[ziggy]

I just started getting them yesterday also.Now i get them on allmost every site and stopping pop ups isnt working along with an adaware scan and spybot scan.

[ziggy]

registry defender is one pop up and i get them with IE and firefox and i dont hit porn sites,just ikarium and a canadian govt. site for a gst number yesterday.

[canuckns]

Firstly both Registry Defender and Antivirus XP 2009 are spy/malware.

I have successfully used SpyBot, Adaware and HijackThis. SpyBot and Adaware are pretty simple apps to use, but HijackThis does require a decent knowledge of the Windows Registry. You need to be very careful in removing registry entries as you can completely frack up your comp if you remove the wrong ones.

Best bet is to boot your machine into Safe Mode and running both utilities. Spybot also has the ability to run before Windows completely loads, so if you have spy/malware that loads into memory on startup SpyBot can usually find and remove it before this happens. If the spy/malware is loaded into memory it may look like it has been removed but it actually has not.

Hope this helps.

[herbie]

One of the effects of this infection is that if you attempt to run regedit, it will pop up a window even in safe mode announcing "Regedit has been disabled by your administrator".
Changes made by most programs like SpyBot, SuperAntiSpyware, AVG (1st sign, your anti-virus won't update) are reversed on reboot. Eventually you even lose connectivity and you're hooped. There are a few products that claim the ability to remove the infection but they're not free so take your chances.
Another pain is System Restore which has become entirely a spot to hide trojans/viruses and is a next to useless function.
I've had to inform most victims that it's unfortunate but unless they are willing to pay for as much as 8 hours of pissing around, they're looking at a format, fixboot and reinstall as it's simply cheaper.
Your books are worth the labour cost, it's TFB about your music and pictures. Learn to back up shit.
What is really interesting is that I have yet to see a Vista machine come in with this infection, just XP boxes!

[ziggy]

lily wrote:

What the heck is this and why am I getting so many pop-ups tellin me my computer is at risk?

Some of the pop-ups look "legit" - it looks like Windows XP - but others are clearly ads.

I've run an anti-virus scan ad it came up clean, and an anti-spyware scan is next, so I'm not worried.

I'm wondering hough... is anyone else getting this?

Lily,download malwarebytes anti malware and run it,this will remove it,look for it on this site it and use the free trial version.http://www.download.com/3055-8022_4-10878968.html?tag=pdl-redir

[ziggy]

The scan was over 2 hours but it worked.Halfway through my avg detected a trojan d.loader and put it in the vault.

Summary.
Malwarebytes' Anti-Malware 1.25
Database version: 1095
Windows 5.1.2600 Service Pack 2

1:21:47 PM 29/08/2008
mbam-log-08-29-2008 (13-21-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 171593
Time elapsed: 2 hour(s), 35 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\__c009CC32.dat (Trojan.Zlob) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009cc32 (Trojan.Vundo) -> Delete on reboot.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f307ad5d.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\randy\Local Settings\Temp\_A00F307AD5D.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c009CC32.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

[lily]

ziggy wrote:

lily wrote:

What the heck is this and why am I getting so many pop-ups tellin me my computer is at risk?

Some of the pop-ups look "legit" - it looks like Windows XP - but others are clearly ads.

I've run an anti-virus scan ad it came up clean, and an anti-spyware scan is next, so I'm not worried.

I'm wondering hough... is anyone else getting this?

Lily,download malwarebytes anti malware and run it,this will remove it,look for it on this site it and use the free trial version.http://www.download.com/3055-8022_4-10878968.html?tag=pdl-redir

Thank you! I'll d-load that and run it tonight.

[Brenda]

herbie wrote:

One of the effects of this infection is that if you attempt to run regedit, it will pop up a window even in safe mode announcing "Regedit has been disabled by your administrator".
Changes made by most programs like SpyBot, SuperAntiSpyware, AVG (1st sign, your anti-virus won't update) are reversed on reboot. Eventually you even lose connectivity and you're hooped. There are a few products that claim the ability to remove the infection but they're not free so take your chances.
Another pain is System Restore which has become entirely a spot to hide trojans/viruses and is a next to useless function.
I've had to inform most victims that it's unfortunate but unless they are willing to pay for as much as 8 hours of pissing around, they're looking at a format, fixboot and reinstall as it's simply cheaper.
Your books are worth the labour cost, it's TFB about your music and pictures. Learn to back up shit.
What is really interesting is that I have yet to see a Vista machine come in with this infection, just XP boxes!

