Rc Mushroom virus
03-20-2012, 03:53 PM
#16
Just to be clear there's no pop-up, once you connect to and the site gets pulled down the threat installs immediately.
correct no pop up, just appeared on my screen
c'mon Rc Mushroom clean your site
03-20-2012, 04:31 PM
#17
That's right, that's a new one for me, but I'm not surprised by much anymore these days. 
I did some testing (heh!) and found it was pretty easy to cripple. I Ended Task on the cryptic process it launched after searching for the location of the associated file, and deleted it right after I ended task. Sometimes a malware won't let you do that ("access denied") but this one wasn't very invasive.
It didn't add Registry RUN key entries either--or maybe it didn't have a chance to.
But indeed, it doesn't appear to have a popup. I just downloaded & ran TDSSKiller and the system appeared to be clean.
I did some testing (heh!) and found it was pretty easy to cripple. I Ended Task on the cryptic process it launched after searching for the location of the associated file, and deleted it right after I ended task. Sometimes a malware won't let you do that ("access denied") but this one wasn't very invasive.It didn't add Registry RUN key entries either--or maybe it didn't have a chance to.
But indeed, it doesn't appear to have a popup. I just downloaded & ran TDSSKiller and the system appeared to be clean.
03-20-2012, 04:41 PM
#18
That's right, that's a new one for me, but I'm not surprised by much anymore these days. I did some testing (heh!) and found it was pretty easy to cripple. I Ended Task on the cryptic process it launched after searching for the location of the associated file, and deleted it right after I ended task. Sometimes a malware won't let you do that ("access denied") but this one wasn't very invasive.
It didn't add Registry RUN key entries either--or maybe it didn't have a chance to.
But indeed, it doesn't appear to have a popup. I just downloaded & ran TDSSKiller and the system appeared to be clean.
I did some testing (heh!) and found it was pretty easy to cripple. I Ended Task on the cryptic process it launched after searching for the location of the associated file, and deleted it right after I ended task. Sometimes a malware won't let you do that ("access denied") but this one wasn't very invasive.It didn't add Registry RUN key entries either--or maybe it didn't have a chance to.
But indeed, it doesn't appear to have a popup. I just downloaded & ran TDSSKiller and the system appeared to be clean.
03-20-2012, 04:54 PM
#19
Also, are you all running the latest Firefox? (11.0)
03-20-2012, 05:06 PM
#20
OK I just tested with Firefox 11 and Windows 7 with all updates... I had no issues even upon rebooting.
I know what this rootkit looks like because I have had peoples computers I have worked on have it happen after the pop-ups saying they had a virus (inside the webpage should have been the hint it wasn't true) and installed said virus disguised as a "fix".
So either.
A: RC Mushroom Fixed.
B: It is only showing up on older un updated systems.
C: People are making a mistake and its not Mushroom versus a previous site.
Again, I want to point out, this should not be installing automatically just by going to a site. It can start like a java that makes you think something is happening and wants to have you install a fix. But the easy way to tell this is fake is that it will be using the browser program itself to say this. It wont be an actual windows pop-up.
I know what this rootkit looks like because I have had peoples computers I have worked on have it happen after the pop-ups saying they had a virus (inside the webpage should have been the hint it wasn't true) and installed said virus disguised as a "fix".
So either.
A: RC Mushroom Fixed.
B: It is only showing up on older un updated systems.
C: People are making a mistake and its not Mushroom versus a previous site.
Again, I want to point out, this should not be installing automatically just by going to a site. It can start like a java that makes you think something is happening and wants to have you install a fix. But the easy way to tell this is fake is that it will be using the browser program itself to say this. It wont be an actual windows pop-up.
03-20-2012, 06:00 PM
#22
It downloads the cache of the page, yes. It can not execute an exe though without some sort of user input. Unless your using a very old version of IE or Windows XP without updates.
For those effected, you need to list your OS version and if you are updated as well as your browser version. But again, it could have been fixed by the time I looked at it.
For those effected, you need to list your OS version and if you are updated as well as your browser version. But again, it could have been fixed by the time I looked at it.
03-20-2012, 06:09 PM
#23
It downloads the cache of the page, yes. It can not execute an exe though without some sort of user input. Unless your using a very old version of IE or Windows XP without updates.
For those effected, you need to list your OS version and if you are updated as well as your browser version. But again, it could have been fixed by the time I looked at it.
For those effected, you need to list your OS version and if you are updated as well as your browser version. But again, it could have been fixed by the time I looked at it.
03-20-2012, 06:21 PM
#25
Edit: Just checked RC Goods, no issue.
03-20-2012, 06:24 PM
#26
I wondered where that came from... itt has given me hell on my old laptop running XP, and IE... even with some help and malware it still has my machine crippeled.... Damn it has been a boat load of work to try and clean it up
03-20-2012, 06:26 PM
#27
FWIW I'm using MS Security Essentials. But I know someone who had such and it still didn't stop that exe from installing *different site, that person confirmed he clicked on the pop up telling him he supposedly had a virus*
The best is Nod32.
The best is Nod32.
03-20-2012, 06:54 PM
#29
Running executables (or executing arbitrary code) without your input is the primary vector used to compromise machines. It happens most frequently through the browser since, for most people, the web is their only interaction with the internet.
It's foolish to rely on some site in Hong Kong to keep you safe. The internet is full of scary places. Protect yourselves.
It's foolish to rely on some site in Hong Kong to keep you safe. The internet is full of scary places. Protect yourselves.
03-20-2012, 09:42 PM
#30
MS Security Essentials is Essentially Useless. I don't think I've ever seen it CATCH anything, even on computers that are obviously malware-compromised. Same goes with Windows Defender in the past. Better than nothing, but almost absolutely useless. I can't count the times Defender, MS SE, or even something as popular as Norton Antivirus, has either not detected an infection, was easily disabled by an infection, or detected an infection but couldn't do a bloody thing to remove it, when AVast--a totally free antivirus program--could detect AND remove it.