viruslivescan.com ???? and lolcats/loldogs

KEM

I tried to look at icanhascheezburger . com (lolcats) and ihasahotdog . com (loldogs) today but after the page has loaded I get a popup window telling me there is a problem and do I want to run something like Antivirusscan 2009 - the top bar of the popup reads viruslivescan.com. No matter whether I click on the red X or cancel the page goes to viruslivescan and something tries to download - I've switched the router off to stop it getting any further.

I've run AVG and Spybot and they've not detected any problems.

Anyone know what is going on?

Should I try running some other antispyware to make sure my machine is clean?

Reluctant_spender

Can you replace the www. with xxx or something else to prevent others clicking the link please.

Reluctant_spender

run this programme

Malware Bytes

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

KEM

Ran MBAM as suggested and the log file is as follows (looks remarkably small compared to others I've seen posted):-

Malwarebytes' Anti-Malware 1.30
Database version: 1351
Windows 5.1.2600 Service Pack 3

01/11/2008 15:07:38
mbam-log-2008-11-01 (15-07-38).txt

Scan type: Quick Scan
Objects scanned: 65718
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\acroiehelper.acroiehlprobj (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\!!5f226421-415d-408d-9a09-0dcd94e25b48} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\!!06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acroiehelper.acroiehlprobj.1 (Adware.Cinmus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adware.Cinmus) -> Quarantined and deleted successfully.

Is everything ok now?

Reluctant_spender

Well short is good, in this case anyway.

Nothing in that log points towards the programme that tried to download. So based on that you appear alright.

You could always try updating and running your own anti virus software and see what that produces.

KEM

I did run AVG and nothing showed up.

How often would you run a MBAM scan and would you do a full or just a quick scan?

Reluctant_spender

I tend to run full scans every 7 to 10 days along with other security software.

The choice on frequency is yours.

Tallmann

Just to add my two cents, the software that's being downloaded can't be good since it's lying about scanning in the first place (i.e., I'm on a mac and it's says I'm on windows). I've contacted the webmasters at Lolcats to let them know.

KEM

Reluctant_spender - many thanks for all your quick responses and hopefully helping me get rid of this problem.

Guess I'll just have to avoid these 2 sites for a few days as they may well have been hacked?

Airwolf1

I think this is similar to the "Antivirus 2008" thing that’s going round, had to deal with this on the in laws pc a few weeks ago.

KEM

Tallmann - I didn't know how to contact the lolcats webmaster without having this popup again, so, thanks for that.

Airwolf1 - Antivirus 2008 does look similar to what popped up - I just shut everything down quickly and didn't note down exactly what it said.