U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Computers
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 05-06-2013, 12:03 AM
 
Location: Victoria TX
42,663 posts, read 75,401,683 times
Reputation: 36176

Advertisements

Just got a strange virus notice popping up on my screen. I was just reading text on a trusted site (a forum similar to this one), when there was a popup purported to be from Java, saying I needed an update. I selected "remind me later", and made a mental note to go to Java directly and download the latest version. A few seconds later, AVG notified me that it had captured a threat, and to close my computer, which I did.

My AVG history reported the two safely removed files were 714d.tmp and 0.285406017066497. Googling those as search terms returned nothing.

I've never had anything even remotely similar to this happen before. Anybody know what this is? When I get my weekly notice from Java telling me to update, do they always have to be viewed with suspicion, and computer shut down immediately to protect it?
Attached Thumbnails
Strange virus notice-ps.jpg  

Last edited by jtur88; 05-06-2013 at 12:11 AM..
Reply With Quote Quick reply to this message

 
Old 05-06-2013, 12:04 AM
 
11,715 posts, read 36,346,982 times
Reputation: 7514
Sounds like there was malicious code on the site, either from a hack against the server or an ad. Where were the files? In your browser cache?
Reply With Quote Quick reply to this message
 
Old 05-06-2013, 12:13 AM
 
Location: Victoria TX
42,663 posts, read 75,401,683 times
Reputation: 36176
Quote:
Originally Posted by EscapeCalifornia View Post
Sounds like there was malicious code on the site, either from a hack against the server or an ad. Where were the files? In your browser cache?
I assume the screen shot displays the location. You might have been replying while I was addint the screen shot.
Reply With Quote Quick reply to this message
 
Old 05-06-2013, 12:19 AM
 
1,675 posts, read 2,564,025 times
Reputation: 1466
The Java update notice MIGHT have been legit. My computer told me to update Java just the other day too (2 days ago I think?). I updated it and no issues. Everything is working like normal. I'm on Mac though.
Reply With Quote Quick reply to this message
 
Old 05-06-2013, 12:23 AM
 
11,715 posts, read 36,346,982 times
Reputation: 7514
Quote:
Originally Posted by jtur88 View Post
I assume the screen shot displays the location. You might have been replying while I was addint the screen shot.
Yeah the screen shot wasn't up when I replied. I'd run a MalwareBytes scan just to be safe. And of course manually update Java, Flash, and Adobe Reader as always.
Reply With Quote Quick reply to this message
 
Old 05-06-2013, 12:24 AM
 
11,715 posts, read 36,346,982 times
Reputation: 7514
Quote:
Originally Posted by Adric View Post
The Java update notice MIGHT have been legit. My computer told me to update Java just the other day too (2 days ago I think?). I updated it and no issues. Everything is working like normal. I'm on Mac though.
Java update notifications don't display in the middle of the screen. They come from a tray icon. I have seen the updater trigger a UAC elevation but that's justcheck.exe running, not an actual notification of a new version of Java.
Reply With Quote Quick reply to this message
 
Old 05-06-2013, 12:31 AM
 
Location: Victoria TX
42,663 posts, read 75,401,683 times
Reputation: 36176
Thanks, I'll run malwarebytes. (Edit -- Done, no malicious items detected)

I assume, now, that whenever I'm notified of an update, I should immediately reboot without clicking anything on the screen (such as 'decline' or 'remind me later' -- the only way to close the window). What a pain.

Last edited by jtur88; 05-06-2013 at 12:41 AM..
Reply With Quote Quick reply to this message
 
Old 05-06-2013, 12:48 AM
 
40,284 posts, read 41,836,137 times
Reputation: 16792
Quote:
Originally Posted by jtur88 View Post
I was just reading text on a trusted site (a forum similar to this one), when there was a popup purported to be from Java,...
Text as in how it's displayed here? Doesn't matter, it's web page and can contain anything.

Note that just becsue it's trusted site doesn't mean it wasn't the source. Sites get hacked and another possible source is if they are running ads. Especially if it's not a mainstream ad network. If you go back there again and get that warning be sure to let the site owner know. Note the exact time and what page you are viewing.

Here's a quick tip when you get one of those popups when browsing, right click over an area that would be created as image. In most case the entire thing is an image, if it says "save image as" or any other type of option for images then it's bogus.
Reply With Quote Quick reply to this message
 
Old 05-07-2013, 02:03 AM
 
Location: Victoria TX
42,663 posts, read 75,401,683 times
Reputation: 36176
26 hours later, I got the same Java popup, while reading text on the same website, Here is the Java notice screen shot.

I right-clicked the window, which did absolutely nothing. The only way to remove the window is to make one of the choices, so I chose "Later". I immediately ran Malwarebytes, which detected no threats, but when I ran AVG Whole computer scan, it detected Trojan Horse Dropper.Generic8.ADKU and quarantined it.

Then I manually installed Java 7.21.
Attached Thumbnails
Strange virus notice-paint2.jpg  

Last edited by jtur88; 05-07-2013 at 02:14 AM..
Reply With Quote Quick reply to this message
 
Old 05-07-2013, 06:01 AM
 
10,755 posts, read 18,013,891 times
Reputation: 10244
As Escape said, the site has been compromised, notify a Mod
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Computers
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 05:03 AM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top