[jopa489]

This past weekend, my Windows desktop was infected directly from Autopia.org. I'd strongly advise those of you who use this site to avoid it for the time being. Not sure how they let this happen, but that place has really gone to hell since the new site was launched.

It was a Java-based attack (an alternate browser won't protect you from these) which provided me with a nice batch of fake anti-virus malware. I work in IT and these are a huge issue, and I'm sure some of you have seen these around too. The Autopia domain has been flagged by Google as a reported attack site (more technical explanations on that here).

I'd be happy to help remove this junk from your computer if you were infected, just give me a shout.

That's all. Figured I'd post this here, since I know many of you are also members at Autopia.

[techlogik]

Haha..yeah, I was looking for an old contact that used to advertise and show his work on there, and Google was all over the dangerous URL in the search.

That used to be a great place...now some hackers/losers got ahold of it and are just looking to infect your computer to rip you off.

[BillLee]

thanks for the heads up

[shoes]

I noticed it was flagged by Google, but I didn't know why.
Hopefully they get it cleaned up soon.

Thanks for the info.

[fisherbln]

I noticed it was flagged by google too. Found a thread on there talking about it and the admins didn't even seem to know much about how to fix it. Don't have to worry too much about it on my Mac though.

I'll be sure and not go there from my Windows 7 machine though.

[UncleWede]

jopa probably already fixed his. Anyone else, get your hands on tdsskiller.

It still boggles my mind that we spend so much money on AV products and then still have to find cleaners for when they don't work . . .

[jopa489]

I fixed mine immediately. As I said before, my guys at work deal with this on a fairly regular basis. I received a few PMs asking for some guidance on how to get rid of this stuff in general, so while we're on the topic here are a few tricks we find effective at work:

• Safe Mode - this is a must. Most of these rouge applications prevent you from installing and/or launching most anti-malware products, if not all exe's on your computer. You can enter Safe Mode by continuously tapping the F8 key. You will see a bunch of black/white text flying by, and Windows will eventually load up in a "watered down" mode. You likely won't see the rouge software at all from Safe Mode, but we need to kill it so you can use the machine normally.
  
• Run these three (free) tools, in this order: ComboFix, MalwareBytes, and Super Anti-Spyware. You can either download these to your computer before getting into Safe Mode, drop them on a flash drive from another computer, or use Safe Mode with Networking to download them directly from Safe Mode.
  
• Of these programs, ComboFix is the most intimidating but also the most thorough. Just follow the prompts (read them carefully) and you will be fine. For the non-computer-savvy out there, the application just looks intimidating to some.
  
• MalwareBytes and Super Anti-Spyware are self-explainatory. Make sure you update the definitions after installing the programs, then run full system scans. It will take some time, be patient.
  
• To exit Safe Mode, just restart your computer as you normally would. As long as you don't start tapping F8 again, the machine will boot up normally. All of these tips apply to any version of Windows.

This is certainly not a definitive guide, as there are thousands of types of this junk going around. There are loads of other good tools out there, but we find the three above are able to clean the computer pretty much every time.

[ScheerSpeed]

another reason you should use mac

[ScheerSpeed]

i just tried to go to autopia and its all in html for some reason

[Taxvictim]

Jopa, you are the man. Thank you. I dl'd Super Anti and Combo Fix. While doing that, I noticed that I had a Google Re-direct virus. When I searched for "Combofix", the right search results were displayed, but when I clicked on a link, it went to a copycat website with the wrong address that was trying to get me to download a program.

The whole reason I did this was because some program was eating up 50% of my processor, plus I was getting pop up ads for online jobs. Anyway, I went into Safe Mode, ran Super Anti-Spyware plus Combo Fix, and that seems to have cured everything my regular AV program missed.

Thank you!

[DetailAddict]

okay... so it's not just me then...

[jopa489]

Quote:

Originally Posted by ScheerSpeed

i just tried to go to autopia and its all in html for some reason

Same for me since a few days after this incident. I hope that's the site operators trying to flush this junk out of their code.

Quote:

Originally Posted by Taxvictim

Jopa, you are the man. Thank you. I dl'd Super Anti and Combo Fix. While doing that, I noticed that I had a Google Re-direct virus. When I searched for "Combofix", the right search results were displayed, but when I clicked on a link, it went to a copycat website with the wrong address that was trying to get me to download a program.

The whole reason I did this was because some program was eating up 50% of my processor, plus I was getting pop up ads for online jobs. Anyway, I went into Safe Mode, ran Super Anti-Spyware plus Combo Fix, and that seems to have cured everything my regular AV program missed.

Thank you!

Glad to hear that worked for you!! Browser/DNS hijacks are another increasingly common problem. The combination of stuff I posted takes care of almost anything, and can save you from having to do an entire reformat or taking the machine somewhere to be fixed (where you would pay $100+ to get them to run the same applications). Regular AV is still good (and necessary) for traditional viruses, but none of this stuff is classified as a virus. It's all spyware and other forms of general malware.

[Hasek9339]

are Macs immune from this ?

Because that is what I have!

[JB335]

Quote:

Originally Posted by Hasek9339

are Macs immune from this ?

Because that is what I have!

yes. but still... don't go to the site

[therealm3]

Quote:

Originally Posted by Hasek9339

are Macs immune from this ?

Because that is what I have!

macs aren't immune to attacks nor are they better against viruses. the market share is so much smaller that it just doesn't make sense for hackers to write code for them. More bang for your buck with windows attacks.

OP - Thanks for the heads up.

[MetsFan]

Yeah, I got hit at my work computer a couple of weeks ago. I have to remember to delete the bookmark I have for it.

I ran MBAM and Super AntiSpyware but I was still getting redirected to copycat websites. I went ahead and ran ComboFix. I was a bit reluctant since most sites say not to run it without supervision. It took a while, but it found some rootkit virus that it deleted. In the process, it must have deleted something else because my internet stopped working. After doing some research on my phone (no internet on PC), I found WinSockXPFix might fix my problem. I had my co-worker download it for me and luckily it fixed it.

My computer's still a bit slow, but I've those other utilities again and they haven't found anything. I think it might be McAfee's real time "protection".

edit: looks like the site is back to normal.

[techlogik]

Looks like they got it resolved...sometimes google just flags a site as malicious and it's not...seen that before, good luck getting them to remove it. I had a vendor that had that issue, what a mess.

Anyway, it was infected, I "tested" it when it was hosed up...sure enough, it had issues.

Here is the thread telling about their hacker issues..haha..

http://www.autopia.org/forum/thread132259.html

[Neutrino45]

Where is another safe location to download ComboFix? The previous link doesn't work any more. Thanks!

Here? http://www.combofix.org/

Ok, I found it. http://www.infospyware.com/antimalware/combofix/

[jopa489]

The first one you posted is legitimate too.