Weird..

Discussion in 'Computer Security' started by ToYKillAS, Nov 29, 2005.

  1. ToYKillAS

    ToYKillAS Guest

    yesterday i open a .jpg posted on a channel on irc
    then i had a window ask me or not to reboot the system (windows 2000
    sp4) to take in count the new changes

    today when i turn on the computer
    all the web site leads to a "fake" google.com
    with this code in source http://217.117.55.52/damn.txt
    i can't surf anymore, with any explorers
    ideas ?

    thx

    --
    #############################################################
    # http://users.teledisnet.be/web/ari01350/ToYKillAS.jpg #
    # -=- Der Säger von St. Georg -=- #
    #############################################################
     
    ToYKillAS, Nov 29, 2005
    #1
    1. Advertising

  2. From: "ToYKillAS" <>

    | yesterday i open a .jpg posted on a channel on irc
    | then i had a window ask me or not to reboot the system (windows 2000
    | sp4) to take in count the new changes
    |
    | today when i turn on the computer
    | all the web site leads to a "fake" google.com
    | with this code in source http://217.117.55.52/damn.txt
    | i can't surf anymore, with any explorers
    | ideas ?
    |
    | thx
    |


    For non-viral malware...

    Please download, install and update the following software...

    * Ad-aware SE v1.06
    http://www.lavasoft.de/
    http://www.lavasoftusa.com/

    * SpyBot Search and Destroy v1.4
    http://security.kolla.de/

    After the software is updated, I suggest scanning the system in Safe Mode.

    I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
    that may be on the PC.

    * BHODemon
    http://www.definitivesolutions.com/bhodemon.htm

    For viral malware...

    * Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode.
    This way all the components can be downloaded from each AV vendor's web site.
    The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.


    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Nov 29, 2005
    #2
    1. Advertising

  3. ToYKillAS

    ToYKillAS Guest

    David H. Lipman wrote:
    > From: "ToYKillAS" <>
    >
    > | yesterday i open a .jpg posted on a channel on irc
    > | then i had a window ask me or not to reboot the system (windows 2000
    > | sp4) to take in count the new changes
    > |
    > | today when i turn on the computer
    > | all the web site leads to a "fake" google.com
    > | with this code in source http://217.117.55.52/damn.txt
    > | i can't surf anymore, with any explorers
    > | ideas ?
    > |
    > | thx
    > |
    >
    >
    > For non-viral malware...
    >
    > Please download, install and update the following software...
    >
    > * Ad-aware SE v1.06
    > http://www.lavasoft.de/
    > http://www.lavasoftusa.com/
    >
    > * SpyBot Search and Destroy v1.4
    > http://security.kolla.de/
    >
    > After the software is updated, I suggest scanning the system in Safe Mode.
    >
    > I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
    > that may be on the PC.
    >
    > * BHODemon
    > http://www.definitivesolutions.com/bhodemon.htm
    >
    > For viral malware...
    >
    > * Download MULTI_AV.EXE from the URL --
    > http://www.ik-cs.com/programs/virtools/Multi_AV.exe
    >
    > To use this utility, perform the following...
    > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    > Choose; Unzip
    > Choose; Close
    >
    > Execute; C:\AV-CLS\StartMenu.BAT
    > { or Double-click on 'Start Menu' in C:\AV-CLS }
    >
    > NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    > FireWall to allow it to download the needed AV vendor related files.
    >
    > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    > This will bring up the initial menu of choices and should be executed in Normal Mode.
    > This way all the components can be downloaded from each AV vendor's web site.
    > The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
    >
    > You can choose to go to each menu item and just download the needed files or you can
    > download the files and perform a scan in Normal Mode. Once you have downloaded the files
    > needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    > during boot] and re-run the menu again and choose which scanner you want to run in Safe
    > Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
    >
    > When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    > file.
    >
    >
    > * * * Please report back your results * * *
    >
    >


    i just tried again to open a web pages
    i had a login/password box
    and in the task bar, the url http://www.codezoo.com/images/hp1.gif
    going to be hard to download your software, coz i can't access web :)

    --
    #############################################################
    # http://users.teledisnet.be/web/ari01350/ToYKillAS.jpg #
    # -=- Der Säger von St. Georg -=- #
    #############################################################
     
