New viruses Facebook, MmORPG's

[HappyCappy]

It has been reported that Facebook CAPTCHA has been compromised, and several hundred new accounts have been created, with more being created as well. If you get an invite, or a message/image/video from an account you do not know, please don't open it.

http://securitywatch.eweek.com/social_networking/facebook_attack_may_be_using_automated_pages.html

---------------------------------------------------------------------------------------------------------------------------------------------------------------

For the gamers out there, MMORPGs are under constant attack. Of course, you know not to give your account details to anyone, but it's gettin' trickier to spot a phishing site for certain games (WoW in particular).

If you get any invites to test beta/preview/trial content, do not click the link, do not put in your credentials. If it is legitimate, check the games site first (eg: www.worldofwarcraft.com), and see if it shows up there. If not, it's fake, and they're just trying to steal your "Sword Of A 1000 Truths".

http://securitywatch.eweek.com/video_games/worlds_of_scamcraft.html

---------------------------------------------------------------------------------------------------------------------------------------------------------------

As sent earlier last week, there is a fairly nasty virus that kills MBAM, HJT, and then corrupts the files. They appear to be on the system at "c:\documents and settings\username\local settings\temp", and "c:\windows\system32".

The files in "temp" are called a.exe, b.exe, c.exe, d.exe and e.exe.

The files in system32 are called msa.exe, and msb.exe.

The recommended route of removal is to boot to diagnostic mode under MSConfig, and (re-)install the latest MBAM. Run a quick scan, and it should kill the process that's killing your MBAM and HJT in regular boot.

Set for normal boot in MSConfig, but disable any of the virus related entries in the Startup tab before pressing okay. Restart the computer.

Once that's done, connect to the internet, update MBAM, disconnect from the internet, run full scan, remove what it finds. Run HJT, check the logs, removing any malicious entries (If you're unsure of what an entry is, google it on another system)

Disable system restore. Very important.

Then, manually delete the temp and temporary internet files on each profile. Be sure to go through them all ("c:\documents and settings\username\local settings\temp" and "c:\documents and settings\username\local settings\temporary internet files")

Manually check for the files listed above, and check the run entries in the registry to make sure they're removed from there. (HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n, RunOnce and HKCU\Software\Microsoft\Windows\CurrentVersion\Run , RunOnce)

Once that's done, set system to show all hidden files (In any Windows Explorer window, go to Tools, then Folder Options. Under the View tab, set to show all hidden folders and files, and uncheck the "Hide protected operating system files".

Here comes the tedious part. Manually scan (with your eyeballs) the system32, windows, and c:\ folder. It's usually best to sort by date modified. That'll put most of the newest files up top, but always check the bottom for the list for anything without a date.

Don't forget to hide protected operating system files, hide hidden folders, and verify the system is clean. Re-enable System Restore if needed.

Check the network, make sure that's working fine