# 3rd virus attack at Photo Bucket - BEWARE!



## deltadude (Jan 23, 2010)

I have already posted that I picked up a virus/trojan at Photobucket.  It is not Photobucket, it is the pull through ads running in the columns.  Those ads cycle so you may have not been attacked yet, but if the malicious ad is there when you arrive, your PC will be attacked.

I will be looking for another photo storage site until photobucket gets rid of their problem.  I have already emailed them.

I use three programs for protection:
Router - router fire wall, and Windows Fire Wall are active, in addition 3 programs:

Avast the free version, there may be better AV out there but for the price Avast has done a great job for years protecting my system.

Superantispyware, this program is hard to beat, it has been tested in the most infested area "China" and no other program competes.. Detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, etc.  This one I purchased, if you are infected and Superantispyware isn't fixing the problem you can run the diagnostic and their staff will try to solve your problem.. Not bad for a cheap price.  SASW is what keeps catching th photobucket bugs.  This is not false positives, because Winpatrol caught it too.

Winpatrol, this little freeware program is awesome, it catches things trying to join the Windows Startup, registery, and browser add-ons.  Here is an example with the Photobucket trojan.  Winpatrol caught the bug trying to add to Startup,  it gives me a pop-up asking if I want to accept this or not.  NO of course, but I can see what the name of the file or program is, and I write it down and quickly check google for info.


----------



## garyt (Jan 23, 2010)

I have never had a problem, and I am sure they run some pretty high quality, high buck security there, too much to loose, reputation is at stake and a lot of money at risk. I would suspect the problem is elsewhere. And to say it happened 3 times tells me it is something in your computer calling home.


----------



## garyt (Jan 23, 2010)

Do you have Malwarebytes.org, if not get it and run it. It is also free.


----------



## ronp (Jan 23, 2010)

I had a prob awhile ago and couldn't get rid of MyWebsearch and ran a few of the above programs with no luck. Finally got Ad-aware http://lavasoft.com/ and it caught it on the first try.

Oh, for 24 dollars a year you can get rid of the ads on Photobucket just register your account.


----------



## alx (Jan 23, 2010)

I got a virus today on photobucket myself....My security nabbed it....I believe this problem crashed my registry last week....

It trys to make you purchase a security upgrade from microsoft if you give them your credit card....Phony offer.....I believe that one started with an unathorized update for adobe.....

I know of 2 other sites having big time problems at moment as well...


----------



## dirt guy (Jan 23, 2010)

I had the same experience.  It started with an Adobe Update as well.  I don't believe mine came from Photobucket, though.


----------



## alx (Jan 23, 2010)

I am pretty certain that this mornings was from photobucket as i was using the site when the security system caught it.....I am not huge into the computer thing,but i think adobe flash player is what runs alot of those annoying pop-ups on photobucket....My couple pennies....not real sure though....


----------



## meateater (Jan 23, 2010)

Ive been running Norton Pro for almost 10 years with no successful attacks. Best money Ive spent.


----------



## meat hunter (Jan 23, 2010)

I've been runnng a mac for the last 15 years. What are these viruses you guys keep talking about.


----------



## jon foster (Jan 24, 2010)

Mac's have a considerably less risk level to virus issues and other malicious attacks. Virus attacks on Linux are basically zero.

But I love everyone that uses Microsoft products. If Windows wasn't such a bad product in general with all the bad things out there that target it, I wouldn't have a stable income.

Jon.


----------



## ddave (Jan 24, 2010)

Kind of like Mac and Linux share of the market. 
	

	
	
		
		



		
		
	


	





If there were more Mac and Linux machines out there, they would be more attractive targets and the black hats would spend time looking for ways to exploit them as well.

Dave


----------



## alx (Jan 24, 2010)

Good point.....
Mayberry sounds good...


----------



## jon foster (Jan 24, 2010)

True enough. The wide spread use of Mac's will cause more attacks for sure. The same could be true for Linux as well. Except systems like Linux and Unix have been in use for many years by the most serious of companies and businesses around the world because they are much more secure and stable by design. They are also far superior in dependability, efficiency and performance. Look at any mission critical system and you'll be looking at a system that doesn't use Microsoft products.

I'm not saying Mac's or Linux/Unix systems are perfect. Nothing is perfect, but they are at least trying to advance security, safety, performance and plain old customer satisfaction on a regular basis.

Jon.


----------



## alx (Jan 24, 2010)

Well said and very much true......


