Windows 10: HELP: Is my network infected?

  1.    05 May 2017 #1

    HELP: Is my network infected?


    This is creepy... So, I decided I would visit HURR-DURR (basically like the original YouAreAnIdiot) on my Windows XP virtual machine (I use virtualbox). The machine was connected to the same WiFi as the host. I went to the page but instead of seeing the old comic sans, goofy song and infinite popups, there was nothing. Then, I got a popup FROM MY HOST saying that Avast Free Antivirus has stopped a virus with a name along the lines of JS.HurrDurr (I forget full name).

    I'm wondering if some exploit may have slipped through.
    Can host PC's detect viruses in VMs?
    Can Hurr-Durr do real damage and is it in my network right now?

    I'm really confused and I hope you guys can help me!

    Thanks
    - missing

    EDIT: I was using Firefox browser.
      My ComputerSystem Spec

  2. Clintlgm's Avatar
    Posts : 786
    Win 10 pro Upgraded from 8.1
       05 May 2017 #2
      My ComputersSystem Spec

  3.    05 May 2017 #3

    missing said: View Post
    This is creepy... So, I decided I would visit HURR-DURR (basically like the original YouAreAnIdiot) on my Windows XP virtual machine (I use virtualbox). The machine was connected to the same WiFi as the host. I went to the page but instead of seeing the old comic sans, goofy song and infinite popups, there was nothing. Then, I got a popup FROM MY HOST saying that Avast Free Antivirus has stopped a virus with a name along the lines of JS.HurrDurr (I forget full name).

    I'm wondering if some exploit may have slipped through.
    Can host PC's detect viruses in VMs?
    Can Hurr-Durr do real damage and is it in my network right now?

    I'm really confused and I hope you guys can help me!

    Thanks
    - missing

    EDIT: I was using Firefox browser.
    Hi missing and welcome to Tenforums.

    Not familiar with these symptoms, but I would do this:

    Restore your XP VM to a saved version before the incident.

    On the Host, download and run

    RogueKiller
    RogueKiller Download

    ADWCleaner
    Downloads - AdwCleaner - ToolsLib

    Malwarebytes Antimalware
    Malwarebytes Anti-Malware Download
    (get version 2.2)

    JRT
    Junkware Removal Tool Download

    Then go into Control Panel>Programs and features, and Repair Avast.

    Please post the logs if anything is found.
      My ComputerSystem Spec

  4.    05 May 2017 #4

    FYI: VMs need their own AV.

    NoScript is a good addon for Firefox. Anything (javascript) that's not whitelisted in NoScript won't run.

    Might want to reset Firefox as well.
      My ComputerSystem Spec

  5.    05 May 2017 #5

    Clintlgm said: View Post
    I've already seen that... Doesn't explain how it got from the VM to the host..
      My ComputerSystem Spec

  6.    05 May 2017 #6

    simrick said: View Post
    FYI: VMs need their own AV.

    NoScript is a good addon for Firefox. Anything (javascript) that's not whitelisted in NoScript won't run.

    Might want to reset Firefox as well.
    No need to reset the browser, I reverted to a previous snapshot.
      My ComputerSystem Spec

  7.    05 May 2017 #7

    Also, I ran a Malwarebytes Custom Scan, with every option ticked using the Free Pro Version Trial you get with it. Found nothing in any of the scans (including rootkit one). I'll get an antivirus on my virtual machines. In case I was RATted, I disabled my camera and mic in device manager, and I also covered my camera with a peice of cardboard held on by some masking tape. I also rescanned with avast and no issues were found. I think I'm good.

    Does anyone know what the virus from HURR-DURR does to one's computer? Is it built to trash the PC, collect information or just a small exploit to mess with you until you restart the comupter?

    Thanks
    -missing

    UPDATE: RougeKiller found some registry keys..
    (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters|DhcpNameServer

    (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d3ef6ce5-3a44-
    4160-ad3c-d5abbc988bdf}|DhcpNameServer

    (X64) HKEY_USERS\S-1-5-21-3002187930-671386894-702731269-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs

    (X86) HKEY_USERS\S-1-5-21-3002187930-671386894-702731269-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs

    I wonder what these mean... Does anyone know? I'm still only half way through the scan.
    Last edited by missing; 05 May 2017 at 23:19.
      My ComputerSystem Spec

  8.    06 May 2017 #8

    The hurrdurr site has 4 hits on virustotal as malicious
    https://www.virustotal.com/en/url/e2...is/1494095498/

    It uses a javascript exploit to move the browser window around and cause constant popups. As far as I can tell that's all it does. But who knows if it's been modified to do more?

    Hard to say what those keys are doing, but DHCP refers to your internet connection and the others refer to Windows Explorer and Start_TrackProgs? who knows. Doesn't look good to me.

    Will you be posting the logs of the recommended scans for us to have a look at?
      My ComputerSystem Spec


 

Related Threads
Solved Infected by mail.ru virus in AntiVirus, Firewalls and System Security
Hi, 2 days ago I ran a infected Russian .exe file to download a intro template from "Frogges" Youtube channel with mediadisk.net website. But with that I downloaded some unwanted programs to my computer. The virus opens an advertising tab on my...
Backdoor virus infected in AntiVirus, Firewalls and System Security
Can I launch a police report if I know who are installing backdoor virus into my computer system? Many thanks.
steps taken for infected Pc's. in AntiVirus, Firewalls and System Security
I was hoping someone could give me a list of step by step instructions you use as a guide to clean virus, malware...etc. so I can keep my PC clean if it gets infected. thx
Solved Infected Web Source in AntiVirus, Firewalls and System Security
Anyone else getting this. Bitdefender is throwing up this alarm every time I click on this web site or any post in this site. Never had this before, so it could well be a false positive.
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 13:55.
Find Us