My AVG would not update the last couple of days, but I don't get pop-ups yet. I went to the AVG site, updated again, and now it says it's updated. Should I be scared?

BTW, I use Vista...

[ziggy]

Brenda wrote:

herbie wrote:

One of the effects of this infection is that if you attempt to run regedit, it will pop up a window even in safe mode announcing "Regedit has been disabled by your administrator".
Changes made by most programs like SpyBot, SuperAntiSpyware, AVG (1st sign, your anti-virus won't update) are reversed on reboot. Eventually you even lose connectivity and you're hooped. There are a few products that claim the ability to remove the infection but they're not free so take your chances.
Another pain is System Restore which has become entirely a spot to hide trojans/viruses and is a next to useless function.
I've had to inform most victims that it's unfortunate but unless they are willing to pay for as much as 8 hours of pissing around, they're looking at a format, fixboot and reinstall as it's simply cheaper.
Your books are worth the labour cost, it's TFB about your music and pictures. Learn to back up shit.
What is really interesting is that I have yet to see a Vista machine come in with this infection, just XP boxes!

My AVG would not update the last couple of days, but I don't get pop-ups yet. I went to the AVG site, updated again, and now it says it's updated. Should I be scared?

BTW, I use Vista...

My avg was updated but didnt find anything untill I ran that program and then found a trojan downloader halfway through the scan and malware found 5 others.
I researched that virus lots today and everything I have read about that malware site has been positive.
Here are some of the things that were happening to me since the infection.
1) booting up my pc would bring up my desktop and no icons,hitting control alt delete to bring up the task manager and then maximizing it and minimizing it several times would bring up my full desktop.
2)pop ups galore for anti virus and web site domain names for sale,was starting to think Tritium had embedded a few links for his domain name bussiness.
3) I also was getting file transfers on msn from people infected with a different virus that asks you if you have seen these pics or whatever and there zip files so if you see any of those dont open them.

Run that program and you should be allright and beats banging out a hjt log and sending it to a guru for step by step instructions in reg-edit.

Sounds like Vista so far is ok from this threat.

[Elvis]

WOW

What a coincidence this week I had to install and reinstall 4 OS because of related malware, Virus infection on winXP and Window Vista. Those Hacker are getting too good at this for normal windows user to continue to be secure.

The first one was a Vista computer who was so slow and buggy that I didn't even bother to boot the OS to make the costumer Backup. I Simply use a live CD and and resize the Vista partition to make space for the Backup Partition on which I later transfer 20 Gib of music and Video. (the Owner beg me to install Mandriva Linux like I did for her boyfriend 3 month ago) One less vista on this earth

The other one had her Internet connection high jack by some unknown virus. so instead of messing around to try to remove it I just did a clean reinstall. removing virus sometime work and sometime it doesn't and since I charge by the hours it is cheaper to just reinstall the OS. And then be 100% sure to deliver a virus free machine.

The other one was a custom reinstall of is infected Winxp PLUS a Mandriva Linux in dual boot. This dude is a gamer who will use is winXP from now on to ONLY play and is Linux OS for all the rest of is computer need.

When I read post like this one

Quote:

Run that program and you should be allright and beats banging out a hjt log and sending it to a guru for step by step instructions in reg-edit.

Sounds like Vista so far is ok from this threat.