----------



## deltadude (Jan 24, 2010)

I try to give a heads up to our SMF community and someone who didn't ask a single question, makes an announcement that the problem is my PC!

TWO others just posted they had the same problem!

My son picked up a similar virus from another site, it happens to be another social/community service site like Photobucket, and has been mentioned with photobucket as not the source but where the user picked up the virus.

I never said Photobucket was the source,
It might not be ads, it could be something else, still trying to find out.

If anyone has a similar problem feel free to PM me, I will be happy to share anything I learned.  I will tell you that my anti-virus-malware software could only clean a part of this.    

When you get that message you will know you are infected, and you, probably can't open Task Manager, you may not be able to access your virus software, and possibly lose you entire desktop.


----------



## thunderdome (Jan 24, 2010)

I run AVG free, and keep up with database updates.

Also, Malwarebyte as well (about once a quarter).

If the virus blocks your ability to run your avg, norton, or mcafee, then try ComboFix


----------



## alx (Jan 24, 2010)

Thanks for the info man...This is hitting certain places hard ....definetly not the time for certain folks to be opening links and the trap e-mails/links are hitting some well established forums etc..very hard right now...


----------



## flash (Jan 24, 2010)

No issues on my PC. I've never seen ads on Photobucket.


----------



## mballi3011 (Jan 24, 2010)

I have been running Norton for years now and really haven't had a problem except from our kids and the facebook and myspace sites. I have gotten viruses from them sites a couple of times. Now my photobucket has been acting weird lately or maybe not but it has deleted all of my old pictures or this site.


----------



## deltadude (Jan 24, 2010)

This articles gives a good general overview of how browsing results in Drive-by virus attacks even at the biggest sites.

You will read how some out of date apps that run through your browser make your PC a target.


----------



## yount (Jan 24, 2010)

just got attacked on photobucket my virus prog picked it up


----------



## the dude abides (Jan 24, 2010)

That's why I don't use Photobucket, too many ads.  I use Shutterfly.


----------



## moltenone (Jan 24, 2010)

you could try preclick for your photos.



Mark


----------



## richoso1 (Jan 24, 2010)

I've suspended my use of photonucket and I'll use some other image host.


----------



## rdknb (Jan 24, 2010)

Makes note not to go to photobucket for a bit.  I need to look at that shutterfly one.  Thanks on the virus heads up


----------



## old poi dog (Jan 24, 2010)

Hi Dude,

Thanks for the heads up on this one. I've been following this thread for the past 2 days. I'll check out Shutterfly as well. I hope they have clear posting instructions..


----------



## jon foster (Jan 24, 2010)

Man, the punch card days... Not to sound mean or anything, but we would pull a punch card out of the center of a stack and slide it back into the stack several cards later... The victims never learned either...

Jon.


----------



## alx (Jan 24, 2010)

Man that is cruel....


----------



## forluvofsmoke (Jan 24, 2010)

i was uploading on pb last weekend when a Flashplayer popup nabbed my ie browser. Quite the ordeal. I don't trust ms now. Using firefox n avg now. Eric


----------



## flash (Jan 24, 2010)

What ads on Photobucket???


----------



## alx (Jan 24, 2010)

Eric,that is the exact thing that happened to me...


----------



## alx (Jan 24, 2010)

I get these annoying pop-ups that i think when i closed it the virus was loaded.....not sure,but the problem i had came thru as a unauthorized adobe flash update...I nailed it with spy-bot,but recently upgraded my security....


----------



## rivet (Jan 24, 2010)

Great security stuff there Gary, use it all the time. Thanks for posting it.


----------



## deltadude (Jan 25, 2010)

ALX, when you get those popups, *DO NOT*, close them with either the "close" or the exit X in upper left.  Open Task Manager and close your browser, which will close the popup.  This is very annoying, but if the popup is malicious and you click anything in that popup you are triggering whatever it wants you to do.  If you are still getting the popups after you have left the site where you think they originated you have picked up a virus/trojan/ something malicious.  Close everything down and run you spy & anti virus stuff.

