Support NeoGAF

[Nameless]

My mom called me complaining of weird pop-ups and no internet access. I tried to talk her through timed restore over the phone but she claimed it wouldn't allow her. I chalked it up to her limited troubleshooting experience, but when I went over there sure enough all restore points had been deleted, the Malware had hijacked her wallpaper, there were pop-ups over where, and not a single browser would connect to the web.

I've done everything I could possibly think & research of over the past couple of days:

-disabled programs in start up

-a quick google search gave the name of the program's 3 core files located in system 32(and a folder in program files) all which I deleted manually in safe mode without a problem.

-Of course I could still access the net while in safe mode, so I then loaded up on current anti spyware programs. I ran Malwarebytes, SpyBot, Asquared, Ad-Aware, and even ran the ActiveScan2.0 online scan. They all found problems that the others didn't, and while it seems that all problems caused by the malware have ceased I was still unable to connect to the internet.

-I then ran SmitfraudFix which scans/repairs sys files and the registry from the command prompt. It also found problems but the fix solved nothing.

-I thought the Malware may have caused an winsock issue, so I did a manual winsock reset...nothing. I downloaded lspfix and it found no winsock abnormalities.

-No changes were made to the windows firewall, I deleted and created the network connections and I'm still without internet access.

heres the log file from Hijack this..Maybe I'm missing something.

Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6686 bytes

I'm really trying to avoid backing up and recovering if I can, but if you guys have no solution(s) thats my next step.

The Gods shall bless anyone who helps me out with pussy & gold.

 

[Nameless]

lol I just saw BHO: WormRadar.com IESiteBlocker.NavFilter

Deleting now!

 

[mckmas8808]

This thing is horrible. I know 2 people that got it. One person had to do a complete re-install.

 

[Servbot #42]

Maybe you should backup all the important files in the PC and format the hard drive.

 

[Green Biker Dude]

Try these:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
http://www.download.com/Avira-AntiV...l-10322935&subj=dl&tag=button&cdlPid=10877501

 

[BeEatNU]

this is extremely easy to remove, you have some crazy named folders to remove and there is a coinciding crazy naming file in the system32 folder.

hmm thats weird, I saw this virus a few times at work but I don't see any of the files of it in your log. check your my program files for a folder that doesnt belong there and go into it and uninstall it. I just woke up so forgive me lol.

 

[FiRez]

google elistara.exe
is in spanish, but it is a very straightforward and excellent anti-spyware application

 

[Zaraki_Kenpachi]

Try these:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
http://www.download.com/Avira-AntiV...l-10322935&subj=dl&tag=button&cdlPid=10877501

Nice job reading the OP!

 

[Outlaw]

nvm

 

[Green Biker Dude]

Nice job reading the OP!

I was just showing how you shouldn't reply. You missed the sarcasm!

 

[Nameless]

this is extremely easy to remove, you have some crazy named folders to remove and there is a coinciding crazy naming file in the system32 folder.

hmm thats weird, I saw this virus a few times at work but I don't see any of the files of it in your log. check your my program files for a folder that doesnt belong there and go into it and uninstall it. I just woke up so forgive me lol.

According to things I've read online, I've already removed the core files, but there's some residual bs still screwing things up.

PLEEASE keep the info coming guys. I have to go to work but I'll be troubleshooting some more tonight.

 

[clav]

Seems like your Symantec Security Suite is causing internet connection problems. I see this all the time.

1. Uninstall Symantec Security Suite.

2. Use the Norton Removal Tool after you've uninstalled it: http://service1.symantec.com/SUPPOR...2005033108162039&nsf=tsgeninfo.nsf&view=docid

3. Restart your computer.

4. Install a different antivirus program like Avira Free: http://www.download.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html

5. However, Avira Free has a nag screen. You can disable it here: http://www.elitekiller.com/files/disable_antivir_nag.htm

DO NOT USE AVG!

I'm seeing in your hijackthis log that you have a crapload of symantec shitware loaded.

 

[Google]

Is there where I mention I work for a security company?

 

[Zaraki_Kenpachi]

I was just showing how you shouldn't reply. You missed the sarcasm!

Ya, nice attempted save there...

 

[SRG01]

Give us more information than "you can't connect to the internet". Can you send/receive pings? Is the network adapter down? Do you mean http doesn't work?

