Trojan Horse WARNING (People of Walmart)

Discussion in 'XDTalk Chatter Box' started by CMfromIL, Feb 26, 2010.

  1. CMfromIL

    CMfromIL XDTalk 5K Member

    Joined:
    Jul 30, 2009
    Messages:
    5,231
    Likes Received:
    0
    Trophy Points:
    0
    Ratings:
    +0 / 0
    Yesterday, I read this thread:

    http://www.xdtalk.com/forums/xdtalk-chatter-box/145418-open-carry-people-walmart.html

    So I went to the People of Walmart website and was getting a pretty good chuckle. Unfortunatly, the last laugh was on me. Apparently the site is uploading a rather nasty virus going by several names.

    I got the XP Guardian 2010 varient. It disables your current AV protection, installs itself and shuts down web access. The downside for me is that it's my work computer. They don't have a policy against surfing on downtime, so I'm not in trouble. However, the techguy isn't thrilled as this is the 4th infection this week alone. (not for me)

    The only recourse is full rewrite of the HD.

    Be very, very careful surfing that site. Google people of walmart/ browser hijack and I'm apparently not the only one.

    Its a really, really bad virus. Be careful.

    I don't think that the OP is/was aware, and I'm not calling him 'on the carpet', I'm just letting others know to be careful.

     
  2. afmo

    afmo XDTalk 10K Member Founding Member

    Joined:
    Oct 24, 2007
    Messages:
    13,136
    Likes Received:
    83
    Trophy Points:
    48
    Location:
    South Jefferson
    Ratings:
    +108 / 1
    thanks for the heads up
     
  3. jmichna

    jmichna XDTalk 25K Member Founding Member

    Joined:
    Jan 2, 2008
    Messages:
    25,564
    Likes Received:
    277
    Trophy Points:
    83
    Location:
    Western UP, near the Porkies
    Ratings:
    +605 / 19
    CM,
    Thanks for the heads up! I feel for your troubles... these things are always a time-consuming hassle.
     
  4. 1lowlife

    1lowlife XDTalk 15K Member Founding Member

    Joined:
    Aug 23, 2007
    Messages:
    16,729
    Likes Received:
    140
    Trophy Points:
    63
    Location:
    The Great Lone Star State
    Ratings:
    +222 / 4
    Thanks for the the heads up.
    Perhaps a good antivirus software program would be in order.
    Mine catches stuff like that all the time..
    If you already have one, it isn't apparently doing the job...:(
     
  5. Wired

    Wired XDTalk 5K Member Founding Member

    Joined:
    May 13, 2008
    Messages:
    8,753
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    Grand Junction, CO
    Ratings:
    +50 / 0
    Wow! I've been there often, and haven't seem to catch it. Thanks for the heads up. Did you click on any links or anything?
     
  6. agalindo

    agalindo XDTalk 15K Member Founding Member

    Joined:
    Jun 25, 2004
    Messages:
    16,129
    Likes Received:
    25
    Trophy Points:
    0
    Location:
    Alpine Texas
    Ratings:
    +25 / 0
    It doesn't upload it automatically you would have had to have click on install yourself.
     
  7. bowl443

    bowl443 XDTalk 4K Member

    Joined:
    Feb 6, 2008
    Messages:
    4,781
    Likes Received:
    11
    Trophy Points:
    0
    Location:
    The Busted Flush
    Ratings:
    +11 / 0
    Those attacks and getting more and more common and are not necessarily the work of 'bad browsing.'

    We have had a few here at work this week too, but none have needed a clean install.

    This is why I have a linux (Ubuntu) machine at home... It's like having a rain coat on in the rain.
     
  8. CMfromIL

    CMfromIL XDTalk 5K Member

    Joined:
    Jul 30, 2009
    Messages:
    5,231
    Likes Received:
    0
    Trophy Points:
    0
    Ratings:
    +0 / 0
    Actually, Trend Micro, Symantic, Norton and Forefront don't catch it.
    Its a really nasty bugger.

