Bebo Virus

Itsdacraic · 30-10-2008 12:09AM #1

Just a heads up on a nasty piece of spyware doing the rounds via bebo.

It arrives as an email from somebody in your friends list, so it can be easy for people to be fooled into opening. It generally contains a subject like "Lol" or "wow", and then text in the body such as "hey is that you in the video" and there is a link under that. When you click on the link it downloads a Trojan Zlob, hijacks your IE, installs a toolbar and redirects your homepage to a "security" site.

I have received this mail 3 times today from various friends accounts, so I'm assuming once it infects a machine it also sends out mails from your bebo account. I also had 3 machines at work today that had been infected with it.

It can be removed with Smithfraud but it obviously prevention is better than cure.

ayatollah · 30-10-2008 12:52AM

i actually came on here to issue the same warning.

i had to reinstall windows and am still ahving problems with my laptop.

its a vicious **** of a virus, ahat i would give to get hold of the little bastard that created it.

anyways my anger management issues not withstanding be extremly vigilent with this one.

Quazzie · 30-10-2008 01:23PM

I know very little about computers and virus removal. I got that mail and like an idiot opened it. I realised instantly that it was a virus then closed it, but I don't know if that was quick enough. How can I check if the virus caught on. I ran AVG system scan and it showed no errors. Does this mean I am safe. I am in work and could get in a load of **** if I downloaded a virus so I wanna make sure. My computer at the time seemed to slow up massivley but I restarted and it now seems fine again. Is there any way of knowing if I have and if I do how can I remove it.

Itsdacraic · 30-10-2008 01:37PM

Quazzie2002 wrote: »

I know very little about computers and virus removal. I got that mail and like an idiot opened it. I realised instantly that it was a virus then closed it, but I don't know if that was quick enough. How can I check if the virus caught on. I ran AVG system scan and it showed no errors. Does this mean I am safe. I am in work and could get in a load of **** if I downloaded a virus so I wanna make sure. My computer at the time seemed to slow up massivley but I restarted and it now seems fine again. Is there any way of knowing if I have and if I do how can I remove it.

AVG should catch it. It caught it on my mates machine. It also depends what browser you were using at the time you opened it? After you click on the link it brings up a message saying "codec required" or similar it's when you click on this that the virus tries to download. If you didn't get to that stage you should be ok.

In Internet Explorer it will have installed "Security Toolbar 07" and also your home page should have changed to some crappy antivirus company with a pop up prompting you to install there products.

I suppose it might be no harm to run Hijackthis and post up a log file. I wouldn't be the greatest with that though, so someone else here might be able to advise better.

Quazzie · 30-10-2008 01:41PM

I was using IE8. Like I said I'm technologically challenged so nothing fancy like firefox for me. AVG ran a clean bill of health and my home page is as normal. I'm hoping these are good enough signs. Is it safe to do online shopping even if I had it?

Itsdacraic · 30-10-2008 01:43PM

Quazzie2002 wrote: »

I was using IE8. Like I said I'm technologically challenged so nothing fancy like firefox for me. AVG ran a clean bill of health and my home page is as normal. I'm hoping these are good enough signs. Is it safe to do online shopping even if I had it?

Do you have adaware or spybot on yuor machine? If so, run one (or both) of these just to be sure that AVG isn't missing anything.

Fad · 30-10-2008 01:50PM

Firefox wouldn't let me follow the link

Mild suspicion raised when I received a message from a girl I haven't spoken to in months.

Itsdacraic · 30-10-2008 01:56PM

Fad wrote: »

Firefox wouldn't let me follow the link

Mild suspicion raised when I received a message from a girl I haven't spoken to in months.

It was something other than suspicion was raised when I saw the bird I got it from. She's a cracker!

Itsdacraic · 30-10-2008 01:57PM

Itsdacraic wrote: »

It was something other than suspicion was raised when I saw the bird I got it from. She's a cracker!

Actaully I'm going to go around telling everyone I got an infection off her!

ayatollah · 30-10-2008 03:43PM

Zero Spyware seems to find the files.

i went through the program files myself but i dont reccommend you do this unless you know what you're doing!

i've gotten the bebo mail three times since then.

it appears to be a matter of time before everyone gets it.

GrumPy · 30-10-2008 03:46PM

I got it about 20mins after I read this thread.

:pac:

Quazzie · 30-10-2008 03:46PM

What are the effects to look for? How will we know we have it without finding it on a scan, because I'm hearing that not all scans pick it up. Can someone stick a link up to a free scan program that does pick it up?

seamus · 30-10-2008 03:50PM

For one variant anyway, you'll see the attached message in your system tray, complete with spelling mistakes. Obviously, don't click the bubble or install anything that it prompts you to.

I would imagine that up-to-date AVG or Avast would pick it up, as would spybot or ad-aware.

Facebook as far as I can see blocks these links now telling you that they're malicious.

Quazzie · 30-10-2008 04:00PM

I know legal talk is a big no no but are the social networking sites i.e bebo/facebook/myspace etc etc in any way legally accountable for any damage caused by these viruses spread by their emailing system. I'd imagine no but its always been something I've wondered

AlmightyCushion · 30-10-2008 04:02PM

Doubtful unless they actually host or create the virus.

