Skip to main content

I wanted to bring to the communties attention some issues I've been having while enjoying DKOS.  Starting with the rec listed diary regarding Sarah Palins palm pilot i've been hit with several very nasty malware programs.

I was in this diary that discussed browser issues with loading polls etc, however the comments seemed to be exploding with issues of virus.  One commenter talked about how perhaps the ads from Google ads server may be at fault.

Yeah I know this really isnt a diary, but I cant help but wonder how many Kossacks are currently in mortal battle with this thing now.  Mine was worm.win32.netsky and it was no joke.  

If anyone else is experiencing this let us know, and if you are a techman flash drive on your key chain full of anti malware tricks and can help some fellow kossacks this might not be a bad place to do it.


I got a nice e-mail from Ed in technical support, and since it originated as a comment in a daily kos diary, and he expressed that he would probably diary it I didn't think he would mind if I shared his thoughts on the issue.

View Story | 133 comments | Autorefresh  

  Comments: Expand Shrink Hide (Always)  | Indented Flat (Always)
Daily Kos Help
    * [new] Hello, DK Tech Support here (0+ / 0-)
OK, I have several initial notes, in no particular order:

•The stable version of Chrome does support extensions now, they rolled them in a couple of weeks ago.  Chrome updates itself without notifying you; the new version may have picked up your antivirus software's browser plugin automatically.
•Pop-up advertising is strictly forbidden on Daily Kos and on all the third-party ad services we use; if you're getting pop-ups, then they're most likely being generated by malware that has already infected your computer.  Particularly if you have suddently started seeing these pop-ups all over the internet.  And see below.
•Update your virus definitions, manually.  Some viruses disrupt automatic definition updates.
•If you're using Kaspersky antivirus software, be aware that we have a long history of false positive reports from their products on the site.  Updating virus definitions usually fixes the false positives.

Malware that generates pop-up ads or messes with the browser in other ways is ubiquitous.  When you see a sudden increase in obvious scam ads all over the place, you should suspect this sort of problem, in addition to suspecting an increase in, well, scam advertising, which is also unfortunately ubiquitous.  

One of the reasons we use third-party ad services is that they have much greater resources available to screen ads and advertisers; with that said, even the big ad services have been duped, at least briefly, by scam/malware distributors recently.  If you see a single malware report on the site, it's possible the big ad networks have been compromised again; if you're seeing a bunch of them, though, then it's far more likely that they're being generated by malware already resident on your machine.

There is malware out there that has rather sophisticated evasive measures built in to escape detection by antivirus/antispyware software, and/or disrupt the update systems of same.  If your antivirus software appears to be working, but you're still getting scads and scads of scam-ad popups, I suggest the following:

1.update your antivirus software manually, and run a full system scan.  If the problem persists:
2.Uninstall any old spyware scanner(s) you have installed, install the latest version of an antispyware tool (I use the poorly named but effective "Spybot Search and Destroy") and run a full scan.  If the problem persists:
3.consider backing up your data, wiping your drive, and reinstalling your entire system from scratch.  Really.  It's an enormous pain in the butt, but if you're pretty sure your system is infected, it's by far the surest way to remove the malware.
4.OK, you've ignored the advice in the previous step.  Next:
5.Figure out which strain of malware you're infected with; try Googling the exact error message you're getting (or some portion thereof), together with the name of your antivirus software.
6.Once you know what bug you've got, you can search for the virus/trojan/worm name together with your OS version or antivirus software to find a fix Be aware that such fixes tend to be rather complex, involving registry edits, manually deleting .dll files, and the like.
7.The antivirus companies will sometimes release standalone removal tools, and eventually roll them into the main product in updates.  These fixes may not work on updated versions of the malware, and of course malware distributors have hit on the bright idea of distributing malware disguised as anti-malware software.  Don't download fixes from anywhere other than the web sites of trusted antivirus makers, and when you're choosing a spyware scanner, research it first-- if it smells even slightly scammy, don't use it.
8.If you've tried every legitimate fix you could find on the web, go back to the step where I suggested wiping your drive and reinstalling your entire system.

Finally, if you do figure out exactly what is causing this latest outbreak of nasty, let us know.  We at tech@ aren't seeing the scammy ads on our test machines, and we haven't had any bug reports that include the full text of the virus warning (together with OS/browser versions) so we haven't been able to search around for the source of the problem.

Originally posted to An Adept's Journey on Mon Feb 08, 2010 at 11:35 AM PST.


Have you been virally attacked through Kos lately

25%43 votes
48%81 votes
14%25 votes
0%1 votes
0%0 votes
4%7 votes
1%3 votes
4%7 votes

| 167 votes | Vote | Results

Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags


More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site