R/C Tech Forums

Go Back   R/C Tech Forums > General Forums > Electric On-Road

Reply
 
Thread Tools Search this Thread
Old 03-19-2012, 05:11 AM   #1
Tech Master
 
chrisk's Avatar
 
Join Date: Sep 2007
Posts: 1,089
Trader Rating: 32 (100%+)
Default Rc Mushroom virus

I just went to RC mushroom and got a virus whilst I was there on their site.

It installed Security Shield which is a virus, I was using Firefox and my anti virus (trend micro) didn't pick it up. Just did some reading and found others had been infected as well.

Just a heads up, I had ordered of them about a month ago and all was ok but now their site is infected
__________________
TAMIYA - SMOKEM - REEDY
smaracing.org
chrisk is offline   Reply With Quote
Old 03-19-2012, 05:25 AM   #2
Tech Adept
 
sagejyoung's Avatar
 
Join Date: Feb 2009
Location: Johannesburg, South Africa
Posts: 170
Default

Quote:
Originally Posted by chrisk View Post
I just went to RC mushroom and got a virus whilst I was there on their site.

It installed Security Shield which is a virus, I was using Firefox and my anti virus (trend micro) didn't pick it up. Just did some reading and found others had been infected as well.

Just a heads up, I had ordered of them about a month ago and all was ok but now their site is infected
hi where did you do that reading i buy from them often and havent seen it.
sagejyoung is offline   Reply With Quote
Old 03-19-2012, 05:37 AM   #3
Tech Master
 
chrisk's Avatar
 
Join Date: Sep 2007
Posts: 1,089
Trader Rating: 32 (100%+)
Default

http://www.rctech.net/forum/australi...got-virus.html


I bought from there just over a month ago as well but went on their tonight and got the virus
__________________
TAMIYA - SMOKEM - REEDY
smaracing.org
chrisk is offline   Reply With Quote
Old 03-19-2012, 07:00 AM   #4
Tech Elite
 
Fred Hubbard's Avatar
 
Join Date: Nov 2001
Location: Inglewood, CA
Posts: 2,719
Trader Rating: 6 (100%+)
Default

+1 Their site does hit you a "driveby download" and installs "Security Center." RC Mushroom fix your damn site!!!
__________________
Goodwine Racing - RC America - XRAY - HUDY - Sanwa - Motiv - GravityRC - BN Racing
Fred Hubbard is offline   Reply With Quote
Old 03-19-2012, 10:32 AM   #5
Tech Adept
 
Ariel Reds's Avatar
 
Join Date: Feb 2011
Location: Hiliran, Kuala terengganu
Posts: 145
Default

its happened to me to
__________________
Team Max EP Terengganu.
Kuala Terengganu Radio Control Club.
Joy and Passion, its all about.
Ariel Reds is offline   Reply With Quote
Old 03-20-2012, 06:18 AM   #6
Tech Regular
 
ghiro's Avatar
 
Join Date: Jun 2007
Location: Switzerland
Posts: 315
Send a message via Skype™ to ghiro
Default

Holy crap!!!!
Went to RCmushroom last nite to buy some stuff with my MacBook but it didn't came up with anything, hope the Virus didn't picked up my Credit card data's.
__________________
Capricorn TE01-Associated RC10R5.1-Atomic VM2-Serpent Cobra811 BE-Honcho-Losi MRC/RcBros-SandScorcher-MERV
DJI' F550-HubsanX4-Toy'sPort Zorro
ghiro is offline   Reply With Quote
Old 03-20-2012, 06:51 AM   #7
Tech Rookie
 
Join Date: Sep 2010
Location: Denmark
Posts: 16
Default

It's not that kind of a virus. All it does is keep shutting down your programs because it thinks that there are problems with all your programs.

It recommends that you buy the "full version" of Security tool or what it's called. It's only a pain in the ass but don't destroy anything. It is relative easy to remove.
ssoslot is offline   Reply With Quote
Old 03-20-2012, 06:53 AM   #8
Tech Elite
 
MrUnlimited's Avatar
 
Join Date: Oct 2005
Location: Netherlands
Posts: 2,465
Default

Strange, I ordered last sunday at RC Mushroom and my paid Avast Internet Security did not mentioned a virus. Maybe your own own pc has a trojan which will be activated by certain website with online paying?
__________________
U5 Formulaboat 1/8 hydroplane - MHZ138 AQUAMANIA - Axial Exo Terra - Tamiya Avante - LC Racing EMB1 - Atomic AMZ 4WD Touring car
MrUnlimited is offline   Reply With Quote
Old 03-20-2012, 07:18 AM   #9
Tech Champion
 
nexxus's Avatar
R/C Tech Elite Subscriber
 
Join Date: Dec 2005
Location: Perth, Australia
Posts: 8,097
Trader Rating: 302 (100%+)
Default

We use Trend Micro at work and this fake security centre gets past it easily. Procedure for removing it is easy enough, tdskiller is what I use to ditch it.

But no, shouldn't happen.
__________________
A800 / A800X Awesomatix

Don't worry about what I'm doing.
Worry about why you're worried about what I'm doing.

"Ego is the anesthesia that deadens the pain of stupidity."

nexxus is offline   Reply With Quote
Old 03-20-2012, 04:06 PM   #10
Tech Regular
 
Coelacanth's Avatar
 
Join Date: Aug 2010
Location: Alberta, Canada
Posts: 318
Trader Rating: 2 (100%+)
Default

Many, many sites are compromised with malware like this. What hasn't been said is exactly how to PREVENT those drive-by, "Warning: Your computer might be infected" popups. I've worked in I.T. for about 18 years now and I get no end of frustration cleaning malware variants of this same thing that's been going on for years now.

