Wednesday, February 22, 2012

New Information on WOMANHONORTHYSELF.COM 2/23/2012

Indeed there is a problem on this site.

Woman, IMPORTANT. I'm afraid the threat on your site is Real.


I turned up my security settings and when I accessed your site, my security software Immediately Detected the threat - JS/Iframe.BQ.trojan and terminated the connection.   It won't even let me view your site.

Again, this is a particularly nasty bit of malicious software.   When I was hit with it last night, I didn't try to get Windows Defender to deal with it.  If you get this, you might try that. Maybe that will clean it up. But it does trash Windows System Restore so you will find that System Restore is not an option for recovery.

Woman, There's not much I can do to help you, but here's the description of a trojan  
Trojans can be hidden in pictures, videos, animations, and ??.  Sadly, like the animations you usually put in your posts.
 
I have no idea where it is on your site but hopefully you have some good technical support available to you.  Here's a good thought coming your way.

22 comments :

  1. So sorry to hear that your computer was attacked. That happened to me a few years ago on a blog called "The Steady Drip".

    After that I switched to a Mac.

    ReplyDelete
  2. Thanks so much for the heads up, Kid! how awful for you, too :(

    ReplyDelete
  3. I hate Virus and Trojan Malware!!! Thanks for the heads up!

    ReplyDelete
  4. @Opus. A smart thing to do. As Apple gets more market share though, they will start to attract attention from the vermin. Chances are they'll deal with it better than MSFT though.

    @Fuzzy, Well, since my image backup restore worked well (it seems to so far), it wasn't very painful at all. Took about a half hour to reload the PC and restore it. If one doesn't have that capability, this will be a nightmare for them.

    @DeanO, Yep. I'd like to hurt these people. Punk retards. They seem outside the law, as usually they operate in Iran or some other lawless hellhole.

    @All - Sarcastically said "Great Job Windows Firewall and Windows Defender!" Sarcasm off.

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. I emailed Angel and said she was not aware.
    I told her to have Blogger check it out.

    ReplyDelete
  7. Kid,,,

    I will take your alert at face value being I trust you but certainly hope it is incorrect in the end.

    I am sorry to hear of your PC problem to be sure and thank you for the heads-up on this as well.

    I emailed WHT/Angel for more info regarding this and await a response.

    ReplyDelete
  8. Hey friend...no problem at this end..I even contacted my domain owner..I don't use the Blogspot site as u know anyway...but it didn't come from WHT~!..soory it happened but plz don't warn pple about my site because it is fine~!..have an awesome day buddy~!:)

    ReplyDelete
  9. This comment has been removed by the author.

    ReplyDelete
  10. Woman, IMPORTANT. I'm afraid the threat on your site is Real.

    I turned up my security settings and when I accessed your site, my security software Immediately Detected the threat - JS/Iframe.BQ.trojan

    and terminated the connection.

    ReplyDelete
  11. They Say/Christopher, It is indeed a problem.

    my security software Immediately Detected the threat - JS/Iframe.BQ.trojan

    and terminated the connection.

    ReplyDelete
  12. Could it be a false positive?
    I don't want to go there to see if mine will show anything as I am not a IT Tech.

    ReplyDelete
  13. They Say, No. A trojan is a trojan.

    ReplyDelete
  14. Thanks for the warning, Kid. My hubby would be so pissed if I picked up a nasty computer disease while blogging.

    ReplyDelete
  15. Woman, if you're subscribed to this thread... I just went to your site, and my security software again tells me JS/Iframe.BQ.trojan is detected and it terminates the connection.

    Just fyi. This can happen to any of us. I'm suspecting it is some type of content that you downloaded and posted on your site. But that's all I've got sine I can't look at your site. Good luck with this.

    Your hosting people should be able to find this thing if you give them the name and/or if they visit the site with a windows computer I would certainly think.

    ReplyDelete
  16. It is a fake. To remove open your machine via safe mode with networking, right click the shortcut on your desktop and note where the .exe is. It is probably in the c:Users//AppData/Roaming. It will be called isecurity.exe. remove it and the shortcut. Then start->run->regedit click the following paths and remove the file at the end.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet Security"
    HLEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ISECURITY.EXE"

    That will remove the fake alerts and security scans. This is documented scareware so do not pay a cent to get it removed by anyone. Both Norton and McAfee will charge $120 to get rid of it and trying to install or run adaware some other anti virus, spyware, malware will be cut off.

    I do not know how to get it off a website yet but can look into it. Again it is scareware so don't pay to get it removed unless you have a contract with one of the anti virus companies already then it should be quick and free(they usually sell removal services by the year). As a caveat it is not recomended that you monkey around in the registry but in this case I have removed this a couple times successfully just to test and it does work. You can look up Remove fake Internet Security tool in google for more information.

    ReplyDelete
  17. Fishaddict, Thanks for the tip, but I don't have those registry entries nor the exe. I wiped them out by going to an image backup that was made prior to being infected.

    I checked just now anyway.

    Thank you very much for taking the time to comment that.

    When it was on my system, it was very real. It even made Windows System Restore unusable.

    I decided to go to image backup as that only took 30 minutes. It probably would have taken longer to run Win defender or whatever it took, and I didn't want to wonder if I missed some little chunk of it that would steal passwords, or whatever. The backup made it a 'never happened'.

    Thanks again.

    ReplyDelete
  18. Kid, you are correct and it is real. I keep a machine in my dmz as a decoy and can say that this trojan is intrusive and debilitating but it is more akin to a phishing attack than anything. It deploys a popup saying it is scanning and found something. It can be whatever flavour of virus is popular at the time. It will say that you can contact the security group and buy a product to remove and prevent future occurances. This is false. It is, in my mind, a form of predatory advertising preying on people who really don't know any better. I get quite a few calls from folks wanting stuff like this removed and should they buy the product and sometimes they are so devious that I tear my hair out trying to figure out the issue.

    ReplyDelete
  19. Fishaddict, if it goes that far, it is probably phishing for credit card data and/or bank data. You contact them and fill out a standard shopping cart thing and they head off and buy stuff. Certainly a reasonable thing for the suckas to do.

    Well, the last time I got one of these things that I decided to deal with, it took quite a bit of effort.
    Disconnect from the Inet, kill multiple running processes that continually start each other back up. Run the spybot type of stuff repeatedly. Took a couple hours. From then on, I decided I'd always have option A available ;-)

    Anyway, there's a lot going on in that venue, big business. How about he Clean My PC people? If people have bad habits or poor/none security software, they'll pick up the stuff that just got cleaned and have to continually repeat the process. I don't know what they charge or if they steer customers towards keeping their PC's clean but it sure has to be profitable.

    I often wonder how the anti-virus people were ready to go the nanosecond the first PC's were sold if you get my drift. It is an entire industry.

    Always the money.

    Thanks again for your information.

    ReplyDelete