Brenda wrote:

herbie wrote:

One of the effects of this infection is that if you attempt to run regedit, it will pop up a window even in safe mode announcing "Regedit has been disabled by your administrator".
Changes made by most programs like SpyBot, SuperAntiSpyware, AVG (1st sign, your anti-virus won't update) are reversed on reboot. Eventually you even lose connectivity and you're hooped. There are a few products that claim the ability to remove the infection but they're not free so take your chances.
Another pain is System Restore which has become entirely a spot to hide trojans/viruses and is a next to useless function.
I've had to inform most victims that it's unfortunate but unless they are willing to pay for as much as 8 hours of pissing around, they're looking at a format, fixboot and reinstall as it's simply cheaper.
Your books are worth the labour cost, it's TFB about your music and pictures. Learn to back up shit.
What is really interesting is that I have yet to see a Vista machine come in with this infection, just XP boxes!

My AVG would not update the last couple of days, but I don't get pop-ups yet. I went to the AVG site, updated again, and now it says it's updated. Should I be scared?

BTW, I use Vista...

My avg was updated but didnt find anything untill I ran that program and then found a trojan downloader halfway through the scan and malware found 5 others.
I researched that virus lots today and everything I have read about that malware site has been positive.
Here are some of the things that were happening to me since the infection.
1) booting up my pc would bring up my desktop and no icons,hitting control alt delete to bring up the task manager and then maximizing it and minimizing it several times would bring up my full desktop.
2)pop ups galore for anti virus and web site domain names for sale,was starting to think Tritium had embedded a few links for his domain name business.
3) I also was getting file transfers on msn from people infected with a different virus that asks you if you have seen these pics or whatever and there zip files so if you see any of those don't open them.

Run that program and you should be alright and beats banging out a hjt log and sending it to a guru for step by step instructions in reg-edit.

Sounds like Vista so far is ok from this threat.

It is obvious to me that a Modern Linux distro is simpler to use and maintain for an ordinary computer user than win OS. For example

I sold a brand new Computer to a very unexperienced computer user. The fist thing she wanted to do was to download some music of the net with Frostwire. The second .MP3 that she downloaded didn't work, so she ask me was was the problem with it?

I simply told her that it was NOT a real MP3 file but a malware in disguise as a MP3. If I had build her a win OS based computer she would have probably fuck up her Brand new custom build computer within the fist hour she power it on

[Brenda]

Quote:

3) I also was getting file transfers on msn from people infected with a different virus that asks you if you have seen these pics or whatever and there zip files so if you see any of those dont open them.

I got several of those in messages on Facebook. Yo-uTube vids or something (mind the -, it was NOT YouTube), at least, that is where it linked to, asking if it was me looking so good making love

Turns out that were Trojans too. So don't click those either

[ziggy]

Worked for me and like usuall it was free.

you just have to search around,ignore the doom and gloom from those that want you to do a reformat.
Most of the time their so interested in making a buck doing it that they forget about the free workarounds available anywhere on the net.

I never trust anyone who tells me I have to reformat,that means they dont know how to fix it and take the easy way out.

Most systems can be fixed after a hijack like this without wiping all your personal data.

[ziggy]

Look at this way peeps,if someone tells you to reformat your c drive because of this then find someone else.

If I can wipe this baddy then im sure the IT's who really know what their doing can also.

[ziggy]

Brenda wrote:

Quote:

3) I also was getting file transfers on msn from people infected with a different virus that asks you if you have seen these pics or whatever and there zip files so if you see any of those dont open them.

I got several of those in messages on Facebook. Yo-uTube vids or something (mind the -, it was NOT YouTube), at least, that is where it linked to, asking if it was me looking so good making love

Turns out that were Trojans too. So don't click those either

Sounds like you allready have it,if you got even one pop up then you better run that scan because what do you think is causing those pop ups?.

[Brenda]

ziggy wrote:

Brenda wrote:

Quote:

3) I also was getting file transfers on msn from people infected with a different virus that asks you if you have seen these pics or whatever and there zip files so if you see any of those dont open them.

I got several of those in messages on Facebook. Yo-uTube vids or something (mind the -, it was NOT YouTube), at least, that is where it linked to, asking if it was me looking so good making love

Turns out that were Trojans too. So don't click those either

Sounds like you allready have it,if you got even one pop up then you better run that scan because what do you think is causing those pop ups?.

I don't have pop-ups, and I didn't click the links
I deleted the messages asap

And, like I said, I use Vista