Youtube Question

Hello dragonstorm,

I have never heard of viruses being downloaded from YouTube (which is one of the best known video sharing services). So my best guess is that the virus you got came from somewhere else (maybe it attached itself to the YouTube scripts and it was downloaded to your computer. In other words, you might get the same virus from anywhere else because, actually, it doesn't come from the YouTube servers, but from another computer...maybe someone else in the same network as you).

Anyway, to answer your question: if BitDefender knows that virus, then yes, it will be caught either by the HTTP scanner (and it will be blocked before download), either by the realtime scanner (and it will be blocked in the browser's cache).

Cris.

Thank you for your quick reply and help. This is the only computer online in my house, the only network I could think would be the ISP I belong to, or maybe I didn't quite understand what you meant from same network. My second computer is not hooked up to this or the internet.

All omputers are connected to a ntework. The network is formed from all computers that are attached to the same router or server.

So, as you said, your network is (a part of) your ISP. Even if you don't have access to other computers from your network, it's still a network

One of the virus started a pop up, it was right after I looked at a music video on Youtube (I had put the computer in sleep mode and came back an hour later, went online and the popups began, I found out it was a virus and did a scan with Norton it came back fine. So I contacted Norton, I told them the sites I had visted that after noon, easy since it had only been a handful and I was the only one using it that day. Youtube was the last site I mentioned and they told me I probably got it from them because of it being an insecured site and any one could attach a virus to one of the videos. Considering I never really go there or use the site I believed them. Had them help me remove the virus manually. They said there was no way Norton could catch it because I had oked the download when I clicked on the video to watch, so Norton thought it was ok. " /> Thus why I no longer have Norton.

I have no idea why you got such a response.

First of all, an AV solution shouldn't ignore a threat, just because the user chose to download it. I don't know if this is the way Norton works, but if it is, it's an extremely high security hole.

Secondly... the movies on YouTube are streaming. The only way to download them as files, to your computer, is to use specialized applications designed to do this kind of job.

But when you simply enter the site and view a movie, that movie is only downloaded in a temp location, from where it is deleted once it was viewed. Also, it is played within a flash-based player (embedded in the web-page). Flash also offers protection against malare code execution, so if you have the latest Flash player installed, then you are safe.

Plus, as far as I know (but I cannot guarantee this), YouTube is monitored by some people. I don't think that infected movies stay on their servers more than a few hours.

So, bottom line: the chance that you got that virus from the YouTube servers is very slim (to none). As I said, you either got it from another page (it's very probable to get it from other pages), or one of the computers in your network was infected and was tranformed into a so-called zombie, which infects other computers from the network (so it intercepted the packets that were requested by your computer, modified them so they contain the virus code, then sent them to you...which means you got infected pages, even if the original location, the web-server, was clean).

Anyway, if you still know the movies that you watched on YouTube, or the pages that you visited, please let us know. We'll check them to see if there's anything wrong with them. For security resons, please don't post there the links. Instead, write them in a text file (with Notepad), and send me the TXT attached to a PM.

Cris.

Did you saw a message to download and install a so called video codec? That is also how you could get infected the so called codec (needed to view that video) is infact a downloader which download and install malicious software on your computer. If you install it that could be the reason why you got infected.

YouTube doesn't need any codecs. The movies are encoded in the FLV format, which is natively recognized by the Flash player.

If you were asked to download and install codecs, then that request was not sent by YouTube itself, but by a malware attached to YouTube's page (as I explained in my previous posts).

Another possible explanation is that you where redirecterd (means that youtube send you to another page).

Again, YouTube doesn't send another page, unless your request is modified. And your request can only be modified by other malware.

Cris.

P.S.: I just remembered one thing: one of my friends was using Norton a few months ago. She also got a malware that displayed popups (a malware from Zlob family, which is a downloader). Norton kept 100% quiet.

So my guess is that the Norton person just tried to cover-up the situation, and told you that the fault was YouTube's when, in fact, it was a lack of detection. I'm not saying that BitDefender offers 100% detection, because this is not true (100% detection is simply not possible). But putting the blame on something else, when the fault is clearly on NAV's side, is something that is much more worse than missing a virus (this is only my opinion).

Just some clarification I want to add:

The popup virus that you are talking about, is most probably one of the Zlob variants (also known as Smitfraud family). This malware is kinda harmless, unless you click one of the popups it displays.

New Zlob variants appear every day, and there are hundreds different variants of this malware. BitDefender Virus Analysts do the best they can to sign as many variants as possible, so BD offers as much protection as possible. But there's always a risk that you will encounter one of the new variants.

So, in case it happens again, this is what you have to do:

- do NOT click any popups. As a general advice, Windows does NOT show warnings about viruses, spyware, registry errors or things like these and, most importantly, it does NOT recommend 3rd party software to clean and optimize your PC. As long as you don't click these advertisments, the infection can be cleaned very easily

- The Zlob infection can be cleaned with a dedicated tool, called SmitFraudFix. It is ussualy kept up-to-date with the latest variants

- A manual cleaning can be done with HijackThis. Download this application, make a log with it, and post it on this forum, on the Malware section. Someone will look over it and tell you what to do.

Also, if you have any doubts about a file that is reported as being clean by BD, but you think that it might be malware, please don't hesitate to post about it, on the Malware section. The sample will be analyzed ASAP by one of BD Virus Analysts and you will get a 100% sure response about the situation (also, if necessary, detection will be added to prevent future re-infections).

But, hopefully, you won't need any of these advices from now on.

Cris.