geekhack

geekhack Community => Off Topic => Topic started by: Computer-Lab in Basement on Wed, 13 November 2013, 20:56:35

Title: Dafuq?
Post by: Computer-Lab in Basement on Wed, 13 November 2013, 20:56:35: [attachimg=1]

dafuq is this???

Has anyone else seen these? Or should I run a virus scan on my PC?

****'s freaking me out...
Title: Re: Dafuq?
Post by: Michael on Wed, 13 November 2013, 20:57:25: Not a virus, but a browser hack. I had the same thing. Need to run some anti-malware
Title: Re: Dafuq?
Post by: meiosis on Wed, 13 November 2013, 20:57:58: Adware/Spyware
Title: Re: Dafuq?
Post by: demik on Wed, 13 November 2013, 20:58:02: l2adblock noob.

obi wan's reaction is priceless tho. so say we all!
Title: Re: Dafuq?
Post by: Pacifist on Wed, 13 November 2013, 20:58:24: What's with your white GH?
Title: Re: Dafuq?
Post by: Dubsgalore on Wed, 13 November 2013, 21:00:08: might be something in your extensions? sometimes bull**** things like that sneak into chrome..just go uninstall it or uncheck it

and adblock it up too :p
Title: Re: Dafuq?
Post by: uberknarf on Wed, 13 November 2013, 21:02:39: Quote from: Pacifist on Wed, 13 November 2013, 20:58:24
What's with your white GH?

I think's its the Thoriated theme, if I'm not mistaken.

http://geekhack.org/index.php?action=profile;area=theme (http://geekhack.org/index.php?action=profile;area=theme), then click "change" at the toppish.
Title: Re: Dafuq?
Post by: Computer-Lab in Basement on Wed, 13 November 2013, 21:03:44: Quote from: Dubsgalore on Wed, 13 November 2013, 21:00:08
might be something in your extensions? sometimes bull**** things like that sneak into chrome..just go uninstall it or uncheck it

and adblock it up too :p

Had adblock installed since I installed Chrome. Must have snuck past it...

Gonna try some anti-malware/adware and see if that takes care of it.
Title: Re: Dafuq?
Post by: Computer-Lab in Basement on Wed, 13 November 2013, 21:05:43: Any suggestions for a free anti-malware software?
Title: Re: Dafuq?
Post by: Puddsy on Wed, 13 November 2013, 21:11:52: Quote from: Computer-Lab in Basement on Wed, 13 November 2013, 21:05:43
Any suggestions for a free anti-malware software?

malwarebytes

So good I paid for pro.

It's still got 60 days free or something.
Title: Re: Dafuq?
Post by: Computer-Lab in Basement on Wed, 13 November 2013, 21:12:23: Quote from: TacticalStache on Wed, 13 November 2013, 21:11:52
Quote from: Computer-Lab in Basement on Wed, 13 November 2013, 21:05:43
Any suggestions for a free anti-malware software?

malwarebytes

So good I paid for it.

Thanks, already running it. :thumb:
Title: Re: Dafuq?
Post by: Puddsy on Wed, 13 November 2013, 21:12:52: Quote from: Computer-Lab in Basement on Wed, 13 November 2013, 21:12:23
Quote from: TacticalStache on Wed, 13 November 2013, 21:11:52
Quote from: Computer-Lab in Basement on Wed, 13 November 2013, 21:05:43
Any suggestions for a free anti-malware software?

malwarebytes

So good I paid for it.

Thanks, already running it. :thumb:

I ninja edited like 3 times sorry :| :|
Title: Re: Dafuq?
Post by: keymaster on Wed, 13 November 2013, 21:15:11: Post your extensions/plugins. You probably installed some software recently that installed spyware into Chrome.
Title: Re: Dafuq?
Post by: tp4tissue on Wed, 13 November 2013, 21:16:33: Nothing like Restoring from an Image.. for peace of mind... saves so much time...(http://www.cute-factor.com/images/smilies/onion/063.gif)
Title: Re: Dafuq?
Post by: Computer-Lab in Basement on Wed, 13 November 2013, 21:17:18: Quote from: keymaster on Wed, 13 November 2013, 21:15:11
Post your extensions/plugins. You probably installed some software recently that installed spyware into Chrome.

That's the weird thing, I haven't installed anything lately except for a couple games through Steam (and Steam itself).

(could that do it?)
Title: Re: Dafuq?
Post by: Puddsy on Wed, 13 November 2013, 21:20:48: Quote from: Computer-Lab in Basement on Wed, 13 November 2013, 21:17:18
Quote from: keymaster on Wed, 13 November 2013, 21:15:11
Post your extensions/plugins. You probably installed some software recently that installed spyware into Chrome.

