R/C Tech Forums

Go Back   R/C Tech Forums > General Forums > Electric On-Road

Reply
 
Thread Tools Search this Thread
Old 03-20-2012, 04:53 PM   #16
Tech Master
 
chrisk's Avatar
 
Join Date: Sep 2007
Posts: 1,089
Trader Rating: 32 (100%+)
Default

Quote:
Just to be clear there's no pop-up, once you connect to and the site gets pulled down the threat installs immediately.

correct no pop up, just appeared on my screen

c'mon Rc Mushroom clean your site
__________________
TAMIYA - SMOKEM - REEDY
smaracing.org
chrisk is offline   Reply With Quote
Old 03-20-2012, 05:31 PM   #17
Tech Regular
 
Coelacanth's Avatar
 
Join Date: Aug 2010
Location: Alberta, Canada
Posts: 318
Trader Rating: 2 (100%+)
Default

That's right, that's a new one for me, but I'm not surprised by much anymore these days. I did some testing (heh!) and found it was pretty easy to cripple. I Ended Task on the cryptic process it launched after searching for the location of the associated file, and deleted it right after I ended task. Sometimes a malware won't let you do that ("access denied") but this one wasn't very invasive.

It didn't add Registry RUN key entries either--or maybe it didn't have a chance to.

But indeed, it doesn't appear to have a popup. I just downloaded & ran TDSSKiller and the system appeared to be clean.
__________________
"Paranoia roams where the shadows reign." ~Marillion
Coelacanth is offline   Reply With Quote
Old 03-20-2012, 05:41 PM   #18
Tech Elite
 
Fred Hubbard's Avatar
 
Join Date: Nov 2001
Location: Inglewood, CA
Posts: 2,719
Trader Rating: 6 (100%+)
Default

Quote:
Originally Posted by Coelacanth View Post
That's right, that's a new one for me, but I'm not surprised by much anymore these days. I did some testing (heh!) and found it was pretty easy to cripple. I Ended Task on the cryptic process it launched after searching for the location of the associated file, and deleted it right after I ended task. Sometimes a malware won't let you do that ("access denied") but this one wasn't very invasive.

It didn't add Registry RUN key entries either--or maybe it didn't have a chance to.

But indeed, it doesn't appear to have a popup. I just downloaded & ran TDSSKiller and the system appeared to be clean.
It installs its exe in the appdata directory for the currently logged in user, so bouncing the machine into safe mode and unhiding the hidden directories will allow the user to delete it from that directory.
__________________
Goodwine Racing - RC America - XRAY - HUDY - Sanwa - Motiv - GravityRC - BN Racing
Fred Hubbard is offline   Reply With Quote
Old 03-20-2012, 05:54 PM   #19
Tech Champion
 
oXYnary's Avatar
 
Join Date: Dec 2003
Posts: 6,301
Trader Rating: 4 (100%+)
Send a message via AIM to oXYnary Send a message via Yahoo to oXYnary
Default

Quote:
Originally Posted by Fred Hubbard View Post
Just to be clear there's no pop-up, once you connect to and the site gets pulled down the threat installs immediately.
Are you absolutely positive it works in this manner? EXE need sometype of user feedback to install.

Also, are you all running the latest Firefox? (11.0)
__________________
www.3drcracing.com <<RC Video Game.
Kyosho Mini-Z Buggy, Moto Racer | Losi Micro SCT, 8ight Mini
oXYnary is offline   Reply With Quote
Old 03-20-2012, 06:06 PM   #20
Tech Champion
 
oXYnary's Avatar
 
Join Date: Dec 2003
Posts: 6,301
Trader Rating: 4 (100%+)
Send a message via AIM to oXYnary Send a message via Yahoo to oXYnary
Default

OK I just tested with Firefox 11 and Windows 7 with all updates... I had no issues even upon rebooting.

I know what this rootkit looks like because I have had peoples computers I have worked on have it happen after the pop-ups saying they had a virus (inside the webpage should have been the hint it wasn't true) and installed said virus disguised as a "fix".

So either.
A: RC Mushroom Fixed.
B: It is only showing up on older un updated systems.
C: People are making a mistake and its not Mushroom versus a previous site.