First, one needs to understand that popups like these are BOGUS, they're created to mimic your own, legitimate anti-virus/anti-malware programs. However, they are *not* windows from your Windows Explorer or My Computer, they're just webpages that are designed to LOOK like that. Note that as these are active websites with malware scripts running on them, you can't click ANYWHERE on them. Not on "No", not on "Cancel", not on the "X" to close it, and certainly not on "Yes".

You can defeat this oh-so-annoying & common fake AV/malware trick very easily by simply pressing CTRL + ALT + DELETE (or right-clicking the Taskbar and selecting "End Task"), and on your "Applications" tab, End Task on that particular Internet Explorer browser window. This will close that offending popup window without you clicking anywhere on a live, active website, but may probably also close your other open I.E. windows...but that's a lot better than inviting malware onto your computer.

Give it the 3-finger-salute whenever it happens and you'll never be fooled by that old trick.
__________________
"Paranoia roams where the shadows reign." ~Marillion
Coelacanth is offline   Reply With Quote
Old 03-20-2012, 04:10 PM   #11
Tech Regular
 
Coelacanth's Avatar
 
Join Date: Aug 2010
Location: Alberta, Canada
Posts: 318
Trader Rating: 2 (100%+)
Default

Quote:
Originally Posted by nexxus View Post
We use Trend Micro at work and this fake security centre gets past it easily. Procedure for removing it is easy enough, tdskiller is what I use to ditch it.

But no, shouldn't happen.
It gets by most antivirus software because it tricks the user into *inviting* it onto their computers. The user himself is allowing it to install by clicking anywhere on the active browser window. And although usually I can manually cripple & subsequently remove those kinds of infections with Safe Mode, TDSSKiller, Malwarebytes & AVast antivirus scans, not to mention manually deleting malicious Software and RUN keys from the correct places in Registry, some of them can get really badly entrenched in your system with many reboots. Anything that keeps a port open to the internet world at large (which is what TDSSKiller catches and kills) is a very bad thing, especially if you do online purchasing & banking.
__________________
"Paranoia roams where the shadows reign." ~Marillion
Coelacanth is offline   Reply With Quote
Old 03-20-2012, 04:12 PM   #12
Tech Fanatic
 
Join Date: Nov 2010
Posts: 972
Trader Rating: 5 (100%+)
Default

I picked up the Security Shield malware from rc-mushroom last week, using Firefox. Once you have it, it prevents you from opening Task Manager or your anti-virus program. Pretty annoying, and I won't be visiting rc-mushroom again although I have been satisfied with their service in the past.
Steve S is offline   Reply With Quote
Old 03-20-2012, 04:23 PM   #13
Tech Champion
 
Join Date: Sep 2002
Location: Chicago Illinois USA
Posts: 9,106
Trader Rating: 16 (100%+)
Send a message via ICQ to Solara Send a message via AIM to Solara
Default

I know when I try go to Rc Mushroom last week their site was down....so I am sure it must be something going on with their site.

I will not visit that site for awhile then....
Solara is offline   Reply With Quote
Old 03-20-2012, 04:25 PM   #14
Tech Regular
 
Coelacanth's Avatar
 
Join Date: Aug 2010
Location: Alberta, Canada
Posts: 318
Trader Rating: 2 (100%+)
Default

Quote:
Originally Posted by Steve S View Post
I picked up the Security Shield malware from rc-mushroom last week, using Firefox. Once you have it, it prevents you from opening Task Manager or your anti-virus program. Pretty annoying, and I won't be visiting rc-mushroom again although I have been satisfied with their service in the past.
Other variants of that malware do something a lot more troubling--some will delete all your Start Menu > Programs shortcuts other than the default Windows ones. All the programs are still installed and unharmed, but you no longer have any way to open them from the Start menu. In those cases, due to the large number of lost shortcuts, it's pretty much time for a re-image or reinstall of all your programs.

Other variants will mess up all your program associations, so Windows won't know what program opens which 3-letter file extension, but there's a pretty simple Registry patch to restore the associations.

The ones that disable Task Manager are usually not too hard to cripple. Just find the offending file(s), which are usually cryptically named with gobbledegook names, End Task on them (or rename them & reboot) and once the computer is rebooted, it should cripple the malware enough for you to do a thorough removal.

EDIT: Another variant I've seen more than a few times is one that makes all your folders & subfolders inside your user profile folder marked as "hidden", so that all your desktop icons vanish and it becomes a pain to fix. You can unhide the folders but it re-hides them shortly thereafter. There's a simple program that unhides all the folders but you have to first cripple the malware or it'll just happen again.
__________________
"Paranoia roams where the shadows reign." ~Marillion

Last edited by Coelacanth; 03-20-2012 at 04:50 PM.
Coelacanth is offline   Reply With Quote
Old 03-20-2012, 04:46 PM   #15
Tech Elite
 
Fred Hubbard's Avatar
 
Join Date: Nov 2001
Location: Inglewood, CA
Posts: 2,719
Trader Rating: 6 (100%+)
Default

Just to be clear there's no pop-up, once you connect to and the site gets pulled down the threat installs immediately.
__________________
Goodwine Racing - RC America - XRAY - HUDY - Sanwa - Motiv - GravityRC - BN Racing
Fred Hubbard is offline   Reply With Quote
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
RC Mushroom got virus? kinga Australian Racing 34 03-24-2012 11:45 PM



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -7. It is currently 04:58 AM.


We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
Powered By: vBulletin v3.9.2.1
Privacy Policy | Terms of Use | Advertise Content © 2001-2011 RCTech.net