In my initial post I cover what I use for AV, and general Malware.  Please note the first two times I was hit while on Photobucket, my AV setup did what anyone would want, first try all 3 "Avast, Superantispyware, and Winpatrol" all notified me of a problem and I did a quick google on the listed virus, then rebooted to "safe mode" ran Superantispyware, and all the problems appeared solved.  2nd attack while on Photobucket, Avast didn't warn me, Superantispyware and Winpatrol, notified me of the attack.  I again rebooted to Safe Mode ran Superantispyware, and while it appeared that the problem was solved, it wasn't. This time only 2 of the 4 virus files were deleted and 2 still remained.  I still had problems.  This was frustrating because I paid for Superantispyware and it wasn't doing the job.  So I downloaded Malwarebytes installed and ran it.  7 viruses were identified, and deleted, my system was mostly clean, all remaining issues appear solved.

In the article I link above, today viruses can block your AV apps, making it impossible to clean out the malicious files.  I think this is what happened with Superantispyware, it was blocked from deleting the other files.  Since Malwarebytes wasn't on my system when the Virus attack occurred thus Malwarebytes wasn't blocked.  So after Malwarebytes successful cleaning, I then deleted Malwarebytes completely off my C: Drive but have a copy of the Malwarebytes setup file on another drive ready for install if I am attacked again.

BTW, there are viruses out there that won't even let you run any AV and can detect if you try to install an new AV then block that AV.  After 20 years of playing with PCs I have only once had to reformat my hard drive and reinstall windows to overcome a serious attack.  You should know there are situations where reformat and reinstall windows is unavoidable.


----------



## pepeskitty (Jan 25, 2010)

Like mentioned before here AVG has a free program that will catch most things out there.  You might want to download it and it will certainly help with what you are running now.


----------



## deltadude (Jan 25, 2010)

List of potential alternative Image Hosting sites, instead of using Photobucket.

Imageshack from what I can find is Photobucket's main competition...
Bayimg 
 - Offers free, uncensored image hosting with an emphasis on free speech. As long as stored images are legal under Swedish law, they won't be removed.
BiggerBids 
 - Offers unlimited image hosting designed for online auction sellers. Includes advanced features including bulk upload, watermarking and auction layout integration.
EzPixs 
 - Provides internet users with a free and simple way to upload pictures that can be shared on popular sites.
Firesnaps 
 - Online digital photo management, image hosting and photo printing service.
Hellameke 
 - Image hosting service targeted at New Zealand users.
Host My Pic Online 
 - Very simple-to-use site for people to upload their images quickly.
Hostwave 
 - Image hosting for your online auctions and personal images.
Image Uploads 
 - Free image hosting for auctions, personal or business use. Premium hosting also available.
Image Viper 
 - Free image, picture and photo hosting. Host images and photos are free. Premium hosting packages are available for users who need extra features or more hosting space.
ImageCabin 
 - Image and video host with optional user registration for file management and personal albums. Registered users also get more space.
ImageFly 
 - Free image hosting service which proposes to pay image uploaders for each view of their images. Bonuses for referring other contributors are offered as well. No file size or transfer limits are specified.
ImageHosting.com 
 - Free image hosting for online photo gallery creation and photo sharing.
ImagesFly.com 
 - Free image hosting service by ImagesFly.com, also includes a watermarking tool to protect copyright of your images.No registration required.
ImageShack 
 - Free image upload hosting solution.
ImageVenue hosting 
 - Free image hosting for your pictures
Large Image Host 
 - Easy free image host for uploading images files without registration. Features include 1.5mb file upload limit, automatic thumb and code generation.
MiamiHost.net 
 - Offers free image hosting.
Munkypix 
 - Free image hosting to share your images with your friends / family and the community.
Negimaki 
 - Provides photoblog hosting using Gallery and WordPress.
Olaolaonline.net 
 - Free image hosting service. Registration not required. Upload limit of 1 MB for jpg, gif and png images. Public gallery, comment insertion available. Support forum. English and Italian version.
Picatom 
 - Allows a user to upload and share images. Users do not need to register.
Pic-Hoster 
 - Free image hosting for online auctions, power seller tools, listing management, image hosting, image sharing, photo albums, picture hosting service, photo sharing, and more.
PicHub 
 - Image upload for eBay, EzBoards, Forum boards, and sharing to your friends.
Picshome 
 - Free image hosting with a 2MB file size limit and 1GB transfer limit per file. Offers the ability to watermark uploaded images. Registration is optional.
PicsHosted 
 - Host and share images. Free photo management, archived lists, and album slideshows.
Pic-Spot.com 
 - Image host with no registration, fast upload times and easy linking methods.
PicTiger 
 - Free image and flash hosting with various resizing, cropping, filtering and layout options. 1MB file size limit, no transfer limit specified.
Picturebay.net 
 - Free image hosting for use on most online services. Registration is not required but enables more advanced options and larger file size.
Pikki 
 - Pikki is a free image hosting service that provides a quick and easy way to host image galleries and share pictures with your friends.
PostImage 
 - Free image hosting service for phpBB and vBulletin forum owners. Offers a 'mod' which, once installed, allows users to upload images to the service from the forum posting page. Service can not currently be used directly.
PushPic 
 - Paid logo and product image hosting for merchants who use 3rd party payment processors. Images are served via HTTPS preventing the appearance of mixed security status warnings during the checkout process.
PutPix 
 - Free image, picture and photo hosting.
Shutterfly 
 - Free & unlimited image, picture and photo hosting.
SigShare.com 
 - Provides image hosting for sharing e-signatures, renders and digital art.
Supload 
 - Free image, video and audio hosting with 1600x3200 image dimension limit. Upload images from a computer, mobile phone or a website with a free Firefox extension. Registration is optional and no transfer limit is specified.
UP2.IT 
 - Free journals/weblog and picture hosting including SMS and e-mail submission. Free (with ads) or pay as you go for images.
Upload and GO! 
 - Provides free hosting for images, no registration required and hotlinking is allowed.
Weblog Images 
 - Picture hosting for weblog and journal users.
WeImage 
 - Free image and video hosting / sharing service.
xs.to 
 - Provides free hosting for images. No registration required, hotlinking is allowed. Listing and delete features available.
YourUpload.com 
 - Simple and easy image hosting solution with optional password protection of files.
Yoxio.com 
 - Free galleries available. Users who signup with a premium subscription option can raise limits from 10 MB to 50 MB of disk space.