 

[Komlu]

CNet made a very useful guide on how to remove Antivirus XP 2008. This past week!

- CNet's How to remove Antivirus XP 2008

 

[Dabookerman]

I had this.

Deleting bullshit files and system restore <3

 

[Nameless]

-claviertekky: I downloaded the AVG setup last night but haven't installed it yet because of Norton's tedious uninstall process.

SRG01: Im getting a valid ip, and I'm able to ping my ip, as well as outside ips with no packet loss.

Komlu: thanks I'll check it out tonight, though, I suspect I've already done most of the steps they suggest.

 

[Valkyr Junkie]

Did you check the Host file? Can you connect to sites via IP?

Also I saw you manually reset winsock, but I like the winsockfix utility since it does a few other things too.

 

[Arcticfox]

Since the network is working in safe mode, a program starting when windows boots in normal mode is blocking your internet connection. In my experience, when this problem occurs after removing all the viruses the most likely cause is the antivirus/firewall suite, in this case Norton.

You can test this by running 'msconfig' and disabling all Norton components from start up. You will also need to run 'services.msc' and change all Symantec services to manual start up from automatic. After you reboot the computer, if the network is working than Norton is the cause and should be removed and replaced with a better product.

 

[Coverly]

I'm not fond of Antivirus xp 2008.
On some computers it was so bad they just had to format and go from there.
But recently the malwarebytes antispyware program has worked and taken out the spyware.

One thing you can try though that I've found worked in a couple of cases like this is
to delete the Ethernet device from your device manager(it's not enough to delete network connections), restart, and when it
reinstalls itself again, it fixes whatever inconsistencies it had before.
Try it and see if it works. Articfox's advice is good too.

 

[ManDudeChild]

I feel for you OP. I had to deal with AntiVirus XP 2008 last week. I eventually reformatted.

 

[Orin GA]

Reformat

. Its kind of weird that Anti Virus XP killed the internet connection. Isnt the whole point to have people buy useless virus software thru the internet?

 

[hiryu]

Reformat, you will never get rid of it. It hides itself very well.

 

[brain_stew]

Backup any important files and reinstall Windows. Its always the best solution and really isn't half as much bother as people make it out to be. Doing a semi regular reinstall of Windows is good practice anyway.

 

[killakiz]

I just tried removing on my cousins this since Sunday and all I can say is it looks like im going to have to reformat. I tried the Malwarebytes method, all that did was fuck it up even more, now the desktop wont load, explorer.exe crashes instantly. Be very careful dude, try to backup as much as possible now. I wish I could sue these fuckers.

 

[methane47]

Malwarebytes gets rid of this Malware problem... Trust me... at my company we have service contracts with a tonne of companies and in the past month i've seen this maybe 20 times.. first couple times i tried doing it myself.. but then i found out about malwarebytes... and that thing works wonders.


http://www.malwarebytes.org/
Pretty much start your computer in safemode...
Run the app..
?
Profit

I just tried removing on my cousins this since Sunday and all I can say is it looks like im going to have to reformat. I tried the Malwarebytes method, all that did was fuck it up even more, now the desktop wont load, explorer.exe crashes instantly. Be very careful dude, try to backup as much as possible now. I wish I could sue these fuckers.

This is what happened to me when i tried to remove it myself first and then used malwarebytes...

 

[Manp]

combofix, you need nothing else.
i removed this shit from couple of dozens computers and had to format only once.

people seems obsessed by format and reinstall windows, if i did that every time my job would be a nightmare :lol

 

[Souldriver]

Seems like your Symantec Security Suite is causing internet connection problems. I see this all the time.

1. Uninstall Symantec Security Suite.

2. Use the Norton Removal Tool after you've uninstalled it: http://service1.symantec.com/SUPPOR...2005033108162039&nsf=tsgeninfo.nsf&view=docid

3. Restart your computer.

4. Install a different antivirus program like Avira Free: http://www.download.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html

5. However, Avira Free has a nag screen. You can disable it here: http://www.elitekiller.com/files/disable_antivir_nag.htm

DO NOT USE AVG!

I'm seeing in your hijackthis log that you have a crapload of symantec shitware loaded.

Why not?