Saruman · 30-10-2008 04:11PM

seamus wrote: »

For one variant anyway, you'll see the attached message in your system tray, complete with spelling mistakes. Obviously, don't click the bubble or install anything that it prompts you to.

I would imagine that up-to-date AVG or Avast would pick it up, as would spybot or ad-aware.

Facebook as far as I can see blocks these links now telling you that they're malicious.

I know this one very well, i remove it off so many computers i have lost count. I even managed to get it myself, using firefox one day. Only had it for about 10 mins but i know that if it goes untreated, you can lose the ability to view network shares (except mapped drives) and you no option but to format. Even a repair windows install does not fix it.

If you get it, use the smitfraud fix software then install malwarebytes, update it and run a scan. It should get rid. Hijack this is great if you know how to use it too.

phantom_lord · 30-10-2008 10:10PM

bleh, i was half asleep and i opened it this. i only have the old 7.0 avg on my laptop, but i installed the new version, ran a scan and removed two viruses, plus i ran spybot, but that came up clean. am i ok, or should i install some of the programs mentioned here?

skerryman · 31-10-2008 06:14PM

Someone opened one of these nasty mails on my laptop two days ago, now "coincidentally" I get a BSOD today and my laptop is screwed by the looks of things. Once I boot up it goes straight to 'Startup Repair' and will not pass this test due to corrupt files or something. Does anyone out there know how I can remove this bugger or somehow retrieve my data before I do the dreaded system restore.

P.S. I hope the people that spread these viruses get a real virus, I think Ebola would suffice.

Nerin · 31-10-2008 06:16PM

AlmightyCushion wrote: »

Doubtful unless they actually host or create the virus.

They should at least put a notice up. I got two of these mails. Warned my friends,but bebo should put an announcement out.

Sherifu · 31-10-2008 06:18PM

I have the best protection I can get: no bebo account

Sounds like a nasty fecker.

GrumPy wrote: »

I got it about 20mins after I read this thread.

:pac:

Lol.

skerryman · 31-10-2008 06:37PM

skerryman wrote: »

Someone opened one of these nasty mails on my laptop two days ago, now "coincidentally" I get a BSOD today and my laptop is screwed by the looks of things. Once I boot up it goes straight to 'Startup Repair' and will not pass this test due to corrupt files or something. Does anyone out there know how I can remove this bugger or somehow retrieve my data before I do the dreaded system restore.

P.S. I hope the people that spread these viruses get a real virus, I think Ebola would suffice.

Also I have Ad Aware and Avast and ran both numerous times in the last two days but nothing was picked up.

Any suggestions people??

Sherifu · 31-10-2008 06:53PM

skerryman wrote: »

Also I have Ad Aware and Avast and ran both numerous times in the last two days but nothing was picked up.

Any suggestions people??

Safe mode.
Rescue cd.

I'd advise a lot of researching and searching, maybe someone in your situation has already found a way to nuke it.

AlmightyCushion · 31-10-2008 07:00PM

The people who make these things are scum.

skerryman · 31-10-2008 07:02PM

Sherifu wrote: »

Safe mode.
Rescue cd.

I'd advise a lot of researching and searching, maybe someone in your situation has already found a way to nuke it.

Thanks for your reply, tried to enter safemode but no joy, ran chkdsk but came up with nothing. Have restore CD's but they just have OS and no personal data. Hopefully be able to retrieve personal data before I have to resort to that.

Mellyj78 · 31-10-2008 10:05PM

I had been warned about the virus but before I could warn my friends a few of them had recieved the message- one of them had been charging her i-pod at the time- since trying to open the link her internet access has been affected and her i-pod will not switch on?? I have advised her about downloading an anti virus to help her pc but can we assume her i-pod problem is not related or is it i-pod heaven??? Please help :eek:

jonnygee · 01-11-2008 01:53AM

Does anyone know if the windows malicous software removal tool can fix this.

Standard Toaster · 01-11-2008 02:11AM

Fad wrote: »

Firefox wouldn't let me follow the link

Same here

Sherifu · 01-11-2008 09:44AM

skerryman wrote: »

Thanks for your reply, tried to enter safemode but no joy, ran chkdsk but came up with nothing. Have restore CD's but they just have OS and no personal data. Hopefully be able to retrieve personal data before I have to resort to that.

Get this or a linux live cd and an external hard drive so you can back up your data. Then reinstall if you can't find another way. Pain in the balls tbh.

Saruman · 01-11-2008 10:30AM

If you are quick enough, a windows XP system restore back a few weeks will put you back before the infection loads, then you can scan and remove it.

Dartz · 01-11-2008 03:13PM

The idiot downstairs clicked it. Kaspersky nabbed it before it could do any harm. Saves me having to clean it up for another few weeks.

tomisboe · 02-11-2008 02:35PM

Hi i'm new and i got this happen to me last night, i've installed Avg 8 and it got rid of 2 things, but it's still on my pc, i was wondering i have internet explorer 6 and if i installed firefox would the virus affect it or just internet explorer 6, and also i installed xoftspyse and it found the threats but i have to pay, is there another way to get rid of the virus without paying? many thanks.

Bebo Virus

Comments