Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Somethin wrong is goin on!!

  1. #1
    Senior Member codenamevirus's Avatar
    Join Date
    Jun 2005
    Location
    Faridabad, Haryana, India
    Posts
    298

    Somethin wrong is goin on!!

    hi everyone

    a new kinda virus has affected my computer. Actually i went to site called www.serials.ws for gettin some serials. But, all i got from that site was a GOD DAMN VIRUS.

    What it does is, it automatically starts an iexplore.exe i.e. it doesnt open a new internet explorer window but when I press CTRL+ALT+DEL i.e. the Task Manager, i see this process runnin. And it keeps on generatin new processes like that after some time interval. And it only works when i am connected to the internet. So, here's wat it happens:

    1. My computer works fine until its connected to internet.
    2. After the computer is connected to the internet, the process iexplore.exe starts by itself. Remember, no Explorer windows opens. But, it's listed in the process list in the Task Manager menu. And multiple iexplore.exe processes keeps on starting by itself.
    3. To stop it, I either keep on checking from time to time the Task Manager process menu, n terminate the suspected processes(sometimes, i even end up closing the actual iexplore.exe on which i m working!). And if i dont terminate these processes( from Task Manager process menu), after sometime I get a message "The webpage you are viewing is trying to close by itself, Press Yes to continue or No to cancel". So, if I press "yes", one of those iexplore.exe gets terminated but the other iexplore.exe processes are still there. So, its like If I dont terminate the processes from the Task Manager process menu, I keep on getting the dialogue box after some time intervals.
    4. And as soon as I disconnect the internet, I no more see this problem.

    Following are the details of my machine:
    Windows XP Professional SP2
    Internet Explorer 7.1
    Although u may not need it, but still:
    256 MB Ram
    AMD Athlon XP 2000+ 1.67 GHz
    64 MB Graphics Card

    To avoid this, I tried scanning my computer from the following(all with fully updated definations):
    McAfee
    Microsoft Antispyware
    Lavasoft Ad-Aware SE Personal

    But there was no relief, I even tried scannin by Online Symantec Virus removal tool, but no success.

    One more thing, I completely forgot to tell is, when i see a new iexplore.exe is started from the Task Manager, By pressing the ALT+TAB key, when I take my cursor, to the new IE process, it tells its openin a url called www.deal-nation.com/normal/yy102/h.... or sometimes www.deal-mobile.com/yy102/h... and also www.your-deal.com/normal/yy102/h..., n if i leave my cursor over there, still I dont c any IE window, but if I directly press ALT+F4 just after that, the process iexplore.exe gets terminated.

    I dont know whether i was able to completely tell the problem to you, but still i tried my best, and if u want some more clarification, please ask me. And tell me the solution. I'll be really greatful. Coz, if I tell u, the whole above matter, was completed in the fourth attempt....
    :-(

    I am sure, its somethin related to those URLs, but I didnt had the balls to check them, myself.

    Thnx to everyone, helping me with this!!
    CodeNameVirus

  2. #2
    Senior Member codenamevirus's Avatar
    Join Date
    Jun 2005
    Location
    Faridabad, Haryana, India
    Posts
    298
    I also saw one more thing, my Phishing filter isnt workin. It says " Phishing Filter is not currently available, and cannot check whether this is a suspicious or reported phishing website." I seriously hav no idea, wat the heck is goin on. One more URL I found was "www.popunder.paypopup.com/....."
    CodeNameVirus

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Whoa, chill out.. first off, you should have posted a warning about that link before posting it (I didn't click it, but apparently it isn't good). Second, what are you worrying about? By the sounds of things, you might have contracted some malware.. in which case you should lookup some spyware removal tools (possibly in our download section) or malware removal tools online.

    That's my guess on it, post back if you need further assistance. Oh, and please.. calm down. You'll be alright.

    EDIT: Ah, I see you tried that.. Hrmm.. I'll lookup this tool you might have to download that target's the damaged/corrupted files and eliminates them (I just forgot the link).
    Space For Rent.. =]

  4. #4
    Senior Member codenamevirus's Avatar
    Join Date
    Jun 2005
    Location
    Faridabad, Haryana, India
    Posts
    298
    CodeNameVirus

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Okay, I'm still searching.. but I wouldn't post these url's if they are causing problems. Just a tip..
    Space For Rent.. =]

  6. #6
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    Hey In task manager highlight the iexplorer process and choose end process tree ( not end process) That should kill what ever is relaunching and then run your spyware removal tools.

    Of course running the tools in safe mode works too.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    C'mon get some more caffeine/booze in ya huh?

    tossers:www.serials.ws

    Now that Isn't some cracking site is it?

    I am going to give him a full blast of the negometer for that insult to my cat's fleas' intelligence.....yes I did go to the site.............no.............I went in an ARV

  8. #8
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    would you care to tell us your standard security practice ?
    what you run, and when ?

    and although this thread doesn't cover the Anti-Virus, it does have links to some other tools you may wish to try.........

    specifically :
    Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html
    This is software that will stop the bad guys from even getting onto your PC in the first place. Again, it's a free download, and it's a load and forget device, even has auto-update enabled for us really forgetful types.

    Prevx http://www.prevx.com/
    Another piece of software that detects when the registry is being changed, and will alert you to it, to let you decide whether to allow / disallow.
    One tip. suspend Prevx protection when you are loading software, as it will question EVERYTHING that you are doing
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  9. #9
    yeah I just gave him a slap on the wrist for it

    but seriously go through your posts and place something like [REMOVE ME] in the middle of the URL so someone doesn't stumble onto this post and visit them by accident. otherwise you are just aiding with the distribution of this malware.

    Next I would get an alternative browser (eg: Firefox) and block IE at your firewall to stop it dialing home.

    Personaly at this stage I would prefer to go for a full backup / format / reinstall if you are infected with unkown malware - but if thats not an option then get these, update fully and scan

    ad-aware
    spybot search & destroy

    also I would check your hosts file for any 'additions' and you could place the offending urls in there redirected to 127.0.0.1 as an added precaution to them dialing home.

    Check your firewall for any other sus traffic and report back

    you may also want to post a hi-jack this log for some of the members here to take a look at.

    Oh and next time - just pay for the software....and dont give me some BS about "but its too exspensive!" if thats the case dont use it! Would you expect the police to accept the same excuse if you drove off in someone elses car? So what makes this different? And if you insist on pirating software dont broadcast the fact on a security forum - esp not one which has a large amount of software developers ¬_¬

  10. #10
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    OK In response to your IM. If you have ran all your malware / AV tools (in Safe Mode) and followed the advice of valhallen...

    Format the box. It will take less time than tracking down all the registry keys and hidden programs.


    peace.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •