

Do this with the 3-finger-salute to get into Task Manager, or, keep a nice little utility running i the background called Process Explorer - a freebie from the M$ tech geeks that takes the place of Task Manager and lets you have much more controll over which processes you want to kill.

[Old Time Hunter]

Spybot search & destroy nailed mine before it got in, just denied it.

[Borregos]

Thanks for the heads up

[AJMD429]

This is a very, very bad one. I only succeeded in removing it from 1 computer, the others had to be reformatted and the os had to be reinstalled.

I assume the "built-in" Restore function in Windows also gets corrupted by this malware, right...?

I miss the pre-Windows days where you could EASILY have your ENTIRE system backed up on a hard drive, un-plug it, and go back to your normal drive, then if your normal one got infected, simply replace it with the backup one. I'm guessing it is all the anti-copying stuff Windows has that thwarts such easy backup and restore.

[SteveR]

AJMD429,

Yes, it does reside in the Win Restore feature, when removing you have to turn off system restore, because on reboot the trojan will just reinstall itself.

Also a small program called HijackThis will help to get your browser back under your control, and as OI said, process explorer will show what is supposed to be running and what is not, at which time you can shut down the bad processes and use whatever antispyware-antivirus you are using to clean.

Steve

[gamekeeper]

BTT

[Leverdude]

I'm running Firefox on a Mac & had no issues.
I dont understand these things but my wife says Macs dont get viruses.

[Old Ironsights]

I'm running Firefox on a Mac & had no issues.
I dont understand these things but my wife says Macs dont get viruses.

Not exactly true... it's just that most of the virus-writers are Macaddicts trying to screw with Windoze users...

It's all about economies of scale. There are more PCs than Macs or Linux boxes, so more people can be affected by the viruses/bots... most of which have some sort of financial hook now.

Always target your biggest market.

[marlinman93]

I was there last night and my Norton notified me of an attempt that it had stopped.

[Old Ironsights]

Was just there about 2 hrs ago. Aparantly it's been handled...

I run VERY minimal "active" protection, preferring to accepot or deny every core action manually... but there was no issue today...

[JohndeFresno]

Thanks for warnings and for cures!!!

[Pete44ru]

I think I'm gonna give photobucket at last another day - just to be on the safe side.

I can do w/o posting pics from there for awhile, since I also have a villagephotos account.

.