Re-appearing links

Hi all,

I've got a heavy (security) problem on my WinXP machine and hope
to get information here about where to start looking for solutions.

I found several links/shortcuts to a specific porn site in my start menu,
my favorites list, and also on my desktop although I neither placed them
there nor did I ever visit this site. I keep on deleting all of the links
but
after a random time span they keep appearing again. Needless to say
that this is absolutely annoying and more importantly very frightening.

I scanned my whole computer with the norton anti-virus scanner and
up-to-date virus definition files but couldn't find anything. I also checked
all processes in the task manager and all automatically started tasks and
services with msconfig but couldn't find anything suspicious.

Does anybody have an idea if this is some hidden process messing with
my system or possibly an attack from the internet (have DSL).

Any advice is appreciated
Suat

Soet

"Soet" <> wrote in news:bpp91p$rcg$:

> Hi all,
>
> I've got a heavy (security) problem on my WinXP machine and hope
> to get information here about where to start looking for
> solutions.
>
> I found several links/shortcuts to a specific porn site in my
> start menu, my favorites list, and also on my desktop although I
> neither placed them there nor did I ever visit this site. I keep
> on deleting all of the links but
> after a random time span they keep appearing again. Needless to
> say that this is absolutely annoying and more importantly very
> frightening.
>
> I scanned my whole computer with the norton anti-virus scanner and
> up-to-date virus definition files but couldn't find anything. I
> also checked all processes in the task manager and all
> automatically started tasks and services with msconfig but
> couldn't find anything suspicious.
>
> Does anybody have an idea if this is some hidden process messing
> with my system

Most likely.

> or possibly an attack from the internet (have DSL).

Probably not.

Download something like Spybot Search & Destroy or AdAware, update the
definitions for both, and scan for spyware. From there, you can avoid
re-infection by using a browser other than Internet Explorer, or if
you insist on using IE, then staying up-to-date on patches and
browsing with ActiveX off are highly recommended. Then, if you run
into a site which you consider trustworthy and which requires ActiveX,
you can add it to IE's trusted zone.

dkg_ctc

Soet Spilled my beer when they jumped on the table and proclaimed in
<bpp91p$rcg$>:

> Hi all,
>
> I've got a heavy (security) problem on my WinXP machine and hope
> to get information here about where to start looking for solutions.
>
> I found several links/shortcuts to a specific porn site in my start
> menu, my favorites list, and also on my desktop although I neither
> placed them there nor did I ever visit this site. I keep on deleting
> all of the links but
> after a random time span they keep appearing again. Needless to say
> that this is absolutely annoying and more importantly very
> frightening.
>
> I scanned my whole computer with the norton anti-virus scanner and
> up-to-date virus definition files but couldn't find anything. I also
> checked all processes in the task manager and all automatically
> started tasks and services with msconfig but couldn't find anything
> suspicious.
>
> Does anybody have an idea if this is some hidden process messing
> with my system or possibly an attack from the internet (have DSL).

In addition to DKG's advice, I would also scan the computer from an
online site such as trend micro's site/etc... (www.antivirus.com for
instance). One of last summer's viruses works similarly to this.

NOI

Thund3rstruck

On Sun, 23 Nov 2003 04:24:42 +0100, "Soet" <> wrote:

>Hi all,
>
>I've got a heavy (security) problem on my WinXP machine and hope
>to get information here about where to start looking for solutions.
>
>I found several links/shortcuts to a specific porn site in my start menu,
>my favorites list, and also on my desktop although I neither placed them
>there nor did I ever visit this site. I keep on deleting all of the links
>but
>after a random time span they keep appearing again. Needless to say
>that this is absolutely annoying and more importantly very frightening.
>
>I scanned my whole computer with the norton anti-virus scanner and
>up-to-date virus definition files but couldn't find anything. I also checked
>all processes in the task manager and all automatically started tasks and
>services with msconfig but couldn't find anything suspicious.
>
>Does anybody have an idea if this is some hidden process messing with
>my system or possibly an attack from the internet (have DSL).
>
>Any advice is appreciated
>Suat
>

