Help have I been attacked

Goneforagasper

Goneforagasper

Suspended / Banned
Messages
211
Name
Peter
Edit My Images
Yes
Yesterday I had a microsoft message - downloading updates, which it did.
After that it gave a Java error which opened up a file on desktop on its own.
It then came up with select browser and gave a choice, I selected Internet Explorer 8 which I was on anyway.
Then every time I tried to open a website it redirected me to another eg gambling sites.
I restored to last week and then this morning I got the same downloading updates message and the websites are being redirected again.
I am on XP and have tried Microsoft malicious removal tool and System mechanic malware/spyware scan. Both came up with nothing.
Can anyone please help
Peter
 
The latest update was for the browser selection thingy which I think you'll find most people won't bother downloading and installing. You can tell it not to check for this in the future.

My guess is that the ms download is unconnected with the pop-ups. Unless.... in selecting IE8 (WHY?!?!) it reverted to a default setup which allows pop-ups where you had them previously switched off.

You say you get these pop-ups when accessing ALL sites? Are you sure? If so, then you probably do have something dodgy on your system but I can't think of anything that would only present gambling sites.
 
Thaks for the reply, its not just gambling sites that was an example but when I key in a site I get redirected to totally different sites.
I have checked and pop up blocker is still on
 
i have malware b' and use the safari brouser.

since changing from int explorer, i've never been happier.
 
hi all.

another one to look out for is XP Defender Pro 10. it seriously screwed my machine up. shut down my anti-virus program and froze the machine every time i tried to load another one. would not let me onto the net unless it was a site of its own choosing.

Ben.
 
Tried Malwarebites - it found 4 infections which it cleared but still getting redirected on web to shopping sites, porn sites and all kinds of sites.
I have run Malware bites twice and Iolo system mechanic - no luck
 
As above, hosts file is a good place to start if your browser is redirecting you.

If not, maybe use something called HijackThis, scan and save a log file, then paste the log file here.

Sounds like spyware/malware but its not always picked up with scanners such as malwarebytes

I usually run multiple scanners and they all seem to find different things!!
 
smithphoto said:
Try ad-aware. www.lavasoft.com/index.php It's great for getting rid of malware, which is what you've got, and is a really good anti virus package.
Click to expand...

Only the version that you pay for has AV, the free one does not. There are so many good free products out there, I can't bring myself to pay for one, especially as no one product catches everything - even the paid ones.
 
Thanks for all your replys, I could not find how to get into hosts - if someone could explain it to a dummy like me I would appreciate it.
I did Adaware and m/bites and they both found tracking cookies which I deleted. But still had problems so rang BT internet helpline and he loaded by remote assist, Superantispyware which quickly found 45 tracking cookies which he deleted and he loaded Firefox which he said was better than IE
Working ok but I would like to go back to IE because I am so used to it but I dont know if I dare. Having spent all day on this, if it happens again I would be suicidal

Peter
 
Goneforagasper said:
Thanks for all your replys, I could not find how to get into hosts - if someone could explain it to a dummy like me I would appreciate it.
I did Adaware and m/bites and they both found tracking cookies which I deleted. But still had problems so rang BT internet helpline and he loaded by remote assist, Superantispyware which quickly found 45 tracking cookies which he deleted and he loaded Firefox which he said was better than IE
Working ok but I would like to go back to IE because I am so used to it but I dont know if I dare. Having spent all day on this, if it happens again I would be suicidal

Peter
Click to expand...

For future ref:
The hosts file can be opened using notepad or wordpad.
May be worth making a copy of yours now so you can just replace if it's suspected to be tampered with in the future.
 
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/04/2010 08:25:54
mbam-log-2010-04-04 (08-25-54).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 190133
Time elapsed: 1 hour(s), 22 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfu

This is report I got after a m/bites scan but after cleaning it is still the same

Any ideas please
 
Hosts file:

Click on the start menu. Next click on "Run" (if XP)

Type the following exactly:

notepad c:\windows\system32\drivers\etc\hosts

If you don't type it exactly you will get an error. The file should start with a lot of comments (each line that is a comment has a hash # symbol at the start) then a single entry:

127.0.0.1 localhost

If there are more then it is indicative of something having tampered with it. Given that most people don't know what the hosts file is or does, it would be bad if it has additional entries.

