Go Back  R/C Tech Forums > General Forums > Electric On-Road
Rc Mushroom virus >

Rc Mushroom virus

Rc Mushroom virus

Old 03-19-2012, 04:11 AM
  #1  
Tech Master
Thread Starter
iTrader: (32)
 
chrisk's Avatar
 
Join Date: Sep 2007
Posts: 1,089
Trader Rating: 32 (100%+)
Default Rc Mushroom virus

I just went to RC mushroom and got a virus whilst I was there on their site.

It installed Security Shield which is a virus, I was using Firefox and my anti virus (trend micro) didn't pick it up. Just did some reading and found others had been infected as well.

Just a heads up, I had ordered of them about a month ago and all was ok but now their site is infected
chrisk is offline  
Old 03-19-2012, 04:25 AM
  #2  
Tech Adept
 
sagejyoung's Avatar
 
Join Date: Feb 2009
Location: Johannesburg, South Africa
Posts: 174
Default

Originally Posted by chrisk View Post
I just went to RC mushroom and got a virus whilst I was there on their site.

It installed Security Shield which is a virus, I was using Firefox and my anti virus (trend micro) didn't pick it up. Just did some reading and found others had been infected as well.

Just a heads up, I had ordered of them about a month ago and all was ok but now their site is infected
hi where did you do that reading i buy from them often and havent seen it.
sagejyoung is offline  
Old 03-19-2012, 04:37 AM
  #3  
Tech Master
Thread Starter
iTrader: (32)
 
chrisk's Avatar
 
Join Date: Sep 2007
Posts: 1,089
Trader Rating: 32 (100%+)
Default

http://www.rctech.net/forum/australi...got-virus.html


I bought from there just over a month ago as well but went on their tonight and got the virus
chrisk is offline  
Old 03-19-2012, 06:00 AM
  #4  
Tech Elite
iTrader: (6)
 
Fred Hubbard's Avatar
 
Join Date: Nov 2001
Location: Inglewood, CA
Posts: 2,721
Trader Rating: 6 (100%+)
Default

+1 Their site does hit you a "driveby download" and installs "Security Center." RC Mushroom fix your damn site!!!
Fred Hubbard is offline  
Old 03-19-2012, 09:32 AM
  #5  
Tech Adept
 
Ariel Reds's Avatar
 
Join Date: Feb 2011
Location: Hiliran, Kuala terengganu
Posts: 145
Default

its happened to me to
Ariel Reds is offline  
Old 03-20-2012, 05:18 AM
  #6  
Tech Regular
 
ghiro's Avatar
 
Join Date: Jun 2007
Location: Switzerland
Posts: 315
Default

Holy crap!!!!
Went to RCmushroom last nite to buy some stuff with my MacBook but it didn't came up with anything, hope the Virus didn't picked up my Credit card data's.
ghiro is offline  
Old 03-20-2012, 05:51 AM
  #7  
Tech Rookie
 
Join Date: Sep 2010
Location: Denmark
Posts: 16
Default

It's not that kind of a virus. All it does is keep shutting down your programs because it thinks that there are problems with all your programs.

It recommends that you buy the "full version" of Security tool or what it's called. It's only a pain in the ass but don't destroy anything. It is relative easy to remove.
ssoslot is offline  
Old 03-20-2012, 05:53 AM
  #8  
Tech Elite
 
MrUnlimited's Avatar
 
Join Date: Oct 2005
Location: Netherlands
Posts: 2,501
Default

Strange, I ordered last sunday at RC Mushroom and my paid Avast Internet Security did not mentioned a virus. Maybe your own own pc has a trojan which will be activated by certain website with online paying?
MrUnlimited is offline  
Old 03-20-2012, 06:18 AM
  #9  
R/C Tech Elite Member
iTrader: (315)
 
nexxus's Avatar
 
Join Date: Dec 2005
Location: Perth, Australia
Posts: 8,849
Trader Rating: 315 (100%+)
Default

We use Trend Micro at work and this fake security centre gets past it easily. Procedure for removing it is easy enough, tdskiller is what I use to ditch it.

But no, shouldn't happen.
nexxus is offline  
Old 03-20-2012, 03:06 PM
  #10  
Tech Regular
iTrader: (2)
 
Coelacanth's Avatar
 
Join Date: Aug 2010
Location: Alberta, Canada
Posts: 318
Trader Rating: 2 (100%+)
Default

Many, many sites are compromised with malware like this. What hasn't been said is exactly how to PREVENT those drive-by, "Warning: Your computer might be infected" popups. I've worked in I.T. for about 18 years now and I get no end of frustration cleaning malware variants of this same thing that's been going on for years now.