Use www.pestscan.com

Online pestscanner. from pestpatrol

To Reply: madballs64 (at) gmx (dot) net

Fowl

"Soet" <> wrote in message news:bpp91p$rcg$...
> Hi all,
>
> I've got a heavy (security) problem on my WinXP machine and hope
> to get information here about where to start looking for solutions.
>
> I found several links/shortcuts to a specific porn site in my start menu,
> my favorites list, and also on my desktop although I neither placed them
> there nor did I ever visit this site. I keep on deleting all of the links
> but
> after a random time span they keep appearing again. Needless to say
> that this is absolutely annoying and more importantly very frightening.
>
> I scanned my whole computer with the norton anti-virus scanner and
> up-to-date virus definition files but couldn't find anything. I also
checked
> all processes in the task manager and all automatically started tasks and
> services with msconfig but couldn't find anything suspicious.
>
> Does anybody have an idea if this is some hidden process messing with
> my system or possibly an attack from the internet (have DSL).
>
> Any advice is appreciated
> Suat
>
>

Sounds like youve been going to gn0rty sites and got fooled by the "you have
to click yes to proceed" button.
Dont be ashamed, most people look at porn

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

Mimic

"Fowl" <> wrote in message
news:...
> On Sun, 23 Nov 2003 04:24:42 +0100, "Soet" <> wrote:
>
> >Hi all,
> >
> >I've got a heavy (security) problem on my WinXP machine and hope
> >to get information here about where to start looking for solutions.
> >
> >I found several links/shortcuts to a specific porn site in my start
menu,
> >my favorites list, and also on my desktop although I neither placed them
> >there nor did I ever visit this site. I keep on deleting all of the links
> >but
> >after a random time span they keep appearing again. Needless to say
> >that this is absolutely annoying and more importantly very frightening.
> >
> >I scanned my whole computer with the norton anti-virus scanner and
> >up-to-date virus definition files but couldn't find anything. I also
checked
> >all processes in the task manager and all automatically started tasks and
> >services with msconfig but couldn't find anything suspicious.
> >
> >Does anybody have an idea if this is some hidden process messing with
> >my system or possibly an attack from the internet (have DSL).
> >
> >Any advice is appreciated
> >Suat
> >
>
> Use www.pestscan.com
>
> Online pestscanner. from pestpatrol
>
> To Reply: madballs64 (at) gmx (dot) net

pestpatrol, its a joke, they list underground txt (and GUI) magazines as
"pests" and have removal sequences for them.

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

Mimic

Hi Mimic,

I am not ashamed of admitting that I visit sites with adult content.
I live in Germany and we are pretty open to such things.

However, I can assure you that I never visited that particular site
and I never admitted anything to be executed on my PC that came
from a webpage, since I am aware of the risks.

Yet, the advices of the other guys didn't help. This stupid links
keep re-appearing. Neither NAV, nor AdAware or Spybot
cleaned the problem. Maybe they are not aware of this particular
bug.

I have no chance to track down the root of this annoying problem.
I will most likely end up re-installing the system to get rid of it.

Regards

"Mimic" <> schrieb im Newsbeitrag
news:hcmdnbxhvI1tvVyiRVn-...
> "Soet" <> wrote in message
news:bpp91p$rcg$...
> > Hi all,
> >
> > I've got a heavy (security) problem on my WinXP machine and hope
> > to get information here about where to start looking for solutions.
> >
> > I found several links/shortcuts to a specific porn site in my start
menu,
> > my favorites list, and also on my desktop although I neither placed them
> > there nor did I ever visit this site. I keep on deleting all of the
links
> > but
> > after a random time span they keep appearing again. Needless to say
> > that this is absolutely annoying and more importantly very frightening.
> >
> > I scanned my whole computer with the norton anti-virus scanner and
> > up-to-date virus definition files but couldn't find anything. I also
> checked
> > all processes in the task manager and all automatically started tasks
and
> > services with msconfig but couldn't find anything suspicious.
> >
> > Does anybody have an idea if this is some hidden process messing with
> > my system or possibly an attack from the internet (have DSL).
> >
> > Any advice is appreciated
> > Suat
> >
> >
>
> Sounds like youve been going to gn0rty sites and got fooled by the "you
have
> to click yes to proceed" button.
> Dont be ashamed, most people look at porn
>
> --
> Mimic
>
> "Without Knowledge you have fear, With fear you create your own
nightmares."
> "There are 10 types of people in this world. Those that understand Binary,
> and those that dont."
> "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
> when you do, it blows away your whole leg"
>
>
>

Soet

The problem still remains. Links appear in my favorites folder, on my
desktop, and in my start menu and files are placed on my main drive,
even if I am not online.

