Readers comment on the LizaMoon infection story

Topic

New Reply

	LANGALIST PLUS[/size][/font] Readers comment on the LizaMoon infection story[/size]
	By Fred Langa The recent LizaMoon Top Story generated a deluge of reader e-mails! Some of the letters criticized my actions — but most of the letters requested additional details and some asked excellent “what if?” questions.[/size]

---

The full text of this column is posted at WindowsSecrets.com/2011/04/28/04 (paid content, opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

I’ve given different instructions to my non-computer savey wife. If she sees stuff she doesn’t understand, hold the power button down till the machine turns off! There is no way she’s going to accurately use the task manager, something she NEVER uses, to get out of this. Yes – she may loose the last few edits she did, but that’s a cheap price to pay.

(I have changed her firefox configuration so it never automatically restores the previous session after a crash, since doing that gets you right back to the problem).

Reply | Quote

a couple things i found with this infection that i ran into….i didn’t go all crazy like fred did, but when i encountered the page, it indeed immediately started “scanning” my machine…what i found was as soon as the web page loaded, it downloaded a small executable to my machine, which is how it presumably finishes the infection. i minimized the browser, noticed a shortcut on the desktop to something i didn’t install…right clicked it and checked properties, and then navigated to the folder the exe was hiding in. i simply deleted it. done. ran scans with a squared and mse, machine came up clean, and no infection without allowing the executable to do it’s thing. sorry, don’t remember which folder (was in a temp file) or the name of the exe, either…i sent a bunch of links to fred as i encountered the infection in various locations in the wild. one thing i did notice was that closing the browser before the popup radio button came up worked…even closing the page worked. but you’ve gotta be quick, and the best bet once the control button popped up was to close the entire browser from the taskbar. i use firefox with no script on a win vista 64 machine, fully updated and patched, btw for what it’s worth… when firefox restarts, it gives the familiar …oooops…do you want me to restore your tabs? click NO, if possible. this can help. another thing that can help is a third party task manager called “dtaskmanager” by “dimio”…it’s like windows task manager, yet pumped up…if you make it the default, you can kill near any process running with it. anyways….hope this info helps someone. fred, if ya get a wild hair across your butt, and wanna try what i described doing, please post back your findings! namaste jimi

Reply | Quote

Just yesterday while doing some Google searching for WordPress material, some malware tried to load itself, but following Fred’s advice, I fortunately caught it (Windows Defender didn’t) and didn’t allow it to execute. I still ran several scans to make sure my system was clean.

Reply | Quote

Just yesterday while doing some Google searching for WordPress material, some malware tried to load itself, but following Fred’s advice, I fortunately caught it (Windows Defender didn’t) and didn’t allow it to execute. I still ran several scans to make sure my system was clean.

Something similar happened to me last night.

I was at a photos and videos indexing web site, when one link led to a page which started to show the popup and fake scan which are the LizaMoon signatures. But the dialog said this was Chrome scanning my computer, that Chrome had detected infections, etc. (Chrome does not scan for anything — it is not a security program. How do the writers of this malware not know these things?) And the titlebar on the popup showed the exact, real filename of the attacking agent. The infecting agent was not downloaded, no shortcuts or Tray Notifications appeared.

I quickly closed Chrome, disconnected from the Internet, cleaned up the computer with several tools, and scanned offline with Super Antispyware and Microsoft Security Essentials. All looked clean, so I rebooted. Still clean. I went online and ran Hitman Pro (multi-vendor Cloud Antispyware Application) and it also detected nothing malicious. Deep scans will be done this weekend.

I take this experience to demonstrate that in my Windows 7 Home Premium 64-bit Standard User Account (patched through the March MS Updates, but April updates still pending), the Google Chrome browser (with several ad blockers and the Click N Clean Extension) does a very good job of identifying and sandboxing this type of attack. The Chrome sandbox appears not to have leaked, even though I did click on the “Scan Now” button in the popup. I have not seen Internet Explorer or Firefox do such a good job of identifying and containing an Internet threat. While I would not use Chrome as a first line of defense (and certainly not as my only line of defense), I am impressed with Chrome’s security performance in this incident.

Thanks, Fred, for the heads-up about this LizaMoon security threat.

-- rc primak

Reply | Quote