CLIFFS:
- Fake hyperlink that looks like legit website tricks user into hackers website
- Hackers website looks legit but asks you to install JAVA application
- If you ACCEPT Java application you execute virus that installs a RAT that steals all your saved browser passwords + potentially record keystrokes/capture webcam
- If you DECLINE you should be OK but do full virus scan every day from now on
- If you have clicked it and become infected see below for removal instructions + Change all passwords immediately
- To protect yourself see below to disable JAVA on your browser + NEVER CLICK LINKS before you check them
- To DETECT and REMOVE please download a copy of AVG free antivirus - This is a new virus and only detectable by 4 out of the top 25 antivirus software AVG is the only free antivirus that can detect the JORI.EXE file that carries the virus. Download AVG free and do full system scan
The following are the ONLY Antivirus detects the jori.exe virus
ESET NOD32
AVG
DrWeb
Norman
Someone is tricking MISCers into visiting a webpage that downloads a virus and infects their computer
This guy used BBCODE to make a hyperlink that read break.com but ACTUALLY took you to a website with a virus instead.
(Just a note if you see a clickable link anywhere on the internet put your cursor over the link and at the bottom of firefox it tells you where that link is going)
As you can see in this picture the hyperlink looks like break.com but at the bottom you see it is really taking you elsewhere
We have been able to determine that if you visit the link you will be asked to download a JAVA applet. If you accept then you will be infected. If not then you SHOULD be ok.
The virus captures ALL locally saved passwords, this means all the passwords you have saved in your browser such as for bb.com as well as for paypal, steam e.t.c IF you have clicked then change ALL saved passwords immediately.
- However it is possible that the virus serves other purposes too such as recording keystrokes and webcam capture.
TO DISABLE JAVA ON FIREFOX TO MAKE YOU IMMUNE TO THESE JAVA EXPLOIT ATTACKSMikerub
How to remove
Download Malwarebytes, it's a free and very reliable virus scanner.
http://www.malwarebytes.org/
Scan your computer and if nothing was detected here is how you can see if you're actually on this guys RAT.
http://www.youtube.com/watch?feature...&v=zYa9RWiTxwo
If you did run the JAVA application avoid typing in sensitive passwords as he can view your desktop, keystrokes and much more.
Firefox > Adons > Plugins > Java > Disable
Someone is attacking the MISC. Nobody attacks the MISC.
EDIT: It has come to my attention that the user Vanzale is most probably just a compromised account. If you clicked the link you should run a full AV scan as well as clearing browser cache and cookies.
Gentlemen...we are at war
CONFIRMED HACKED MISCERS
Rambo26
Vanzale
VladimirVega
These accounts have all been used to spread the virus
The virus is is trying to get you to download is a RAT (Remote Administration Tool) If you visited the site you were prompted to run JAVA. If you hit accept you automatically installed the virus and it is on your computer now and he can do as he wishes.
He can view your entire computer, webcam, and basically do anything he wants.
How to remove
Download Malwarebytes, it's a free and very reliable virus scanner.
http://www.malwarebytes.org/
Scan your computer and if nothing was detected here is how you can see if you're actually on this guys RAT.
If you did run the JAVA application avoid typing in sensitive passwords as he can view your desktop, keystrokes and much more until you are sure you've taken care of the situation.
|
-
11-29-2012, 03:51 PM #1
Calling out Vanzale - For spreading virus on the MISC (SRS) Info on how to fix
Last edited by txdude1818; 11-29-2012 at 06:44 PM.
-
11-29-2012, 03:52 PM #2
-
11-29-2012, 03:52 PM #3
-
11-29-2012, 03:53 PM #4
-
-
11-29-2012, 03:55 PM #5
I didn't I was about to click on it but I always hover over the link and I saw that it sent you to a different site. Then MISCers posted in this thread saying they got hacked http://forum.bodybuilding.com/showth...hp?t=149988513 and then the hacker edited their posts to pretend like nothing happened.
-
11-29-2012, 03:56 PM #6
-
11-29-2012, 03:57 PM #7
-
11-29-2012, 03:57 PM #8
-
-
11-29-2012, 03:58 PM #9
-
11-29-2012, 03:59 PM #10
-
11-29-2012, 03:59 PM #11
Bro he just used your account to post the virus in this thread http://forum.bodybuilding.com/showth...#post986462163
-
11-29-2012, 04:00 PM #12
-
-
11-29-2012, 04:01 PM #13
-
11-29-2012, 04:02 PM #14
-
11-29-2012, 04:02 PM #15
-
11-29-2012, 04:05 PM #16
-
-
11-29-2012, 04:05 PM #17
Vladmir wtf happened to your rep power you went from 33 to deep red?
To the mods if you want to slow the guy spreading the virus then
Check the IP addresses of the accounts VladimirVega and Vanazale because the guy used both accounts to post the link therefore you can BAN that IP address. Make sure you don't ban the legit account holders IP but the IP that shared both accounts.
-
11-29-2012, 04:06 PM #18
-
11-29-2012, 04:08 PM #19
-
11-29-2012, 04:08 PM #20
-
-
11-29-2012, 04:11 PM #21
-
11-29-2012, 04:12 PM #22
-
11-29-2012, 04:12 PM #23
-
11-29-2012, 04:13 PM #24
-
-
11-29-2012, 04:14 PM #25
-
11-29-2012, 04:15 PM #26
-
11-29-2012, 04:15 PM #27
-
11-29-2012, 04:16 PM #28
-
-
11-29-2012, 04:22 PM #29
-
11-29-2012, 04:27 PM #30
Bookmarks