Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

unknown malware [RESOLVED]


  • This topic is locked This topic is locked

#31
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Can you delete
C:\WINDOWS\system32\ams491.dat

If it goes without a struggle then it isn't doing anything.

Let me know and tell me if you still had the problems since you deleted ntfsnlpa.exe

Regards,
  • 0

Advertisements


#32
phantomas

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I deleted the ams491.dat file without any problem. I haven't had any problems since deleting ntfsnlpa.exe. I have't been redirected and my favorites don't contain those URLs anymore. I'm wondering if this is gonna last for a long time...
  • 0

#33
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Me too. I'll keep this thread open.
Let me know if you notice any changes.

All I could get ntfsnlpa.exe to do was to create that balloon.wav file (which you can delete as well, by the way)

Regards,
  • 0

#34
phantomas

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I've just been redirected to an online pharmacy to buy viagra! :tazz:
  • 0

#35
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Redirected? From where to where?

Please be as specific as possible, since that may narrow down the search considerably.

Regards,
  • 0

#36
phantomas

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I get redirected from any site to online pharmacy or to online poker rooms. Last time i was redirected from geekstogo.com to a pills shop. This happens after surfing 5-6 web pages.
  • 0

#37
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Can you give me the exact URL where you are taken to?

Also let me know if that is the 5th or 6th window you open or if you visit them in the same window.

Regards,
  • 0

#38
phantomas

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I started IE and after visiting 2 web sites i was redirected to http://onlinepokerroomweb.com/search.php?q=absolute%20poker
  • 0

#39
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
That looks like a typical CWS affiliate

Can you surf to:
http://virusscan.jotti.org/

And have this file scanned:
C:\WINDOWS\system32\wininet.dll

Let me know the results.

Regards,
  • 0

#40
phantomas

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
The online malware scan didn't find anything. A short while ago ewido cleaned 3 spyware that have been reinstalling on my computer since this redirecting problem appeared. They are x.exe, rdsndin.exe and cisvvc.exe. The balloon.wav file was created again! :tazz:
  • 0

Advertisements


#41
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Aha. :tazz:

Can you download this customized version of HijackThis:
http://www.geekstogo...=download&id=50

and follow the instructions here to post a both.log
http://home.planet.n...on.html#BOTHLOG

Regards,
  • 0

#42
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Sorry :tazz:

Wrong thread.

Edited by Metallica, 23 June 2005 - 08:13 AM.

  • 0

#43
phantomas

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Do I have to download the things listed above or not? :tazz:
  • 0

#44
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Ah yes.

The instructions for the both.log were meant for you. I just posted another one after that, that wasn't meant for you. :tazz:

Regards,
  • 0

#45
phantomas

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Here's a new url i've been redirected too a short time ago: http://greenviagra.c...y cialis online
So, what exactly do i have to do?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP