Wallpaper-Changing Virus?

Discussion in 'NZ Computing' started by Chris Lim, Mar 12, 2007.

  1. Chris Lim

    Chris Lim Guest

    Earlier this evening I left my computer on and went to watch TV. There
    were 2 instances of IE 6 running, one sitting on the Yahoo Mail page
    and the other on Google Groups.

    When I came back about an hour later, I found something had hijacked
    one instance of IE 6, redirected it to some porn site
    (www.pichunter.com), and changed my desktop wallpaper.

    I did a scan using McAfee but it didn't find any viruses. I can't seem
    to find anything via Google either. Anyone know what this is?
     
    Chris Lim, Mar 12, 2007
    #1
    1. Advertising

  2. Chris Lim

    Dave Taylor Guest

    "Chris Lim" <> wrote in news:1173690992.598827.64440
    @j27g2000cwj.googlegroups.com:

    > I did a scan using McAfee but it didn't find any viruses. I can't seem
    > to find anything via Google either. Anyone know what this is?


    Probably not a virus, but spyware.
    Try Ewido, Superantispyware, Lavasoft ad-aware, Javacools spywareblaster,
    and spybot search and destroy.

    Your AV tool may not be able to stop common browser highjacks and other
    common problems. This is normal, and why these other tools exist.
    AV tools are about 1/4 of the protection you need.


    --
    Ciao, Dave
     
    Dave Taylor, Mar 12, 2007
    #2
    1. Advertising

  3. Chris Lim

    Chris Lim Guest

    On Mar 12, 10:47 pm, Dave Taylor <>
    wrote:
    > Probably not a virus, but spyware.
    > Try Ewido, Superantispyware, Lavasoft ad-aware, Javacools spywareblaster,
    > and spybot search and destroy.


    Hmmm. I did some scans via Windows Defender and Ad-Aware but neither
    of them found anything. I'll try some of the others.
     
    Chris Lim, Mar 12, 2007
    #3
  4. Chris Lim

    Richard Guest

    Chris Lim wrote:
    > On Mar 12, 10:47 pm, Dave Taylor <>
    > wrote:
    >> Probably not a virus, but spyware.
    >> Try Ewido, Superantispyware, Lavasoft ad-aware, Javacools spywareblaster,
    >> and spybot search and destroy.

    >
    > Hmmm. I did some scans via Windows Defender and Ad-Aware but neither
    > of them found anything. I'll try some of the others.


    Self updating spyware is usually a small step behind the antispyware
    programs, so if you dont update all the time its as good as useless.

    Take the machine offline, wait a week, and then download the antispyware
    programs on another machine, and copy across by dvd or something.
     
    Richard, Mar 12, 2007
    #4
  5. Chris Lim

    GraB Guest

    On 12 Mar 2007 02:16:32 -0700, "Chris Lim" <>
    wrote:

    >Earlier this evening I left my computer on and went to watch TV. There
    >were 2 instances of IE 6 running, one sitting on the Yahoo Mail page
    >and the other on Google Groups.
    >
    >When I came back about an hour later, I found something had hijacked
    >one instance of IE 6, redirected it to some porn site
    >(www.pichunter.com), and changed my desktop wallpaper.
    >
    >I did a scan using McAfee but it didn't find any viruses. I can't seem
    >to find anything via Google either. Anyone know what this is?


    ActiveX control? The Achilles heel of IE.

    Get Spybot, get updates, scan and run the Immunize button.
     
    GraB, Mar 12, 2007
    #5
  6. Chris Lim

    Craig Sutton Guest

    "Chris Lim" <> wrote in message
    news:...
    > Earlier this evening I left my computer on and went to watch TV. There
    > were 2 instances of IE 6 running, one sitting on the Yahoo Mail page
    > and the other on Google Groups.
    >
    > When I came back about an hour later, I found something had hijacked
    > one instance of IE 6, redirected it to some porn site
    > (www.pichunter.com), and changed my desktop wallpaper.
    >
    > I did a scan using McAfee but it didn't find any viruses. I can't seem
    > to find anything via Google either. Anyone know what this is?
    >


    IE6??? Sigh... how long has IE7 been out? or Firefox..
     