    ToYKillAS, Nov 29, 2005
    #3
  4. ToYKillAS

    shplink Guest

    ToYKillAS wrote:
    > David H. Lipman wrote:
    >
    >>From: "ToYKillAS" <>
    >>
    >>| yesterday i open a .jpg posted on a channel on irc
    >>| then i had a window ask me or not to reboot the system (windows 2000
    >>| sp4) to take in count the new changes
    >>|
    >>| today when i turn on the computer
    >>| all the web site leads to a "fake" google.com
    >>| with this code in source http://217.117.55.52/damn.txt
    >>| i can't surf anymore, with any explorers
    >>| ideas ?
    >>|
    >>| thx
    >>|
    >>
    >>
    >>For non-viral malware...
    >>
    >>Please download, install and update the following software...
    >>
    >>* Ad-aware SE v1.06
    >> http://www.lavasoft.de/
    >> http://www.lavasoftusa.com/
    >>
    >>* SpyBot Search and Destroy v1.4
    >> http://security.kolla.de/
    >>
    >>After the software is updated, I suggest scanning the system in Safe Mode.
    >>
    >>I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
    >>that may be on the PC.
    >>
    >>* BHODemon
    >> http://www.definitivesolutions.com/bhodemon.htm
    >>
    >>For viral malware...
    >>
    >>* Download MULTI_AV.EXE from the URL --
    >> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
    >>
    >>To use this utility, perform the following...
    >>Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    >>Choose; Unzip
    >>Choose; Close
    >>
    >>Execute; C:\AV-CLS\StartMenu.BAT
    >>{ or Double-click on 'Start Menu' in C:\AV-CLS }
    >>
    >>NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    >>FireWall to allow it to download the needed AV vendor related files.
    >>
    >>C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    >>This will bring up the initial menu of choices and should be executed in Normal Mode.
    >>This way all the components can be downloaded from each AV vendor's web site.
    >>The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
    >>
    >>You can choose to go to each menu item and just download the needed files or you can
    >>download the files and perform a scan in Normal Mode. Once you have downloaded the files
    >>needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    >>during boot] and re-run the menu again and choose which scanner you want to run in Safe
    >>Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
    >>
    >>When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    >>file.
    >>
    >>
    >>* * * Please report back your results * * *
    >>
    >>

    >
    >
    > i just tried again to open a web pages
    > i had a login/password box
    > and in the task bar, the url http://www.codezoo.com/images/hp1.gif
    > going to be hard to download your software, coz i can't access web :)
    >

    You *might* want to ask a friend to download the Mozilla Firefox
    executable installer on a flash drive for you. Plug it in, install
    Firefox, and start the downloads that David suggested...

    --
    the alt.privacy.spyware FAQ:
    http://shplink.com/misc/FAQ.htm
     
    shplink, Nov 29, 2005
    #4
  5. ToYKillAS

    ToYKillAS Guest

    shplink wrote:
    > ToYKillAS wrote:
    >
    >> David H. Lipman wrote:
    >>
    >>
    >>
    >> i just tried again to open a web pages
    >> i had a login/password box
    >> and in the task bar, the url http://www.codezoo.com/images/hp1.gif
    >> going to be hard to download your software, coz i can't access web :)
    >>

    > You *might* want to ask a friend to download the Mozilla Firefox
    > executable installer on a flash drive for you. Plug it in, install
    > Firefox, and start the downloads that David suggested...
    >


    it's all the time the same, with any explorer that i already have here
    InternetExplorer, Firefox, Opera..
    all url leads to fake page with that weirdo code
    something had to be changed in the registry
    i just finish an virus scan (G-Data2006) and a Ad-Aware scan
    found nothing..

    --
    #############################################################
    # http://users.teledisnet.be/web/ari01350/ToYKillAS.jpg #
    # -=- Der Säger von St. Georg -=- #
    #############################################################
     
    ToYKillAS, Nov 29, 2005
    #5
  6. From: "ToYKillAS" <>


    | it's all the time the same, with any explorer that i already have here
    | InternetExplorer, Firefox, Opera..
    | all url leads to fake page with that weirdo code
    | something had to be changed in the registry
    | i just finish an virus scan (G-Data2006) and a Ad-Aware scan
    | found nothing..
    |

    What's G-Data2006 ?

    Read the below. After you perform a "Clean Boot" then use Opera and/or FireFox. Avoid
    using IE until the ssystem is deemed clean.

    Ad-aware should be "Ad-aware SE v1.06."
    If you have an older version, it should be removed and the newer version installed and
    updated.

    How to perform a clean boot in Windows XP
    http://support.microsoft.com/kb/310353

    Note You must be logged on as an administrator or a member of the Administrators group to
    follow these steps. If your computer is connected to a network, network policy settings may
    also prevent you from follow these steps. 1. Click Start, click Run, type msconfig in the
    Open box, and then click OK.
    2. On the General tab, click Selective Startup, and then clear the Process System.ini
    File, Process WIn.ini File, and Load Startup Items check boxes. You cannot clear the Use
    Original Boot.ini check box.
    3. On the Services tab, select the Hide All Microsoft Services check box, and then
    click Disable All.
    4. Click OK, and then click Restart to restart your computer.
    5. After Windows starts, determine whether the symptoms still occur.