 

[Fuzz Rez]

I spent one fucking day trying to remove this nasty fucker. I managed to clear it from my profile and soon as my GF logged on her profile the fucker was back :lol

You have to clear all infected registery files or it just keeps coming back. So check your registry entry and delete all "hcnkrj0etfg****" <-- regfiles. And if you leave even one bad reg file it might come back and re-creates all reg entrys all over again.

This is what happened to me when i tried to remove it myself first and then used malwarebytes...

Malwarebytes is great piece of software but in this case it doesn't work all the time. Most of the time but not all the time.

 

[monagram]

I had it on a few machines in a remote office. This worked pretty well at removing it


http://www.simplysup.com/tremover/download.html

 

[Souldriver]

So how do you get this malware thing on your pc? I'd like to avoid it.

 

[Pellham]

I had the antivirus xp 2008 popup and try to install itself while i was surfing random websites (that i thought were safe, like photobucket, so no idea how it appeared). but i end task'ed that sucker, then ran a quick virus scan and an anti-malwarebytes scan, but it came up with nothing?? Am I infected?

(i'm at work so i can't go looking for the LPH and other files that apparently are used by the virus on my computer)

 

[Xabora]

I spent one fucking day trying to remove this nasty fucker. I managed to clear it from my profile and soon as my GF logged on her profile the fucker was back :lol

You have to clear all infected registery files or it just keeps coming back.


Malwarebytes is great piece of software but in this case it doesn't work all the time. Most of the time but not all the time.

I don't see why people are complaining about this.
It was stupid easy for me to remove first time I encountered it. XD



Now spyaxe... that can be a pain in the arse.

 

[Fuzz Rez]

I don't see why people are complaining about this.
It was stupid easy for me to remove first time I encountered it. XD



Now spyaxe... that can be a pain in the arse.

Well it was easy for me too at least couple of times. But then there are computers that are infected so badly that you can't run Windows Task Manager or you can't boot in safe mode. And the resolution is locked 800x600 mode and only 8 bit colors.

Most of the time you can kill it with malwarebytes or some other similar program but some times you can't.

 

[Nameless]

Seems like your Symantec Security Suite is causing internet connection problems. I see this all the time.

1. Uninstall Symantec Security Suite.

2. Use the Norton Removal Tool after you've uninstalled it: http://service1.symantec.com/SUPPOR...2005033108162039&nsf=tsgeninfo.nsf&view=docid

3. Restart your computer.

4. Install a different antivirus program like Avira Free: http://www.download.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html

5. However, Avira Free has a nag screen. You can disable it here: http://www.elitekiller.com/files/disable_antivir_nag.htm

DO NOT USE AVG!

I'm seeing in your hijackthis log that you have a crapload of symantec shitware loaded.

Dude, you are officially the fucking man. I ran the removal tool in safe mode, restarted and the internet works like a charm!!!

I wonder what happened? Norton AV 2005 came pre-installed on their computer and never caused any problems until this whole Anti Virus Xp 2008 issue. In fact I've had it deactivated pretty much since they got this rig. In any event, thanks for saving me even more work. Pussy & Gold shall enter your life!

I had tried to uninstall it last night like I said, but going to add/remove gave me this "you must be logged on as a supervisor blah blah blah" message so I didn't even bother with it.:lol

 

[shantyman]

All you need to do is download autoruns and then make sure you delete the entries for the offending software. You don't need to re-install or format.

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

www.sysinternals.com

 

[M3wThr33]

My dad got this on his computer, too. His partner at work made him install a few antivirus programs or some shit and the partner's a fucking idiot.

I went to my dad's work, cleaned up his computer and made everything fine, while his partner had to call the geek squad and wait all day and pay money to have it fixed while my dad gloated.

Kaspersky and AntiVir are the only good Antivirus programs. AVG sucked. I got a virus with it and that pissed me off.

The key to cleaning out Antivirus XP 2008 was to do a LOT of the changes and scans in SAFE MODE.

 

[alejob]

I've run across antivirus 2009 but haven't seen the 2008 version. Symantec actually got rid off the last one I saw, must of been a recent update.

 

[theBishop]

Step 1: http://www.ubuntu.com/downloads - Download it.

Step 2: Use the live environment to back up your parents important files to a USB hard drive or DVD-R

Step 3: Determine if there's any Windows-specific functionality they rely on.

Step 4a: If you answered "No" to step 3, install Ubuntu.
Step 4b: If you answered "Yes", reinstall XP.

