Cricinfo and a Virus that looks like an anti virus program (Cryp_FakeAV-11)
My friend checked the India New Zealand score on my laptop last weekend using Cricinfo.com. While he was at it, we suddenly got a message that said that the computer was threatenend and it went on to launch an internet explorer window and made it looked like the computer was being scanned and before you know it, multiple viruses were found in various system folders.
It also had the Windows firewall shield logo (Kid you not!) but the shield was split into four parts and each part had a Microsoft Windows color.
Turns out it was a virus called Cryp_FakeAV-11 . These guys know how to do subliminal messaging! You see the shield shape, the windows colors, the legit looking virus scan, combined with your own Antivirus message (that is telling you that this thing itself is a virus) and you can be overwhelmed... Which window do you close? Which Ok or Cancel do you press? would you wipe out your hard drive with one wrong click?
Worse, why is Cricinfo supporting these guys?
The funny thing was that my MIL got the same warning and she clicked okay in an effort to "protect" the desktop and that installed this virus shield looking virus on our desktop! Took us some time to clean up.
Beware! Go let your six year old little ones and sixty year old seniors know the risk of clicking okay!
.
Reader Comments (14)
Hi, just wanted to let you know that you aren't alone with this - same thing happened to me. Can't believe it, that this would happen with a major site. What happened - my firewall informed me that I had possibly become the target of a buffer overflow attack, and it also reported that various dlls were trying to do their thing - I then scanned for malware and found cryp_fakeav-11 and a couple of other things. Just for the record, I am beyond 100% certain that my machine was clean before I visited cricinfo Sunday morning. (oh, btw I am certain that I didn't click 'ok' - the minute I saw the phony scan window, I knew something fishy was going on, and then comodo--my firewall--started screaming at me) Unbelievable.
Thanks for the post!
If you are going to browse any Indian web site, visit it using Firefox preferably from a Linux box. If the website squawks about needing Internet Explorer, you can be pretty sure it's trying to install a virus, and failing.
sundar:
that is exactly what i got too a couple of months ago. somehow, i remembered my troubles having started it cricinfo, but i was unable to convince co-workers about it! i ended up reformatting my hard drive (and since i did not have the "evidence" that you have, i could not share it with anyone either).
great detective work!
- s.b.
p.s.: i should have followed your advice and sworn off of cricket in 2007 ;-).
At the least use firefox :), if possible move to Linux OS. I have a Linux desktop and hardly ever have issues with virus.
Same thing happened to me last night. Made the mistake of checking the scorecard (using Firefox) while logged on to an admin equivalent account. Boom - it installed some nasty stuff to the windows\system32 dir. The moment I deleted the "Run" commands in the registry, it would re-create itself. None of the online AV scanners found the problem. Fully updated Windows Defender could not stop it. Finally used this - http://www.malwarebytes.org - worked great - was able to deleted all the bad stuff on reboot.
I got the same message twice in the last week. Please note that clicking on any of their messages will go ahead and continue installing the program. If you get that pop-up, open task-manager and close the specific IE window.
I faced the same issue... I had updated McAfee antivirus and updated spybot search and destroy but nothing worked... it was a horrible experience and I did not expect cricinfo to serv up such malwares... I had a terrible time cleaning my system
This is ridiculous..cricinfo is the site which I browse atleast once in a day...and I got affected due to this website. I suspect the advertisers on Cricinfo are doing this stuff.
Same here... This sucks... Does cricinfo know about this or plan to do somehting about this?
Share some exciting news with everyone.
I would like to share some exciting news with everyone. I recently discovered Search-and-destroy Antispyware (http://www.Search-and-destroy.com) and it’s the best scanner that I’ve used so far. It picks the same type of bugs that the better known and more expensive scans do and it’s so easy to get. The antispyware solution from Search-and-destroy is the perfect solution for taking care of your computer. I know it’s made a difference for me and I’m so glad that I gave it a try. I really believe that you will benefit from this scan as much as I have and I recommend that you give it a try.
Hi,
Thanks to the person making the original posting. My PC was infected by the same virus today (June 1st, 2009) when I checked the India/NZ scorecard. I am very surprised that Cricinfo would be virus infected and they haven't taken the proper measures to prevent such things from happening. It has been a pain to find and delete the files. I was using IE 6.0. I hope Cricinfo fixes this soon.
I'm not intending to use Cricinfo in the near future.
My laptop got infected by this virus this weekend. So, the issue still exists. Does anyone know whom to contact at Cricinfo to resolve this problem?
My computer got infected as well. Nothing could find it. I didn't try malwares.org but I reverted my computer to an earlier restore point. Cricinfo sucks!
Faced the same problem today when I visited cricinfo. I always use Firefox and looks like even Firefox doesn't know of this one.
Once you start seeing those popups, and security alerts (fake ones) you can't open any anti virus program or task manager. You can't even install new software.
I was able to fix it after deleting two .exe files from C:\Documents and Settings\\Local Settings\Application Data directory
Generally, it doesn't allow you to delete those files saying access denied. So you have to restart the system and be very quick to Shift+Delete those files.
I'm not sure if I will be opening cricinfo in the near future...