    Craig Sutton, Mar 12, 2007
    #6
  7. Chris Lim

    Chris Lim Guest

    On Mar 13, 12:48 am, "Craig Sutton" <> wrote:
    > IE6??? Sigh... how long has IE7 been out? or Firefox..


    I hate IE7, and won't upgrade to it till they move the toolbar buttons
    into sensible places. I tried it for a few weeks and *every* time I
    went to hit Refresh or Stop I kept having to look for them as they
    weren't where I expected (top left).

    I use Firefox 2 at work and it's okay, although it leaks memory badly
    (on 64 bit XP anyway). If I leave it running for a day it ends up
    taking over 200MB of memory so I keep having to restart it (at least
    it allows you to restore previous sessions).

    You think this has anything to do with browser version though?
     
    Chris Lim, Mar 12, 2007
    #7
  8. Chris Lim

    Dave Doe Guest

    In article <>,
    says...
    > On Mar 13, 12:48 am, "Craig Sutton" <> wrote:
    > > IE6??? Sigh... how long has IE7 been out? or Firefox..

    >
    > I hate IE7, and won't upgrade to it till they move the toolbar buttons
    > into sensible places.


    Move them yourself :)

    > I tried it for a few weeks and *every* time I
    > went to hit Refresh or Stop I kept having to look for them as they
    > weren't where I expected (top left).


    So move them


    --
    Duncan
     
    Dave Doe, Mar 13, 2007
    #8
  9. Chris Lim

    Dave Taylor Guest

    Richard <> wrote in news:45f52ca8$:

    >
    > Self updating spyware is usually a small step behind the antispyware
    > programs, so if you dont update all the time its as good as useless.
    >
    > Take the machine offline, wait a week, and then download the antispyware
    > programs on another machine, and copy across by dvd or something.


    I think you mean the spyware is ahead of the cure, because of the nature of
    the signature detection method.

    Anyways, the OP needs much more than AV if he isn't going to run a fully
    patched and updated machine. Even then a zero-day can be a problem.

    --
    Ciao, Dave
     
    Dave Taylor, Mar 13, 2007
    #9
  10. Chris Lim

    Cadae Guest

    "Chris Lim" <> wrote in message
    news:...
    > Hmmm. I did some scans via Windows Defender and Ad-Aware but neither
    > of them found anything. I'll try some of the others.
    >


    Try hijackthis, available free from
    http://www.majorgeeks.com/download3155.html

    It lists anything out of the ordinary installed on your machine (it checks
    all the usual installation places such as ActiveX installs, I.E.install
    etc), and gives you the option of removing the suspicious stuff.

    PC
     
    Cadae, Mar 13, 2007
    #10
  11. Chris Lim

    Richard Guest

    Dave Taylor wrote:
    > Richard <> wrote in news:45f52ca8$:
    >
    >> Self updating spyware is usually a small step behind the antispyware
    >> programs, so if you dont update all the time its as good as useless.
    >>
    >> Take the machine offline, wait a week, and then download the antispyware
    >> programs on another machine, and copy across by dvd or something.

    >
    > I think you mean the spyware is ahead of the cure, because of the nature of
    > the signature detection method.
    >
    > Anyways, the OP needs much more than AV if he isn't going to run a fully
    > patched and updated machine. Even then a zero-day can be a problem.


    No, they are behind a little, the new fixes come out, and before a
    majority of people can get them the spyware has updated to thwart the
    removal of it. You can go looking thru hijack this logs for what to nuke
    manually etc, or just wait for the spyware removal tools to deal to it.
     
    Richard, Mar 13, 2007
    #11
  12. Chris Lim

    Chris Lim Guest

    On Mar 13, 3:54 pm, Dave Doe <> wrote:
    > > I hate IE7, and won't upgrade to it till they move the toolbar buttons
    > > into sensible places.

