well this is an elaborate scam

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Posted: Sat Jul 24, 2010 11:40 pm

Sometimes, they even show their own files as infected

Posted: Sat Jul 24, 2010 11:46 pm

yeah, that's usually how they operate Very Happy

this site's different though... it distributes a windows executable to show you that movie, rather than just showing it in the browser xD

perhaps this is to avoid telling mac users they have windows problems Razz

i always tell my friends to quit looking at so much porn.. xD

Posted: Sun Jul 25, 2010 12:01 am

My computer's been infected several times. It's actually partially infected right now. We installed Norton Internet Security before it fully installed. Every now and then adware pops up, and whenever I try to go to a site which is against scams, it redirects 80% of the time

Posted: Sun Jul 25, 2010 12:04 am

Try MalwareBytes. It works really well (and doesn't use nearly as much memory as Norton) ... If you've bought a license for Norton, I'd definitely consider buying MalwareBytes when your license expires... It's a lot cheaper and does a really good job. The free version still scans for and removes all kinds of stuff that McAfee and AVG won't find.. it just doesn't have automatic protection. I don't like Symantec products... Google "norton broke my computer" or something similar.

Also if you have your windows install CDs you can reinstall internet explorer .. i forget where exactly the file is located but if you google "reinstall ie.inf" you'll find it.

edit:

also, go to c:\windows\system32\drivers\etc\ and open the "hosts" file with notepad. there should only be one entry -- "127.0.0.1 (some tabs) localhost"

any other entries are either norton hijacking you or some kind of malware.
exceptions are things like activate.adobe.com which you might have if you own Photoshop or something similar. Basically, if it's just a random IP address and it goes to some crazy URL it's probably bad.

if you want, i'll fix it for you remotely for free. i'm a certified technician. PM me if you're interested.

Posted: Sun Jul 25, 2010 12:18 am

I know I've tried it a hundred times. It can't remove it, surprisingly! I've had the free version for months, since sometime last year

EDIT: YEs, my computer's being attacked every day.

Posted: Sun Jul 25, 2010 12:21 am

That's pretty gnarly. Sounds like you've got the same trojan my girlfriend had a while back. It's modified the file permissions (and the owner of the files) so that you can't modify or delete them. You might be able to "take ownership" in Safe Mode (as Administrator) and then delete them that way. You'll also need to find the entries in your registry and remove them.

If there are DLLs involved, start->run->regsvr32 /u (drag and drop the offending DLL) ->press enter, then try to delete them.

ALSO!!! I just remembered! If you're trying to remove files and they get deleted, then come back at reboot -- you may need to type the following in a command prompt:

sfc /disable

then delete the offending files

then reboot,

then sfc /enable (in a command prompt)

Posted: Sun Jul 25, 2010 12:26 am

By remove, I mean it can't even find it. Like I told you, it's not fully installed. If it was, I would'nt even be connected to the internet.

EDIT: Have you ever been infected with AVSoft? It's pretty hard to remove. It disables everything on the computer. Everything! I'm not infected with that right now

Posted: Sun Jul 25, 2010 12:31 am

oic. in that case...

have you checked the autorun areas in your registry?
They're at

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

and

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Have you tried running HiJackThis in Safe Mode?

Posted: Sun Jul 25, 2010 12:33 am

As I told you before, only adware was installed. And anyway there's practically nothing in AutoRun

Posted: Sun Jul 25, 2010 12:37 am

HiJackThis would more than likely be able to shed some light why your browser is being redirected. If there's nothing in your hosts file, or your registry, or detected by norton or malwarebytes, and your DNS servers aren't altered, then perhaps you should check your browser's proxy settings.

AVSoft is pretty gnarly. One of my least favorite ><

Did you make sure that your TCP/IP Properties are set to automatically acquire your DNS server?

Posted: Sun Jul 25, 2010 1:08 pm

Try deleting c:\windows\system32

It speeds up your PC. Wink

Wouldn't you agree, fellow btard? Very Happy

(DO NOT DELETE THAT FOLDER, I AM JOKING!)

well this is an elaborate scam	View next topic View previous topic