A Hijacking Problem

Lately I have been plagued by ads for Windows Antispyware that kept
popping up all the damn time with it's message that my system may be
running slow because of a virus. Ha! The only "virus" is the damn ad. I
used an anti-spyware & adware program to get rid of all the tracking
cookies, and for a while those ads stopped popping up. Now my system is
being hijacked to:

http://brandsurveypanel.com/rd_p?p=1...emc_d31&a=3735

I would be in the middle of somthing, then my browser would jump to
that webpage. The anti-spyware program doesn't seem to stop this
problem at all. Can anyone tell me what's going on here and is there
some way to stop my browser from being hijacked to that page as well as
getting rid of that anti-virus ad for good? Thanks.

Ron

Ron

Ron wrote:
> Lately I have been plagued by ads for Windows Antispyware that kept
> popping up all the damn time with it's message that my system may be
> running slow because of a virus. Ha! The only "virus" is the damn ad.
> I used an anti-spyware & adware program to get rid of

Stupid idea. A compromised system cannot be simply "cleaned".

> all the tracking cookies

What? Sounds bullshitty.

> Can anyone tell me what's going on here

Your system is compromised.

> and is there some way to stop my browser from being hijacked to that
> page as well as getting rid of that anti-virus ad for good?

Now would you please flatten and rebuild?

Sebastian Gottschalk

On Fri, 23 Jun 2006 17:27:39 +0200, Sebastian Gottschalk wrote:

>
>> and is there some way to stop my browser from being hijacked to that
>> page as well as getting rid of that anti-virus ad for good?

Two options

1 Install Firefox

2 Format and install Linux

second option recommended

warty

From: "Ron" <>

| Lately I have been plagued by ads for Windows Antispyware that kept
| popping up all the damn time with it's message that my system may be
| running slow because of a virus. Ha! The only "virus" is the damn ad. I
| used an anti-spyware & adware program to get rid of all the tracking
| cookies, and for a while those ads stopped popping up. Now my system is
| being hijacked to:
|
| http://brandsurveypanel.com/rd_p?p=1...emc_d31&a=3735
|
| I would be in the middle of somthing, then my browser would jump to
| that webpage. The anti-spyware program doesn't seem to stop this
| problem at all. Can anyone tell me what's going on here and is there
| some way to stop my browser from being hijacked to that page as well as
| getting rid of that anti-virus ad for good? Thanks.
|
| Ron

What is the EXACT mesages inidicating in you are infected ?

What exactly is the anti malware application that you are suggested to use ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman

David H. Lipman wrote:
> From: "Ron" <>
>
> | Lately I have been plagued by ads for Windows Antispyware that kept
> | popping up all the damn time with it's message that my system may be
> | running slow because of a virus. Ha! The only "virus" is the damn ad. I
> | used an anti-spyware & adware program to get rid of all the tracking
> | cookies, and for a while those ads stopped popping up. Now my system is
> | being hijacked to:
> |
> | http://brandsurveypanel.com/rd_p?p=1...emc_d31&a=3735
> |
> | I would be in the middle of somthing, then my browser would jump to
> | that webpage. The anti-spyware program doesn't seem to stop this
> | problem at all. Can anyone tell me what's going on here and is there
> | some way to stop my browser from being hijacked to that page as well as
> | getting rid of that anti-virus ad for good? Thanks.
> |
> | Ron
>
> What is the EXACT mesages inidicating in you are infected ?
>
> What exactly is the anti malware application that you are suggested to use ?


Somewhat ironically it was the Win Anti-Virus program I think it was
called. I had used an anti-spyware program which claimed it had fixed
the problem, but that was always temporary. I then tried a new program
that was supposed to be freeware-- and it is as long as you don't ask
the program to do anything effective besides locating adware and
spyware. But once I found out there were a couple of hijacking java
scripts lurking around in my temporary Internet files, I deleted all of
those and numerous cookies, everything once again seems safe and
normal. But I'll have to wait and see if the problems are really gone
for good; sometimes it seems to be gone for a day or two, then it would
be back again

Ron




..

