November 28th, 2005, 06:52 PM
Somethin wrong is goin on!!
a new kinda virus has affected my computer. Actually i went to site called www.serials.ws for gettin some serials. But, all i got from that site was a GOD DAMN VIRUS.
What it does is, it automatically starts an iexplore.exe i.e. it doesnt open a new internet explorer window but when I press CTRL+ALT+DEL i.e. the Task Manager, i see this process runnin. And it keeps on generatin new processes like that after some time interval. And it only works when i am connected to the internet. So, here's wat it happens:
1. My computer works fine until its connected to internet.
2. After the computer is connected to the internet, the process iexplore.exe starts by itself. Remember, no Explorer windows opens. But, it's listed in the process list in the Task Manager menu. And multiple iexplore.exe processes keeps on starting by itself.
3. To stop it, I either keep on checking from time to time the Task Manager process menu, n terminate the suspected processes(sometimes, i even end up closing the actual iexplore.exe on which i m working!). And if i dont terminate these processes( from Task Manager process menu), after sometime I get a message "The webpage you are viewing is trying to close by itself, Press Yes to continue or No to cancel". So, if I press "yes", one of those iexplore.exe gets terminated but the other iexplore.exe processes are still there. So, its like If I dont terminate the processes from the Task Manager process menu, I keep on getting the dialogue box after some time intervals.
4. And as soon as I disconnect the internet, I no more see this problem.
Following are the details of my machine:
Windows XP Professional SP2
Internet Explorer 7.1
Although u may not need it, but still:
256 MB Ram
AMD Athlon XP 2000+ 1.67 GHz
64 MB Graphics Card
To avoid this, I tried scanning my computer from the following(all with fully updated definations):
Lavasoft Ad-Aware SE Personal
But there was no relief, I even tried scannin by Online Symantec Virus removal tool, but no success.
One more thing, I completely forgot to tell is, when i see a new iexplore.exe is started from the Task Manager, By pressing the ALT+TAB key, when I take my cursor, to the new IE process, it tells its openin a url called www.deal-nation.com/normal/yy102/h.... or sometimes www.deal-mobile.com/yy102/h... and also www.your-deal.com/normal/yy102/h..., n if i leave my cursor over there, still I dont c any IE window, but if I directly press ALT+F4 just after that, the process iexplore.exe gets terminated.
I dont know whether i was able to completely tell the problem to you, but still i tried my best, and if u want some more clarification, please ask me. And tell me the solution. I'll be really greatful. Coz, if I tell u, the whole above matter, was completed in the fourth attempt....
I am sure, its somethin related to those URLs, but I didnt had the balls to check them, myself.
Thnx to everyone, helping me with this!!
November 28th, 2005, 06:57 PM
I also saw one more thing, my Phishing filter isnt workin. It says " Phishing Filter is not currently available, and cannot check whether this is a suspicious or reported phishing website." I seriously hav no idea, wat the heck is goin on. One more URL I found was "www.popunder.paypopup.com/....."
November 28th, 2005, 06:57 PM
Whoa, chill out.. first off, you should have posted a warning about that link before posting it (I didn't click it, but apparently it isn't good). Second, what are you worrying about? By the sounds of things, you might have contracted some malware.. in which case you should lookup some spyware removal tools (possibly in our download section) or malware removal tools online.
That's my guess on it, post back if you need further assistance. Oh, and please.. calm down. You'll be alright.
EDIT: Ah, I see you tried that.. Hrmm.. I'll lookup this tool you might have to download that target's the damaged/corrupted files and eliminates them (I just forgot the link).
November 28th, 2005, 06:58 PM
November 28th, 2005, 07:00 PM
Okay, I'm still searching.. but I wouldn't post these url's if they are causing problems. Just a tip..
November 28th, 2005, 07:03 PM
Hey In task manager highlight the iexplorer process and choose end process tree ( not end process) That should kill what ever is relaunching and then run your spyware removal tools.
Of course running the tools in safe mode works too.
November 28th, 2005, 07:07 PM
C'mon get some more caffeine/booze in ya huh?
Now that Isn't some cracking site is it?
I am going to give him a full blast of the negometer for that insult to my cat's fleas' intelligence.....yes I did go to the site.............no.............I went in an ARV
November 28th, 2005, 07:07 PM
would you care to tell us your standard security practice ?
what you run, and when ?
and although this thread doesn't cover the Anti-Virus, it does have links to some other tools you may wish to try.........
Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html
This is software that will stop the bad guys from even getting onto your PC in the first place. Again, it's a free download, and it's a load and forget device, even has auto-update enabled for us really forgetful types.
Another piece of software that detects when the registry is being changed, and will alert you to it, to let you decide whether to allow / disallow.
One tip. suspend Prevx protection when you are loading software, as it will question EVERYTHING that you are doing
55 - I'm fiftyfeckinfive and STILL no wiser,
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
November 28th, 2005, 07:08 PM
yeah I just gave him a slap on the wrist for it
but seriously go through your posts and place something like [REMOVE ME] in the middle of the URL so someone doesn't stumble onto this post and visit them by accident. otherwise you are just aiding with the distribution of this malware.
Next I would get an alternative browser (eg: Firefox) and block IE at your firewall to stop it dialing home.
Personaly at this stage I would prefer to go for a full backup / format / reinstall if you are infected with unkown malware - but if thats not an option then get these, update fully and scan
spybot search & destroy
also I would check your hosts file for any 'additions' and you could place the offending urls in there redirected to 127.0.0.1 as an added precaution to them dialing home.
Check your firewall for any other sus traffic and report back
you may also want to post a hi-jack this log for some of the members here to take a look at.
Oh and next time - just pay for the software....and dont give me some BS about "but its too exspensive!" if thats the case dont use it! Would you expect the police to accept the same excuse if you drove off in someone elses car? So what makes this different? And if you insist on pirating software dont broadcast the fact on a security forum - esp not one which has a large amount of software developers ¬_¬
November 28th, 2005, 07:15 PM
OK In response to your IM. If you have ran all your malware / AV tools (in Safe Mode) and followed the advice of valhallen...
Format the box. It will take less time than tracking down all the registry keys and hidden programs.