Go Back   Computer Forums > Welcome To Computer Forums .org > Social Lounge | Off Topic
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 12-15-2007, 07:50 AM   #1
Fully Optimized
 
Juice's Avatar
 
Join Date: Apr 2007
Posts: 2,946
Send a message via AIM to Juice Send a message via MSN to Juice
Default Argh virus adware spyware trojan thing!

This really sucks.

So I go to the come up board to post up a stolen bike thread. While i'm there, I see this thing that is titled "most disgusting shit ever" So I say, how bad can it be? I go in, and I see 2girls1cup as the first link. I know what that is... eh but I saw other unfamiliar links. So I go to the second one out of curiosity, and see one of a guy chopping his own dick off. OK ew, I close it. Go to the next one, a nun is eating shit out of a preist's asshole. Go to the next one... it leads me to about 5 other sites, and eventually, I see what looks like a youtube video. I click it, and get the message at the top for activeX. I download it... then I say uh why doesnt it work, and just close it.

So when I start going to other webpages... I see a message box that says "You have been infected with Trojan32.exe. It is dangerous and can delete system files! Click OK to download the antivirus program." So i'm like, yeah right, i'm not stupid. So I go to google, look up ad aware, and see "Error: Your browser has been hijacked. Your google page may have different results, results was changed by porn site." Incorrect grammar, I know. But that's the way they typed it Then the search result under it was a porn site. I go to the adawareusa link at the top, brings me to some IP URL that claims to be scanning my system. It pops up with a blue window (where as mine is black) and i'm like, i'm not that stupid, it doesn't even look like a popup. Sure enough, it's just embedded into the webpage. Close the whole tab.

I finally got to adaware download. Now it's scanning...

But I don't know why the guy posted that vid up, he wasn't a new member like a spammer either.
__________________

__________________
Juice
P4 2.4GHz, 1.5Gb, 40Gb.
PowerBook G4 867MHz, 1Gb, 60Gb.
Juice is offline   Reply With Quote
Old 12-15-2007, 08:18 AM   #2
Fully Optimized
 
blackjack's Avatar
 
Join Date: Mar 2007
Posts: 2,945
Send a message via MSN to blackjack
Default Re: Argh virus adware spyware trojan thing!

Well you have only yourself to blame for having your browser hijacked, you should no better than to start sniffing around those adult sites, they are rife with viruses and malaware, block those sites in future, as for now, try running spybot and delete all your cookies just in case they have some hidden files there, run your AV and even try Microsoft's malicious removal tool aswell or run HYJACKTHIS.
__________________

__________________
Compaq Presario CQ5305K-m Intel® Pentium® Dual Core E5300 (2.6 GHz), Windows® 7 Home Premium 64 bit, 2048 MB , Hard drive: 320 Gb, with 18.5 Widescreen
SPURS TILL I DIE (DIAMONDS ARE FOREVER SO ARE SPURS)
TO DARE IS TO DO
blackjack is offline   Reply With Quote
Old 12-15-2007, 08:20 AM   #3
Daemon Poster
 
Join Date: Aug 2007
Posts: 878
Default Re: Argh virus adware spyware trojan thing!

yeah Ad-Aware is pretty good, let me know how many suspicious results you find, just out of curiosity. You really gotta be careful with those sites though, I never fell for it, especially where you click on a video which takes you to another page which insists you have to download something and I'm not sure how to explain it:

Basically when you hit cancel or no, within half a second it'd ask you again so if you wanted to keep your browser open, I would get the no option to be highlighted so I when I pressed enter I clicked the close option on the tab quick enough.

Something that I really love also is Peer Guardian 2 - scans incoming IP addresses and filters out all the suspicious ones.
Thrasher is offline   Reply With Quote
Old 12-15-2007, 08:27 AM   #4
Fully Optimized
 
Juice's Avatar
 
Join Date: Apr 2007
Posts: 2,946
Send a message via AIM to Juice Send a message via MSN to Juice
Default Re: Argh virus adware spyware trojan thing!

Yeah it's not gone...

