Author |
Message |
gerald.fird
Baiting Guru
Joined: 24 Mar 2010
Posts: 2135
Location: Ladland
|
Posted:
Sat Jul 24, 2010 11:40 pm |
|
Sometimes, they even show their own files as infected |
_________________ = 309
x226 x36
X17
Mrs. CHIPIWA MAZIVA - Johannesburg to Cape Town - 1800 miles round-trip
"IDIOT DEY FOOL YOURSELF........ YOU NON GET WORK DATS WHY U DE FIND FOLLOW UP..... ILLITERATE
TAKE MY ID MAKE U ADD ME
MAKE I SHOW U MY WEBMAIL... U WILL NO DAT AM NOT HUNGRY... HUNGER GO KILL UR GENERATION" |
|
|
|
puckettgw
Master Baiter
Joined: 26 Jun 2010
Posts: 168
Location: fe80::**d:9**:fe**:c**e
|
Posted:
Sat Jul 24, 2010 11:46 pm |
|
yeah, that's usually how they operate
this site's different though... it distributes a windows executable to show you that movie, rather than just showing it in the browser xD
perhaps this is to avoid telling mac users they have windows problems
i always tell my friends to quit looking at so much porn.. xD |
_________________ x4
^__^ FIRST PIGGY 7/15/2010 !
<a href="/forum/donate.php">[Click here to donate to 419Eater.com]</a> |
|
|
|
gerald.fird
Baiting Guru
Joined: 24 Mar 2010
Posts: 2135
Location: Ladland
|
Posted:
Sun Jul 25, 2010 12:01 am |
|
My computer's been infected several times. It's actually partially infected right now. We installed Norton Internet Security before it fully installed. Every now and then adware pops up, and whenever I try to go to a site which is against scams, it redirects 80% of the time |
_________________ = 309
x226 x36
X17
Mrs. CHIPIWA MAZIVA - Johannesburg to Cape Town - 1800 miles round-trip
"IDIOT DEY FOOL YOURSELF........ YOU NON GET WORK DATS WHY U DE FIND FOLLOW UP..... ILLITERATE
TAKE MY ID MAKE U ADD ME
MAKE I SHOW U MY WEBMAIL... U WILL NO DAT AM NOT HUNGRY... HUNGER GO KILL UR GENERATION" |
|
|
|
puckettgw
Master Baiter
Joined: 26 Jun 2010
Posts: 168
Location: fe80::**d:9**:fe**:c**e
|
Posted:
Sun Jul 25, 2010 12:04 am |
|
Try MalwareBytes. It works really well (and doesn't use nearly as much memory as Norton) ... If you've bought a license for Norton, I'd definitely consider buying MalwareBytes when your license expires... It's a lot cheaper and does a really good job. The free version still scans for and removes all kinds of stuff that McAfee and AVG won't find.. it just doesn't have automatic protection. I don't like Symantec products... Google "norton broke my computer" or something similar.
Also if you have your windows install CDs you can reinstall internet explorer .. i forget where exactly the file is located but if you google "reinstall ie.inf" you'll find it.
edit:
also, go to c:\windows\system32\drivers\etc\ and open the "hosts" file with notepad. there should only be one entry -- "127.0.0.1 (some tabs) localhost"
any other entries are either norton hijacking you or some kind of malware.
exceptions are things like activate.adobe.com which you might have if you own Photoshop or something similar. Basically, if it's just a random IP address and it goes to some crazy URL it's probably bad.
if you want, i'll fix it for you remotely for free. i'm a certified technician. PM me if you're interested. |
_________________ x4
^__^ FIRST PIGGY 7/15/2010 !
<a href="/forum/donate.php">[Click here to donate to 419Eater.com]</a> |
|
|
|
gerald.fird
Baiting Guru
Joined: 24 Mar 2010
Posts: 2135
Location: Ladland
|
Posted:
Sun Jul 25, 2010 12:18 am |
|
I know I've tried it a hundred times. It can't remove it, surprisingly! I've had the free version for months, since sometime last year
EDIT: YEs, my computer's being attacked every day. |
_________________ = 309
x226 x36
X17
Mrs. CHIPIWA MAZIVA - Johannesburg to Cape Town - 1800 miles round-trip
"IDIOT DEY FOOL YOURSELF........ YOU NON GET WORK DATS WHY U DE FIND FOLLOW UP..... ILLITERATE
TAKE MY ID MAKE U ADD ME
MAKE I SHOW U MY WEBMAIL... U WILL NO DAT AM NOT HUNGRY... HUNGER GO KILL UR GENERATION" |
|
|
|
puckettgw
Master Baiter
Joined: 26 Jun 2010
Posts: 168
Location: fe80::**d:9**:fe**:c**e
|
Posted:
Sun Jul 25, 2010 12:21 am |
|
That's pretty gnarly. Sounds like you've got the same trojan my girlfriend had a while back. It's modified the file permissions (and the owner of the files) so that you can't modify or delete them. You might be able to "take ownership" in Safe Mode (as Administrator) and then delete them that way. You'll also need to find the entries in your registry and remove them.
