virus connected to turbobuick.com?

Found the following advice on a Microsoft board that may help anyone that gets the dreaded fake antivirus 2012 popup. It can help prevent the virus from digging in to your machine:

Here's a comprehensive list of suggestions on handling such "attacks" by Stephen Boots, one of the forum moderators:

Unfortunately, these type of malware attacks are difficult to keep up with because they trick you into letting them install. They usually come from an infected web site, and usually through an advertisement. You get a pop-up from the infection and you click it to close the pop-up - which allows the infection to install. They can also be delivered in a "drive-by" fashion with no action needed by the user due to the system being unpatched, no matter what security software is running.

When you encounter one of these fake virus pop-ups while browsing, immediately do the following:

-Do not touch any browser window to close it or browse further.
-Immediately press Ctrl-Alt-Del (Ctrl-Shift-Esc in Vista or Win 7) and bring up Task Manager and forcibly end all instances of iexplore.exe, if using Internet Explorer, or the executable for the browser you are using.
--or--
-Go to Start/Shut Down and restart the PC without touching any browser windows.
-If you used task manager to close browser instances, reboot the machine.
-Then go to Control Panel/Internet Options and delete all temporary Internet Files and cookies. If you are using an alternate web browser, open the browser settings to do the same - delete the local cached files and cookies.
-Perform a full scan with MSE.

The above steps should prevent the infection from taking hold.




Besides MSE, the following recommendations will assist in protecting the PC from infection:

-Make sure that the Windows Firewall is enabled.

-Make sure that all important/critical updates, including service packs for the operating system and programs are installed from Microsoft Update (Windows Update).

-Make sure Internet Explorer is at version 8 and updated with all patches.

-In Internet Explorer 8, use the SmartScreen Filter.

-Make sure that IE Internet Security settings are at least set to medium-high (default).

-Enable the pop-up blocker in IE.

-On Vista and Windows 7 make sure thatUser Account Control (UAC) ON and not running with elevated privileges.

-Make sure that Windows Automatic Updates are set to at least notify, but the preferred setting is to download and install automatically. If you update manually, be sure to update as soon as possible after being notified of available updates.

-Make sure that installed applications, especially Adobe Acrobat, Adobe Flash, and Java are at their latest versions. Many vendors are regularly updating and patching for security holes.

-Never click through links from unknown sources and use caution even if they are from a "trusted" source.

-Never open unsolicited email attachments.
Click to expand...
 
SGRIM said:
I would really like to play target practice with a few of them as an example....
Click to expand...

Shane, threats towards others will not be tolerated on this board, please refrain from doing this in future posts or I will report you to JayC to have you banned from posting anything further in this thread.... LMAO...:biggrin:

Bryan
 
Is there anyway to avoid getting this virus again? I have gotten it three different times and this is one of the only websites I go to. I do the RKill thing it says on the net to fix it. It fixes it and a few days later, I get it again. Thanks
 
Westriver87 said:
Is there anyway to avoid getting this virus again? I have gotten it three different times and this is one of the only websites I go to. I do the RKill thing it says on the net to fix it. It fixes it and a few days later, I get it again. Thanks
Click to expand...

Download MalwareBytes and when it asks you if you want to use the active protection trial, say yes.
 
I got 2012 anti virus too from this site on 2 different computers. Nasty deal. Had to recover to get rid of it.
 
Got it again this morning! Was on the Buddy Ingersoll ill thread. On my laptop right now but my main computer where I do all my business is screwed up again. Like walking thru a minefield here!
 
tr custom parts said:
got it again this morning! Was on the buddy ingersoll ill thread. On my laptop right now but my main computer where i do all my business is screwed up again. Like walking thru a minefield here!
Click to expand...
sorry to hear this mark .. Do you still have avg ? My government lap top catches all the fun stuff here ..every time i come on .. Oh well ..
 
OIL MAN said:
sorry to hear this mark .. Do you still have avg ? My government lap top catches all the fun stuff here ..every time i come on .. Oh well ..
Click to expand...

I am still using the full version of AVG with Chrome and have yet get anything from here.
 
:mad: It got me this morning too surfing this site. I promptly kicked its ass like Chuck Norris at amateur Karate night but still a royal pain. I was on Firefox with Microsoft Security Essentials. It detected & quarantined the trojan but after it had installed itself. :rolleyes: I've added Malwarebytes now & I'm using Chrome.
 
I just spent the better part of 2 hours logging every connection in and out of this site and Im just not seeing it. Ive gone through all the forums, clicked on threads and the same links are being pulled every time. Outside of the TurboBuick stuff, here are the other links I am seeing.
Code: 
http://mixplay.ru/images/up1.png
http://api.viglink.com/api/vglnk.js?key=4f9f1e2001d077a0034871b425669de1]"+d.href+'
http://api.viglink.com/api/vglnk.js?key=4f9f1e2001d077a0034871b425669de1]"+d.href+'
http://s.skimresources.com/js/21069X790156.skimlinks.js
http://s.skimresources.com/js/21069X790156.skimlinks.js
http://www.gstatic.com/webgps/grelated_0_7_5/html/grelated_bar_iframe.html
http://toolbarqueries.google.com/]Google

Skimlinks is a revenue partner here as is Viglink, the gstatic is a Google page.. the only thing Im seeing that looks suspect is the mixplay.ru but I think thats for the Up arrow that takes you back to the top of each page. Either way, Im going to disable that hack although that looks really harmless.
 
JayC said:
I just spent the better part of 2 hours logging every connection in and out of this site and Im just not seeing it. Ive gone through all the forums, clicked on threads and the same links are being pulled every time. Outside of the TurboBuick stuff, here are the other links I am seeing.
Code: 
http://mixplay.ru/images/up1.png
http://api.viglink.com/api/vglnk.js?key=4f9f1e2001d077a0034871b425669de1]"+d.href+'
http://api.viglink.com/api/vglnk.js?key=4f9f1e2001d077a0034871b425669de1]"+d.href+'
http://s.skimresources.com/js/21069X790156.skimlinks.js
http://s.skimresources.com/js/21069X790156.skimlinks.js
http://www.gstatic.com/webgps/grelated_0_7_5/html/grelated_bar_iframe.html
http://toolbarqueries.google.com/]Google

Skimlinks is a revenue partner here as is Viglink, the gstatic is a Google page.. the only thing Im seeing that looks suspect is the mixplay.ru but I think thats for the Up arrow that takes you back to the top of each page. Either way, Im going to disable that hack although that looks really harmless.
Click to expand...
JAY C .. THIS IS WHAT IM SEEING .. trojan clicker .. dorment .that was the redirect we had before .. still there just inactive .. trojan downloader active .. seems to be coming from google ads .. java scipt /app malicious .. hope this helps ..
 
You must log in or register to reply here.
Top