Go Back   Steve's Digicams Forums > Misc Forums > Computers and Operating Systems

Reply
 
Thread Tools Search this Thread
Old Apr 7, 2011, 9:19 PM   #21
Senior Member
 
VTphotog's Avatar
 
Join Date: Mar 2005
Location: Extreme Northeastern Vermont, USA
Posts: 4,212
Default

Well, I am disappointed, in that, checking for previous versions in win7, there are none shown. Fortunately, FF4 is working fine for me. Still, if is wasn't, I have retained the installation file for 3.6.12, which I downloaded some time ago. I generally keep the d/l files for software, rather than installing from the web. Habit, I guess, but it also allows me to run an AV check on it before it install. I do need to be better at dumping older versions, though, as they tend to use up disk space.

brian
VTphotog is offline   Reply With Quote
Old Apr 7, 2011, 11:01 PM   #22
Senior Member
 
Join Date: Nov 2010
Location: Belize & UK
Posts: 463
Default

3.5.2 was the latest prior to 4.0 that I could find on the internet. I haven't got time to mess around trying to get 4.0 to work.
__________________
Canon 5D & 7D (both gripped), 24-105L, 100-400L, EF-S 15-85, 50 f1.8, Tamron 28-75, Sigma 12-24, G10, A1+10 FD lenses, tripods, lights etc
peterbj7 is offline   Reply With Quote
Old Apr 8, 2011, 6:07 AM   #23
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

Quote:
Originally Posted by VTphotog View Post
Well, I am disappointed, in that, checking for previous versions in win7, there are none shown.
That's because they've never had a Win 7 specific version. ;-)

With Firefox, you just use the Win32 version for 32 or 64 bit XP, Vista or Win 7 (the same Windows program version runs on all 3 operating systems).

Now, Mozilla does offer both 32 bit and 64 bit versions of Firefox for Linux.

But, they've never offered a 64 bit version for Windows. They've only offered 32 bit versions so far for Windows (and that's really all that's needed for a browser).
JimC is offline   Reply With Quote
Old Jun 19, 2011, 3:00 PM   #24
Senior Member
 
Stevekin's Avatar
 
Join Date: Jun 2004
Posts: 1,611
Default

Quote:
Originally Posted by Herb View Post
Has anybody else been plagued by a program that pops up when viewing Google images?

I was searching for images of various sorts of plants & trees & suddenly an alarming-sounding display appeared on thje screen - and took over. It purported to have some connection with Microsoft. It announced that my computer had viruses & trojans and that it would now scan my computer - and then it appeared to be doing something.

I noticed that the URL was antispyware dot something and there was an invitation to download a .exe file called BestAntivirus2011 (which I certainly did NOT want to do.) Trying to close the displayed page didn't work - it just kept going, so I unplugged the computer, reformatted the hard drive, & re-installed Windows.

A day or two later it all happened again. The intrusion was so infuriating that

I not only wiped the hard drive yet again and reinstalled Windows, but I've kept the computer (it is my main one)
disconnected from the Internet.

The same happened again then happened with my spare computer. However, because I want to use the Internet I've re-programmed the spare computer with Ubuntu 10.10. So far, it seems that Ubuntu isn't being attacked. I used Ubuntu to send this.

Thoughts anybody?

Very late to the party, but the above sounds suspiciously similar to a problem I encountered some time back. Not the fake anti-virus in my case, but my browser would keep being hijacked and any Google search would redirect to some other search engine & results.
I too formatted my hard drive, twice. Still the same.
Got one anti spyware forum completely flummoxed with my problem !
Then on yet more researching, found that modems can actually be 'hijacked'. I use a wireless connection and although it seems modems can be prone to this kind of attack, routers were not believed to be at risk.
But......in exasperation, I reset my router (not just reboot) and cleared all settings from it. Basically restored to factory defaults. Then set it up for connection again and the result was no more browser hijacking !

So if you are still having an issue with this, simply reset the router and start again. Worked for me, may work for you :-)

And the best thing...it's free and doesn't take but a few minutes :-)
Stevekin is offline   Reply With Quote
Old Jun 19, 2011, 3:41 PM   #25
Senior Member
 
VTphotog's Avatar
 
Join Date: Mar 2005
Location: Extreme Northeastern Vermont, USA
Posts: 4,212
Default

I have seen a few instances recently of the Blackhole exploit, which redirects and installs malware, which sounds similar. My antivirus has blocked it several times, and before that, I noticed a couple instances of Firefox giving me a redirect warning.

brian
VTphotog is offline   Reply With Quote
Old Jun 19, 2011, 3:59 PM   #26
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

That's interesting (going to a different search engine when you want google.com).

