• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New "Kill Hazard" Virus/Trojan Redirect

Kreij

Senior Monkey Moderator
Joined
Feb 6, 2007
Messages
13,817 (3.46/day)
Likes
5,524
Location
Cheeseland (Wisconsin, USA)
#1
I just experienced a new redirect-style virus/trojan. It displays as a "popup" malicious code warning. It gives one the impression that it is a notice from IE (except for the bad grammar).
Doing a Ctrl-Alt-Del and killing the entire IE application stopped it. Seems to happen on Firefox too from internet comments.
People state that trying to use conventional methods to remove popup (X button, etc.) starts a fake virus scan (I can't verify as I whacked it immediately).

The popup displays the text ...
Warning! On your computer detected the malicious code. Should immediately make sure that your system is safe!
Killing Hazard (R) for Microsoft Windows XP immediately started to work
Currently running Malwarebytes (full scan) with latest updates ... Nothing so far.

Note : This popped up when I tried to access a dictionary site.

Just a heads-up.
 
Last edited:
Joined
Jan 27, 2010
Messages
4,034 (1.39/day)
Likes
1,258
Location
USA
Processor I7 920 @ 4.1
Motherboard ASUS Rampage III Extreme
Cooling Custom water cooling
Memory 3x2GB Mushkin
Video Card(s) 580
Storage 320GB
Display(s) BenQ V2400W
Case Custom
Audio Device(s) on board
Power Supply Antec TPQ 1200w
#2
I just spent 2 days getting rid of the red cross antivirus (which is fake)
came through as a microsoft security essentials found some stuff and then asked you to download your choice of programs to get rid of it.

on the parents computer of course ... but it was a nasty M.F.! for sure

had to run MBAM, combofix, kaspersky AV, spybot, then delete all the files from system32
 
Joined
Apr 16, 2010
Messages
2,945 (1.04/day)
Likes
934
Location
Portugal
System Name _JP_'s Daily Driver
Processor AMD Ryzen 7 1700
Motherboard MSI X370 Gaming Plus
Cooling Noctua NH-C12P SE14 + NM-AM4 + NF-P14r
Memory 2x 8GB G.Skill Trident Z (F4-3200C16D-16GTZB)(Hynix)
Video Card(s) MSI AMD Radeon R9 280X Gaming
Storage HyperX Savage 240GB + KC300 240GB + 750EVO 500GB
Display(s) LG Flatron W2361V 23'' FHD
Case NOX Blaze
Audio Device(s) ASUS Xonar DX
Power Supply Corsair TX650M
Mouse Microsoft Comfort Mouse 4500
Keyboard Logitech Media Keyboard (PS/2)
Software Windows 10 x86-64 (1703)
#3
Yeah that's becoming a concern for me too. I've already found some of these new types of malware. Killing the app immediately seems to solve the issue (well, at least until you try to access the site again). I've also scanned the entire pc with multiple scanners (NOD32, HiJackThis, Malwarebytes, to name a few). Nothing pops up.

A month ago I read something about this on Ars Techinca. Seems there really is a new breed of intelligent malware that can be a threat for the less internet knowledgeable person.

EDIT:
Read 'em here:
Link 1 (Some Info. and some images).
Link 2 (ZoneAlarm using the issue to it's benefit).
 
Joined
May 21, 2008
Messages
4,090 (1.16/day)
Likes
766
Location
Iowa, USA
System Name FUTURE CUBE!
Processor intel Core i5 6600k
Motherboard Gigabyte Z170X-Gaming 7
Cooling Phanteks PH-TC14PE BK
Memory G.Skill TridentZ 3000 Mhz C15 32GB 2x16GB
Video Card(s) Gigabyte Aorus 1080 Ti
Storage 2x M.2 Samsung Evo 250GB/500GB / WD Blue 500GB / 2x RAID1 Toshiba P300 3TB
Display(s) Samsung C24FG70 1080p 144hz Quantum Dot/ASUS VH226H 1080p 21.5"
Case "THE CUBE" Custom built, pure Red Alder wood
Audio Device(s) Creative Sound Core3D/ Logitech Z-2300 200 watts/ Beyerdynamic DT 880
Power Supply Seasonic X Gold 650W
Mouse Logitech G700
Keyboard Logitech G910
Software Windows 10 Pro
#4
will have to watch out for this on the home computer.
 
Joined
Oct 2, 2004
Messages
12,574 (2.59/day)
Likes
5,976
Location
Europe\Slovenia
System Name Dark Silence 2
Processor Intel Core i7 5820K @ 4.5 GHz (1.15V)
Motherboard MSI X99A Gaming 7
Cooling Cooler Master Nepton 120XL
Memory 32 GB DDR4 Kingston HyperX Fury 2400 MHz @ 2666 MHz
Video Card(s) AORUS GeForce GTX 1080Ti 11GB (1950/11000 OC Mode)
Storage Samsung 850 Pro 2TB SSD (3D V-NAND)
Display(s) ASUS VG248QE 144Hz 1ms (DisplayPort)
Case Corsair Carbide 330R Titanium
Audio Device(s) Creative Sound BlasterX AE-5 + Altec Lansing MX5021 (HiFi capacitors and OPAMP upgrade)
Power Supply BeQuiet! Dark Power Pro 11 750W
Mouse Logitech G502 Proteus Spectrum
Keyboard Cherry Stream XT Black
Software Windows 10 Pro 64-bit (Fall Creators Update)
#5
There are 2 parts of all fake scanners. A fake web interface which just displays fake scan results and once you click REMOVE Threats, it will usually offer the actual EXE file. So if you haven't gone past the web fake scanner part it's very unlikely that you're even infected. Some are more stubborn and you have to kill browser via Task Manager... but other than that it shouldn't cause any further problems.
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
14,655 (3.97/day)
Likes
8,224
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#6
Thanks Kreij. One can never be too careful with these things.