Again, I want to point out, this should not be installing automatically just by going to a site. It can start like a java that makes you think something is happening and wants to have you install a fix. But the easy way to tell this is fake is that it will be using the browser program itself to say this. It wont be an actual windows pop-up.
__________________
www.3drcracing.com <<RC Video Game.
Kyosho Mini-Z Buggy, Moto Racer | Losi Micro SCT, 8ight Mini
oXYnary is offline   Reply With Quote
Old 03-20-2012, 06:57 PM   #21
Tech Elite
 
Fred Hubbard's Avatar
 
Join Date: Nov 2001
Location: Inglewood, CA
Posts: 2,719
Trader Rating: 6 (100%+)
Default

Quote:
Originally Posted by oXYnary View Post
Are you absolutely positive it works in this manner? EXE need sometype of user feedback to install.

Also, are you all running the latest Firefox? (11.0)
Yes it works that way. Whenever you access any website the your machine actually downloads the pages. I don't use FF.
__________________
Goodwine Racing - RC America - XRAY - HUDY - Sanwa - Motiv - GravityRC - BN Racing
Fred Hubbard is offline   Reply With Quote
Old 03-20-2012, 07:00 PM   #22
Tech Champion
 
oXYnary's Avatar
 
Join Date: Dec 2003
Posts: 6,301
Trader Rating: 4 (100%+)
Send a message via AIM to oXYnary Send a message via Yahoo to oXYnary
Default

It downloads the cache of the page, yes. It can not execute an exe though without some sort of user input. Unless your using a very old version of IE or Windows XP without updates.

For those effected, you need to list your OS version and if you are updated as well as your browser version. But again, it could have been fixed by the time I looked at it.
__________________
www.3drcracing.com <<RC Video Game.
Kyosho Mini-Z Buggy, Moto Racer | Losi Micro SCT, 8ight Mini
oXYnary is offline   Reply With Quote
Old 03-20-2012, 07:09 PM   #23
Tech Elite
 
Fred Hubbard's Avatar
 
Join Date: Nov 2001
Location: Inglewood, CA
Posts: 2,719
Trader Rating: 6 (100%+)
Default

Quote:
Originally Posted by oXYnary View Post
It downloads the cache of the page, yes. It can not execute an exe though without some sort of user input. Unless your using a very old version of IE or Windows XP without updates.

For those effected, you need to list your OS version and if you are updated as well as your browser version. But again, it could have been fixed by the time I looked at it.
It serves me no purpose to have to mention this and I really don't want to waste energy to say this but I've OWNED an IT consultancy firm for over 11 years which has afforded me the experience to know what I'm talking about
__________________
Goodwine Racing - RC America - XRAY - HUDY - Sanwa - Motiv - GravityRC - BN Racing
Fred Hubbard is offline   Reply With Quote
Old 03-20-2012, 07:16 PM   #24
Tech Elite
 
pinoy69racer's Avatar
 
Join Date: Jul 2009
Location: SoCal
Posts: 3,622
Trader Rating: 180 (99%+)
Default not only rc mushroom

Quote:
Originally Posted by Fred Hubbard View Post
It serves me no purpose to have to mention this and I really don't want to waste energy to say this but I've OWNED an IT consultancy firm for over 11 years which has afforded me the experience to know what I'm talking about
+1 fred ....i almost got fired yesterday coz im using internet in my work i went to RC GOODS and they have a freaking VIRUS too......
__________________
HENRY C
-------------------------------------------------------------------------------------
DESOTO RACING/SERPENT/VEYTREX DESIGN LAB/RC TARGET
pinoy69racer is offline   Reply With Quote
Old 03-20-2012, 07:21 PM   #25
Tech Champion
 
oXYnary's Avatar
 
Join Date: Dec 2003
Posts: 6,301
Trader Rating: 4 (100%+)
Send a message via AIM to oXYnary Send a message via Yahoo to oXYnary
Default

Quote:
Originally Posted by Fred Hubbard View Post
It serves me no purpose to have to mention this and I really don't want to waste energy to say this but I've OWNED an IT consultancy firm for over 11 years which has afforded me the experience to know what I'm talking about
But from your original post, it sounds like it installed on your system as well?