If your Windows install wasn't compromised, then something could have modified your router's DNS Server IP Addresses and pointed you to a DNS server being run by criminals causing your problem. You'll find a setup screen in your router for the IP addresses of the DNS servers it uses by default.

That would be a pretty good way to redirect users to sites of their choosing (use a "tainted" DNS server that points you to a different search engine's IP address when you type in google.com). :-)

Of course, having a DNS server in the middle pointing you to fake banking sites and more to steal your usernames and passwords as you type them in would be another good way to create havoc and make money. Hmmmm... it could be that someone is doing that now.

Yea... you do see router's being compromised from time to time by malware. Here's a post i made in another forum not too long ago when I saw a thread where someone was suspecting that kind of thing (so it wouldn't surprise me that criminals are more creative with how they use a router they've hacked into now).

http://forum.whatismyip.com/f27/rout...t1394#post6190

Just use strong passwords and keep access from the WAN side turned off. If it's a wireless router, use something other than the default SSID, setup WPA2 (not WEP) security, and use strong passwords.

Many users never bother to change their router setup from factory defaults and so their routers are easily compromised.

IOW, do more than this:

Quote:
But......in exasperation, I reset my router (not just reboot) and cleared all settings from it. Basically restored to factory defaults. Then set it up for connection again and the result was no more browser hijacking !

So if you are still having an issue with this, simply reset the router and start again. Worked for me, may work for you :-)

And the best thing...it's free and doesn't take but a few minutes :-)
Otherwise (you reset it to factory defaults and leave it that way), you're just leaving yourself open to attacks from both real people and botnets looking for vulnerable routers that users have never bother changing from factory defaults.

Heck, I can see more than one wireless router in my neighborhood that's still set to factory defaults (default SSID, no security, and probably still using the default passwords).

Not me. I keep mine "locked down" pretty tight anymore using WPA2 with very strong (not dictionary words) passwords (both for wireless access, and for the router admin password), and keep admin access from the WAN side disabled.

I've seen kids in the neighborhood break into my wireless router before when I was using nothing but WEP (which is simple to break). Using a "white list" of allowed MAC addresses is a waste of time, too (I had my router setup that way and they spoofed the MAC addresses). I use stronger security at home now.

Kids are smarter than you give them credit for, and I sure don't want the FBI knocking on my door because someone used my home network to launch a DOS attack against a site somewhere (and your router's IP address is traceable to your home address); or used my network for for illegal musc or movie file downloads; or kiddy porn, etc.

You get the idea... if someone breaks into and uses your network, the IP address will be traced back to you. So, I'd suggest setting up strong security to help prevent unwanted access to your router.
JimC is offline   Reply With Quote
Old Jun 19, 2011, 4:32 PM   #27
Senior Member
 
Stevekin's Avatar
 
Join Date: Jun 2004
Posts: 1,611
Default

Quote:
Originally Posted by JimC View Post
[Snip]

IOW, do more than this:

Quote:
But......in exasperation, I reset my router (not just reboot) and cleared all settings from it. Basically restored to factory defaults. Then set it up for connection again and the result was no more browser hijacking !

So if you are still having an issue with this, simply reset the router and start again. Worked for me, may work for you :-)

And the best thing...it's free and doesn't take but a few minutes :-)

Otherwise (you reset it to factory defaults and leave it that way), you're just leaving yourself open to attacks from both real people and botnets looking for vulnerable routers that users have never bother changing from factory defaults.

Heck, I can see more than one wireless router in my neighborhood that's still set to factory defaults (default SSID, no security, and probably still using the default passwords).
Sorry Jim, I should have expanded on "Then set it up for connection again". I didn't reset to factory defaults and leave it that way, of course I set up a secure connection :-)
I too see a couple of unsecured connections in my vicinity.
This happened to me a year or so ago.

The fact the OP has formatted his hard drives several times and still had the problem suggested, to me, that the problem lies with the router/modem :-)
Stevekin is offline   Reply With Quote
Old Jun 19, 2011, 5:37 PM   #28
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

I see that kind of thing on a regular basis, and just because you see fake scans on screen doesn't mean you're infected by malware (or that your router is infected or redirecting you). A site you visit may be compromised causing it.