Logfile of HijackThis v1.99.1
Scan saved at 8:27:04 AM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\PROGRA~1\Grisoft\AVG7\avgcc.exe
I:\WINDOWS\system32\Rundll32.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
I:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
I:\Program Files\Messenger\msmsgs.exe
I:\WINDOWS\system32\devldr32.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
I:\Program Files\AIM6\aolsoftware.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
I:\WINDOWS\system32\CTsvcCDA.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Viewpoint\Common\ViewpointService.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
I:\Program Files\AIM6\aim6.exe
I:\Program Files\Common Files\AOL\Loader\aolload.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE plugin - {6F6D1C90-7BEE-4A15-8DAB-9C37A643FD3A} - I:\WINDOWS\pmspl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - I:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AVG7_CC] I:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] I:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] I:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "I:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "I:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "I:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\RunOnce: [RunCanonMsetUp] I:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\MasterReboot\CA NON_IJ\MCDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - I:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - I:\Program Files\Viewpoint\Common\ViewpointService.exe
__________________
Juice
P4 2.4GHz, 1.5Gb, 40Gb.
PowerBook G4 867MHz, 1Gb, 60Gb.
Juice is offline   Reply With Quote
Old 12-15-2007, 08:27 AM   #5
Fully Optimized
 
blackjack's Avatar
 
Join Date: Mar 2007
Posts: 2,945
Send a message via MSN to blackjack
Default Re: Argh virus adware spyware trojan thing!

Quote:
Originally Posted by thrashshredder View Post
yeah Ad-Aware is pretty good, let me know how many suspicious results you find, just out of curiosity. You really gotta be careful with those sites though, I never fell for it, especially where you click on a video which takes you to another page which insists you have to download something and I'm not sure how to explain it:

Basically when you hit cancel or no, within half a second it'd ask you again so if you wanted to keep your browser open, I would get the no option to be highlighted so I when I pressed enter I clicked the close option on the tab quick enough.

Something that I really love also is Peer Guardian 2 - scans incoming IP addresses and filters out all the suspicious ones.
Peer Guardian gets my thumbs up aswell I use it all the time and its free.
__________________
Compaq Presario CQ5305K-m Intel® Pentium® Dual Core E5300 (2.6 GHz), Windows® 7 Home Premium 64 bit, 2048 MB , Hard drive: 320 Gb, with 18.5 Widescreen
SPURS TILL I DIE (DIAMONDS ARE FOREVER SO ARE SPURS)
TO DARE IS TO DO
blackjack is offline   Reply With Quote
Old 12-15-2007, 08:33 AM   #6
Fully Optimized
 
Juice's Avatar
 
Join Date: Apr 2007
Posts: 2,946
Send a message via AIM to Juice Send a message via MSN to Juice
Default Re: Argh virus adware spyware trojan thing!

HiJackThis? Please read... it's not gone yet adaware found nada, AVG found jack sh*t.
__________________
Juice
P4 2.4GHz, 1.5Gb, 40Gb.
PowerBook G4 867MHz, 1Gb, 60Gb.
Juice is offline   Reply With Quote
Old 12-15-2007, 08:34 AM   #7
Daemon Poster
 
Join Date: Aug 2007
Posts: 878
Default Re: Argh virus adware spyware trojan thing!

yeah it's interesting how many things that comes up while browsing usual websites, I wanted to try it out on the famous goggle.net but I think they shut that website down a while ago, not sure. If you haven't heard of it, if you made a typo and entered 'www.goggle.com' into your navigation bar, it'd redirect to .net and you get drowned in popups and nasty viruses.

Edit: Sorry that was off topic, reply to BlackJack.
Thrasher is offline   Reply With Quote
Old 12-15-2007, 08:36 AM   #8
Fully Optimized
 
Juice's Avatar
 
Join Date: Apr 2007
Posts: 2,946
Send a message via AIM to Juice Send a message via MSN to Juice
Default Re: Argh virus adware spyware trojan thing!

Anything in hijackthis to be cleaned please?
__________________
Juice
P4 2.4GHz, 1.5Gb, 40Gb.
PowerBook G4 867MHz, 1Gb, 60Gb.
Juice is offline   Reply With Quote
Old 12-15-2007, 09:11 AM   #9
Site Team
 
Lowndsey's Avatar
 
Join Date: Sep 2007
Posts: 3,607
Default Re: Argh virus adware spyware trojan thing!

Quote:
Originally Posted by Juice View Post
I click it, and get the message at the top for activeX. I download it........................................


Click OK to download the antivirus program." So i'm like, yeah right, i'm not stupid.
LOL bit of a contradiction there don't ya reckon?


HT log looks fine.
__________________
JogaBonito1502: I guess Microsoft is really not to blame. Sorry!

KMATB
Lowndsey is offline   Reply With Quote
Old 12-15-2007, 11:13 AM   #10
Fully Optimized
 
Juice's Avatar
 
Join Date: Apr 2007
Posts: 2,946
Send a message via AIM to Juice Send a message via MSN to Juice
Default Re: Argh virus adware spyware trojan thing!

I can't get rid of it, tried every scanner on my computer
__________________

__________________
Juice
P4 2.4GHz, 1.5Gb, 40Gb.
PowerBook G4 867MHz, 1Gb, 60Gb.
Juice is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 02:23 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0