Malware from ea sports world

Discussion in 'The Cheap Seats' started by BDSDIGITAL, Dec 16, 2011.

  1. BDSDIGITAL

    BDSDIGITAL One Time for your Mind

    Joined:
    Jun 5, 2009
    Messages:
    8,828
    I was downloading highlights from EA sports world last night and I got a pretty nasty malware bug while downloading one of them. I have anti virus (avast) but that didn't stop it. I was able to open in safe mode andrun malware bytes to remove it but it did take a few hours. Has anyone else had this happen from an EA site? I wouldn't have expected it from there but I guess you never know.

    Btw ppl that make and distribute malware spyware and viruses should be dragged into the street and shot.
     
    • Like Like x 3
  2. Drifterbub

    Drifterbub Help me hide a body?

    Joined:
    Feb 10, 2009
    Messages:
    17,173
    Featured Threads:
    1
    I think that's too humane. I would vote for taking a belt grinder to their genitalia, shoving a pipe bomb up their ass, packing every orifice with glitter glue and then BOOM...

    Of course I feel like the same punishment should be carried over to the dickheads who screw people with fraudulent online vehicle sales (or any sale for that matter), identity thieves and anyone who is in the cult following that thinks Dave Matthews band makes good music.
     
    • Like Like x 4
  3. Shaun Mason

    Shaun Mason Somebody you used to know.

    Joined:
    Feb 9, 2009
    Messages:
    24,887
    Featured Threads:
    5
    We've had people saying it was coming from here. I bet that's where they got it.
     
  4. BDSDIGITAL

    BDSDIGITAL One Time for your Mind

    Joined:
    Jun 5, 2009
    Messages:
    8,828
    Actually I had both sites open 0_o
     
  5. Hellisan

    Hellisan Schemin 'em up

    Joined:
    Feb 10, 2009
    Messages:
    10,590
    Yeah I was pretty sure I got some from here the other day... on my bosses computer... I was browsing here and got the vista 2012 security bullshit.

    Figured Mason would debunk my theory of getting it here....
     
  6. Shaun Mason

    Shaun Mason Somebody you used to know.

    Joined:
    Feb 9, 2009
    Messages:
    24,887
    Featured Threads:
    5
    We aren't a big enough target for most malware creators. Yet.
     
  7. BDSDIGITAL

    BDSDIGITAL One Time for your Mind

    Joined:
    Jun 5, 2009
    Messages:
    8,828
    Yep that's exactly what it was. It was the "buy our anti spyware or die" gag

    Someone feel free to educate my dumb ass, but how can I get a bug from here if I'm not downloading anything? I assumed that it was from the ea site since I was actually downloading a video at the second that I got it. So that made all the sense in the world.
     
  8. Hellisan

    Hellisan Schemin 'em up

    Joined:
    Feb 10, 2009
    Messages:
    10,590
    well, I'm not on the EA sports dynasty wire at work. strange.

    Wait, nevermind, I actually did go on there....

    :oops:
     
    Last edited: Dec 16, 2011
  9. BDSDIGITAL

    BDSDIGITAL One Time for your Mind

    Joined:
    Jun 5, 2009
    Messages:
    8,828
    I just got it again and this was the only site I was on at the time :(
     
  10. Kapono

    Kapono Walk On

    Joined:
    Jun 28, 2010
    Messages:
    4,866
    Anyone want to tell me how to get rid of it. I'm using my mac now but the PC at my home is all screwed up now and I'm guessing I got it from there or TSO.

    Every time I open anything (internet, word, games, etc.) it gets shut down and says I need to buy some security thing- Win 7 Security 2012. Any advice how I can get rid of it? I tried the other day but I know very little about computers.
     
  11. Iron Mickey

    Iron Mickey I'd take her out for some casadias

    Joined:
    Jul 14, 2009
    Messages:
    12,445
    they were doing maintenance earlier today....
     
  12. BDSDIGITAL

    BDSDIGITAL One Time for your Mind

    Joined:
    Jun 5, 2009
    Messages:
    8,828
    You needto download an antispyware / anti malware application. Malwarebytes is the best free one I know of. So start up your pc in safe mode with networking then download the anti malware pogram. Run it while still in safe mode and follow the directions.

    However......

    The first time I did it everything came out fine. Today though my firefox was fucked up afterwards so im now doing a system restore to last night.
     
  13. BDSDIGITAL

    BDSDIGITAL One Time for your Mind

    Joined:
    Jun 5, 2009
    Messages:
    8,828
    Actually that didn't Even completely fix it. I still have a file gke.exe on my CPU somewhere and i can't find it using a regular search. I'm gonna have to go through the system files to find it's location. Mother fuck.
     
  14. BDSDIGITAL

    BDSDIGITAL One Time for your Mind

    Joined:
    Jun 5, 2009
    Messages:
    8,828
    Ok nevermind. It's going to be a whole process to get rid of it. I recommend googling windows 7 antispyware virus removal and finding a good site like bleepingcompter.com or something like that. This spyware will make registry changes allowing it to hide in your c drive. This one looks like a doozy. I don't think I evergot rid of it the first time. It just was allowing me to run programs I guess. I'll update this thread if / when I finally get rid of it. What worries me is that my tds rootkill isn't picking it up either. ?
     
