Affiliate.Download

Gnosis

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
Earlier today I was infected with what MBAM referred to as "Affiliate.Download". I thought it was a false positive at first. I ran HitMan Pro and it found nothing. Ran DDS and saw nothing out of the ordinary. I ran Dr. Web and it found 3 things as well (forget what they were named). I then ran GMER and it said that it had detected system changes that could be rootkit activity and asked if I wanted a full scan. I opted for a full scan and it found 4 line items that were presented as 4 and 5 digit numbers. They were highlighted red. I started to kill them but MBAM has a quarantine so I ran MBAM instead. MBAM cured it after a reboot. I turned off system restore and ran MBAM again in safe mode. I ran GMER again and all appeared normal.

I had been utilizing Bing and I was looking at celebrity pictures. I clicked on one of Kim Kardashian. When the page opened I saw the classic rogue look of a fake "My Computer" window. I tried to ALT+F4 to exit the page but I was not able. By that time one of those "Binary File" windows popped up wanting to entice me to download fake anti-malware tools for malware that obviously did not exist. At that point, which was within seconds of opening the page, I opened Process Hacker and terminated Firefox with it.

At one point before I ran MBAM, ThreatFire detected a "hidden threat" process. I clicked for the details before I disallowed it. The detailed window showed very odd, random characters.

The whole time I was running scans there were no svchost.exe cpu spikes.
 
R

Ramblin

Level 3
May 14, 2011
1,014
ZOU1 said:
I had been utilizing Bing and I was looking at celebrity pictures. I clicked on one of Kim Kardashian. When the page opened I saw the classic rogue look of a fake "My Computer" window. I tried to ALT+F4 to exit the page but I was not able. By that time one of those "Binary File" windows popped up wanting to entice me to download fake anti-malware tools for malware that obviously did not exist. At that point, which was within seconds of opening the page, I opened Process Hacker and terminated Firefox with it.
Click to expand...
It would have been so much easier for you if you had been running your browser under Sandboxies protection, deleting the contents of the sandbox would a taken care of the rogue and the infection.

Even better, if you had been running a restricted sandbox where only your browser can run, the rogue would have been blocked from starting/running. You could have clicked the infected picture and nothing would have happened. In other words, you would a missed the fun of watching "the classic rogue look of a fake "My Computer" window".

SBIE only helps you if you use it all the time. Using SBIE for only certain sites or files is not enough. I remember you mentioned on another thread that you are using SBIE, use it.:)

Bo
 
You must log in or register to reply here.

Similar threads

A
Iphone randomly opened Safari to Loyalty Amazon Program Scam
Replies
0
Views
566
Mobile Malware Removal Help & Support
ashv
A
simmerskool
    • Like
    • Applause
  • Solved
Solved Apple Mac Mini (circa 2018) black screen and cold
Replies
3
Views
795
Hardware Troubleshooting
Bot
Bot
clownsec
Iphone randomly opened Safari to Loyalty Amazon Program Scam
Replies
0
Views
347
Mobile Malware Removal Help & Support
clownsec
clownsec

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top