That's the weird thing, I haven't installed anything lately except for a couple games through Steam (and Steam itself).

(could that do it?)

Steam no, games yes

Some games are a bit fishy, especially greenlight games.

I limit myself to indie (not greenlight) and AAA games.

Still only play DotA.
Title: Re: Dafuq?
Post by: Computer-Lab in Basement on Wed, 13 November 2013, 21:23:14: Quote from: TacticalStache on Wed, 13 November 2013, 21:20:48
Quote from: Computer-Lab in Basement on Wed, 13 November 2013, 21:17:18
Quote from: keymaster on Wed, 13 November 2013, 21:15:11
Post your extensions/plugins. You probably installed some software recently that installed spyware into Chrome.

That's the weird thing, I haven't installed anything lately except for a couple games through Steam (and Steam itself).

(could that do it?)

Steam no, games yes

Some games are a bit fishy, especially greenlight games.

I limit myself to indie (not greenlight) and AAA games.

Still only play DotA.

Games installed: COD Black Ops and COD Black Ops II

Only just started noticing this after I got done playing multiplayer (can malware be transferred through games like that?)
Title: Re: Dafuq?
Post by: Computer-Lab in Basement on Wed, 13 November 2013, 21:29:04: Ran Malwarebytes, removed all threats, didn't resolve the problem.

Next step: Windows Defender (cuz I don't have any use for real antivirus 99% of the time).
Title: Re: Dafuq?
Post by: Jack on Wed, 13 November 2013, 21:39:18: Try it again, quick scan will do, may uncover things that were being protected by what was removed on the first pass.

Check chrome://extensions/ and see if there's anything unfamiliar. Try disabling them one at a time and see when the problem goes away.

Never heard of malware through playing a game (that is, the playing itself). Could have adware/PUP bundled if you didn't pay attention to the installer, or maybe driveby download.

HJT may show something useful.

http://www.bleepingcomputer.com/download/hijackthis/

Getting a log: http://www.malwarehelp.org/how-to-curepart-3-using-hijackthis-scan-and-save.html
Comprehensive manual: http://www.bleepingcomputer.com/tutorials/how-to-use-hijackthis/
Title: Re: Dafuq?
Post by: kmiller8 on Wed, 13 November 2013, 21:43:55: as others said, chrome://extensions

I had this same problem, it was the Ask toolbar extensions. I think it was bundled with java or flash or something. Something required to use the internet to the full extent

And not to start a flame war, but don't adblock :/ that's just a douche-move
Title: Re: Dafuq?
Post by: eth0s on Wed, 13 November 2013, 21:45:58: use the spock button, luke.

(http://i.imgur.com/NZQhi.gif)
Title: Re: Dafuq?
Post by: Computer-Lab in Basement on Wed, 13 November 2013, 21:46:26: Quote from: Jack on Wed, 13 November 2013, 21:39:18
Try it again, quick scan will do, may uncover things that were being protected by what was removed on the first pass.

Check chrome://extensions/ and see if there's anything unfamiliar. Try disabling them one at a time and see when the problem goes away.

Never heard of malware through playing a game (that is, the playing itself). Could have adware/PUP bundled if you didn't pay attention to the installer, or maybe driveby download.

Getting it from an installer is damn near impossible considering the way I install things (I ALWAYS make sure I am installing JUST the software I want, with none of the bull**** that will slow my computer down). So that's out...

Whatever it was, it was called "Better Surf" and it was a Chrome extension. No ****ing idea how the hell it got installed, cuz I sure as hell didn't do it...

Also got a few Windows Defender alerts saying it found a keylogger and "WPAkiller" (whatever that is). Removed both.
Title: Re: Dafuq?
Post by: Computer-Lab in Basement on Wed, 13 November 2013, 21:47:59: Quote from: eth0s on Wed, 13 November 2013, 21:45:58
use the spock button, luke.

Show Image
(http://i.imgur.com/NZQhi.gif)

But why would Spock need to use the Spock button? (http://geekhack.org/Smileys/solosmileys/laugh.gif)
Title: Re: Dafuq?
Post by: eth0s on Wed, 13 November 2013, 21:49:35: Quote from: Computer-Lab in Basement on Wed, 13 November 2013, 21:47:59
Quote from: eth0s on Wed, 13 November 2013, 21:45:58
use the spock button, luke.