----------



## deltadude (Jan 25, 2010)

I just signed up for Imageshack and uploaded then posted some images here at SMF.  

Image shack up load is SLOW compared to photobucket.


----------



## meat hunter (Jan 25, 2010)

Good work there Deltadude. I had no idea there we so many options for this. Does this qualify for "sticky" status? It would be great to have this for our many new members signing up as well as some of the old timers who may not know about other alternatives? Just an idea.







for taking time to round all them up for us.


----------



## erain (Jan 25, 2010)

i kept on using PB as i have had no probs with it. the viruses are out there and it is the protection you supply your pc with which makes the difference. use trend AV and spysweeper and never had a prob... i have checked out other image sharing sites and of yet not found one that will compete with the bulk uploader on Photobucket. i staying there, if i quit posting well maybe i got a virus, if not dont blame the site, ck protection first. on purpose i stayed logged on to PB as much as possible since i read this thread. absolutly no probs, just great uploading.


----------



## rickw (Jan 25, 2010)

I can appreciate others having problems with PB but I will admit, I've never had a pop up on that site. I run Avast and ZoneAlarm and can't say I've had a problem.

I just had to fix my sons girlfriends PC due to it being infected so I know it's a total pita. 

I hope y'all get things straightened up with out to much hassle.


----------



## deltadude (Jan 25, 2010)

I am NOT trying to persuade anyone to NOT using Photobucket!  This is NOT a joke there are several posts in this thread that clearly indicates there is a problem at Photobucket.  Just because you have not been hit does not indicate your AV is working for you.  The attacks are not persistent, they are random, there is more than one way for these attacks to occur and it is some kind of pull through technology that I don't understand.

If you haven't had a problem with Photobucket, then you don't need to do anything, and that is great.  As I said I have contacted Photobucket and received a courtesy response, which doesn't address the problem except they are looking into the problem.

If Google is threatening to pull out of China because of all the hacking that is happening targeting Google's system, and they feel they're too vulnerable to continue, you better start realizing that ANY SITE is vulnerable and thus you are vulnerable, it is not a question of IF you are going to be hit by a serious malicious virus/trojan/rootkit it is simply a matter of WHEN.  WHEN it happens your trusted AV software most likely has failed, and you will have to find new tools to deal with the problem.


----------



## jon foster (Jan 25, 2010)

PBase, Zenfolio and Flickr are probably the best options for picture hosting. They are the most proactive in protecting your intellectual property rights (Copyright). Some sites like Photobucket will even sell your pictures/images to make a profit. The key to remember is, generally, nothing is free.

Jon.


----------



## deltadude (Jan 27, 2010)

I have received 3 emails from Photobucket.  They are not ignoring the problem, but haven't been able to locate the source.

If anyone is attacked please try and pay close attention of where you were at and what was on that page.

thanks


----------



## the dude abides (Jan 27, 2010)

I figured it out.  And I'm not too bright.  
	

