1.    05 May 2017 #1
    Join Date : May 2017
    Posts : 4
    Windows 10

    HELP: Is my network infected?


    This is creepy... So, I decided I would visit HURR-DURR (basically like the original YouAreAnIdiot) on my Windows XP virtual machine (I use virtualbox). The machine was connected to the same WiFi as the host. I went to the page but instead of seeing the old comic sans, goofy song and infinite popups, there was nothing. Then, I got a popup FROM MY HOST saying that Avast Free Antivirus has stopped a virus with a name along the lines of JS.HurrDurr (I forget full name).

    I'm wondering if some exploit may have slipped through.
    Can host PC's detect viruses in VMs?
    Can Hurr-Durr do real damage and is it in my network right now?

    I'm really confused and I hope you guys can help me!

    Thanks
    - missing

    EDIT: I was using Firefox browser.
      My ComputerSystem Spec
  2.    05 May 2017 #2
    Join Date : Sep 2014
    New Orleans Northshore
    Posts : 232
    Win 10 pro Upgraded from 8.1
      My ComputerSystem Spec
  3.    05 May 2017 #3
    Join Date : Apr 2015
    Posts : 12,840
    W10Prox64

    Quote Originally Posted by missing View Post
    This is creepy... So, I decided I would visit HURR-DURR (basically like the original YouAreAnIdiot) on my Windows XP virtual machine (I use virtualbox). The machine was connected to the same WiFi as the host. I went to the page but instead of seeing the old comic sans, goofy song and infinite popups, there was nothing. Then, I got a popup FROM MY HOST saying that Avast Free Antivirus has stopped a virus with a name along the lines of JS.HurrDurr (I forget full name).

    I'm wondering if some exploit may have slipped through.
    Can host PC's detect viruses in VMs?
    Can Hurr-Durr do real damage and is it in my network right now?

    I'm really confused and I hope you guys can help me!

    Thanks
    - missing

    EDIT: I was using Firefox browser.
    Hi missing and welcome to Tenforums.

    Not familiar with these symptoms, but I would do this:

    Restore your XP VM to a saved version before the incident.

    On the Host, download and run

    RogueKiller
    RogueKiller Download

    ADWCleaner
    Downloads - AdwCleaner - ToolsLib

    Malwarebytes Antimalware
    Malwarebytes Anti-Malware Download
    (get version 2.2)

    JRT
    Junkware Removal Tool Download

    Then go into Control Panel>Programs and features, and Repair Avast.

    Please post the logs if anything is found.
      My ComputerSystem Spec
  4.    05 May 2017 #4
    Join Date : Apr 2015
    Posts : 12,840
    W10Prox64

    FYI: VMs need their own AV.

    NoScript is a good addon for Firefox. Anything (javascript) that's not whitelisted in NoScript won't run.

    Might want to reset Firefox as well.
      My ComputerSystem Spec
  5.    05 May 2017 #5
    Join Date : May 2017
    Posts : 4
    Windows 10
    Thread Starter

    Quote Originally Posted by Clintlgm View Post
    I've already seen that... Doesn't explain how it got from the VM to the host..
      My ComputerSystem Spec
  6.    05 May 2017 #6
    Join Date : May 2017
    Posts : 4
    Windows 10
    Thread Starter

    Quote Originally Posted by simrick View Post
    FYI: VMs need their own AV.

    NoScript is a good addon for Firefox. Anything (javascript) that's not whitelisted in NoScript won't run.

    Might want to reset Firefox as well.
    No need to reset the browser, I reverted to a previous snapshot.
      My ComputerSystem Spec
  7.    05 May 2017 #7
    Join Date : May 2017
    Posts : 4
    Windows 10
    Thread Starter

    Also, I ran a Malwarebytes Custom Scan, with every option ticked using the Free Pro Version Trial you get with it. Found nothing in any of the scans (including rootkit one). I'll get an antivirus on my virtual machines. In case I was RATted, I disabled my camera and mic in device manager, and I also covered my camera with a peice of cardboard held on by some masking tape. I also rescanned with avast and no issues were found. I think I'm good.

    Does anyone know what the virus from HURR-DURR does to one's computer? Is it built to trash the PC, collect information or just a small exploit to mess with you until you restart the comupter?

    Thanks
    -missing

    UPDATE: RougeKiller found some registry keys..
    (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters|DhcpNameServer

    (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d3ef6ce5-3a44-
    4160-ad3c-d5abbc988bdf}|DhcpNameServer

    (X64) HKEY_USERS\S-1-5-21-3002187930-671386894-702731269-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs

    (X86) HKEY_USERS\S-1-5-21-3002187930-671386894-702731269-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs

    I wonder what these mean... Does anyone know? I'm still only half way through the scan.
    Last edited by missing; 05 May 2017 at 23:19.
      My ComputerSystem Spec
  8.    06 May 2017 #8
    Join Date : Apr 2015
    Posts : 12,840
    W10Prox64

    The hurrdurr site has 4 hits on virustotal as malicious
    https://www.virustotal.com/en/url/e2...is/1494095498/

    It uses a javascript exploit to move the browser window around and cause constant popups. As far as I can tell that's all it does. But who knows if it's been modified to do more?

    Hard to say what those keys are doing, but DHCP refers to your internet connection and the others refer to Windows Explorer and Start_TrackProgs? who knows. Doesn't look good to me.

    Will you be posting the logs of the recommended scans for us to have a look at?
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Solved Infected by mail.ru virus
Hi, 2 days ago I ran a infected Russian .exe file to download a intro template from "Frogges" Youtube channel with mediadisk.net website. But with that I downloaded some unwanted programs to my computer. The virus opens an advertising tab on my...
AntiVirus, Firewalls and System Security
Backdoor virus infected
Can I launch a police report if I know who are installing backdoor virus into my computer system? Many thanks.
AntiVirus, Firewalls and System Security
steps taken for infected Pc's.
I was hoping someone could give me a list of step by step instructions you use as a guide to clean virus, malware...etc. so I can keep my PC clean if it gets infected. thx
AntiVirus, Firewalls and System Security
Solved Infected Web Source
Anyone else getting this. Bitdefender is throwing up this alarm every time I click on this web site or any post in this site. Never had this before, so it could well be a false positive.
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 02:35.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums