Is this dodgy? (Eek Errorsafe malware!)

[Squinky]

Yes.

[ManicMatt]

Okay, I've got firefox running.

It seems slower than IE, with all the images not being there for a moment before popping up, but then I think I'm having problems with my internet provider, AGAIN, the same problems as last time! (Google and yahoo cannot be found in either IE or firefox, but everywhere else seems fine)

At least, I think it's my internet provider. The "medical" program that they supply (NTL) says it's not my connection, but an error with the browser. What, both browsers?

Oh, and I just went on a website that was gonna be about xmen 3 and then a pop up came with the EXACT message as before about errors on my browser that could occur, the only difference being it said "firefox error" instead of "internet explorer".

So I DIDN'T press cancel, I clicked on the x. Whoops. Should I bring up the task manager in the future to shut the bloody thing down?

[Sam.]

Im not sure how correct I am, but there is a chance the virus got in because of poor security, either on your virus scanner or through some fault of IE and it can now see you are using FF. The virus is porbably not coming every time you see the message, so it will no longer be the fault of the browser you're using?

I suggest a full virus scan, and in future, anything that offers you anything via an internet explorer, or firefox popup is not to be trusted.

[InCreator]

Oh hell, just...

1. Download and install Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
Let it install Teatimer too, so you'll always know if something new is added to computer and nothing would be installed behind without you knowing it.

2. Download and install CleanUp!
http://www.stevengould.org/software/cleanup/

3. Run Cleanup!, remove everything

4. Restart computer, tap F8 during boot and from menu, start windows in safe mode

5. Run Cleanup! again

6. Run Spybot S&D and remove everything it found

7. Start > Run > msconfig
Uncheck everything suspicious from startup... for example,

c:\winstall.exe

may sound important, but is simply a virus. No programs reside on disk root!
Also, look out for strange names, such as cjBZjhh72 and adv.something or someAd

Don't be afraid to disable something too important, just stay off from RunDll lines (there could be few). Other useful things are most likely one or two video card and soundcard configuration lines.

There's nothing critical you could mess up. If you still somehow do, just restart in safe mode again and enable these again.

8. optionally, use other anti-adware and antiviruses aswell, to make sure you got em all.

Then restart computer in normal mode and pray.

[ManicMatt]

Thanks thanks thanks!

Oddly Yahoo started working yesterday by itself...

Anyway I did all that just to be sure, and remembered that I already have spybot S&D and teatimer, but it's just dormant.

It found things that Ad-Aware couldn't. Including... WINFIXER!! GRRR!!

There were no dodgy looking things in msconfig, fortunately.

So, how do i config Spybot to come on everytime I start up my PC without the program coming up on my screen.. as in I want it to just silently appear on my bar at the bottom alongside Symantic and Zone alarm.

Cleanup deleted over a GIG'S worth of temp files!!!!! I don't get that, I already thought I'd deleted the files not so long ago, there must be some other temp folders I don't know about on windows.

[AGA]

At one point I was using Spybot, AdAware, MS AntiSpyware and a couple of other lesser-known aps I can't remember off the top of my head. All of them found stuff the others didn't. No one method is foolproof, although MS AntiSpyware (now called Windows Defender) is probably my personal favourite.

[ManicMatt]

I think i will try that Windows defender as yesterday i had a visit from the system doctor again (and pressed Alt-F4- thanks Squinky!) and now maybe by coincidence I can't load up yahoo or google, the two most frequently visited sites i go to.

Either I get that damn page not found screen or it says "done" when it's a blank page.

All this and that one new email i have is probably Amazon spam!

I updated search and destroy and found this nugget on my computer:

"Product: ErrorSafe
Threat: Malware


Description
ErrorSafe pretends to be an antivirus programm. It mainly appears in connection with a Smitfraud-C infection and is praised on a blue screen. Having installed the software one has to accept an insufficient Privacy. There is no button to deny this privacy. A scan with ErrorSafe reveals several problems that allegedly need to be removed urgently in order to rescue the computer. At this point the user is requested to buy the whole program for an"

The info is cut off.. I DID see a blue screen today prior to the system doctor popping up! (Which i might add when I closed off the advert I lost my place on the net GRR!!)

If I can get a search site to work I'm gonna check out what a Smitfraud-C virus is. heck, this site didn't work half an hour ago, SOMETHING must be wrong!

[LimpingFish]

AdAware/SpyBot/ZoneAlarm/Firefox.

This has proven, for me anyway, to be a fairly safe combination.

I don't have any Anti-Virus software. I never bought the level of hysteria generated by Anti-Virus software manufacturers, and since a majority of viruses are spread through E-Mail, once you don't open any suspicious e-mails (AnNa KoUrNiKoVa NuDe!!!) you should be fairly safe.

Every time I update SpyBot, I run its immunization procedure and it blocks any new threats that have been added to its database.

Its been a long time since it found anything on my system.

Regarding SpyBots tea timer function, I think this only works with IE. :/

EDIT: btw, how many user accounts are on your PC? My brother got stuck with the Trek Blue Nuke Error trojan/bot/thingie and everytime SpyBot cleaned his system and rebooted his PC the TBNE would just replicate itself from his wife's user account. It took a rollback to factory settings (Dell PC's have this feature, a hell of a lot more thorough then a Windows XP System Restore, but it deletes EVERTHING that wasn't on your system when it left the factory.) before all was right with the world.

[Huw Dawson]

The only things I use are Ad-Aware and Firefox. No firewall, no anti-virus software. This is due to the amazingness of having SP1, meaning that very few SP2 viruses work on my computer. 

- Huw

[ManicMatt]

I just got the one account. Anyway, I have come to the conclusion that there is now nothing wrong with my computer, as NTL have just got back to me with a personalised message (not) saying they're having connectivity problems across the country.

So much for their "broadband medic" that told me it's my browser at fault and not the connection. I think the problem lies with the fact that it seems to test your connection by loading up their own website, which is just a daft and limiting way of looking for problems.
Why not check the connection on the page I was having trouble loading up?

At least, I hope it's them and not me!

Still eh, if this had not happened, you guys wouldn't have got me on firefox and helped me find out that I have winfixer AND errorsafe living on my computer!

Have a larry icon! It's the first time I think I've used it, so I'm using it for a special occasion, having handy peeps on this forum yay!

So, um, if you need help yourselves with er.. videogames or something, drop me a line!

[SSH]

A good idea in general is to only surf the web in an XP User Account that doesn't have admin priviledges. Just open the control panel and create a new user for surfing. A bit of a pain, but if you enable fast user switching too, it isn't too bad.

[Phemar]

You people over-react.

I use Firefox. That's it. I've NEVER ever had any viruses or spyware. It's all just hype.

[dasjoe]

oh well, that's what you think. and thanks to you ignorant people we have to fear ddos and stuff like that >:(

[Radiant]

oh well, that's what you think. and thanks to you ignorant people we have to fear ddos and stuff like that

No, we have to fear DDOS and the like due to the ignorant people at Microsoft who can't build a decently secure application. It is a known and verifiable fact that most MS applications are significantly less secure than other parties' apps, such as Firefox or indeed Linux. Over 90% of viruses, trojans and malware use stupid exploits that exist in IE or Outlook, and can thus be avoided by using better applications.

[SSH]

Actually, I think a lot of malware these days uses social engineering to a greater or lesser extent, and so the attitude of "I dont use MS therefore I'm invulnerable" is very dangerous.

[Helm]

social engineering

further explain

[SSH]

Well, despite repeated warnings from all quarters to:

* not open email attachments you're not expecting
* check that the address that a link goes to is correct
* check for the padlock icon when accessing a site that takes a password or other confidential info
* don't accept self-signed SSL certificates

People still do silly things. All the time.

See: http://people.deas.harvard.edu/~rachna/papers/why_phishing_works.pdf

[Kweepa]

It is a known and verifiable fact that most MS applications are significantly less secure than other parties' apps, such as Firefox or indeed Linux.

I doubt that. It may be a known and verifiable fact that MS applications have significantly more known vulnerabilities than other parties' apps, but that's because the apps are more widespread, and that's why it makes sense to use Firefox &c. If Firefox ever became the standard, it would become the target of malware, and then we'd actually see whether it is more or less secure than IE. (I'm not making claims either way. Nor am I addressing the open source issue.)

[Radiant]

It is a known and verifiable fact that most MS applications are significantly less secure than other parties' apps, such as Firefox or indeed Linux.

I doubt that. It may be a known and verifiable fact that MS applications have significantly more known vulnerabilities than other parties' apps, but that's because the apps are more widespread,

That is what the Microsoft marketing department wants you to think. While it is obviously true that the most popular browser will have its flaws exposed quicker than any other, it is also true (although less obvious) that (1) IE has significantly more flaws than other browsers, some of which a result of flawed design, and (2) Microsoft is significantly slower in fixing those flaws than other companies.

"Exploitation of Internet Explorer's security holes has earned IE the reputation as the least secure of the major web browsers."

"Art Manion, a representative of the United States Computer Emergency Readiness Team (US-CERT) noted in a vulnerability report that the design of Internet Explorer 6 Service Pack 1 made it difficult to secure."

"The Apache HTTP Server, for example, had a much larger market share than Microsoft IIS, yet Apache has traditionally had fewer (and generally less serious) security vulnerabilities than IIS."

"In an October 2002 interview, Microsoft's Craig Mundie admitted that admitted that Microsoft's products were "less secure than they could have been" because it was "designing with features in mind rather than security.""

"Microsoft has also not responded as quickly as competitors in fixing security holes and making patches available. Not only are there more holes in Explorer, but holes remain unpatched for a longer time. ... As of May 28, 2006, Secunia reports 101 vulnerabilities in Internet Explorer, 21 of which are unpatched. In contrast, Mozilla Firefox, the main competitor to Internet Explorer, is reported to have only 31 security vulnerabilities, of which 4 remain unpatched."

(source: Wikipedia)

[SSH]

(source: Wikipedia)

So it must be true and totally unbiased! 

More on social engineering: http://www.theinquirer.net/?article=32311