Next, from Internet explorer go to "tools" then "Internet Options" then the "connections" tab and click on "LAN settings." If the box labelled "Use a proxy server for your LAN" is ticked then untick it.
 
Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost


This is what it says - what do you think?
 
It's fine, now do the other thing I mentioned.
 
Try Spybot search and destroy, free program I use it in conjunction with Malwarebytes and Windows Defender, It can be set up to run on a scedule to check every day if you need to.
http://www.safer-networking.org/index2.html
 
bopins said:
hi all.

another one to look out for is XP Defender Pro 10. it seriously screwed my machine up. shut down my anti-virus program and froze the machine every time i tried to load another one. would not let me onto the net unless it was a site of its own choosing.

Ben.
Click to expand...

I've got this on my home PC at the moment. After starting XP it starts the virus search (which is the actual virus), theres no taskbar, or start button. Add to that its either stopping my optical mouse (or its decided to pack up at the same moment!). I can start taskmanager and see that 'uprot.exe' is running and using 80% of cpu, but cos I cant move any windows or click on anything im screwed!
Any thoughts?
 
whatdoesthisbutt said:
I've got this on my home PC at the moment. After starting XP it starts the virus search (which is the actual virus), theres no taskbar, or start button. Add to that its either stopping my optical mouse (or its decided to pack up at the same moment!). I can start taskmanager and see that 'uprot.exe' is running and using 80% of cpu, but cos I cant move any windows or click on anything im screwed!
Any thoughts?
Click to expand...

try getting the programs mentioned above, malwarebytes, adaware, spybot search and destroy on a usb key. Boot your pc into safemode usually by pressing F8 on your keyboard whiile the PC is booting, you will get a list of options choose safe mode. When the pc has booted up try installing the programs, and running them - they may not run in safemode.
check your start menu for the "run command" or type msconfig into the search box.
You should get the System Config box up, goto the startup section.
There will be a list of all the programs that run at startup you can deselect any that you want or all of them if you prefer. try restarting in normal mode and running malwarebytes etc. When you have finished ( it may take hours mind) go back to the system config and tick the ones that you know you want to run, most are obvious.
 
Thanks for all the replys, I have been off line since Tuesday the reason being I have tried all the recommended anti malware programmes - did not solve the problem so was recommended Kapersky and set a scan running Tuesday at 6pm - it is still running now Sat 7-30pm.
Up to 80000 files and still going.
I have just borrowed my daughters comp to check emails and catch up with this.
The scan found a major problem which brought up a red box telling me to delete and restart which I did. It restarted and continued the scan and is still continuing. It is showing 22 viruses so far.
 
Personally, if it's that screwed, I'd back up the data and do a total reinstall. AV scans that run for days are God's way of telling you your computer is shagged beyond all help.
 
LemmingLover said:
Personally, if it's that screwed, I'd back up the data and do a total reinstall. AV scans that run for days are God's way of telling you your computer is shagged beyond all help.
Click to expand...

I agree with lemming, if after trying the software recommended (i also recommend spybot s&d and ad-aware) the problem is still there and if kaspersky don't fix it then do a complete reinstall.

It might be a pain but i would rather that, than spend days tryin to fix a problem and have to do it anyway.
 
I ended up doing a re-install. The reason my mouse didnt work was that it had disabled all the USb ports...and even now I cant 'see' them again, even removing and rinstalling the hub.
So now I have a new partition install which I can look at the old stuff, but not open anything as a message tells me 'windows cant see it' or that the extension is corrupt.
None of the USB ports work.
think Im going to get a cheapie tower off ebay, throw in the memory from the knackered PC, just to get back online, and have a running PC at home again.
Then I can tinker with the old one...or burn it, whichever my limited patience leads me towards!!
 
Having tried every anti virus and anti malware you can think of and trying all the suggestions on here I decided to do the complete restore.
Just before starting I ran the MS malicious detector tool and that did a scan and cleared a couple of problems before saying it could not completely delete all the virus and directed me to Microsoft Security Essentials.
This found and cleared 5 critical problems, trogens etc and I have been OK since. Fingers crossed it is sorted and thanks to everyone on here for being so helpful

Peter
 
You must log in or register to reply here.
Back
Top