HELP: Is my network infected?


  1. Posts : 4
    Windows 10
       #1

    HELP: Is my network infected?


    This is creepy... So, I decided I would visit HURR-DURR (basically like the original YouAreAnIdiot) on my Windows XP virtual machine (I use virtualbox). The machine was connected to the same WiFi as the host. I went to the page but instead of seeing the old comic sans, goofy song and infinite popups, there was nothing. Then, I got a popup FROM MY HOST saying that Avast Free Antivirus has stopped a virus with a name along the lines of JS.HurrDurr (I forget full name).

    I'm wondering if some exploit may have slipped through.
    Can host PC's detect viruses in VMs?
    Can Hurr-Durr do real damage and is it in my network right now?

    I'm really confused and I hope you guys can help me!

    Thanks
    - missing

    EDIT: I was using Firefox browser.
      My Computer


  2. Posts : 1,098
    Win 10 pro Upgraded from 8.1
       #2
      My Computers


  3. Posts : 16,278
    W10Prox64
       #3

    missing said:
    This is creepy... So, I decided I would visit HURR-DURR (basically like the original YouAreAnIdiot) on my Windows XP virtual machine (I use virtualbox). The machine was connected to the same WiFi as the host. I went to the page but instead of seeing the old comic sans, goofy song and infinite popups, there was nothing. Then, I got a popup FROM MY HOST saying that Avast Free Antivirus has stopped a virus with a name along the lines of JS.HurrDurr (I forget full name).

    I'm wondering if some exploit may have slipped through.
    Can host PC's detect viruses in VMs?
    Can Hurr-Durr do real damage and is it in my network right now?

    I'm really confused and I hope you guys can help me!

    Thanks
    - missing

    EDIT: I was using Firefox browser.
    Hi missing and welcome to Tenforums.

    Not familiar with these symptoms, but I would do this:

    Restore your XP VM to a saved version before the incident.

    On the Host, download and run

    RogueKiller
    RogueKiller Download

    ADWCleaner
    Downloads - AdwCleaner - ToolsLib

    Malwarebytes Antimalware
    Malwarebytes Anti-Malware Download
    (get version 2.2)

    JRT
    Junkware Removal Tool Download

    Then go into Control Panel>Programs and features, and Repair Avast.

    Please post the logs if anything is found.
      My Computer


  4. Posts : 16,278
    W10Prox64
       #4

    FYI: VMs need their own AV.

    NoScript is a good addon for Firefox. Anything (javascript) that's not whitelisted in NoScript won't run.

    Might want to reset Firefox as well.
      My Computer


  5. Posts : 4
    Windows 10
    Thread Starter
       #5

    Clintlgm said:
    I've already seen that... Doesn't explain how it got from the VM to the host..
      My Computer


  6. Posts : 4
    Windows 10
    Thread Starter
       #6

    simrick said:
    FYI: VMs need their own AV.

    NoScript is a good addon for Firefox. Anything (javascript) that's not whitelisted in NoScript won't run.

    Might want to reset Firefox as well.
    No need to reset the browser, I reverted to a previous snapshot.
      My Computer


  7. Posts : 4
    Windows 10
    Thread Starter
       #7

    Also, I ran a Malwarebytes Custom Scan, with every option ticked using the Free Pro Version Trial you get with it. Found nothing in any of the scans (including rootkit one). I'll get an antivirus on my virtual machines. In case I was RATted, I disabled my camera and mic in device manager, and I also covered my camera with a peice of cardboard held on by some masking tape. I also rescanned with avast and no issues were found. I think I'm good.

    Does anyone know what the virus from HURR-DURR does to one's computer? Is it built to trash the PC, collect information or just a small exploit to mess with you until you restart the comupter?

    Thanks
    -missing

    UPDATE: RougeKiller found some registry keys..
    (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters|DhcpNameServer

    (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d3ef6ce5-3a44-
    4160-ad3c-d5abbc988bdf}|DhcpNameServer

    (X64) HKEY_USERS\S-1-5-21-3002187930-671386894-702731269-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs

    (X86) HKEY_USERS\S-1-5-21-3002187930-671386894-702731269-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs

    I wonder what these mean... Does anyone know? I'm still only half way through the scan.
    Last edited by missing; 05 May 2017 at 23:19.
      My Computer


  8. Posts : 16,278
    W10Prox64
       #8

    The hurrdurr site has 4 hits on virustotal as malicious
    https://www.virustotal.com/en/url/e2...is/1494095498/

    It uses a javascript exploit to move the browser window around and cause constant popups. As far as I can tell that's all it does. But who knows if it's been modified to do more?

    Hard to say what those keys are doing, but DHCP refers to your internet connection and the others refer to Windows Explorer and Start_TrackProgs? who knows. Doesn't look good to me.

    Will you be posting the logs of the recommended scans for us to have a look at?
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:25.
Find Us




Windows 10 Forums