• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New "Kill Hazard" Virus/Trojan Redirect

Kreij

Senior Monkey Moderator
Joined
Feb 6, 2007
Messages
13,817 (2.21/day)
Location
Cheeseland (Wisconsin, USA)
I just experienced a new redirect-style virus/trojan. It displays as a "popup" malicious code warning. It gives one the impression that it is a notice from IE (except for the bad grammar).
Doing a Ctrl-Alt-Del and killing the entire IE application stopped it. Seems to happen on Firefox too from internet comments.
People state that trying to use conventional methods to remove popup (X button, etc.) starts a fake virus scan (I can't verify as I whacked it immediately).

The popup displays the text ...
Warning! On your computer detected the malicious code. Should immediately make sure that your system is safe!
Killing Hazard (R) for Microsoft Windows XP immediately started to work

Currently running Malwarebytes (full scan) with latest updates ... Nothing so far.

Note : This popped up when I tried to access a dictionary site.

Just a heads-up.
 
Last edited:
Joined
Jan 27, 2010
Messages
4,158 (0.80/day)
Location
USA
System Name ASUS ROG Zephrus M15
Processor AMD Rhyzen 7 4800HS
Memory 16GB
Video Card(s) Geforce RTX 2060
Storage 1TB
I just spent 2 days getting rid of the red cross antivirus (which is fake)
came through as a microsoft security essentials found some stuff and then asked you to download your choice of programs to get rid of it.

on the parents computer of course ... but it was a nasty M.F.! for sure

had to run MBAM, combofix, kaspersky AV, spybot, then delete all the files from system32
 
Joined
Apr 16, 2010
Messages
3,455 (0.68/day)
Location
Portugal
System Name LenovoⓇ ThinkPad™ T430
Processor IntelⓇ Core™ i5-3210M processor (2 cores, 2.50GHz, 3MB cache), Intel Turbo Boost™ 2.0 (3.10GHz), HT™
Motherboard Lenovo 2344 (Mobile Intel QM77 Express Chipset)
Cooling Single-pipe heatsink + Delta fan
Memory 2x 8GB KingstonⓇ HyperX™ Impact 2133MHz DDR3L SO-DIMM
Video Card(s) Intel HD Graphics™ 4000 (GPU clk: 1100MHz, vRAM clk: 1066MHz)
Storage SamsungⓇ 860 EVO mSATA (250GB) + 850 EVO (500GB) SATA
Display(s) 14.0" (355mm) HD (1366x768) color, anti-glare, LED backlight, 200 nits, 16:9 aspect ratio, 300:1 co
Case ThinkPad Roll Cage (one-piece magnesium frame)
Audio Device(s) HD Audio, RealtekⓇ ALC3202 codec, DolbyⓇ Advanced Audio™ v2 / stereo speakers, 1W x 2
Power Supply ThinkPad 65W AC Adapter + ThinkPad Battery 70++ (9-cell)
Mouse TrackPointⓇ pointing device + UltraNav™, wide touchpad below keyboard + ThinkLight™
Keyboard 6-row, 84-key, ThinkVantage button, spill-resistant, multimedia Fn keys, LED backlight (PT Layout)
Software MicrosoftⓇ WindowsⓇ 10 x86-64 (22H2)
Yeah that's becoming a concern for me too. I've already found some of these new types of malware. Killing the app immediately seems to solve the issue (well, at least until you try to access the site again). I've also scanned the entire pc with multiple scanners (NOD32, HiJackThis, Malwarebytes, to name a few). Nothing pops up.

A month ago I read something about this on Ars Techinca. Seems there really is a new breed of intelligent malware that can be a threat for the less internet knowledgeable person.

EDIT:
Read 'em here:
Link 1 (Some Info. and some images).
Link 2 (ZoneAlarm using the issue to it's benefit).
 
Joined
May 21, 2008
Messages
4,113 (0.71/day)
Location
Iowa, USA
System Name THE CUBE 2.0
Processor Intel i5 13600k
Motherboard MSI MPG Z690 EDGE DDR4
Cooling Phanteks PH-TC14PE BK 2x T30-120 Fan mod mount
Memory G.Skill TridentZ 3200 MT/s C15 32GB 2x16GB
Video Card(s) Gigabyte Aorus 1080 Ti 11GB OC: Core 2GHz, Mem 5.7GHz
Storage WD SN770 250GB / 3x WD SN850X 2TB / Toshiba X300 4TB / 2x RAID1 Toshiba P300 3TB
Display(s) Samsung 49" Odyssey OLED G95SC 240Hz 5120 x 1440
Case "THE CUBE" Custom built, pure Red Alder wood
Audio Device(s) Beyerdynamic DT 880
Power Supply Corsair RM1000X
Mouse Logitech G700
Keyboard Logitech G910
Software Windows 11 Pro
will have to watch out for this on the home computer.
 
Joined
Oct 2, 2004
Messages
13,791 (1.94/day)
There are 2 parts of all fake scanners. A fake web interface which just displays fake scan results and once you click REMOVE Threats, it will usually offer the actual EXE file. So if you haven't gone past the web fake scanner part it's very unlikely that you're even infected. Some are more stubborn and you have to kill browser via Task Manager... but other than that it shouldn't cause any further problems.
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
17,866 (3.00/day)
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K @ 4GHz
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (2 x 8GB Corsair Vengeance Black DDR3 PC3-12800 C9 1600MHz)
Video Card(s) MSI RTX 2080 SUPER Gaming X Trio
Storage Samsung 850 Pro 256GB | WD Black 4TB | WD Blue 6TB
Display(s) ASUS ROG Strix XG27UQR (4K, 144Hz, G-SYNC compatible) | Asus MG28UQ (4K, 60Hz, FreeSync compatible)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair AX1600i
Mouse Microsoft Intellimouse Pro - Black Shadow
Keyboard Yes
Software Windows 10 Pro 64-bit
Thanks Kreij. One can never be too careful with these things.
 
Top