Message boards :
Cafe SETI :
Actns/Swif.T virus affecting embedded YouTube vids?
Message board moderation
Author | Message |
---|---|
Dr. C.E.T.I. Send message Joined: 29 Feb 00 Posts: 16019 Credit: 794,685 RAC: 0 |
. . . strange things goin' on about the Net - see this: Actns/Swif.T virus affecting embedded YouTube vids? Apparently some sort of relatively aggressive virus is affecting certain embedded YouTube videos. Some are saying it affects IE and Firefox users, while others say it’s only going after IE. The virus is called Actns/Swif.T and seems to contain a redirect to a phishing website embedded within a SWF file. The site apparently installs Antivirus 2009, which is malware. We’ll pull our most recent YouTube embeds, but be careful because this one appears to have just broken out today. If you find yourself being automatically redirected or experience other weird pop-ups, especially for something called Antivirus 2009, don’t click on anything. [UPDATE: Spoke with Google/YouTube and apparently anti-spyware software from Computer Associates had been returning false positives, identifying certain files contained within YouTube embed codes as malware. The specific YouTube issue is apparently being corrected by Computer Associates and wasn’t actually harmful in the first place. If you’ve got CA software, you might want to check for any updates.] > here's a screen shot using Computer Associates Security Suite [one i pay for] . . . < more on this: Antivirus 2009 Recurring Trojan Horses Problems BOINC Wiki . . . Science Status Page . . . |
Stealth Eagle* Send message Joined: 7 Sep 00 Posts: 5971 Credit: 367,640 RAC: 0 |
Thanks for the update Richard. What you do today you will have to live with tonight |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
Nasty little program. I've had 2 customers this week totally infected by this. Sunday's customer was the best I've personally seen to date - 1905, the previous best was last Xmas, 1006. I've found it be a very nasty little bug & difficult to remove. Fortunately, I remove the HD & install it in an enclosure & attach to one of my rigs run AVG followed by Scandisk(very important this is done) & once finished go to (Replace X with what drive letter comes up) X:\Program Files\Antivirius2009 & delete folder. So far, on reinstalling HD into original rig, all aok. |
Allie in Vancouver Send message Joined: 16 Mar 07 Posts: 3949 Credit: 1,604,668 RAC: 0 |
Crap. I live and breathe YouTube. Best be careful for awhile until Mr’s Norton and SpyBot (and the folks at YouTube) find a cure. Thanks Richard. Pure mathematics is, in its way, the poetry of logical ideas. Albert Einstein |
Labbie Send message Joined: 19 Jun 06 Posts: 4083 Credit: 5,930,102 RAC: 0 |
Nasty little program. I've had 2 customers this week totally infected by this. The best tool I've found for removing AntiVirus 2009 is from Malwarebytes. It does leave some stuff that you have to clean up manually, but does a better job than any of the others that I've tried. Calm Chaos Forum...Join Calm Chaos Now |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
Thanks Labbie. I'll download it & add it to my toolkit. |
Dr. C.E.T.I. Send message Joined: 29 Feb 00 Posts: 16019 Credit: 794,685 RAC: 0 |
. . . btw - i was Originally 'hit' with this one via the MySpace Pages WatCh out! which links you click on - know what i mean . . . ps- IF you each want - Google the name of this Virus - there's a lot there for INFO. gotta run now - l8Tr y'all . . . < oops - and Your Welcome too . . . BOINC Wiki . . . Science Status Page . . . |
Dr. C.E.T.I. Send message Joined: 29 Feb 00 Posts: 16019 Credit: 794,685 RAC: 0 |
[Update]: YouTube\Google has responded and reports that the virus warning is a false positive(not really a virus) being reported by CA Anti-virus. CA is reportedly working on a update at the moment, but according to my software it has not released it yet. [Update2]: CA has released a fix for the false positive. It is recommended that you update your software now. The fix was included with the Anti-virus data update v. 6840.0.0.0. > you'll know IF your hit by this - pages cascade quite rapidly - even though your software is protecting you - make sure you shut down & re-boot when your system tells you to - THEN run another scan . . . [might want to re-build a NEW Restore Point] . . . < g'nyt for now . . . BOINC Wiki . . . Science Status Page . . . |
DragonFly Send message Joined: 8 Sep 06 Posts: 96 Credit: 233,487 RAC: 0 |
