Wide World of Women

Sorry guys, but I hate to be the bearer of bad news. There is a rootkit virus lurking on one of the links here. Honestly, I'm not sure where, but it maybe on one of the Hispanic threads. The rootkit is the seneka rootkit...and it's a nasty one. You can tell a couple of different ways: first, a popup of Antivirus 2009 comes up. NOT NOT SAY OK OR CANCEL TO IT!! Just hit the X. A second way to tell if you got infected is to go to your device manager. Go to view, and then to show hidden devices. Go then to the non-plug and play devices. If you see TDSSRV, you're in trouble. I worked for 3 days to try to get it off my PC. Finally, I gave up and reformatted my HD. Please someone take a look at the links in the Hispanic threads and see if we can work on getting this fixed. I certainly don't want anyone to get infected. Rootkits are very nasty, and pretty much impossible to get rid of 100%. If anyone has any questions, please feel free to respond to the thread. Let's make sure viewing our favorite babes is virus fee. I love this site, and I don't want anything happening to it.

P.S. here is a quick google search on the service.

http://www.google.com/search?hl=en&q=td ... =0&oq=tdss

Are you sure it was in one of the Hispanic threads? The only way you would have gotten is if you clicked one of the links. I am not aware of anyone else having it.

Thank you for the reponse. To be honest, I'm not sure. Yes I did click on 1 of the links. The way I know for sure it started from here was after I reformatted, I saw the popup coming again a second time. I went from XP to Windows 7 Beta, so the "nanny" (and me not running as an administrator) stopped anything from happening.

What the hope is we can pinpoint what link it is and remove it so no one has to go through what I did. I'm in IT, but others may not, and I don't want them to lose anything, you know?

I hear you and I did quick run through of the Hispanic posts and I didn't see any weird links. However, it could have been a normal link that we have always used and the ad on that particular link had malware.

It would not have been the first time we have seen that. Last year we had seen imagevenue have an ad that had malware and imagevenue had no clue until it was brought to their attention.

Since ads are usually rotated, it would be hard to pinpoint which one caused your problems. It seems all of the image sites use porn ads to help supplement their income and it those kind of ads that generate the malware type ads.

I wish we (admins & mods) could help out more but hard to do without exact specifics.

you are right. It will be hard to pinpoint this thing. The thing that bothers me the most about it is that it isn't a regular virus that most antivirus solutions will pick up. Rootkits are nasty little buggers and a normal user could be infected and not even know it. These things open up ports and download additional viruses, they also get right into the OS kernel and can hide quite well there. I wish I knew exactly what link we are dealing with. Maybe I can get a test PC up this week and try to get it infected. If I get "lucky" I will give you the exact link and you can get it off the site. That's pretty much the only thing I can think of right now.

The culprit, I'm almost 100 % sure, was an ad in the one of the image hosts.

Sadly, pretty much every FREE imagehost don't check there ads thoroughly before displaying them so the advertisers are getting more malicious.

Best way to protect yourself is: Stop using IE, Use FireFox and install Ad-Block Plus and potentially NoScript. You won't get anything that way.

I am hoping to find it this week if I can get a test enviorment up.

The funny thing is, I was using Firefox. It also grabbed a hold of IE and Google Chrome.

I found another link with it.

http://wideworldofwomen.net/WWW/viewtopic.php?t=100796

I am 100% sure on this one.

Use No Scripts with Firefox, and you won't have any problems.

I didn't see anything when I checked it out. When I clicked on one of the pics, there were no ads on the ImageBam page. Like BPM said it could have been a bad ad.

It could be that you were infected from something else and the link activates the virus you already have on your computer. More and more computer viruses work in a 1-2 punch form. Where you're infected and it takes something else to activate it. This way it's harder to find it on your computer with a virus scan and it could take hours, days, weeks before you click on something that activates it. This makes it almost impossible to find the root cause.

a good theory, but I did get the rootkit on Windows XP. I then deleted my partition, installed Windows 7, and it tries to install again. If I was still on the same OS, that would be a viable option.

I am going to make sure this doesn't happen, so I am going to use the no scrip add for FF. I do appreciate everyone working on this. Thank you very much!!

This is bad/shallow advice. The best way to protect yourself is to never do anything over the internet with administrator privileges enabled. Period. Every other precaution is just a feeble bandaid compared with letting all the wonderful security machinery built into the operating system take care of business for you.

Working as a non-admin sucks though. You have to go back and forth to do simple things, and not every app works. Fusion recording software is one example. When you set up other users on the PC, the software misses recordings and is totally unreliable.

Two things: first, I don't know about he 'go back and forth to do simple things" -- I almost never need to do anything on my system that needs admin privileges. I admit it took a little futzing with ACLs and some other tweaking to get things settled down (this on XP/Pro -- on Vista I've had to do essentialy *no* fiddling to get it to be perfectly behaved from a non-admin account], but even if you believe that you absolutely must run as admin (although whenever I talk to people about this their reasons are generally utterly bogus), there's just no reason whatsoever to run your IM client, your browser, you email client, and apps of that ilk as administrator. [google for "dropmyrights"]

Second, you're right, there are a few apps that for various reasons need to run as administrator [Nero is another]. That's what "run as" is for... But seriously, it is very easy to use run-as [or go into the advanced properties of its shortcut and set the "run with different credentials" box] to run a particular app as adminstrator out of your limited account (that's what I do for Nero, which is about the only non-system-administration app I have that needs admin privs). If you just can't abide typing in your admin password to run these apps you can use 'runasuser' (q.v.)and it'll handle the mechanics and hide it all for you.

And notwithstanding the quibbles, it doesn't change the bottom line fact that running as administrator is dangerous, and, IMO, foolish. Period. You can argue that you prefer the convenience of never being nagged or having to do anything "extra" to run an app, and so fine: but then don't complain if/when your convenience bites you in the shorts and your system gets trashed. All of those security-bandaids are pretty close to being snake oil -- they provide very little security and mostly serve as scare-tactic marketing vehicles to keep the McAfees and such rich, feeding on the laziness and fears of the average Windows user.

XP and Vista are very secure operatings systems, and that's without any of that add-on crap!, but only if you don't turn off all the security machinery!! And if you do turn off the security machinery, there's essentially no way to plug all of the moving-van-sized security holes you've now opened in your own system. Windows's biggest security problem is that its uses insist on shooting themselves in their collective feet.

I'm not saying it's not a good idea to use a non admin user. I'm pointing out that there are inconveniences you might have to deal with.

Nero has settings for burning rights and what not, but there are a lot of apps that don't. Fusion for example is one of them. And unless I'm home in front of my computer all day long to switch to admin to record a show, then it's not feasible to use another non admin user account. I can't even set the configuration for channels or decoder.

Xbox-360 Media Center Extender is another one. I use my computer as an almost unlimited DVR to any TV I hook up my 360 to. It doesn't work unless I'm signed on as Admin. Again, I could set it to non Admin account then go from the batcave to the 2nd floor office every time I feel like watching something, but that sort of defeats the purpose of having everything ready for viewing....especially when company is over.

Look...there's risk in almost everything. It's all about risk management. If you take a few precautions like anti virus software, script blocking add ons, and maybe an app that notifies you of registry changes, then you greatly reduce the chances of getting a virus. Removing viruses can take time, but I'd rather deal with a few hours and a headache to be able to have the computer run as I want it.