    I've added malwarebytes as it's one of the few that can catch it and kill it.

    I'm pretty good with computers. I build my own machines, and try and stay on top of this sort of stuff. It didn't give me any 'options' to install. All of the sudden my anti-virus in the lower right corner was gone. It installed itself, disabled all .exe's and hijacked my browser. It also changed a bunch of entries in the registry.

    Seriously, it's a bad one.

    Nope. I was just browsing the idiots of walmart. And BAM machine was toast. My tech guy told me that it's one of the 'best' virus' he's ever seen. It's in two pieces. The executable, and another part. If you disable one piece, it redoes it from the other piece.
     
  9. Wired

    Wired XDTalk 5K Member Founding Member

    Joined:
    May 13, 2008
    Messages:
    8,753
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    Grand Junction, CO
    Ratings:
    +50 / 0
    That's what I was thinking. With NoScript in FF, that's a good hint to really consider what you're allowing.
     
  10. agalindo

    agalindo XDTalk 15K Member Founding Member

    Joined:
    Jun 25, 2004
    Messages:
    16,129
    Likes Received:
    25
    Trophy Points:
    0
    Location:
    Alpine Texas
    Ratings:
    +25 / 0
  11. CrAz3D

    CrAz3D XDTalk 5K Member

    Joined:
    Feb 25, 2008
    Messages:
    5,919
    Likes Received:
    13
    Trophy Points:
    0
    Location:
    Stone's throw from Old Mexico
    Ratings:
    +13 / 0
    I've yet to see a reliable source say anything about it. Probably not POWM related. Probably "too much internet porn" related. haha
     
  12. CMfromIL

    CMfromIL XDTalk 5K Member

    Joined:
    Jul 30, 2009
    Messages:
    5,231
    Likes Received:
    0
    Trophy Points:
    0
    Ratings:
    +0 / 0
    Yeah...that's it.


    Rogue Antispyware: People of Walmart Pushing Malware?

    Trojan horse killed my system - NastyZ28.com


     
  13. Sirius1963

    Sirius1963 XDTalk 2K Member

    Joined:
    Mar 20, 2006
    Messages:
    2,114
    Likes Received:
    6
    Trophy Points:
    0
    Location:
    Pacific NorthWET (Seattle)
    Ratings:
    +6 / 0
    I think it could be POWM, or that site could just be one that got hacked, as quite a few "legit" sites have.

    I've seen several of these lately, and I've noticed the quicker you squash it, the easier it is. MalwareBytes usualy gets rid of it, but if it goes on too long, it wont let anything run, including MBAM, or even task manager, command prompt... nuttin. Since it's a work machine, I just scrub the drive and reimage.

    One option that might work, slave the drive to a clean machine and run MBAM on the good machine, and scan Drive "D" (or whatever the infected shows up as). Sometimes you can get rid of enough of it to let the scan s/w run on itself to finish it up.

    The Walmart site may have been the culprit, but I don't think they intentionally did anything. I've been to that site and didn't catch anything.
     
  14. thelongone13

    thelongone13 XDTalk 5K Member

    Joined:
    Jun 9, 2009
    Messages:
    5,202
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Little Chute, WI
    Ratings:
    +0 / 0
    I just installed Malwarebytes. Thanks for the warning CM.
     
  15. kujiin

    kujiin XDTalk 100 Member

    Joined:
    Jan 23, 2010
    Messages:
    128
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Emporia, KS
    Ratings:
    +0 / 0
    I've been dealing with that one on and off for about six months on several pc's here at the courthouse. I recommend the following tools. If you catch it early Mal-ware Bytes you can get the free version from their website Malwarebytes.org it works pretty good. The next one I was skeptical about but it does work. IObit sercurity 360 you can get it here www.download.cnet.com/IObit-Security-360/3000-8022_4-10967594.html?tag=mncol

    If left infected to long. I have had occasions where reformatting was the only option.

    K

     

Share This Page