	
	
		
		



		
			






You missed Shutterfly.  They're a pretty decent sized company.  The worse thing I get from them is an email once a week reminding me of how I can order free prints.  I've never ordered anything in my 5 or so years of using them.  I suppose it's their way of trying to make money.  No money=no more company.  But they're the only ones I've ever used, so I'm not knocking any of the other options.

Which brings up an interesting point.  You want to make sure you're either backing up your photos to a disc or someplace else.  I'm just guessing there are several of these little photo hosting sites that will not make it in the long run.  If this is the only place you have your photos stored, they'll be gone forever if they shut down.


----------



## deltadude (Jan 27, 2010)

I added edited the list to include Shutterfly, thanks for the input.


----------



## allen (Jan 27, 2010)

I went to open Photobucket this Morning and waaalaaa trojan virus, I can't access my E-Mail acct. now,I'll try something different later


----------



## deltadude (Feb 19, 2010)

70,500 hits on Google for photobucket +infected with virus

Confirmation by Photobucket...  
Photobucket has been really discreet about making any information public regarding the thousands of PB users being attacked on Photobucket from mid Jan 2010, until about a week ago.  I have tried to stay current on this because many SMF users (including me) regularly use PB. I found tweets reporting the same virus issues, and one girl claiming she was in contact with PB via tweet and that PB acknowledge the problem.  I asked for some kind of confirmation and she hasn't responded, but says PB thinks they have solved the Virus problem as of 4 days ago.

I did find the following quote from a PB support email response.  You will have to scroll down to the comments section to see the email.
http://www.cafemom.com/journals/read...tobucket_virus

In reading through the replys to this thread, there are some who think the problem isn't PB but those of us who have been attacked, that our Anti Virus is sub par or theirs is superior.  ONE MORE TIME, the PB attacks were NOT persistent, they were random!  Reading dozens of post on these attacks reveals that almost every major Anti Virus software was installed and NONE protected the PB user.  So if your a PB regular, and haven't been attacked, you haven't randomly been hit PERIOD!  If you are hit, you would be getting AV warnings from your AV software.  To the best of my knowledge the only program effective in clean-up has been Malwarebytes.  However clean-up is not prevention.   

We can only hope that Photobucket was successful in their attempt to weed out the problems.



Below are just a few links to other forums complaining about the same PB virus attacks.

http://forums.ebay.com/db2/topic/Clo...s-38/510184619

http://www.google.com/url?sa=t&sourc...J71_tAEX9ZDZLA

http://www.trapperman.com/forum/ubbt...ml#Post1815760

http://www.poi-factory.com/node/27579


http://forums.ubi.com/eve/forums/a/t...038#7881083038


http://www.fredmiranda.com/forum/topic/860412/0#8052376

http://mypcclinic.com/forums/printthread.php?t=28579


----------



## sweet chops bbq (Feb 22, 2010)

Im a PC.LOL


----------



## chisoxjim (Feb 22, 2010)

I hadnt had an issue until this AM on Photobucket,  after I downloaded a pic here,  I got a message that my computer was infected, and some non windows, or norton program tried installing itself on my pc.  I quickly shut down the pc, and have run the Norton quick scan(turned up nothing bad), and the Malware scan(turned up nothing).  I am now doing a full system scan.

I logged back onto Photobucket, and didnt have any issues linking pics.


----------



## forluvofsmoke (Feb 22, 2010)

Sounds like you did the right thing by shutting down. Good thing to know, in case it happens again, or to anyone else.

I got slammed 5 weeks ago, and spent the entire day formatting/restoring. I was able to copy my personal folders to CD's, so didn't suffer that loss, but none of the programs could be used, as this bug was operating in the background and blocked any commands, including task manager.

I've been back on PB many times since then, and haven't had problems. I think it is a random thing, as Deltadude mentioned...you either get hit, or you don't, and very few (if any) of the security measures can stop it.

But, if this just happened now, they obviously have not corrected the security issue.

I just hope we don't loose PB as a host...I really like the speed and features a lot. Re-posting the old q-view pics to threads would be a monumental task, as well. Keep your fingers crossed.

Eric


----------



## chisoxjim (Feb 22, 2010)

luckily all scans came up clean(I did the Norton twice, and the Malware 2x as well.

I like Photobucket, and hope they can figure this isue out.  I used o use Flickr but didnt like their monthly download limits.


----------