Show Image
(http://i.imgur.com/NZQhi.gif)

But why would Spock need to use the Spock button?
Show Image
(http://geekhack.org/Smileys/solosmileys/laugh.gif)

cuz he's afraid to use the force?
Title: Re: Dafuq?
Post by: Computer-Lab in Basement on Wed, 13 November 2013, 21:51:33: Quote from: eth0s on Wed, 13 November 2013, 21:49:35
Quote from: Computer-Lab in Basement on Wed, 13 November 2013, 21:47:59
Quote from: eth0s on Wed, 13 November 2013, 21:45:58
use the spock button, luke.

Show Image
(http://i.imgur.com/NZQhi.gif)

But why would Spock need to use the Spock button?
Show Image
(http://geekhack.org/Smileys/solosmileys/laugh.gif)

cuz he's afraid to use the force?

Please, no intertwining of the Star Trek/Wars...

And logic trumps the force. :P
Title: Re: Dafuq?
Post by: Jack on Wed, 13 November 2013, 22:01:57: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=HackTool%3AWin32%2FWpakill#tab_2

It may have been necessary if you have an ~alternatively acquired~ copy of Windows.

Glad you found the cause though. Now maybe it's time for password changes, given the keylogger.
Title: Re: Dafuq?
Post by: swill on Wed, 13 November 2013, 22:11:32: I had something similar happen. I had to disable all my extensions and turn them on 1 by 1 to find which one was the culprit. I did not have to do anything other than isolate the extension and remove it...

Hope that helps...
Title: Re: Dafuq?
Post by: nubbinator on Wed, 13 November 2013, 22:25:49: Do you have Flash running or Java enabled in the browser? Sometimes you can get a driveby spyware/malware installation that way. That's why I have Java disabled by default, Flashblock installed, and Adblock Pro installed.

As for spyware/malware software, Malwarebytes (MBAM) that was already mention is solid, as is SuperAntiSpyware. There are also some good AVs you can install now that Defender is on the way to no longer being supported. If you're super paranoid, you can boot with ClamAV, Avast, Kaspersky, F-Secure, AVG, and so on live discs.
Title: Re: Dafuq?
Post by: MKULTRA on Wed, 13 November 2013, 23:48:33: That is what you call adware. Lots of mirror sites like CNET can give you that ****.
Title: Re: Dafuq?
Post by: iri on Thu, 14 November 2013, 00:49:43: Quote from: nubbinator on Wed, 13 November 2013, 22:25:49
If you're super paranoid, you can boot with ClamAV, Avast, Kaspersky, F-Secure, AVG, and so on live discs.
it's so much fun to boot with kasperskiy and nod32 and look how they fight each other. that's what microsoft windows is for!
Title: Re: Dafuq?
Post by: Computer-Lab in Basement on Thu, 14 November 2013, 07:09:58: Quote from: Jack on Wed, 13 November 2013, 22:01:57
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=HackTool%3AWin32%2FWpakill#tab_2

It may have been necessary if you have an ~alternatively acquired~ copy of Windows.

Glad you found the cause though. Now maybe it's time for password changes, given the keylogger.

Oh, so now I'm gonna have to re-install my "make my Windows legit" software... ndb.

And I'm not even sure if it was a keylogger, I think I misread "keygen" for "keylogger" (cuz I know I have some keygens on my PC, for pirated stuff). Even if it was a keylogger, all my passwords were autosaves/autofills anyways, so I'm not even gonna bother with a ****-ton of password changes.

Oh, and the reason why I posted this here to begin with was because this malware thing only showed up on Geekhack, so I was afraid it might have been the beginning of a r00tw0rm 2.0 or something...
Title: Re: Dafuq?
Post by: kolonelkadat on Thu, 14 November 2013, 07:25:59: I REALLY wanted that ad to say "meet horny singles in Basement" like those geoip ads are wont to do. I would have laughed for days.
Title: Re: Dafuq?
Post by: Computer-Lab in Basement on Thu, 14 November 2013, 08:13:16: Quote from: kolonelkadat on Thu, 14 November 2013, 07:25:59
I REALLY wanted that ad to say "meet horny singles in Basement" like those geoip ads are wont to do. I would have laughed for days.

[attachimg=1]
Title: Re: Dafuq?
Post by: kolonelkadat on Thu, 14 November 2013, 21:35:24: :)) Thank you. This has made my day.
Title: Re: Dafuq?
Post by: catnipz0098 on Thu, 14 November 2013, 22:07:08: Quote from: Computer-Lab in Basement on Thu, 14 November 2013, 08:13:16
Quote from: kolonelkadat on Thu, 14 November 2013, 07:25:59
I REALLY wanted that ad to say "meet horny singles in Basement" like those geoip ads are wont to do. I would have laughed for days.

(Attachment Link)

I thought that was the original spam ad until I looked back at the OP. :))