 

[clav]

Why not?

AVG sucks now. Ever since the 8.0 release, I cannot recommend it any more. False positives. Memory hog.

Times have changed.

Dude, you are officially the fucking man. I ran the removal tool in safe mode, restarted and the internet works like a charm!!!

I wonder what happened? Norton AV 2005 came pre-installed on their computer and never caused any problems until this whole Anti Virus Xp 2008 issue. In fact I've had it deactivated pretty much since they got this rig. In any event, thanks for saving me even more work. Pussy & Gold shall enter your life!

I had tried to uninstall it last night like I said, but going to add/remove gave me this "you must be logged on as a supervisor blah blah blah" message so I didn't even bother with it.:lol

I don't think that will happen any time soon... but um... thanks.

Nice to hear that your internet works again. What are you using for AV protection?

 

[JimtotheHum]

what are some things I should look out for so I dont get this virus....I can still go on youporn right?! RIGHT?!

 

[thesoapster]

combofix, you need nothing else.
i removed this shit from couple of dozens computers and had to format only once.

people seems obsessed by format and reinstall windows, if i did that every time my job would be a nightmare :lol

As would mine

Combofix has saved me a lot of pain and hassle on the job.

 

[WinFonda]

Kaspersky and AntiVir are the only good Antivirus programs. AVG sucked. I got a virus with it and that pissed me off.

I don't get the AVG hate. I find AVG to be better than AntiVir. For one, I prefer that AVG has preventative measures that can help you stay away from dangerous sites rather than letting you go there and get the virus.

Also, AntiVir has trouble removing this virus anyway. I was using AntiVir and got this particular fake alert virus, and despite running the scanner and supposedly deleting all the bad files, the virus alert would still trigger every 10 minutes or so. Malwarebytes took care of it no problem. I've installed numerous other anti-virus applications (including Kaspersky,) and none show any infections or flags or triggers, none except AntiVir.

 

[M3wThr33]

A scanner fails on me once and it's on the blacklist.

 

[WinFonda]

A scanner fails on me once and it's on the blacklist.

Yeah, I guess I'm in the same boat. Just had a different scanner fail on me

Really, I think the best protection comes from a variety of different applications. Keeping around 3 or 4 good programs, and using them when/if you get infected. I don't think AntiVir is a bad scanner, not at all. But I'd rather not get the virus in the first place, and so that's why I use AVG now.

 

[CrazedArabMan]

1. backup all programs
2. reformat
3. ???
4. Profit

j/k but seriously, reformatting would fix everything, the only thing is getting everything backed up, but that is the for sure way to fix it unless some of the anti virus programs can help you out, then go with those.

 

[Verano]

How can you reformat?

Im not kiddin, i wants to know.

 

[Schrade]

How can you reformat?

Im not kiddin, i wants to know.

First, make sure your DVD drive is the first boot device. (In BIOS)

THen stick your Windows disc in and reboot the machine, at some point it'll tell you there's already an OS installed on the disk. Somewhere around there you can enter the partition manager.

Delete all partitions (if you're REALLY REALLY sure you want to nuke everything on the drive...) then create a new partition.

Once you've done that you can choose to install Windows onto that partition and then just woosh. Away you go.

 

[kiryogi]

I had the antivirus xp 2008 popup and try to install itself while i was surfing random websites (that i thought were safe, like photobucket, so no idea how it appeared). but i end task'ed that sucker, then ran a quick virus scan and an anti-malwarebytes scan, but it came up with nothing?? Am I infected?

(i'm at work so i can't go looking for the LPH and other files that apparently are used by the virus on my computer)

My run in with the virus was like that. Even tho I did stop and end task it. I got infected, but luckily it couldn't do much damage. Cleaned up most of it before a reboot so it didn't do anything. Well, it did try to hijack my wallpaper, which was stopped promptly. One of the big things about the internet browser deal is that it's actually a redirect related to your DNS server. I deleted that entry and flush/refresed my IP to fix it. AV XP2k8 has some fun work arounds, but nothing like a regedit, spybot, AVG 7.5, Hijackthis, and malwarebytes to fix the problem. I do owe GAF a lot for alerting me to this though. There was a topic on this matter that someone had earlier this year that gave me the heads up on stopping the nasty bugger before it really did some damage.