Announcement

Collapse
No announcement yet.

Viral problems....again

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Viral problems....again

    Hey guys.

    My wife's machine seems to be having some problems. Her clicks on web addresses from a Yahoo search seem to go to places she does not want them to. This may or may not be related to an infection.

    Also, Avira seems to have its update connection blocked. I keep hitting update and I keep getting a 403 (or is it 405?) error (cannot connect).

    I ran Hijack and it SEEMED OK (although there was a lot of crap on there), and I ran Housecall on Safe mode (although there were a lot of "cannot write anything" kind of errors when it was finished last night).

    I am running MalwareBytes on it now (and it has found 5 infections, but there is no way to see what they are until it is finished, and I had to get to work).

    Any other suggestions? She seems to be getting a lot of crap just by surfing around. Could there be something that isn't detected opening a doorway for easy infection?

  • #2
    Avira - HOSTS file for Windows was probably hijacked. This will show up in a HijackThis log/scan.

    The search redirection is an infection.

    Stick with Malware Bytes for now it will kill malware, rootkits, redirectors, etc. and ... if you've got that, that's not all she has, I bet you of that! Probably has a Vundo variant to boot.

    Let it fix everything.

    Reboot and dump your System Restore points (turn off SR/apply, turn on SR/apply).

    Complete/Full scan again.

    If more crap pops up, fix, reboot, and run Malware Bytes in SAFE mode.

    If problem STILL persists, consider getting a copy of Rootkit Revealer. Run it. You *WILL* have a few keys pop up as "hidden", but ... If you take a screencap, I can help.

    Meanwhile, as if you're too stupid to make a mistake like this ... DISCONNECT the computer from the internet.

    HTH
    Where's my redeemer? INCOMING! I'M HIT! I'MA COMIN' BACK!
    Originally posted by Ranshackle
    I like Hasselhoff's ass better.

    Comment


    • #3
      Ah, me is too stoopid.

      I connected it to run in safe mode w/internet and connect to Trend Micro Housecall.

      I also did it to get MalB. I think I have the rootkit revealer, but it not I will look for it on another machine (I know I have it on my main machine because Antivir thought it was a virus).

      I do not doubt that Vundo came up. I have no idea how she gets this, she is not a complete dummy, but every machine she touches gets it! I will have to see how you can get it (she surfs more).

      Thanks for the help!

      BTW, is there an easy way to save a screencap in safe mode? And what prefix am I looking for in the HOSTS file? Also, would it be a good or bad idea to roll back the machine to a restore point WAY back when or does the rootkit/Vundo or other just infect the existing restore points? (or does it stay resident during restore and just re-install itself?)

      TIA!

      Comment


      • #4
        Some of the new variants of Vundo turn off the Network DDE service and other oassociated services which are required to start Clipbook, which is basically what lets you have the clipboard ready to take screenshots. So depending on what you're infected with, you may not be able to do anything to take screenshots.

        HOSTS: Look for a file of the same name in C:\windows\system32\drivers\etc\

        The only entry in there should be 127.0.0.1 on a stock system. Anything else is 99%+ of the time totally bogus.

        Do not bother with Housecall. It's outdated. Scan with SuperAntiSpyware and MalwareBytes ("full scan"), preferrably in SAFE mode.

        After you can run a successful scan with nothing coming up, run RootkitRevealer. Expect to see 3-5 entries by default. Some keys are hidden in the registry by a clean system.

        After that is good, download and install CrapCleaner (aka CCleaner, www.ccleaner.com ) and run it to clean out all of the temp files generated.

        Next, turn OFF system restore to kill the bad files that are now saved in your restore points. Then turn it back ON again.



        DO NOT plug USB devices into it. Many malware entities are wisening up, and infecting USB sticks because some versions of Windows (XP being a big one) will autorun a USB stick when you insert it - we're reliving the floppy-virus days in the USB era.

        FYI, with most new infections, there is a 90% or greater chance that you CANNOT use system restore. Most "aware" malware will either corrupt, disable, or nuke old restore points, or just kill system restore from running. They caught on to that little trick really quick. Most of the new stuff runs a "monitor" process in the background that will automatically undo changes you make to registry keys to kill it, re-generate files you delete with new random names, it will automatically reverse the "unhide system files" setting, and even go so far as to download new software when you kill a part of the infection (which is why it's imperative to unplug from the internet at all costs when trying to clean, and why Housecall is SUCH a BAD option!)

        They're getting damned smart - to the point that prevention is the best cure.

        Hell, this new WinAntivirus2009 crap almost got me the other day. It got one of my neighbors too. It's a real ass-kicker!
        Where's my redeemer? INCOMING! I'M HIT! I'MA COMIN' BACK!
        Originally posted by Ranshackle
        I like Hasselhoff's ass better.

        Comment


        • #5
          Is there win-antivir/ anti-malware?

          I had it pop up twice looking very official with a yellow shield in system tray. Looked like a windows update to me.