  15. Hellisan

    Hellisan Schemin 'em up

    Joined:
    Feb 10, 2009
    Messages:
    10,590
    Jesus that sucks.
     
  16. Shaun Mason

    Shaun Mason Somebody you used to know.

    Joined:
    Feb 9, 2009
    Messages:
    24,887
    Featured Threads:
    5
    So, is it EA's site?
     
  17. BDSDIGITAL

    BDSDIGITAL One Time for your Mind

    Joined:
    Jun 5, 2009
    Messages:
    8,828
    I don't see anyway to really tell. It's either here or there. I either got it from EA and never got rid of it or I got it from here twice. ? I'd love to know tho.
     
  18. Keller

    Keller The enemy of my enemy is my friend.

    Joined:
    Apr 14, 2010
    Messages:
    13,939
    The way to kill these bastards is get them before the start. Consider this the "manual" way to get rid of these things. As opposed to downloading something to do it for you. Malware Bytes is a good resource as well but in my experience, doesn't catch everything.

    Download Autoruns: http://technet.microsoft.com/en-us/sysinternals/bb963902

    You'll probably not be able to download this on the infected machine so my suggestion is to keep it on a flash drive - you'll obviously need another working machine to download it to the flash drive with but for most people this isn't a problem. Now, you can try to run this concurrently with whatever BS you've contracted from the interwebz but sometimes you'll have to get into safe mode before you'll be able to actually do anything. If anyone needs help doing that, please punch yourself in the junk first then feel free to ask.

    Use Autoruns and open up the logon tab, I believe. What you're looking for is a list of every single application that loads when you're PC starts - this list is pulled from the registry. Sift through the results and you should find some pretty damning evidence that will pinpoint the culprit. Look for something like gzrygs.exe or yadufasdfloiu.exe or whatever. It's named something completely random and if you're saying "wtf" then you're probably looking at the culprit. There may be more than one, I've seen as many as four different ones on the same machine. Autoruns will show you exactly where the file/files are at - most likely in a "hidden" directory. You'll want to write down or at the very least make a mental note of where they are - we're going to go in and manually delete them later.

    Uncheck the boxes to disable them at startup or if you're 100% sure, right click on the entry and delete it from the registry. My advice, if you're not sure what something is, is to just google it. If you don't know what winlogon.exe is, don't delete it until you do. Know what I mean?

    Once you've unchecked/removed the item using Autoruns, reboot your machine and see if the problem has been resolved (there may be multiple issues of course). If your problems are resolved, now you just need to hunt down the bastard and delete it. Remember, I told you to write down the location/locations? Now we use them. The most common location for these bastards is AppData. On Vista and later machines, thats C:\Users\username\AppData - now AppData is a hidden folder which you'll need to unhide before you can browse to it. Open up Computer/My Computer, go up to where file, edit etc are and go to tools then folder options. Click the view tab then click the button for show hidden files and folders (you can undo this step later, after we've eliminated the problem). Again, reference what you've notated as to the location of the files. Go to where they are and delete them. Empty your recycling bin. Thats pretty much it.

    I'd still recommend running Malware Bytes as well as any other Antivirus programs you may have - just to be on the safe side. If something is still not fixed, definitely try a system restore as well - now that you have control of your system again.

    Hopefully that helps everyone - please feel free to ask questions if you have them.
     
  19. Emmdotfrisk

    Emmdotfrisk Working half days on my days off.

    Joined:
    Oct 8, 2009
    Messages:
    11,955
    Get a Mac and never worry about this
     
    • Like Like x 1
  20. Keller

    Keller The enemy of my enemy is my friend.

    Joined:
    Apr 14, 2010
    Messages:
    13,939
    Why yes I'd love to pay twice as much for a machine that's half as powerful.

    Excellent choice (y)
     
    • Like Like x 1
  21. KnightNoles

    KnightNoles Learn to Compete

    Joined:
    Jul 6, 2009
    Messages:
    19,820
    [​IMG]
     
    • Like Like x 1
  22. Wick36

    Wick36 Welcome to the Jungle

    Joined:
    Jul 14, 2010
    Messages:
    5,283
    If it's still not gone, try combofix.
     
  23. Keller

    Keller The enemy of my enemy is my friend.

    Joined:
    Apr 14, 2010
    Messages:
    13,939
    Combofix.... I've never tried but continue to hear good things about. I don't know how it works exactly but I can only assume that if its eliminating these assholes its probably doing the same thing, except automatically.
     
  24. Wick36

    Wick36 Welcome to the Jungle

    Joined:
    Jul 14, 2010
    Messages:
    5,283
    I've used it a few times when MWB can't get rid of what ever is plaguing my computer. Has worked on the first time, every time.
     

Share This Page