-
October 17th, 2003, 05:01 AM
#1
HotPorn476
Hey Guys. Recently i got this virus on my machine. It creates a file in my Windows/system folder a .exe file called HotPorn476 and a shortcut on my desktop called Sweet Girls Having Sex or something like it. I do not know how i got it . probably from some pop-up or sex website the weird thing is i looked it up in google and it doesnt show up so i went to Properties of Hotporn476.exe and saw the original filename . It's called Rampage.exe so i looked it up on google but came up with nothing. So i went to symantec.com and searched there and found it . Removal instructions say that i update my Norton AV and do a full system scan, so I install NAV 2004 and do a full system scan and it came up with no viruses found. :Big fat smile on my face: but now whenever a website redirects me to some "Search Website" like the ones with many categories to browse when a link doesnt work you clicked on i get the file again in my system folder. The best part comes. Whenever the file Hotporn.exe runs it kicks me offline and starts dialing a number, a (900) number. And symantec says that your phone comapany will charge you 40$ extra if it dials it . Lucky i pulled my modem out of the wall before it finished dialing. So my question is: Has anyone had this "virus" and if yes how can i remove it complitely because it only runs whenever i get the Search site, and yes i did a search for any other "Hotporn.exe or Rampage.exe file on my computer but didnt came up with anything. I also checked the registry and the Startup options. Any advice?
-
October 17th, 2003, 05:22 AM
#2
Hum... One sec
Ok I am looking through "Try to steal this Book2"
I am trying to see if I can find something, I remember seeing something about this.
But here is a link that i found
http://www.doxdesk.com/parasite/AccessPlugin.html
I also recommend that you get Registry prot
It will help to keep it from touching your Registry
-
October 17th, 2003, 05:41 AM
#3
hahahahaha yea my advice is stay away from the internet porn and scan your files before you first open them
-
October 17th, 2003, 06:05 AM
#4
this is probably one of those sites that install a software on your system when you visit them they most prob asked if you wanted to install and you had clicked yes either intentionally or not. some of them install without asking. dependign on your security settings.
yes they will dial a number and you gonna get charged a ridiculous amt for it. its mentioned in 'Steal this computer" book. check if the program can be uninstalled. run AV scan. run adaware & spybot.
See if that helps.
-
October 17th, 2003, 06:09 AM
#5
r8devil look up.
I already said all that, and he said that his Scanner wasn't picking it up.
Ok...
Now, I can't remember where I saw this at, I saw it somewhere else also.
-
October 17th, 2003, 11:03 AM
#6
Try renamimg it from a DOS prompt. If that doesn't work go to task manager and see if it is there and the process ca be ended then rename the file, If that doesn't work boot to safe mode and try the same. Once you get the exe stopped you need to investigate iexplore.exe too IMO, try to get a good clean copy.... Better yet see if M$ has an IE upgrade or service pack that you haven't applied yet and apply it.... that should zap anything that got changed to do with ie.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
October 17th, 2003, 11:38 AM
#7
ok here the replie to all your suggestion .
Whizkid:i already tried that but it says cannot load file. Check the location.
Computernerd: if n kewn there was a file on my computer i wouldnt even open it without knowing what it is, i always scan first.
Tigershark: I go to processes of course and kill the process tree of HotPorn476 and then i delete it from the folder and search for any rampage or hotporn registry entries and delete them, but whenever i get redirected to that search site the file comes up again, im gonna try your suggestion and download upgrades for IE and also play abit in the Internet option and download a pop-blocker because the search site pops-up only
-
October 17th, 2003, 12:25 PM
#8
Hi MemorY,
Try:
http://www.spywareinfo.com/~merijn/index.html
and get Hijack This. it is specialist software to detect hijackers. Look for references to the scumware you have detected and delete them. Be careful!.......it will show you everything, not just the bad guys.
Also:
http://www.swatit.org
get SwatIT, update and run. This one takes a long time, but it digs pretty deep and can find things that AdAware and SpyBot Search & Destroy do not.
Then:
http://www.winpatrol.com
You want WinPatrol from BillP Studios. Look at cookies and kill what you don't like or understand (your problem could be from third party cookies) This app. also shows you startup and run once info. so check them also
Another posibility is that this has gotten into your "hosts" file, which you will find somewhere in your Windows folder. Edit this with Notepad and delete any references to the scumware. i am not sure why, but it seem that stuff buried in the "hosts" file does not get found by standard detection software.
Good Luck
BTW http://www.diamondcs.com.au is where you will find RegistryProt. the site is worth a visit anyways.
-
October 17th, 2003, 03:39 PM
#9
IE is a good place to look. Spyware it may or may not be. Try killing it from a DOS boot disk. Basicaly what everybody has suggested is good advice. One thing I may suggest that I didn't see mentioned herein. If you are using a firewall, set up a general rule blocking rampage.exe from using any ports, be sure that you block usage of both udp and tcp, and block access to it both to and from connections. I know with Norton, it will alert me as to what ip it is trying to access, what port it using and it also sometimes revels another name for the exectable. Sometimge reveling a *.dll, or another *.exe file. One that looks for the files you are deleting, and replaces them if they are found missing.
Also check your file integrity from
c:\>sfc /scannow
oh one more thing, don't forget to look at your prefetch files
Other than that, good luck
/edit added info
Your heart was talking, not your mind.
-Tiger Shark
-
October 17th, 2003, 03:49 PM
#10
try the program porn cleaner, i brought a computer of a friend and it was filled with porn i used porn cleaner and it cleaned every ounce of porn of the hard drive.
I think you can still get it from
www.phazeddl.com
And yes it is one of those warez sites, but hey the program worked, i did go and buy the full copy from a computer shop.
And i give it 10\10 potatoes.
Anyhow cheers
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|