Argh virus adware spyware trojan thing!

[Juice1]

This really sucks.

So I go to the come up board to post up a stolen bike thread. While i'm there, I see this thing that is titled "most disgusting shit ever" So I say, how bad can it be? I go in, and I see 2girls1cup as the first link. I know what that is... eh but I saw other unfamiliar links. So I go to the second one out of curiosity, and see one of a guy chopping his own dick off. OK ew, I close it. Go to the next one, a nun is eating shit out of a preist's asshole. Go to the next one... it leads me to about 5 other sites, and eventually, I see what looks like a youtube video. I click it, and get the message at the top for activeX. I download it... then I say uh why doesnt it work, and just close it.

So when I start going to other webpages... I see a message box that says "You have been infected with Trojan32.exe. It is dangerous and can delete system files! Click OK to download the antivirus program." So i'm like, yeah right, i'm not stupid. So I go to google, look up ad aware, and see "Error: Your browser has been hijacked. Your google page may have different results, results was changed by porn site." Incorrect grammar, I know. But that's the way they typed it Then the search result under it was a porn site. I go to the adawareusa link at the top, brings me to some IP URL that claims to be scanning my system. It pops up with a blue window (where as mine is black) and i'm like, i'm not that stupid, it doesn't even look like a popup. Sure enough, it's just embedded into the webpage. Close the whole tab.

I finally got to adaware download. Now it's scanning...

But I don't know why the guy posted that vid up, he wasn't a new member like a spammer either.

 

[blackjack]

Well you have only yourself to blame for having your browser hijacked, you should no better than to start sniffing around those adult sites, they are rife with viruses and malaware, block those sites in future, as for now, try running spybot and delete all your cookies just in case they have some hidden files there, run your AV and even try Microsoft's malicious removal tool aswell or run HYJACKTHIS.

 

[Thrasher]

yeah Ad-Aware is pretty good, let me know how many suspicious results you find, just out of curiosity. You really gotta be careful with those sites though, I never fell for it, especially where you click on a video which takes you to another page which insists you have to download something and I'm not sure how to explain it:

Basically when you hit cancel or no, within half a second it'd ask you again so if you wanted to keep your browser open, I would get the no option to be highlighted so I when I pressed enter I clicked the close option on the tab quick enough.

Something that I really love also is Peer Guardian 2 - scans incoming IP addresses and filters out all the suspicious ones.

 

[Juice1]

Yeah it's not gone...

Logfile of HijackThis v1.99.1
Scan saved at 8:27:04 AM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\PROGRA~1\Grisoft\AVG7\avgcc.exe
I:\WINDOWS\system32\Rundll32.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
I:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
I:\Program Files\Messenger\msmsgs.exe
I:\WINDOWS\system32\devldr32.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
I:\Program Files\AIM6\aolsoftware.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
I:\WINDOWS\system32\CTsvcCDA.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Viewpoint\Common\ViewpointService.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
I:\Program Files\AIM6\aim6.exe
I:\Program Files\Common Files\AOL\Loader\aolload.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE plugin - {6F6D1C90-7BEE-4A15-8DAB-9C37A643FD3A} - I:\WINDOWS\pmspl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - I:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AVG7_CC] I:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] I:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] I:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "I:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "I:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "I:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\RunOnce: [RunCanonMsetUp] I:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\MasterReboot\CANON_IJ\MCDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - I:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - I:\Program Files\Viewpoint\Common\ViewpointService.exe

 

[blackjack]

yeah Ad-Aware is pretty good, let me know how many suspicious results you find, just out of curiosity. You really gotta be careful with those sites though, I never fell for it, especially where you click on a video which takes you to another page which insists you have to download something and I'm not sure how to explain it:

Basically when you hit cancel or no, within half a second it'd ask you again so if you wanted to keep your browser open, I would get the no option to be highlighted so I when I pressed enter I clicked the close option on the tab quick enough.

Something that I really love also is Peer Guardian 2 - scans incoming IP addresses and filters out all the suspicious ones.

Peer Guardian gets my thumbs up aswell I use it all the time and its free.

 

[Juice1]

HiJackThis? Please read... it's not gone yet adaware found nada, AVG found jack sh*t.

 

[Thrasher]

yeah it's interesting how many things that comes up while browsing usual websites, I wanted to try it out on the famous goggle.net but I think they shut that website down a while ago, not sure. If you haven't heard of it, if you made a typo and entered 'www.goggle.com' into your navigation bar, it'd redirect to .net and you get drowned in popups and nasty viruses.

Edit: Sorry that was off topic, reply to BlackJack.

 

[Juice1]

Anything in hijackthis to be cleaned please?

 

[Lowndsey]

I click it, and get the message at the top for activeX. I download it........................................


Click OK to download the antivirus program." So i'm like, yeah right, i'm not stupid.

LOL bit of a contradiction there don't ya reckon?


HT log looks fine.

 

[Juice1]

I can't get rid of it, tried every scanner on my computer