Recent Changes - Search:

Some Important Links


*Home away from home


*Markup Doc *Documentation Index *SandBox

edit SideBar

AntoSpam

ATT downloads (McAffee)

Free help:

 TrendMicro ~ Malware's AnitMalware ~ Windows recommends 

~ windows live scanner

Expensive help:

 anticybercrime
 Spyware Dr.

1-7-10

 My Gateway Internet Exposer is infected with something that randomly takes me to: 
 http://freshantyflu.com/index.php?affid=91101
 http://online-antispyi2.com/scn1/?id=pXT35zDuMzAuOTEuODImcGlkPTQwczEmdGltZT0xMjYzMQUNPAJM

Twice now, on two different laptops, Windows has allowed a piece of malware to affect the operating system. This last time, I took careful notes to document the problem. Here is the condensed version:

 - I googled a topic I and started visiting the resultant sites. Since my keywords were very specific, I checked all of the hits.
 - One of the sites was not totally on-topic; In hind site, the google listing had many keywords, all on different topics.
 - An anti-virus software advertisement popped up on my screen. Since I have seen this before, I knew what was happening.
 - I updated my McAfee? and did a full scan. It found nothing.
 - I updated the Windows Malicious Software removal tool and did a full scan. It found nothing.
 - I updated my Symantec and did a full scan. It found nothing.
 - I updated the Yahoo! anti-spyware and did a full scan. It found nothing.
 - I did a little digging on the internet and found Malwarebytes' Anti-Malware.
 - I did the free download as directed here, updated it, and did a quick scan. The program found a problem and then fixed it.
 - End of story. Mission complete. Job done. It must be Martini time!

Michael, can u tell which one of these trojan'ed my PC? I was running a google search:

 Pocketlite sale running through the list, looking at the prices.

I have them listed as indicated in my browser history... the bottom 3 are be OK.

 http://live-antivirus-pc-scan.com/2009/1/en/_freescan.php?nu=77025310
 http://membre_8v92-tur7b.mostpoparea.com/index.html?Ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dcolt%2Bmustang%2Bpocketlite%2Bsale%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a
 http://live-antivirus-pc-scan.com/2009/1/en/freescan.php?id=77025310
 http://live-antivirus-pc-scan.com/2009/1/freescan.php?nu=77025310
 http://becomerealuser.cn/soft.php?aid=025310&d=1&product=XPA&refer=729adbe66
 http://membres.lycos.fr/fvgceiic/8v92-tur7b/76.html

 http://www.thefiringline.com/forums/showthread.php?t=328573
 http://www.northeastshooters.com/vbulletin/showthread.php?t=48788
 http://www.gunbroker.com/Auction/ViewItem.asp?Item=117930592

Found it in reviewing the search! Now... what do we do about it? The Yahoo free spyware checker does not detect it. Running McAfee? is useless. I d/led a fresh copy the windose malicious sortware removal tool... it finds nothing.

Colt Government Pocketlite. College Grants Antibioctics For A ... For sale colt mustang pocketlite footwells lustic sxr kicker for sale sundancer for f tokens, 2, celica gt engine parts for sale dell e puter footballers ... membres.lycos.fr/fvgceiic/8v92-tur7b/76.html - 10k - Cached - Similar pages -

Sent this to google:

Was searching "colt mustang pocketlite sale" to see current prices. The link above installed a trojan in my PC. It is just a matter of time before the machine becomes unusable... had the same problem 2 weeks ago in a different machine.

Thanks. congamike

Sent this to customer.support@lycos-europe.com. Dear Sirs,

I have discovered that one of your customers is using your services to enact internet piracy. During this piracy, they install a particularly destructive trojan by exploiting a problem in Internet Explorer.

I was guided to your pages by the following google search result:

Colt Government Pocketlite. College Grants Antibioctics For A ... For sale colt mustang pocketlite footwells lustic sxr kicker for sale sundancer for f tokens, 2, celica gt engine parts for sale dell e puter footballers ... membres.lycos.fr/fvgceiic/8v92-tur7b/76.html - 10k - Cached - Similar pages -

From there, my browser was pirated as follows (in reverse order):

 http://live-antivirus-pc-scan.com/2009/1/en/_freescan.php?nu=77025310
 http://membre_8v92-tur7b.mostpoparea.com/index.html?Ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dcolt%2Bmustang%2Bpocketlite%2Bsale%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a
 http://live-antivirus-pc-scan.com/2009/1/en/freescan.php?id=77025310
 http://live-antivirus-pc-scan.com/2009/1/freescan.php?nu=77025310
 http://becomerealuser.cn/soft.php?aid=025310&d=1&product=XPA&refer=729adbe66
 http://membres.lycos.fr/fvgceiic/8v92-tur7b/76.html

I lost the use a computer two weeks ago due to a similar google search resulting in a forward to live-antivirus-pc-scan.com and am saddened that this one is now infected.

Please stop this instance of browser piracy and scan the remaining user pages for similar behaviour.


http://liveantiviruspccheck.com/2009/1/en/_freescan.php?nu=770522166350 = Browser exploit. reported to McAfee? 12-28-9


To do a system restore: press f12 (safe mode) during reboot. Boot in safe mode with network. watch for a menu that enables restore. System restore is useless because the trojan has not affected the "system."


On 1-7-9 I picked it up in the compaq laptop. Was able to load a newer Internet Exposer. Mcafee was disabled so I installed another one. New one does not run either. Updated my Symantic and am performing a full scan.

 How to remove ~ MalWare

Spam Killers

Edit - History - Print - Recent Changes - Search
Page last modified on September 02, 2010, at 02:52 PM EST