From: Rube Bumpkin on 12 Jan 2010 19:24 To All, I got a message from a friend in an email that said, "Lately there's this window that keeps popping up, it's blue and black, I have to type in the weird letters or it will shut down. why? this has never happened before." The friend is a real newbie. I can't get to the system, since I'm in the Eastern U.S., and she's in Panama. Until yesterday, I doubt that she had any real AV on her system. She said that she might have had McAfee at one time. It probably came on the system. Before I got this email, I had already recommended switching to FF, loading Avira, SAS and MBAM. I haven't heard the results of those scans yet. Any ideas? What should I ask her? Thanks in advance, RB
From: Rube Bumpkin on 12 Jan 2010 20:46 Rube Bumpkin wrote: > To All, > > I got a message from a friend in an email that said, "Lately there's > this window that keeps popping up, it's blue and black, I have to type > in the weird letters or it will shut down. why? this has never happened > before." > > The friend is a real newbie. I can't get to the system, since I'm in the > Eastern U.S., and she's in Panama. > > Until yesterday, I doubt that she had any real AV on her system. She > said that she might have had McAfee at one time. It probably came on the > system. Before I got this email, I had already recommended switching to > FF, loading Avira, SAS and MBAM. I haven't heard the results of those > scans yet. > > Any ideas? What should I ask her? > > Thanks in advance, > RB More info " the letters are difficult to read at times, different shapes in shaded areas, they give you a certain amount of time to type in the letters 2 plus minutes or it will shut down. The header bar is black the rest is blue, the letters are shaded in black and white, it just happened right now. The one that just happened had a squiggly line through both words, never saw that before. It's always two words separated with a space. It's happening so often, very annoying."
From: Gabriele Neukam on 13 Jan 2010 13:01 On this special day, Rube Bumpkin wrote: > The one that just happened had a squiggly line through both words She is to forced to resolve Captchas http://en.wikipedia.org/wiki/CAPTCHA Captchas are used to tell bots apart from human beings, so that automatic programs cannot create hundreds of - say Gmail accounts within one or two minutes. Wild guess: It looks like your friend has a very specific trojan on her machine which fetches these Captchas from a web site (se the paragrapch Human Solvers), and her response will be fed to said web site, so that the spam accounts can still be set up. Gabriele Neukam Gabriele.Spamfighter.Neukam(a)t-online.de -- ignorance can be fixed. stupidity is life-long. (jshdude in alt.comp.anti-virus)
From: Beauregard T. Shagnasty on 13 Jan 2010 20:08 ASCII wrote: > Gabriele Neukam wrote: >> Captchas are used to tell bots apart from human beings > > Just a sophisticated test of your OCR. > I'm waiting for someone to develop an adaptive OCR that would > interpret those 'captchas' correctly. Ask a spammer. They've already done it. Google for: spammers crack captcha -- -bts -Four wheels carry the body; two wheels move the soul
From: Rube Bumpkin on 13 Jan 2010 22:01 Gabriele Neukam wrote: > > On this special day, Rube Bumpkin wrote: > >> The one that just happened had a squiggly line through both words > > She is to forced to resolve Captchas > > http://en.wikipedia.org/wiki/CAPTCHA > > Captchas are used to tell bots apart from human beings, so that > automatic programs cannot create hundreds of - say Gmail accounts within > one or two minutes. Wild guess: It looks like your friend has a very > specific trojan on her machine which fetches these Captchas from a web > site (se the paragrapch Human Solvers), and her response will be fed to > said web site, so that the spam accounts can still be set up. > > > Gabriele Neukam > > Gabriele.Spamfighter.Neukam(a)t-online.de > OK, so how do we identify the trojan for removal? If I could get to the system, I'd use HJT and some other tools. Wothout that luxury, what do we do? RB
|
Pages: 1 Prev: Rootkit str.sys Next: MS whitelist suggestions? (no, it's not really a question) |