Ron

Ron wrote:

> David H. Lipman wrote:
>
>>From: "Ron" <>
>>
>>| Lately I have been plagued by ads for Windows Antispyware that kept
>>| popping up all the damn time with it's message that my system may be
>>| running slow because of a virus. Ha! The only "virus" is the damn ad. I
>>| used an anti-spyware & adware program to get rid of all the tracking
>>| cookies, and for a while those ads stopped popping up. Now my system is
>>| being hijacked to:
>>|
>>| http://brandsurveypanel.com/rd_p?p=1...emc_d31&a=3735
>>|
>>| I would be in the middle of somthing, then my browser would jump to
>>| that webpage. The anti-spyware program doesn't seem to stop this
>>| problem at all. Can anyone tell me what's going on here and is there
>>| some way to stop my browser from being hijacked to that page as well as
>>| getting rid of that anti-virus ad for good? Thanks.
>>|
>>| Ron
>>
>>What is the EXACT mesages inidicating in you are infected ?
>>
>>What exactly is the anti malware application that you are suggested to use ?
>
>
>
> Somewhat ironically it was the Win Anti-Virus program I think it was
> called. I had used an anti-spyware program which claimed it had fixed
> the problem, but that was always temporary. I then tried a new program
> that was supposed to be freeware-- and it is as long as you don't ask
> the program to do anything effective besides locating adware and
> spyware. But once I found out there were a couple of hijacking java
> scripts lurking around in my temporary Internet files, I deleted all of
> those and numerous cookies, everything once again seems safe and
> normal. But I'll have to wait and see if the problems are really gone
> for good; sometimes it seems to be gone for a day or two, then it would
> be back again
>
> Ron

Generally you can run only 1 AV and 1 anti-spyware program: they tend to
report one another!

Rick Merrill

Rick Merrill wrote:
>
> Generally you can run only 1 AV and 1 anti-spyware program: they tend to
> report one another!

Up until now, I never had occasion to think about that before. I had
acquired a virus that simply would not go away despite my anti-virus
program (Grisoft Anti-virus), so I eventually erased everything and
re-installed Windows 2000 as a very last resort. Now I am much more
careful when it comes to viruses, but these spyware programs and ads
are nearly as annoying and as destructive as any virus.

Ron

Ron

Ron wrote:
> Now I am much more careful when it comes to viruses, but these
> spyware programs and ads are nearly as annoying and as destructive as
> any virus.

Malware is malware is malware. You can only give a lower bound for the
maliciousness.

Sebastian Gottschalk

From: "Ron" <>


>>
>> What is the EXACT mesages inidicating in you are infected ?
>>
>> What exactly is the anti malware application that you are suggested to use ?
|
| Somewhat ironically it was the Win Anti-Virus program I think it was
| called. I had used an anti-spyware program which claimed it had fixed
| the problem, but that was always temporary. I then tried a new program
| that was supposed to be freeware-- and it is as long as you don't ask
| the program to do anything effective besides locating adware and
| spyware. But once I found out there were a couple of hijacking java
| scripts lurking around in my temporary Internet files, I deleted all of
| those and numerous cookies, everything once again seems safe and
| normal. But I'll have to wait and see if the problems are really gone
| for good; sometimes it seems to be gone for a day or two, then it would
| be back again
|
| Ron
|



Two phase answer...

Perform Part 1 then perform Part 2

If the first two parts don't work, perform the alternate utility.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE/JSE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
This is most likely why you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE/JSE Version 5.0 Update 7
be installed ASAP.

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version...

C:\Program Files\Java\jre1.5.0_07


http://www.java.com/en/download/manual.jsp



Part 1
------------
Download Adware-Virtumundo Removal Tool --
http://secured2k.home.comcast.net/to...undoBeGone.exe

Information on the Adware-Virtumundo Removal Tool:
http://forums.mcafeehelp.com/viewtopic.php?t=57049

Part 2
------------
Download WinFixerFix.exe from the URL --
http://www.ik-cs.com/programs/virtools/WinFixerFix.exe

Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


ALTERNATE:
--------------

Download Atribune's VUNDOFIX.EXE
http://www.atribune.org/ccount/click.php?id=4

Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there.


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman

David H. Lipman wrote:

> Download Adware-Virtumundo Removal Tool --

Is this a.c.security or a.c.bullshitting-around?

> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to enable WGET.EXE to download the needed McAfee related files.

Ouch. WTF does disallow connections initiated from the inside? And WTF
should you care for the executable name rather than for protocol and port?

> * * * Please report back your results * * *

No need to, the system keeps on being compromised.

Sebastian Gottschalk