Edit: Just checked RC Goods, no issue.
__________________
www.3drcracing.com <<RC Video Game.
Kyosho Mini-Z Buggy, Moto Racer | Losi Micro SCT, 8ight Mini
oXYnary is offline   Reply With Quote
Old 03-20-2012, 07:24 PM   #26
Tech Elite
 
MAD916's Avatar
 
Join Date: Oct 2005
Location: La Center Seca
Posts: 3,117
Default

I wondered where that came from... itt has given me hell on my old laptop running XP, and IE... even with some help and malware it still has my machine crippeled.... Damn it has been a boat load of work to try and clean it up
__________________
Timezone Raceway Park " on-road outdoor european style road course.
Timezone II 60'x100' indoor carpet track. Host of the ROAR 2011 Carpet Nat's.
Timezonehobbies.com your new source for online RC products.
MAD916 is offline   Reply With Quote
Old 03-20-2012, 07:26 PM   #27
Tech Champion
 
oXYnary's Avatar
 
Join Date: Dec 2003
Posts: 6,301
Trader Rating: 4 (100%+)
Send a message via AIM to oXYnary Send a message via Yahoo to oXYnary
Default

FWIW I'm using MS Security Essentials. But I know someone who had such and it still didn't stop that exe from installing *different site, that person confirmed he clicked on the pop up telling him he supposedly had a virus*

The best is Nod32.
__________________
www.3drcracing.com <<RC Video Game.
Kyosho Mini-Z Buggy, Moto Racer | Losi Micro SCT, 8ight Mini
oXYnary is offline   Reply With Quote
Old 03-20-2012, 07:34 PM   #28
Tech Elite
 
Fred Hubbard's Avatar
 
Join Date: Nov 2001
Location: Inglewood, CA
Posts: 2,719
Trader Rating: 6 (100%+)
Default

Quote:
Originally Posted by oXYnary View Post
But from your original post, it sounds like it installed on your system as well?

Edit: Just checked RC Goods, no issue.
Correct, even with us using a trendmicro managed solution on our desktops.
__________________
Goodwine Racing - RC America - XRAY - HUDY - Sanwa - Motiv - GravityRC - BN Racing
Fred Hubbard is offline   Reply With Quote
Old 03-20-2012, 07:54 PM   #29
Tech Lord
 
syndr0me's Avatar
 
Join Date: Dec 2004
Location: 5280 Raceway
Posts: 13,140
Trader Rating: 32 (100%+)
Default

Running executables (or executing arbitrary code) without your input is the primary vector used to compromise machines. It happens most frequently through the browser since, for most people, the web is their only interaction with the internet.

It's foolish to rely on some site in Hong Kong to keep you safe. The internet is full of scary places. Protect yourselves.
syndr0me is offline   Reply With Quote
Old 03-20-2012, 10:42 PM   #30
Tech Regular
 
Coelacanth's Avatar
 
Join Date: Aug 2010
Location: Alberta, Canada
Posts: 318
Trader Rating: 2 (100%+)
Default

Quote:
Originally Posted by oXYnary View Post
FWIW I'm using MS Security Essentials. But I know someone who had such and it still didn't stop that exe from installing *different site, that person confirmed he clicked on the pop up telling him he supposedly had a virus*

The best is Nod32.
MS Security Essentials is Essentially Useless. I don't think I've ever seen it CATCH anything, even on computers that are obviously malware-compromised. Same goes with Windows Defender in the past. Better than nothing, but almost absolutely useless. I can't count the times Defender, MS SE, or even something as popular as Norton Antivirus, has either not detected an infection, was easily disabled by an infection, or detected an infection but couldn't do a bloody thing to remove it, when AVast--a totally free antivirus program--could detect AND remove it.
__________________
"Paranoia roams where the shadows reign." ~Marillion
Coelacanth is offline   Reply With Quote
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
RC Mushroom got virus? kinga Australian Racing 34 03-24-2012 11:45 PM



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -7. It is currently 04:29 AM.


We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
Powered By: vBulletin v3.9.2.1
Privacy Policy | Terms of Use | Advertise Content © 2001-2011 RCTech.net