New
#40
I was serious. Usually they are also telling you "verbally" that your computer is infected and you need to call the number right now.
Can you temporarily disable Avira and let RKILL look at the HOSTS file? It's kind of important to see what's in there. Or, you could just look at the HOSTS file yourself. Of course, if Avira is blocking it, then I doubt any changes were made.
Yes, anti-keyloggers are unique birds.
Yes, trovi.com is a known questionable site.
You might want to consider putting OpenDNS server addresses in your NIC's IPv4/IPv6 settings;
IPv4=208.67.222.222 and 208.67.220.220, IPv6=2620:0:ccc::2 and 2620:0:ccd::2
I suppose, there is always the possibility that a script could have grabbed your current login cookie sessions. Unlikely, but it does happen. That's not grabbing your login credentials, just your cookie session, which could theoretically be used to pretend to be "you" in another browser. But, that's not usually what these particular guys are looking for - they want you to call, they then remote into your computer and take control, install rogue "cleaning software" which infects you, then have you pay to get it removed. If you stop mid-stream of their remote session, they are now locking systems using SysKey, so you can't even boot into Windows anymore.
If you're really paranoid, you could change the passwords of whatever you were logged into at the time on the system. Or. you could check recent activity (i.e. gmail and yahoo allow you to do this). For a final "all clear" you can run ESET Online Scanner, checking the option to scan all drives, and scan for PUPS. (detailed instructions here)
Could have been a hack/redirect manipulating a security hole in an old version of Java/Flash, etc. Hard to say. Could even be an infected ad. I'm not going there to find out!
You're quite welcome. Let us know how the ESET scan turns out.
Hi simrick,
Thanks for the feedback Here are the results:
- I ran RKill with Avira off and there's no issue with the Hosts file, thankfully.
- It's a bit disconcerting that Trovi somehow got through with all the levels of security, but I made the DNS changes you suggested and hopefully it'll help. I ran a test of IPv6 on Test your IPv6., and the summary states 'Your current configuration will continue to work as web sites enable IPv6' but I'm able to browse IPv4 net only and I won't be able to reach IPv6-only sites. There were three 'bad' results with IPv6 in the 'Test Run' tab (Test with IPv6 DNS record, Test IPv6 large packet, Find IPv6 Service Provider). Is this just a service provider issue or should I be making some adjustment?
- Following your link to the ESET instructions in SevenForums, the actual link to ESET isn't what is shown in the screenshot (it's a MAC ESET purchase page). I used this link instead: Free Virus Scan | ESET Online Scanner ESET
It looks a bit different but I guess it's an updated version. Anyway, it found no suspicious files :) Huge relief! It's nice to be assured that another install is not necessary in this computer's near future. Many thanks!
Okay good!
I think IPv6 is too new, and these are ISP issues. I have Charter for an ISP, and I get no IPv6 yet at all.
They have indeed updated their page; sorry about that. The instructions are basically the same though. Glad it didn't find anything. That's good - it's like a final "all clear".
Ok, I just got my answer from pbust a moderator at Malwarebytes Forums:
Windows Credential Leak Flaw - News, Questions and Comments - Malwarebytes ForumsNope, MBAE will not protect against this as it is a logic flaw within the OS. MBAE protects against remote code execution in third-party applications (browsers, java, office, flash, etc.).
This is another long standing security & QA issue MS to sort out.
Simple solution: don't have a login password - nothing to steal! ;-)
Seriously though, I never set up my systems with a login password. Been like that ever since I used Win 95.
I always found password protected accounts caused more problems than they prevented.
I exercise a bit of caution (online) and keep the system secure with a well-maintained firewall and malware prevention.
Never had any issues.
(Disclaimer: what works for me, may not work for others!)
Cheers,
Mike.