First, one needs to understand that popups like these are BOGUS, they're created to mimic your own, legitimate anti-virus/anti-malware programs. However, they are *not* windows from your Windows Explorer or My Computer, they're just webpages that are designed to LOOK like that. Note that as these are active websites with malware scripts running on them, you can't click ANYWHERE on them. Not on "No", not on "Cancel", not on the "X" to close it, and certainly not on "Yes".

You can defeat this oh-so-annoying & common fake AV/malware trick very easily by simply pressing CTRL + ALT + DELETE (or right-clicking the Taskbar and selecting "End Task"), and on your "Applications" tab, End Task on that particular Internet Explorer browser window. This will close that offending popup window without you clicking anywhere on a live, active website, but may probably also close your other open I.E. windows...but that's a lot better than inviting malware onto your computer.

Give it the 3-finger-salute whenever it happens and you'll never be fooled by that old trick.
Coelacanth is offline  
Old 03-20-2012, 03:10 PM
  #11  
Tech Regular
iTrader: (2)
 
Coelacanth's Avatar
 
Join Date: Aug 2010
Location: Alberta, Canada
Posts: 318
Trader Rating: 2 (100%+)
Default

Originally Posted by nexxus View Post
We use Trend Micro at work and this fake security centre gets past it easily. Procedure for removing it is easy enough, tdskiller is what I use to ditch it.

But no, shouldn't happen.
It gets by most antivirus software because it tricks the user into *inviting* it onto their computers. The user himself is allowing it to install by clicking anywhere on the active browser window. And although usually I can manually cripple & subsequently remove those kinds of infections with Safe Mode, TDSSKiller, Malwarebytes & AVast antivirus scans, not to mention manually deleting malicious Software and RUN keys from the correct places in Registry, some of them can get really badly entrenched in your system with many reboots. Anything that keeps a port open to the internet world at large (which is what TDSSKiller catches and kills) is a very bad thing, especially if you do online purchasing & banking.
Coelacanth is offline  
Old 03-20-2012, 03:12 PM
  #12  
Tech Fanatic
iTrader: (5)
 
Join Date: Nov 2010
Posts: 972
Trader Rating: 5 (100%+)
Default

I picked up the Security Shield malware from rc-mushroom last week, using Firefox. Once you have it, it prevents you from opening Task Manager or your anti-virus program. Pretty annoying, and I won't be visiting rc-mushroom again although I have been satisfied with their service in the past.
Steve S is offline  
Old 03-20-2012, 03:23 PM
  #13  
Tech Champion
iTrader: (17)
 
Join Date: Sep 2002
Location: Chicago Illinois USA
Posts: 9,265
Trader Rating: 17 (100%+)
Default

I know when I try go to Rc Mushroom last week their site was down....so I am sure it must be something going on with their site.

I will not visit that site for awhile then....
Solara is offline  
Old 03-20-2012, 03:25 PM
  #14  
Tech Regular
iTrader: (2)
 
Coelacanth's Avatar
 
Join Date: Aug 2010
Location: Alberta, Canada
Posts: 318
Trader Rating: 2 (100%+)
Default

Originally Posted by Steve S View Post
I picked up the Security Shield malware from rc-mushroom last week, using Firefox. Once you have it, it prevents you from opening Task Manager or your anti-virus program. Pretty annoying, and I won't be visiting rc-mushroom again although I have been satisfied with their service in the past.
Other variants of that malware do something a lot more troubling--some will delete all your Start Menu > Programs shortcuts other than the default Windows ones. All the programs are still installed and unharmed, but you no longer have any way to open them from the Start menu. In those cases, due to the large number of lost shortcuts, it's pretty much time for a re-image or reinstall of all your programs.

Other variants will mess up all your program associations, so Windows won't know what program opens which 3-letter file extension, but there's a pretty simple Registry patch to restore the associations.

The ones that disable Task Manager are usually not too hard to cripple. Just find the offending file(s), which are usually cryptically named with gobbledegook names, End Task on them (or rename them & reboot) and once the computer is rebooted, it should cripple the malware enough for you to do a thorough removal.

EDIT: Another variant I've seen more than a few times is one that makes all your folders & subfolders inside your user profile folder marked as "hidden", so that all your desktop icons vanish and it becomes a pain to fix. You can unhide the folders but it re-hides them shortly thereafter. There's a simple program that unhides all the folders but you have to first cripple the malware or it'll just happen again.

Last edited by Coelacanth; 03-20-2012 at 03:50 PM.
Coelacanth is offline  
Old 03-20-2012, 03:46 PM
  #15  
Tech Elite
iTrader: (6)
 
Fred Hubbard's Avatar
 
Join Date: Nov 2001
Location: Inglewood, CA
Posts: 2,721
Trader Rating: 6 (100%+)
Default

Just to be clear there's no pop-up, once you connect to and the site gets pulled down the threat installs immediately.
Fred Hubbard is offline  

Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright 2021 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.