For example, here's a screen capture I made last month showing fake scans of windows folders. I was running under Linux (SimplyMEPIS 11), and a site i visited had a redirect exploit on it pointing me to this site:

http://dl.dropbox.com/u/4536228/fakescan2.png

After that fake scan finishes, it will pop up a fake Windows alert like you see in this screen capture I made:

http://dl.dropbox.com/u/4536228/fakescan4.png

If you click on anything, it's going to try and install malware (the actual fake AV scanner software that tries to blackmail you into buying it to "fix" the issues):

http://dl.dropbox.com/u/4536228/fakescan6.png

That's what you don't want (the actual software being installed). It's a good idea to immediately use Ctrl+Alt+Delete to load Task Manager if you see that kind of thing when running Windows. Then, kill your browser (because sometimes, you don't need to click on anything for some of it to take advantage of vulnerabilities and install itself).

In the case of brand new malware, a lot of malware scanners tend to miss it, too.

For example, Avira Antivir would have flagged that fake AV software I saw last month as malware and blocked it's installation if I were running in Windows (I use Avira Antivir Premium when running in Windows).

But, most other products would have missed it. I ran it through both Jotti's Malware Scan and Virustotal.com for testing last month. Results:

http://dl.dropbox.com/u/4536228/fakescan7.png

http://dl.dropbox.com/u/4536228/fakescan8.png

So, just because you're running the latest and great Antivirus Software, don't assume it's going to recognize that kind of software. Also, it's not uncommon for legitimate web sites to be compromised so that they're redirecting you to sites showing fake AV scans to try and get you to download and install the fake AV software.

I saw a wordpress redirect exploit not all that long ago on a legit photography site that redirected all visitors to a site with a fake AV scan on it, and I sent the site owner an e-mail letting him know about it (along with info on the exploit found by web page analysis scanners). Hackers usually take advantage of unpatched SQL injection vulnerabilities to plant the exploits on legit sites.

Millions of legit web sites are now compromised. I think the Security industry is now calling it "Liza Moon" (naming the attacks long after you started seeing that kind of thing where malware writers planted code on legit sites to redirect users to sites hosting fake AV scanners).

Fun.
JimC is offline   Reply With Quote
Old Jun 19, 2011, 5:44 PM   #29
Senior Member
 
Join Date: Nov 2010
Location: Belize & UK
Posts: 463
Default

The above is a known virus. I know people who've had it, and it resulted from letting your guard down.

There's only one way to keep your computer virus-free. Vigilance. Get good anti-malware software that updates itself in real time, and scan your entire system once a week for anything that might have slipped in through the cracks. Never connect your computer to a suspect source, be it a network, a flash drive, or another hard drive. And use a good VPN to keep your internet communications secret, so people don't track them to your machine.

If you ever get a virus something is seriously wrong and you need to analyses your system to find out how it got on. If you get it twice then simply you didn't find and block the route it used last time. Via email is now a very common route.

And this now also applies to Macs.

I suggest you go to the websites of reputable anti-malware software producers regularly to keep abreast of current threats. I use Bullguard (on Windows) and Sophos (on Mac) and AFAIK haven't had a virus in several years.
__________________
Canon 5D & 7D (both gripped), 24-105L, 100-400L, EF-S 15-85, 50 f1.8, Tamron 28-75, Sigma 12-24, G10, A1+10 FD lenses, tripods, lights etc
peterbj7 is offline   Reply With Quote
Old Jun 19, 2011, 6:07 PM   #30
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

None of them are very good at flagging new strains of malware. That was one point I was trying to make about that one. Note this report (where I uploaded the fake Antivirus malware I saw to Jotti's so that it would be scanned by lots of different AV products). They checked it using 17 different scanners, and only Avira Antivir flagged it as malware:

http://virusscan.jotti.org/en/scanre...6245b6100648af

Only two out of 42 scanners used by virustotal.com flagged it as malware when I uploaded it to them:

http://www.virustotal.com/file-scan/...325-1305653525

If you look at tests of previously unknown malware at sites like http://www.av-comparatives.org , none of them flag more than about 60% of it as being malware, even when heuristics are set to their highest settings. See this report:

http://www.av-comparatives.org/image...ro_may2011.pdf

One problem is that the AV companies are now seeing in excess of 60,000 new malware strains per day, every day. So, they just can't keep up with it.

Basically, malware is being designed to constantly mutate just enough to fool the scanners (by using sophisticated self encryption techniques and morphing constantly with different names, sizes, behavior, files being infected, etc.). So, even though fake AV scanners are a well known problem now, thousands of new strains are constantly showing up and none of the scanners are very good at catching most of it.

Fun.
JimC is offline   Reply With Quote
 
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -5. The time now is 4:28 PM.