Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Gort Klaatu Barada Nikto spyware/virus/malware


  • Please log in to reply

#1
Gort-Killer

Gort-Killer

    New Member

  • Member
  • Pip
  • 4 posts
Hi All,

I am using Win XP, AVG 2013 free edition
I have something strange new phenomenon occurring here, which I suspect is related to my primary problem

First off,windows task bar shows an unknown task as gort! klaatu barada nikto!. On it, there is a Firefox logo, and the words; "about:memory - Mozilla Firefox" "Porn" etc

The words on this button intermittently changes to different strange websites.

When I checked the Windows Task Manager - it listed "about:memory - Mozilla Firefox" as a running application. When I right clicked on this application, a drop down menu appeared. One of the options was "Go to Process". When I clicked this option it took me to the Processes window in the Task Manager, and highlighted "dwm.exe"

I went back to the Applications tab in the Windows Task Manager and right clicked on the "about:memory - Mozilla Firefox" running application and killed hte process but with no luck. It sneaks back in each time. its looks like harmless but each time I try to type anything in a window, I loose focus and it is irritating to gain the focus back for each word.

I tried re-booting the computer to see if the task bar button appeared again. It did. When I maximized the button, I briefly saw a window that was titled; "Welcome Humans". When this window was open, the name on the task bar button was; “Gort! Klaatu barada nikto!”

Here is the website that I found when I did a web search for this name. This webpage shows the same window that I saw, titled; “Welcome Humans”

http://mozillalinks....u-barada-nikto/

I don't know if this specific site has significance, but I wonder if a "Mozilla Links" application may be implicated?

___________________________________________

- Then, a few mins later, the “about:memory” button/application kept changing to the names of different porn sites (unknown to me), but now Firefox web pages also opened – with a new tab opening each time the tab name/application changed.

Could I have opened the door to these connections being able to open Firefox web pages when I maximized the “about:memory” button, or the “Download” button, using the Windows Task Manager?

As I typed this post, I noticed that additional (usually porn) websites were opening with other names. My AVG antivirus free edition did not identify the problem nor restricted this to run on the system.

Here are a few other things I noticed:

- After I would “End Task” in the applications window of the Windows Task manager (to get rid of the button, and close the website), the first spontaneous re-appearance of the application (with a corresponding opening web page)was usually the about:memory button.

- If the button/application changes and other actual web pages begin to open, it is usually either the Gortu page, or, a porn page that is not animal sex porn (and that AVG does not block), but if I do not “end task” for the application

- One of the names of the porn sites in the Applications window of Windows Task manager is “Yes Porn - Mozilla Firefox”

- Sometimes the task bar button name & web pages change quite quickly. Other times, the about:memory button stays the same for significant periods. Sometimes, a porn site name appears, and then the button name changes back to “about:memory - Mozilla Firefox”, all by itself. I have no idea what dictates the frequency or order of the changes.

- Seemingly related, my entire screen now “blinks” quite periodically.

- When I clear all my TEMP files and shutdown the wireless for few minutes and kill the process of the malware, It will not return back for some while until it finds some files in the TEMP folder and re appears.

This mechanism could seemingly explain the background connection mechanism to the Internet, but what is directing my computer to make these connections? And how or why are these particular websites (non-malicious, and malicious and not blocked by AVG) being selected for connection?

And, what next?

Thank-you again.

Gort-Killer

Attached Files


  • 0

Advertisements


#2
Gort-Killer

Gort-Killer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I have tried other locally available spyware tools like 'SuperAntiSpyware' but it was all temporary fixes, and what I have understood was cleaning up TEMP folder, switching of wireless and killing the task from task list cleared the virus for temporary period, but comes back the moment I have any files in my temp folder.

Al so used security task manager to see if there are any possible harmful issues with current task, which was pulled from another forums.

Is there any permanent solution? Please provide me guidelines or known fixes to kill this issue for all.

regards,
Gort-Killer
  • 0

#3
Gort-Killer

Gort-Killer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Still struggling to counter this issue! Anyone there?
  • 0

#4
Gort-Killer

Gort-Killer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Any one having same issue?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP