Did it get me or not?

by jolysmoke - 2/5/10 3:24 PM

In Reply to: It Almost Got Me by LAG

It seems a bit difficult to know whether you can trust your Norton on the matter of whether you are infected or not. It appears that nowadays the Rusky mafia recruit the best graduates of the Moscow and St Petersburg computer schools, and these people are paid salaries ten times what the normal Russian IT specialist gets; they wear snazzy suits and dine in the best restaurants. And.. they are clever enough to have started to design their malware so the most popular AV firms' prducts cannot detect them. They test out their inventions on Norton, McAfee etc. and only release them into the wild when they are sure the latter will not detect them. You would do better to download a batch of free AV and test them out one by one on your machine, to be absolutely sure you are clear.
I'll give you my experience. I met the beast a couple of days ago on a site supposedly to do with self-taught language learning based in Holland (Netherlands). I quit by ordering a shut down (not by pulling the plug, which can damage the registry I believe.) I then ran the Avira AV previously installed on this borrowed machine. It revealed nothing amiss. I then downloaded Malwarebytes, highly recommended by many on this thread. The Quick Scan option revealed two Trojan droppers. The problem is that they could have been here before as the lady who owns this machine knows little about the web and merely had Avira on the machine (which would not have detected this virus had it been there already for some time, as the above shows). Armed with various other AV too, I explored what I could about this site on Google, and decided to take the risk of seeing whether the cache copy of the site page on Google contained the beast or not. It did. I quit the same way,although somewhat more rapidly, and ran my various AV, which this time found nothing. So was I infected by it the first time or not? I can't say.
Obviously there are different versions of the beast. We should compare and classify them. Somewhere on the web there should be a site that lists sites carrying these rogue AV, and giving screenshots or descriptions of them where possible. Does anyone know of such a site?
My beast was a sort of long thin oblong banner, in the middle of the page, rather colourless, grey I think. No drawing or designs. On the top left it had a circle spinning as if it was already testing my HD.
It was on a site called actief-leren.com (something like active learning or teaching). What surprises me is that Google should include dangerous sites in its lists, even though their own cache version has the beast already in it! Any theories? Perhaps they just do things by robot and never really bother to check.
But the page of actief-leren must have been hijacked since I never saw any of the texts that Google claims were on the page, in fact the page was grey and empty apart from the oblong rogue. Checking my browsing history, I see that actief-leren (or the Google list) must have transferred me in a split-second to another page called My Computer Online Scan on another website, called http://yoursecuritytodayonline.com/index.php?affid=31700
and the history says another page on this site was also involved:

Going to actief-leren by other means later, I found no resemblance to what I had seen, all semmed respectable,nor could I find any way of navigating to the dubious page labelled Linda, but something strange happened on one visit, Firefox unprecedentedly told me it did not know how to treat the page, and then suddenly opened a window offering to download some unknown file to me. I rejected its offer. Too risky.
Perhaps the Google link never took me really to actief-leren as a check of my browsing history shows that I went, perhaps very briefly, to
actief-leren seems a bit minor in all that but you techies will know better than me.