          Comment


          • #6
            Hijack This:

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 8:31:13 PM, on 5/29/2009
            Platform: Windows XP SP3 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Avira\AntiVir Desktop\sched.exe
            C:\Program Files\Avira\AntiVir Desktop\avguard.exe
            C:\WINDOWS\system32\CTsvcCDA.EXE
            C:\Program Files\Java\jre6\bin\jqs.exe
            C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Viewpoint\Common\ViewpointService.exe
            C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
            C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
            C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
            C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
            C:\WINDOWS\system32\hkcmd.exe
            C:\WINDOWS\system32\igfxsrvc.exe
            C:\WINDOWS\system32\igfxpers.exe
            C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
            C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M 1.EXE
            C:\Program Files\Java\jre6\bin\jusched.exe
            C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
            C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
            C:\Program Files\Digital Line Detect\DLG.exe
            C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
            R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
            R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
            O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
            O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
            O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
            O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
            O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
            O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
            O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
            O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
            O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
            O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
            O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
            O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
            O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
            O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
            O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
            O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
            O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
            O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
            O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
            O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
            O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M 1.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
            O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
            O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
            O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
            O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
            O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
            O4 - Global Startup: Digital Line Detect.lnk = ?
            O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
            O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
            O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
            O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
            O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
            O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
            O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
            O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
            O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
            O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
            O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
            O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
            O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
            O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} -
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134958401128
            O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
            O18 - Filter hijack: text/html - {1c189b71-4833-4008-a3f7-114fa93f66f5} - C:\WINDOWS\system32\mst122.dll
            O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
            O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
            O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
            O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
            O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
            O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
            O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
            O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
            O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

            --
            End of file - 12081 bytes

            Comment


            • #7
              O18 - Filter hijack: text/html - {1c189b71-4833-4008-a3f7-114fa93f66f5} - C:\WINDOWS\system32\mst122.dll

              That line is bad ^^

              Fix it in HJT, then use HJT's add'l tools ("misc tools" section) to "delete on reboot" (paste the file path into the "Open" box and have it delete on reboot.)
              Where's my redeemer? INCOMING! I'M HIT! I'MA COMIN' BACK!
              Originally posted by Ranshackle
              I like Hasselhoff's ass better.

              Comment


              • #8
                Thanks, a lot of other things seem to have gone away now. Avira can update, and some mismatched data that Rootkit found on some files is not there anymore.

                I am deleting and running what you said, as you have said it.

                Comment


                • #9
                  Again - when all is complete...turn off/on system restore (applying between on/of settings) to flush out all that nasty stuff.
                  Where's my redeemer? INCOMING! I'M HIT! I'MA COMIN' BACK!
                  Originally posted by Ranshackle
                  I like Hasselhoff's ass better.

                  Comment


                  • #10
                    Originally posted by Ninjahedge View Post
                    She seems to be getting a lot of crap just by surfing around. Could there be something that isn't detected opening a doorway for easy infection?
                    For a while I was following a few stories like Natalie Hollaway and the Jennifer/Angelina saga. I wanted to read anything I could find! Links would lead me to "news" sites and I almost completely destroyed one of my computers at work! Viruses like you wouldn't believe!!! It took our IT guy several days to get rid of all of them! (good thing he has a great sense of humor... bet he's still laughing about it now... hahahaha ) If your wife is following any current stories like that, she may be running into the same type of stuff.
                    Ha-Ha! Made Ya Read!

                    Comment


                    • #11
                      How Do You Guys Get That Stuff--I Surf Stupid And Look For That Stuff.
                      I'm Moderately Capable Of Fixing This Stuff-actually inviting this type of behaveour.
                      Now That I Have Asked For It -Bring It On

                      Comment


                      • #12
                        I'll tell you a quick way to get infected.

                        go to Pirate Bay with no protection on.

                        Sit on any given page for 10 minutes. If not infected, I am surprised. Repeat the process at least 5-6 times (refresh and wait) and you should have several infestations on your computer. For whatever reason, the adverts and banners almost all have some kind of malicious script (or the site itself) which attempts several different kinds of exploits to infect you.

                        Usually AntiVir will pick them up, but, for example, there was a new variant of WinAntiSpy2009 or WinAntivirus2009 (nasty bastard) that Antivir didn't have yet (I upped it to them, it's in the latest definitions now) and that joker infected me. Fortunately, not even a week before, one of my neighbors got popped by a similar variant (PersonalAntiVirus 2009), so I knew 100% how to remove it and quickly.
                        Where's my redeemer? INCOMING! I'M HIT! I'MA COMIN' BACK!
                        Originally posted by Ranshackle
                        I like Hasselhoff's ass better.

                        Comment


                        • #13
                          Does smitrem still work best for that? or is there a better safer way?
                          I'm back, just like a bad penny

                          Comment


                          • #14
                            TPB explains a bit. I never trusted that site...


                            You think Ad-Blockers would work?

                            Comment


                            • #15
                              Originally posted by shifty View Post
                              I'll tell you a quick way to get infected.

                              go to Pirate Bay with no protection on.

                              Sit on any given page for 10 minutes. If not infected, I am surprised. Repeat the process at least 5-6 times (refresh and wait) and you should have several infestations on your computer. For whatever reason, the adverts and banners almost all have some kind of malicious script (or the site itself) which attempts several different kinds of exploits to infect you.

                              Usually AntiVir will pick them up, but, for example, there was a new variant of WinAntiSpy2009 or WinAntivirus2009 (nasty bastard) that Antivir didn't have yet (I upped it to them, it's in the latest definitions now) and that joker infected me. Fortunately, not even a week before, one of my neighbors got popped by a similar variant (PersonalAntiVirus 2009), so I knew 100% how to remove it and quickly.
                              Turn off all your protection and goto facebook and goto the game they have called special forces. A friend got his computer infected and that is where he got it from. I join to play the game with him and webroot spysweeper and Avira was going nutz. I emailed the game makers and facebook that the ad banners are infected, including that AntiVirus Pro2009 biatch!
                              "Irony is asking the government to fix the problems it caused!"

                              "The lesser of two evils is still evil!"

                              Obama: Affirmative action at its best!

                              Comment

                              Working...
                              X