Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New Virus?

Status
Not open for further replies.
iSeriesCodePoet

iSeriesCodePoet

Programmer
Jan 11, 2001
1,373
US
Okay, this is very weird! I unlocked my Windows 2000 (with all the latest patches) and there was 6 new icons on the desktop: Website Hosting, Casino Online, Printer Cartridges, Internet, Travel, and Poker. Each of them are a shortcut and have something like this
Code: 
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" [URL unfurl="true"]http://www.dmgtwxyygu.com/aJuBHAMCeXzLgrACViyr50PLhKX9HkzZStsD87_nxqYDkG8urtIhXHPYd7W5Ycb8Gog6/65VIKG0IhhY3cX1WCR2lKpE/a5_SqOhi4kk3Rw.html[/URL]
in the target.

Also, it change the homepage of my Firefox to
Code: 
[URL unfurl="true"]http://www.rbgvvmebtxudsamw.info/aJuBHAMCeXzJimBwpy4ITyDrUB6Ghd/3Xz9Id8o6BGE.html[/URL]
and changed IE to
Code: 
[URL unfurl="true"]http://kyewjbrkgkdcseydpbo.info/aJuBHAMCeXzJimBwpy4ITzFvBDdmT0DUXz9Id8o6BGE.html[/URL]
which then brought up this page in IE only:
Also there is a new tool in IE only, it has tabs including Internet, Business, Online, Travel, and a few others.

After my virus scan, I will be installing and running Spybot and Adaware to see if that will clean it up. But I am wondering 1) What the hell this is... 2) How the hell did I get this? 3) If antivirus and Spybot can't clean it up... how do I clean it up. Mainly, I am wondering one and two. I take great pride in keeping my computer clean and this just pisses me off that this happened.

Software that was running overnight:
* Windows Messenger 5.0, connected to corporate IM and internet IM w/ Messenger Plus! 3.2 (maybe Messeger Plus?)
* Trillian 2.012 connected to AOL
* BOINC (which is for SETI@Home)
* TightVNC was runnning
* and of course Norton Antivirus

iSeriesCodePoet
iSeries Programmer/Lawson Software Administrator
 
Sort by date Sort by votes
Hi,

you are obviously another victim of a coolweb search or similar.
Check if my thread helps you remove your problem:
thread760-911560

Anyhow: Download latest version of "Hijack this". Try fixes as mentioned in my post/ crosslink to SWI fora.

You should use sth. like Spyware blaster & Spyware guard to protect you from future hijacks.

Good luck,
Andy

[blue]The last voice we will hear before the world explodes will be that of an expert saying:
"This is technically impossible!" - Sir Peter Ustinov[/blue]
HP:
 
Upvote 0 Downvote
This is not good. It's obviously a browser hijack, but since Firefox doesn't use IE's layers services stack, how did it mess up Firefox? Sounds like some bright boy is upping the ante.


Jeff
The future is already here - it's just not widely distributed yet...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

RodneyMcSnow
  • Locked
  • Question
Hardware firewall bypassed access to the lan network. Please Help! No it's not a root kit or virus
Replies
1
Views
266
ChrisHirst
ChrisHirst
ttrsux
  • Locked
  • Question
No internet access on new LAN eth0/2 1
Replies
6
Views
320
iggsterman
iggsterman
normntwrk
  • Locked
  • Question
new asa5505 - old config
Replies
6
Views
223
normntwrk
normntwrk
sapper1
  • Locked
  • Question
New to Sonicwall and need some help.
Replies
1
Views
125
cajuntank
cajuntank
diembi
  • Locked
  • Question
McAfee can stop my not virus process?
Replies
0
Views
167
diembi
diembi

Part and Inventory Search

Sponsor

Back
Top