    >
    > Move them yourself :)


    How? If I can do that then I might find IE7 usable. (btw I'm talking
    about the Refresh and Stop buttons)
     
    Chris Lim, Mar 13, 2007
    #12
  13. Chris Lim

    Dave Taylor Guest

    Richard <> wrote in news:45f68b1c$:

    >>> Self updating spyware is usually a small step behind the antispyware
    >>> programs, so if you dont update all the time its as good as useless.
    >>>
    >>> Take the machine offline, wait a week, and then download the
    >>> antispyware programs on another machine, and copy across by dvd or
    >>> something.

    >>
    >> I think you mean the spyware is ahead of the cure, because of the
    >> nature of the signature detection method.
    >>
    >> Anyways, the OP needs much more than AV if he isn't going to run a
    >> fully patched and updated machine. Even then a zero-day can be a
    >> problem.

    >
    > No, they are behind a little, the new fixes come out, and before a
    > majority of people can get them the spyware has updated to thwart the
    > removal of it. You can go looking thru hijack this logs for what to
    > nuke manually etc, or just wait for the spyware removal tools to deal
    > to it.


    I see what you mean now. Nasty.
    Tried PrevX?

    --
    Ciao, Dave
     
    Dave Taylor, Mar 14, 2007
    #13
  14. Chris Lim

    Chris Lim Guest

    On Mar 13, 10:47 pm, "Cadae" <pc@somewhere> wrote:
    > Try hijackthis, available free fromhttp://www.majorgeeks.com/download3155.html


    Funnily enough McAfee keeps detecting that as a virus and removes it!
    Managed to disable McAfee and download it though. Looking through the
    logs now.
     
    Chris Lim, Mar 14, 2007
    #14
  15. Chris Lim

    Dave Taylor Guest

    "Chris Lim" <> wrote in
    news::

    > Funnily enough McAfee keeps detecting that as a virus and removes it!
    > Managed to disable McAfee and download it though. Looking through the
    > logs now.


    That is crazy talk considering this development in the last day or so!

    I read about it on GRC.com

    Anonymous Bob wrote:
    > "siljaline" <> wrote in message
    > news:et2fnc$1g9n$...
    >> Did Merijn sell-out to Trend? Yet to be determined -
    >> Note this is a ~Beta release, use a your own risk and peril.
    >> (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.p
    >> hp)
    >>
    >> Randy

    >
    > It appears TrendMicro owns HJT now.
    > http://www.malwarebytes.org/forums/index.php?showtopic=1157&st=0#entry2
    > 720
    >
    > From the EULA:
    > 2. USE RESTRICTIONS AND OWNERSHIP. The Software is licensed not sold.
    > Trend Micro owns the title and intellectual property rights to the
    > Software, and reserves all rights not expressly granted to You in this
    > Agreement. You agree that you will not rent, loan, lease or sublicense
    > the Software. You agree not to attempt to reverse engineer, decompile,
    > modify, translate, disassemble, discover the source code of, or create
    > derivative works from, any part of the Software or authorize others to
    > undertake any of these acts.
    >
    > Bob Vanderveen


    I hope they are good stewards. HJT has been a very useful tool for
    removing malware for a long time. I wonder what will come of the forums
    of volunteers who help folks with using HJT? With HJT being owned by a
    big company, the helper community may well die off. That would be a
    shame, but...


    --
    Ciao, Dave
     
    Dave Taylor, Mar 15, 2007
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. flying swede

    no more 'set as wallpaper' Linux ff

    flying swede, Apr 5, 2005, in forum: Firefox
    Replies:
    0
    Views:
    492
    flying swede
    Apr 5, 2005
  2. Replies:
    2
    Views:
    409
    =?iso-8859-1?Q?Frisbee=AE_MCNGP?=
    Mar 6, 2004
  3. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    592
    DaveW
    Sep 22, 2003
  4. graeme@invalid

    Changing Wallpaper

    graeme@invalid, Oct 30, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    642
    Toolman Tim
    Oct 31, 2004
  5. jamy
    Replies:
    4
    Views:
    21,269
Loading...

Share This Page