If there are DLLs involved, start->run->regsvr32 /u (drag and drop the offending DLL) ->press enter, then try to delete them.
ALSO!!! I just remembered! If you're trying to remove files and they get deleted, then come back at reboot -- you may need to type the following in a command prompt:
sfc /disable
then delete the offending files
then reboot,
then sfc /enable (in a command prompt) |
_________________ x4
^__^ FIRST PIGGY 7/15/2010 !
<a href="/forum/donate.php">[Click here to donate to 419Eater.com]</a> |
|
|
|
gerald.fird
Baiting Guru
Joined: 24 Mar 2010
Posts: 2135
Location: Ladland
|
Posted:
Sun Jul 25, 2010 12:26 am |
|
By remove, I mean it can't even find it. Like I told you, it's not fully installed. If it was, I would'nt even be connected to the internet.
EDIT: Have you ever been infected with AVSoft? It's pretty hard to remove. It disables everything on the computer. Everything! I'm not infected with that right now |
_________________ = 309
x226 x36
X17
Mrs. CHIPIWA MAZIVA - Johannesburg to Cape Town - 1800 miles round-trip
"IDIOT DEY FOOL YOURSELF........ YOU NON GET WORK DATS WHY U DE FIND FOLLOW UP..... ILLITERATE
TAKE MY ID MAKE U ADD ME
MAKE I SHOW U MY WEBMAIL... U WILL NO DAT AM NOT HUNGRY... HUNGER GO KILL UR GENERATION"
Last edited by gerald.fird on Sun Jul 25, 2010 12:32 am; edited 2 times in total |
|
|
|
puckettgw
Master Baiter
Joined: 26 Jun 2010
Posts: 168
Location: fe80::**d:9**:fe**:c**e
|
Posted:
Sun Jul 25, 2010 12:31 am |
|
oic. in that case...
have you checked the autorun areas in your registry?
They're at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Have you tried running HiJackThis in Safe Mode? |
_________________ x4
^__^ FIRST PIGGY 7/15/2010 !
<a href="/forum/donate.php">[Click here to donate to 419Eater.com]</a> |
|
|
|
gerald.fird
Baiting Guru
Joined: 24 Mar 2010
Posts: 2135
Location: Ladland
|
Posted:
Sun Jul 25, 2010 12:33 am |
|
As I told you before, only adware was installed. And anyway there's practically nothing in AutoRun |
_________________ = 309
x226 x36
X17
Mrs. CHIPIWA MAZIVA - Johannesburg to Cape Town - 1800 miles round-trip
"IDIOT DEY FOOL YOURSELF........ YOU NON GET WORK DATS WHY U DE FIND FOLLOW UP..... ILLITERATE
TAKE MY ID MAKE U ADD ME
MAKE I SHOW U MY WEBMAIL... U WILL NO DAT AM NOT HUNGRY... HUNGER GO KILL UR GENERATION" |
|
|
|
puckettgw
Master Baiter
Joined: 26 Jun 2010
Posts: 168
Location: fe80::**d:9**:fe**:c**e
|
Posted:
Sun Jul 25, 2010 12:37 am |
|
HiJackThis would more than likely be able to shed some light why your browser is being redirected. If there's nothing in your hosts file, or your registry, or detected by norton or malwarebytes, and your DNS servers aren't altered, then perhaps you should check your browser's proxy settings.
AVSoft is pretty gnarly. One of my least favorite ><
Did you make sure that your TCP/IP Properties are set to automatically acquire your DNS server? |
_________________ x4
^__^ FIRST PIGGY 7/15/2010 !
<a href="/forum/donate.php">[Click here to donate to 419Eater.com]</a> |
|
|
|
evil_sheep
Compulsive Self Abuser
Joined: 15 Jul 2010
Posts: 1100
Location: 419eater Passport office.
|
Posted:
Sun Jul 25, 2010 1:08 pm |
|
Try deleting c:\windows\system32
It speeds up your PC.
Wouldn't you agree, fellow btard?
(DO NOT DELETE THAT FOLDER, I AM JOKING!) |
_________________ x11 x3
"I thank you for your quick massage this morning. " - Prince Abdul Hakeem
"u lied. i know u as black man" - Timothy Fred
"Get out. If you mail me again, i will destroy your mailbox." - Clydesdale Bank PLC.
"picece of shit gett off here junkie" "arse hole like u" "u r a bullshit around the corner" "fuck off and die" "is that how you write ur father?" "do u need some crack from Brazil?" "please leave me alone" - Dr. Mohamed Gaza
FREE BEER!
"Baiting is like sex. If it does go pear-shaped, pull out, get a new email address and try again from a different angle." - Me |
|
|
|
|