    Note Look closely at the General tab to make sure that the check boxes that you
    cleared are still cleared. Continue to step 6 if none of the check boxes are selected. If
    the Load System Services check box is the only disabled check box, your computer is not
    clean-booted. If additional check boxes are disabled and the issue is not resolved, you may
    require help from the manufacturer of the program that places a check mark back in Msconfig.

    If none of the check boxes are selected, and the issue is not resolved, you may have
    to repeat steps 1 through 5, but you may also have to clear the Load System Services check
    box on the General tab. This temporarily disables Microsoft services (such as, Networking,
    Plug and Play, Event Logging, and Error Reporting) and permanently deletes all restore
    points for the System Restore utility. Do not do this if you want to retain your restore
    points for System Restore or if you must use a Microsoft service to test the issue.
    6. Click Start, click Run, type msconfig in the Open box, and then click OK.
    7. On the General tab, select the Process System.ini File check box, click OK, and
    then click Restart to restart the computer. If the issue continues, the issue is with an
    entry in your System.ini file. If the issue does not continue, repeat this step for the
    Process Win.ini File, Load Startup Items, and Load System Services check boxes until the
    issue occurs. After the issue occurs, the last item that you selected is the item where the
    issue is occurring.

    Note Microsoft strongly recommends that you do not use System Configuration Utility to
    modify the Boot.ini file on your computer without the direction of a Microsoft support
    engineer. Doing so may make your computer unusable.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Nov 29, 2005
    #6
  7. ToYKillAS

    ToYKillAS Guest

    David H. Lipman wrote:
    > From: "ToYKillAS" <>
    >
    >
    > | it's all the time the same, with any explorer that i already have here
    > | InternetExplorer, Firefox, Opera..
    > | all url leads to fake page with that weirdo code
    > | something had to be changed in the registry
    > | i just finish an virus scan (G-Data2006) and a Ad-Aware scan
    > | found nothing..
    > |
    >
    > What's G-Data2006 ?
    >
    > Read the below. After you perform a "Clean Boot" then use Opera and/or FireFox. Avoid
    > using IE until the ssystem is deemed clean.
    >
    > Ad-aware should be "Ad-aware SE v1.06."
    > If you have an older version, it should be removed and the newer version installed and
    > updated.


    i'm running windows 2000 sp4
    the "msconfig" command doesn't work
    and i can't upgrade my antivirus and adaware (can't connect on the website)

    --
    #############################################################
    # http://users.teledisnet.be/web/ari01350/ToYKillAS.jpg #
    # -=- Der Säger von St. Georg -=- #
    #############################################################
     
    ToYKillAS, Nov 29, 2005
    #7
  8. David H. Lipman, Nov 29, 2005
    #8
  9. From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>


    | Go to the news Group: alt.binaries.comp.virus
    |
    | See the post subjects:
    | MSCONFIG for use in windows 2000
    | Multi AV Scanning Tool
    |

    I don't know why "MSCONFIG for use in windows 2000" never was posted.

    I'll try a ZIP file with the Subject: For ToYKillAS
    OK -- This time the post looked successful.
    -----------

    Go to the news Group: alt.binaries.comp.virus

    See the post subjects:
    For ToYKillAS
    Multi AV Scanning Tool

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Nov 29, 2005
    #9
  10. ToYKillAS

    ToYKillAS Guest

    ToYKillAS wrote:
    > yesterday i open a .jpg posted on a channel on irc
    > then i had a window ask me or not to reboot the system (windows 2000
    > sp4) to take in count the new changes
    >
    > today when i turn on the computer
    > all the web site leads to a "fake" google.com
    > with this code in source http://217.117.55.52/damn.txt
    > i can't surf anymore, with any explorers
    > ideas ?
    >
    > thx
    >


    FIXED :)
    i was fucking scared and ready to finish forever to use windows:)
    a friend told me to install: "Microsoft AntiSpyware"

    and he found direclty (that Ad-Aware didn't find)

    * WindUpdates
    Type: Browser Plug-in
    Threat Level: Severe
    Author: WindUpdates.com

    Description: WindUpdates downloads additional adware and displays pop-up
    advertising.

