One Malicious file caught from Healthcare.gov

[Chadeaux]

So, it has started showing up ... Infected files (since I know I didn't get it here ...) from Healthcare.gov.

Infected a game file on my favorite game with a Win32:Evo-Gen process now embedded in the main executable. If I played it online, I could understand, but I only play the game in offline mode.

Be extremely careful. I thought I had caught the problem in time and headed it off, but this backdoor virus got through. There are several versions of the virus, but the one on my computer is for remote access of my personal files.

Guess I've got a project for the weekend now.

 

Amazon Forum Fav 👍

A History of Mining on the Kenai Peninsula, Alaska - Grab it through Amazon!

[pat-tekker-cat]

Hey Chadeaux, shoot an email to all the major news networks, with an email telling them where you got this bug.
See if their computers pick it up! Or can you do that?


oh, and sorry you got a bug.

 

[Chadeaux]

Still haven't removed it. Of course, with some bugs you need to remove the HDD and access it from a clean computer to do a scan. Probably do that tomorrow.

 

[Ignorance Denied]

Or how boy tell us here. I don't believe it. It sounds like spam to me.

If it is true, make it so.

Dont spread crap that aint true.

Prove it with better than simple conjecture.

 

[DeepseekerADS]

Or how boy tell us here. I don't believe it. It sounds like spam to me.

If it is true, make it so.

Dont spread crap that aint true.

Prove it with better than simple conjecture.

Pardon me, Chadeaux is an old and trusted member here, not given to the spam for which you accuse him of. You, on the other hand are an unknown, but from the several of your posts I've seen, you are out of line.

 

[Chadeaux]

Not done yet, but have been tracking all connections attempted from healthcare.gov.

Pingdom.net is owned by the same entity as pingdom.com ... which used to be a known distributor of spyware. I've cleaned up some of their drive-by downloads / hijacks for some of my "less discriminating" customers in the past. I used to take them to Siteadvisor and show them the negative rating from Mc Afee (and to get a negative rating there you are usually a very bad site).

I went back this morning, and checked again ... lo and behold, Mc Afee has now cleaned up their rating.

I went to whois and checked to see if the domain had possibly changed hands, and it has not. It is still in the hands of a company from Sweden owned by Sam Nurmi. Looks legit if you visit their website. He started the company in 2007. Not sure if the old warning from Mc Afee is wrong or if it has been "cleaned" up by someone.

Still digging ....

 

[thrillathahunt]

Hey Chadeaux, shoot an email to all the major news networks, with an email telling them where you got this bug.
See if their computers pick it up! Or can you do that?


oh, and sorry you got a bug.

pat, that is wonderfully diabolical.

 

[TheRingFinder]

So, it has started showing up ... Infected files (since I know I didn't get it here ...) from Healthcare.gov.

Infected a game file on my favorite game with a Win32:Evo-Gen process now embedded in the main executable. If I played it online, I could understand, but I only play the game in offline mode.

Be extremely careful. I thought I had caught the problem in time and headed it off, but this backdoor virus got through. There are several versions of the virus, but the one on my computer is for remote access of my personal files.

Guess I've got a project for the weekend now.

Just do a full computer restart from an earlier date - before you went to the infected site. Takes about 15 minutes. Good luck and stay off those nasty sites from the insane clown posse!!!!!!!

 

[BC1969]

ICP ? Them guys are a bunch of dope heads, and that's not up for debate.
I have first hand knowledge of that.

 

[TheRingFinder]

ICP ? Them guys are a bunch of dope heads, and that's not up for debate.
I have first hand knowledge of that.

My point exactly - But watch out on the dope head stuff, a lot of people on TN want to legalize it.

 

[BC1969]

Oh dope does not bother me lol, it just does not work to well with my paranoia lol
Just I used to know all of them guys from ICP personally, back in the 80's when all of us did was sit around and did dope And they made sounds that some call music heh.

 

[pat-tekker-cat]

pat, that is wonderfully diabolical.

I shoulda added, send it to all the elected officials in this country, the WH, and the IRS, too! LOL!
Some should remember: Their weapons can also be used against them!

 

[BC1969]

Hey Shadow, this will kill it on the first pass.
Download Spyware Cease - CheeseSoft - a Professional System Utility Company

 

[Molemann]

What does "old and trusted" have to do with conjecture ? How about engage your brain before opening your pie hole.

 

[Red James Cash]

What does "old and trusted" have to do with conjecture ? How about engage your brain before opening your pie hole.

Ahhh a new troll,but most likely same member with different account

 

[BC1969]

I think what that guy saying about spam, is this type of infection is delivered thru spam email, that's the container that it comes in.

Mike

 

[Red James Cash]

Could be,but the way i see it who in their right mind comes to the obscure thread section such as here,with an account thats almost a year old,only has 2 posts to its credit,and starts running their mouths.

 

[Chadeaux]

What does "old and trusted" have to do with conjecture ? How about engage your brain before opening your pie hole.

Ahhh a new troll,but most likely same member with different account

I work with computers, I clean up computers for our business's customers. This is not a "spyware infection".

Yeah RJC, another troll. I seem to attract them all the time. That expression though, seems I've seen it typed exactly like that before ... it isn't every day speak.

 

[Chadeaux]

I think what that guy saying about spam, is this type of infection is delivered thru spam email, that's the container that it comes in.

Mike

You are the first person to mention spam.

This came from healthcare.gov not from an email. When I accessed their site on Tuesday October 15, 2013 something tried very hard to write to a couple of files in my system32 directory. My AV picked it the activity but could not detect culprit. I shut down, and restarted. Now everything dealing with them runs in a virtual machine for my protection.

Maybe they were trying to create their own DDoS attack to make it look like the problem was not theirs.

I don't hack, and haven't messed around with creating viruses since 1992. On a bet with an instructor (his words were, "no one can create a virus that destroys hardware.") I created a single virus which died when it destroyed his hard drive. The one and only attempt was successful in less than 24 hours on a brand new hard drive.

I used to code in basic and a small amount of machine language, but never was very good.

 

[Red James Cash]

That expression though, seems I've seen it typed exactly like that before ... it isn't every day speak.

My bet would be picker,he liked using the 50 cent wordsTried to make himself look like he had brains but failed at the attempts when you called him on it.Basically a liars liar but wasnt very good at it.Supposedly independently wealthy yet stayed in this website all day.The supposed fully documented history of his family,ancestors that fought in the french and indian war,yet he didnt know which of the 4 french and indian wars they fought inYup ok.Plagiarizing peoples work off of engineering websites(forums).funny part was he didnt look at the posts below the post he stole.The post below was correcting the post picker stole.So picker was using false info trying to back up his argument against building 7 being imploded.