Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Persistant Malware

Started by Ahzagothis , Nov 28 2005 03:52 AM

  • Please log in to reply

#1
Ahzagothis
Posted 28 November 2005 - 03:52 AM

Ahzagothis

    New Member

  • Member
  • Pip
  • 1 posts
I'm not sure if this is a virus, spyware, or what but i've tried carpet bombing this in a large number of ways:

I've tried ad-aware, winpatrol, spysubtract (which came with my PC), and norton. I have even tried manually hunting for files I -know- are suspcious and terminating them on sight. This this is still cropping up and at this point I'm not sure what more I can do.

The manner of infection I know. I was on AIM one day and I got a message from my friend with a statement similiar to "Is this you in this picture?" and it had some site like
Edited to remove link to malicious files. Please do NOT post links here that could unwittingly infect our other users.

Sadly. We were talking about pictures just the other day, unfortunatly I didn't notice the .com So now this thing is on my PC. I know it seems to activate when I get an ISP connection, because in my C:/ DIR it pops up files:


eula.htm
contextplus.exe
drsmartload1.exe
install.bat
installer.exe
m1t.exe (the first one it loads)
stub_113_4_0_4_0.exe
thanks.exe

There's also one other with a big name that I can't recall atm (the others I took a picture of).

This thing also seems bound and determine to hijack firefox as well. It has created a duplicate shortcut (named: Firefox (2)) which completely lacks all my bookmarks. It uses that to spam me with completely unwanted spam.

I apologize profusely if I have missed anything on the forums related to this that I could have tried. I am not the most perceptive person and everything I saw here I thought I could use to help myself (and even some things that weren't that I thought might). But I'm not sure what to do at all about this. I also have hijack-this (I have been here once before for a smitfraud problem and had it removed by following instructions here), but that's abit more than I can comprehend with my comparativly limited computer knowledge =/

If anyone can help me at all It would be greatly, greatly appreciated. Thank you a bundle and then some.


EDIT: A note on the most recent bugger. It appears to make pop ups that do not require a browser, nor are nessecarily in the 'traditional' box shape. I'm not sure if it's related but it's obviously spam

EDIT: Apologies for that scare >.>; That was not the offical link. I stated "Something like" because I don't even remember. The important part of that message was that it was a link to a file called Pictures_17.com It also does something with a socks8.exe too

Edited by Ahzagothis, 28 November 2005 - 06:24 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP