Beware FileFront - malware!

[Reece]

I had just uploaded a file at FileFront & this launched a window to an ad called aShopping.com, this tried to launch "~.exe" that COMODO picked up, now although I blocked it after a scan the virus (HIDDENEXT/Crypted) was found in the C:\Documents and Settings\myprofile\Local Settings\Temporary Internet Files, I have deleted it & all is ok but thought I'd give the warning, a bit poor of FileFront IMO!

Edit: Looks like I may be infected, ever so often when I open a new page with firefox a window opens to here: http://403.hqhost.net/index.html
thank goodness it's an error message, or is it? any advise welcome.
I think it has infected firefox, this is what opens:

[Wolfehunter]

I went to Filefront without issue. I think you got worm in your system.

lol good luck dude. I hope you kill it before it spreads.

[Reece]

Well it was straight after uploading a file there! only spot before was Photobucket, hope it wasn't there!! I am about to re-ghost my machine, I'd love to get a hold of the creeps who make these, damn maggots!!

[Zachstar]

You need to be 100 percent sure it is filefront before accusing them of infecting your system.

#1 If they were responsible it would be all over the net news right now. Many people use filefront.

#2 Filefront is a quality site. Not the biggest and not some small operation.

[JScones]

Sounds suspiciously like the Virtumonde trojan.

My wife got it last week, presumably through facebook or one of her frequented forums. Spybot picked it up but I had to rid it manually. Took a few hours.

Oddly it got past both her hardware and software firewalls and her online virus scanner.

[Wolfehunter]

Quote:

Originally Posted by JScones

Sounds suspiciously like the Virtumonde trojan.

My wife got it last week, presumably through facebook or one of her frequented forums. Spybot picked it up but I had to rid it manually. Took a few hours.

Oddly it got past both her hardware and software firewalls and her online virus scanner.

Same here I and my wife both had that one 2 weeks ago. Shes on Facebook too.

I removed it and through our system. I was using Norton antivirus 2009 but I canceled the service. It didn't even stop it. I found it using Microsoft malware tool remover.

That one is a real pain. It got through my routers firewall and my software's

Finally have my system cleaned for the last week now.

[Reece]

Quote:

You need to be 100 percent sure it is filefront before accusing them of infecting your system.

#1 If they were responsible it would be all over the net news right now. Many people use filefront.

#2 Filefront is a quality site. Not the biggest and not some small operation.

It's not really an accusation, it's a warning, would some poor sucker like to upload a file here for a test!
What I did was to start firefox this morning after completing a mod, I went to Photobucket to upload some pics, that went ok, I then went to FileFront & uploaded a file, I went through the browse & selected the file as soon as I clicked on "Upload" the progress bar came up & a new window opened to "aShopping.com", then COMODO came up with a warning, I didn't respond straight away when the damn virus warning popped up as in the image above, this is why the warning!!
Neither Ad-Aware or Avira could fix it!!
An urgent thread warning was a must!!
Thank goodness I had re-ghosted only a week ago.

Quote:

Originally Posted by JScones
Sounds suspiciously like the Virtumonde trojan.

My wife got it last week, presumably through facebook or one of her frequented forums. Spybot picked it up but I had to rid it manually. Took a few hours.

Oddly it got past both her hardware and software firewalls and her online virus scanner.

I suppose it could have been Photobucket with a delayed reaction, doubt it though!!

[Wolfehunter]

Spybot only removed the adware that vundo added to the system 2 weeks ago.

Lol my wife says my new Dell XPS 730 is the cause. It started not long after we got the system. I said it was the antivirus not doing its job.

I finally did some research and found some removal tools.

Then I deleted any files that contained the virus.

Her system too.

Funny thing is my old rig wasn't effected.

Just mine and my wifes Sony viao. Very strange...:hmm:

[NeonSamurai]

I would bet money it didn't come from Filefront. One of my computers was also recently infected, and it also bypassed my firewalls and antivirus protection.

You defiantly have the Virtumonde trojan as was mentioned, and its a royal pain to get rid of if you don't know what your doing (and most virus and spyware scanners cannot directly fix it due to how the virus works). Its also very common for these things to delay activation by days, weeks or even longer to prevent the trojan from being traced back to the host site.

Now for getting rid of it...

Go to this site and download Spybot S&D
http://www.safer-networking.org/en/home/index.html
Have it update and run a scan
It should find Virtumonde, now look for the 2 .dll files that Spybot found (don't reboot). Go to the directory their in (/windows/system32) find them both (make sure you have unhidden the files) and rename them both to something else and remove the .dll extension. Now reboot, delete the renamed files by hand and have Spybot clean up the rest.

If you can't rename the files then use something like Dr. Delete to have the files deleted on system startup

[Reece]

Yes there sneaky damned things, If I could change the title to "Possible" I would, but at the time I was just frantic to get the warning up for others here on Subsim, then save certain files like "Outlook Express" and re-ghost, for some reason I'm not game enough to try it again!!
Edit: Just posted same time as Me NeonSamurai, are you able to change the title?

[Blacklight]

Quote:

Sounds suspiciously like the Virtumonde trojan.

I was thinking the exact same thing. My wife's laptop got hit with that one last week as well. MAN it was a *expletive* to get rid of. It hit my computer and my laptop about four months ago. Thankfully I know what I'm doing with it and was able to rid all these computers of it.

I would love to meet the *expletive, expletive, explitive* who wrote that damn trojan. It's one of the most prevalent ones out there now. EVERYONE is getting it. My own parents got it on their computer and they don't go anywhere but CNN.com and they don't use email. If I ever find the *expletive, expletive, expletive* who wrote it, I'm going to shove my foot so far up his *expletive* that he won't every be able to *expletive* in comfort ever again !

(By the way.. virus and spyware scanners won't get rid of it. It will even shut down most of them.)

[Hylander_1314]

I've been uploading a few artfiles over the last 2 weeks, and have not had any problems with Filefront.

[SteamWake]

Quote:

thank goodness it's an error message, or is it? any advise welcome

Let me put it this way... if it was an email I wouldent open it due to the bad grammer and mispellings. It looks suspect.

"PC freezes and creahes" ?!

[She-Wolf]

Reece, I have come in late on this and someone else may have already covered - but the message you were getting is NOT genuine, it is a false claim caused by a driveby download, nothing to do with Filefront.

You have picked it up from somewhere without realising it ( which is by design), and it will pop up these lurid messages about infections you haven't got, trying to get you to by the product, which is a scam and a waste of money.

This link

http://news.bbc.co.uk/1/hi/technology/7779223.stm

tells you about scareware, and though the one you have may not be named here, it is of that class.Sorry if this is already dealt with - in a rush and no time to read all messages

Here is a very good anti-malware site that has removal instructs for this.
http://www.bleepingcomputer.com/malw...-antivirus-360. Hope it helps

[Murr44]

I don't know if anyone else has experienced this but there seem to be an awful lot of pop-ups on Filefront lately (last 3-4 days). My pop-up blocker has been kept pretty busy whenever I've been there recently. Think that I'll steer clear of the site for a while...