I already had AdAware and Norton Anti-Virus installed with the
latest definition-files before I wrote my first posting. Now I have
also installed Spybot S&D. Here is what I already did.

- Checked system with NAV, AdAware and Spybot
- Installed latest IE patch and set security to "high"
- Activated WinXP firewall
- Checked for suspicious processes and services with taskmgr and msconfig

Maybe neither AdAware nor Spybot know this particular spyprg.
I fear that I will have to re-install the whole system or to burn down
the PC .

"dkg_ctc" <> schrieb im Newsbeitrag
news:Xns943BE10F6B501dkgctc@130.133.1.4...
> "Soet" <> wrote in news:bpp91p$rcg$:
>
> > Hi all,
> >
> > I've got a heavy (security) problem on my WinXP machine and hope
> > to get information here about where to start looking for
> > solutions.
> >
> > I found several links/shortcuts to a specific porn site in my
> > start menu, my favorites list, and also on my desktop although I
> > neither placed them there nor did I ever visit this site. I keep
> > on deleting all of the links but
> > after a random time span they keep appearing again. Needless to
> > say that this is absolutely annoying and more importantly very
> > frightening.
> >
> > I scanned my whole computer with the norton anti-virus scanner and
> > up-to-date virus definition files but couldn't find anything. I
> > also checked all processes in the task manager and all
> > automatically started tasks and services with msconfig but
> > couldn't find anything suspicious.
> >
> > Does anybody have an idea if this is some hidden process messing
> > with my system
>
> Most likely.
>
> > or possibly an attack from the internet (have DSL).
>
> Probably not.
>
> Download something like Spybot Search & Destroy or AdAware, update the
> definitions for both, and scan for spyware. From there, you can avoid
> re-infection by using a browser other than Internet Explorer, or if
> you insist on using IE, then staying up-to-date on patches and
> browsing with ActiveX off are highly recommended. Then, if you run
> into a site which you consider trustworthy and which requires ActiveX,
> you can add it to IE's trusted zone.

Soet

Soet Spilled my beer when they jumped on the table and proclaimed in
<bprkiv$muu$>:

> Hi Mimic,
>
> I am not ashamed of admitting that I visit sites with adult content.
> I live in Germany and we are pretty open to such things.
>
> However, I can assure you that I never visited that particular site
> and I never admitted anything to be executed on my PC that came
> from a webpage, since I am aware of the risks.
>
> Yet, the advices of the other guys didn't help. This stupid links
> keep re-appearing. Neither NAV, nor AdAware or Spybot
> cleaned the problem. Maybe they are not aware of this particular
> bug.
>
> I have no chance to track down the root of this annoying problem.
> I will most likely end up re-installing the system to get rid of it.

If it's the virus I am thinking of, (Lovesan?) it would have
disabled NAV, Macafee, etc. Try an online scanner, such as Trend
Micro,(www.antivirus.com) Symantec's site, (www.symantec.com) etc,
just to make 100% sure.

NOI

Thund3rstruck

"Thund3rstruck" <> wrote in message
news:3fc18542$0$22738$...
> Soet Spilled my beer when they jumped on the table and proclaimed in
> <bprkiv$muu$>:
>
> > Hi Mimic,
> >
> > I am not ashamed of admitting that I visit sites with adult content.
> > I live in Germany and we are pretty open to such things.
> >
> > However, I can assure you that I never visited that particular site
> > and I never admitted anything to be executed on my PC that came
> > from a webpage, since I am aware of the risks.
> >
> > Yet, the advices of the other guys didn't help. This stupid links
> > keep re-appearing. Neither NAV, nor AdAware or Spybot
> > cleaned the problem. Maybe they are not aware of this particular
> > bug.
> >
> > I have no chance to track down the root of this annoying problem.
> > I will most likely end up re-installing the system to get rid of it.
>
> If it's the virus I am thinking of, (Lovesan?) it would have
> disabled NAV, Macafee, etc. Try an online scanner, such as Trend
> Micro,(www.antivirus.com) Symantec's site, (www.symantec.com) etc,
> just to make 100% sure.
>
> NOI

It wont be lovesan (aka the Blaster worm)

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

Mimic