I think I found your virus.dont go to this site,you can put this in internet options/security/restricted sites. Dont go to this site,if you do put it into your restricted sites,make sure your security settings are at the highest possible.This creepy site crashed my other computer,deleted my boot file and created annoying popups.After spending all afternoon fixing my computer I got the creepy sites address it http://protectionfastscanner.com/360/1/en/freescan.php?sid=77052216840 Do not go to that site,if a pop up ask you if you want a free scan, control,alt/delete it,dont touch it I think I was infected at myspace |
Dr. C.E.T.I. Send message Joined: 29 Feb 00 Posts: 16019 Credit: 794,685 RAC: 0 |
. . . Dragon - read my post right below you [the Update2] > it's a 'False-Positive' NOT a Virus one should never 'OPEN' a file nor a site that pops-up and asks you to do anything - figure it's called 'Common-Sense' and IF one does - update the Virus Signatures . . . BOINC Wiki . . . Science Status Page . . . |
Fuzzy Hollynoodles Send message Joined: 3 Apr 99 Posts: 9659 Credit: 251,998 RAC: 0 |
I think I found your virus.dont go to this site,you can put this in internet options/security/restricted sites. That's a nasty little bugger. I laughed out loud when I saw this message: Click the pic because I have Microsoft's Security disabled, my Kaspersky Internet Security requires that. And that pop-up was hard to get rid of, it tried to install that program/virus/trojan/whatever no matter what, but it disappeared when I opened an another site in that tab. But I'll bet a lot of people fall for that scam. "I'm trying to maintain a shred of dignity in this world." - Me |
DragonFly Send message Joined: 8 Sep 06 Posts: 96 Credit: 233,487 RAC: 0 |
I looked at your screen shot.I have seen that virus pop up thing before.But this is a new one it doesnt look like that. I didnt fall for the pop up.I didnt touch it.I control alt deleted to close my browser,but somehow it still got into my system.I managed to get the windows unit to microsoft.com.Microsoft has a live care safety scann thing.It found the virus but couldnt get rid of it,but it did help somewhat.The scanner found something called support.com that had to be blocked. |
Dr. C.E.T.I. Send message Joined: 29 Feb 00 Posts: 16019 Credit: 794,685 RAC: 0 |
I looked at your screen shot.I have seen that virus pop up thing before.But this is a new one it doesnt look like that. I didnt fall for the pop up.I didnt touch it.I control alt deleted to close my browser,but somehow it still got into my system.I managed to get the windows unit to microsoft.com.Microsoft has a live care safety scann thing.It found the virus but couldnt get rid of it,but it did help somewhat.The scanner found something called support.com that had to be blocked. . . . support.com is an online PC support company that solves hundreds of PC problems every day. From virus removal to optimizing a slow computer, we are the leaders in developing remote technology to diagnose, repair, and optimize your computer. The company is based in Redwood City, CA in the heart of Silicon Valley. if you're using IE7 - cursor OVER any LINK and read what the Pop-Up Dialog Box tells you - whether OR Not it's a Safe-Site to go to . . . ;) and, i quote again: it's all related to a "False-Postive" . . . > Note Incidents on: You-Tube, Face-Book & MySpace BOINC Wiki . . . Science Status Page . . . |
Misfit Send message Joined: 21 Jun 01 Posts: 21804 Credit: 2,815,091 RAC: 0 |
That's a nasty little bugger. I laughed out loud when I saw this message: I gave you a light chuckle when I saw you blotted out your email address. Way to go! ;) me@rescam.org |
Paul D Harris Send message Joined: 1 Dec 99 Posts: 1122 Credit: 33,600,005 RAC: 0 |
I had a false positive the other day. It was some kind of html doc that was labeled by my AV as some kind of phising thing. I opened the html doc with note pad to read the code and I saw nothing bad and I deleted it. I have found other viruses and saved them to a floppy and transferred it to my old laptop that is isolated and opened it with an editor and read the code you would be surprised what all I read the virus spread about 98 times to different directories real fast. I then wipe the drive after I read the code and deleted the floppy and reloaded windows. I use to collect viruses and Trojans and would read the code. But it got to be silly and I no longer collect them. Sometimes I will set up what is called a "honey pot" to trap the viruses and get their IP and then I would freak them out with an email and would received phony threats which would never surface. |
Blurf Send message Joined: 2 Sep 06 Posts: 8962 Credit: 12,678,685 RAC: 0 |
I get lots of Keylogger warnings lately from Kapersky (stay out of my machine, Misfit! :) ) |
Misfit Send message Joined: 21 Jun 01 Posts: 21804 Credit: 2,815,091 RAC: 0 |
I get lots of Keylogger warnings lately from Kapersky No way. I'm gonna make boincwide profile pics from those *ahem* images I stole. me@rescam.org |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.