    * 180Solutions.SearchAssistant
    Type: Adware
    Threat Level: High
    Author: 180Solutions

    Description: 180Solutions.SearchAssistant monitors your current Web
    browsing activity and displays pop-up advertisements related to the
    Internet sites you are viewing.

    * 7AdPower
    Type: Browser Modifier
    Threat Level: High
    Author: 7H

    Description: Software that changes browser settings, such as the
    homepage, without adequate consent.

    --
    #############################################################
    # http://users.teledisnet.be/web/ari01350/ToYKillAS.jpg #
    # -=- Der Säger von St. Georg -=- #
    #############################################################
     
    ToYKillAS, Nov 29, 2005
    #10
  11. ToYKillAS

    Donnie Guest


    >
    > it's all the time the same, with any explorer that i already have here
    > InternetExplorer, Firefox, Opera..
    > all url leads to fake page with that weirdo code
    > something had to be changed in the registry
    > i just finish an virus scan (G-Data2006) and a Ad-Aware scan
    > found nothing..
    >
    > --

    ##########################
    Click start, run, type regedit and press enter.
    Look in
    HKLM
    Software
    MIcrosoft
    Windows
    CurrentVersion
    Run
    Many things hide themselves in the run folder. Post what you see if you
    don't understand it.
    Also, click edit, find, type in redirect and press enter. Continue serching
    for any redirects by using the F3 button until the search is finished.
    donnie.
     
    Donnie, Nov 30, 2005
    #11
  12. ToYKillAS

    ted Guest

    "ToYKillAS" <> wrote in message
    news:438ca795$0$22184$...
    > ToYKillAS wrote:
    >> yesterday i open a .jpg posted on a channel on irc
    >> then i had a window ask me or not to reboot the system (windows 2000
    >> sp4) to take in count the new changes
    >>
    >> today when i turn on the computer
    >> all the web site leads to a "fake" google.com
    >> with this code in source http://217.117.55.52/damn.txt
    >> i can't surf anymore, with any explorers
    >> ideas ?
    >>
    >> thx
    >>

    >
    > FIXED :)
    > i was fucking scared and ready to finish forever to use windows:)
    > a friend told me to install: "Microsoft AntiSpyware"
    >
    > and he found direclty (that Ad-Aware didn't find)
    >
    > * WindUpdates
    > Type: Browser Plug-in
    > Threat Level: Severe
    > Author: WindUpdates.com
    >
    > Description: WindUpdates downloads additional adware and displays pop-up
    > advertising.
    >
    > * 180Solutions.SearchAssistant
    > Type: Adware
    > Threat Level: High
    > Author: 180Solutions
    >
    > Description: 180Solutions.SearchAssistant monitors your current Web
    > browsing activity and displays pop-up advertisements related to the
    > Internet sites you are viewing.
    >
    > * 7AdPower
    > Type: Browser Modifier
    > Threat Level: High
    > Author: 7H
    >
    > Description: Software that changes browser settings, such as the
    > homepage, without adequate consent.
    >
    > --


    IRONY ALARM
    http://www.tgdaily.com/2005/12/02/180solutions-sues-zonelabs/

    Zone Labs, an Internet security firm, has been sued by 180solutions. The
    documents filed in Washington state claim that Zone Labs wrongfully
    classifies 180solutions' software as spyware. The suit seeks unspecified
    monetary damages and to have Zonelabs remove the spyware warning for
    180solutions' products.
     
    ted, Dec 5, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ethan

    Weird issue with new wireless NIC.

    Ethan, Oct 24, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    674
    Ethan
    Oct 24, 2004
  2. =?Utf-8?B?eHV6aGltbw==?=

    A weird problem, computer hang while loading wireless, please help

    =?Utf-8?B?eHV6aGltbw==?=, Dec 17, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    754
    =?Utf-8?B?eHV6aGltbw==?=
    Dec 17, 2004
  3. =?Utf-8?B?QXJhZ29ybjczMjY=?=

    Weird Problem on connecting wirelessly two notebooks

    =?Utf-8?B?QXJhZ29ybjczMjY=?=, Jan 12, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    633
    =?Utf-8?B?TWFkTWF4NzMyNg==?=
    Jan 14, 2005
  4. Sean

    Weird Wireless Range problem

    Sean, Jun 29, 2005, in forum: Wireless Networking
    Replies:
    9
    Views:
    1,987
    Clark
    Jun 29, 2005
  5. =?Utf-8?B?UGFuYWdpb3Rpcw==?=

    I have a prety weird problem.

    =?Utf-8?B?UGFuYWdpb3Rpcw==?=, Jun 30, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    442
    Andy Roxburgh
    Jun 30, 2005
Loading...

Share This Page