Beware FileFront - malware!

[Reece]

Well it was straight after uploading a file there! only spot before was Photobucket, hope it wasn't there!! I am about to re-ghost my machine, I'd love to get a hold of the creeps who make these, damn maggots!!

[Zachstar]

You need to be 100 percent sure it is filefront before accusing them of infecting your system.

#1 If they were responsible it would be all over the net news right now. Many people use filefront.

#2 Filefront is a quality site. Not the biggest and not some small operation.

[JScones]

Sounds suspiciously like the Virtumonde trojan.

My wife got it last week, presumably through facebook or one of her frequented forums. Spybot picked it up but I had to rid it manually. Took a few hours.

Oddly it got past both her hardware and software firewalls and her online virus scanner.

[Wolfehunter]

Quote:

Originally Posted by JScones

Sounds suspiciously like the Virtumonde trojan.

My wife got it last week, presumably through facebook or one of her frequented forums. Spybot picked it up but I had to rid it manually. Took a few hours.

Oddly it got past both her hardware and software firewalls and her online virus scanner.

Same here I and my wife both had that one 2 weeks ago. Shes on Facebook too.

I removed it and through our system. I was using Norton antivirus 2009 but I canceled the service. It didn't even stop it. I found it using Microsoft malware tool remover.

That one is a real pain. It got through my routers firewall and my software's

Finally have my system cleaned for the last week now.

[Reece]

Quote:

You need to be 100 percent sure it is filefront before accusing them of infecting your system.

#1 If they were responsible it would be all over the net news right now. Many people use filefront.

#2 Filefront is a quality site. Not the biggest and not some small operation.

It's not really an accusation, it's a warning, would some poor sucker like to upload a file here for a test!
What I did was to start firefox this morning after completing a mod, I went to Photobucket to upload some pics, that went ok, I then went to FileFront & uploaded a file, I went through the browse & selected the file as soon as I clicked on "Upload" the progress bar came up & a new window opened to "aShopping.com", then COMODO came up with a warning, I didn't respond straight away when the damn virus warning popped up as in the image above, this is why the warning!!
Neither Ad-Aware or Avira could fix it!!
An urgent thread warning was a must!!
Thank goodness I had re-ghosted only a week ago.

Quote:

Originally Posted by JScones
Sounds suspiciously like the Virtumonde trojan.

My wife got it last week, presumably through facebook or one of her frequented forums. Spybot picked it up but I had to rid it manually. Took a few hours.

Oddly it got past both her hardware and software firewalls and her online virus scanner.

I suppose it could have been Photobucket with a delayed reaction, doubt it though!!

[Wolfehunter]

Spybot only removed the adware that vundo added to the system 2 weeks ago.

Lol my wife says my new Dell XPS 730 is the cause. It started not long after we got the system. I said it was the antivirus not doing its job.

I finally did some research and found some removal tools.

Then I deleted any files that contained the virus.

Her system too.

Funny thing is my old rig wasn't effected.

Just mine and my wifes Sony viao. Very strange...:hmm:

[Reece]

Yes there sneaky damned things, If I could change the title to "Possible" I would, but at the time I was just frantic to get the warning up for others here on Subsim, then save certain files like "Outlook Express" and re-ghost, for some reason I'm not game enough to try it again!!
Edit: Just posted same time as Me NeonSamurai, are you able to change the title?

[NeonSamurai]

I would bet money it didn't come from Filefront. One of my computers was also recently infected, and it also bypassed my firewalls and antivirus protection.

You defiantly have the Virtumonde trojan as was mentioned, and its a royal pain to get rid of if you don't know what your doing (and most virus and spyware scanners cannot directly fix it due to how the virus works). Its also very common for these things to delay activation by days, weeks or even longer to prevent the trojan from being traced back to the host site.

Now for getting rid of it...

Go to this site and download Spybot S&D
http://www.safer-networking.org/en/home/index.html
Have it update and run a scan
It should find Virtumonde, now look for the 2 .dll files that Spybot found (don't reboot). Go to the directory their in (/windows/system32) find them both (make sure you have unhidden the files) and rename them both to something else and remove the .dll extension. Now reboot, delete the renamed files by hand and have Spybot clean up the rest.

If you can't rename the files then use something like Dr. Delete to have the files deleted on system startup