+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 14

Hybrid View

  1. March 28th, 2008 02:06 PM #1
    Cider
    Cider is offline
    Only african to own a PC! Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,682

    Virus ? See attachment.

    Hey all

    Anyone seen this virus before? It changes your wallpaper. Anyone know anything about it and how to remove it?

    You can rename the zip file to a jpeg or gif to view.

    Please dont be scared to open the file, its only a picture.

    Any help appreciated.

    Thanks.
    Last edited by Cider; August 7th, 2008 at 09:49 AM.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein
    Reply With Quote Reply With Quote
  2. March 28th, 2008 02:32 PM #2
    westin
    westin is offline
    Gonzo District BOFH westin has a reputation beyond repute westin has a reputation beyond repute westin has a reputation beyond repute westin has a reputation beyond repute westin has a reputation beyond repute westin has a reputation beyond repute westin has a reputation beyond repute westin has a reputation beyond repute westin has a reputation beyond repute westin has a reputation beyond repute westin has a reputation beyond repute westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Kind of a scary name for a thread

    I tried changing the ext to .jpg and .gif, but could not open the file.

    edit: Guess I misunderstood, I had to extract the file from the archive, then change the extension. I have not seen that before, but I would run the usual scans... which you have probably done. Have you had any luck getting rid of this thing?
    Last edited by westin; March 28th, 2008 at 02:34 PM.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST
    Reply With Quote Reply With Quote
  3. March 28th, 2008 02:49 PM #3
    JukEboX
    JukEboX is offline
    Junior Member JukEboX is on a distinguished road
    Join Date
    Mar 2008
    Posts
    12
    Greetings Cider,

    I have faced these neat liittle spyware viruses before. here is some rationale behond how it works. The virus has changedyour desektop to use a homepage. It can get tought ot delete whereas it will probably duplicate itself when you restart your computer. First I will need some information. Can you download a copy of HiJackThis and run it and copy the log to tihs thread please? From there I can see whats running when your computer turns son as well as how your registry and startup has been changed.
    Reply With Quote Reply With Quote
  4. March 28th, 2008 02:49 PM #4
    Cider
    Cider is offline
    Only african to own a PC! Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,682
    Sorry if my post was abit vague

    I havent had any luck getting rid if this.

    Any ideas ?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein
    Reply With Quote Reply With Quote
  5. March 28th, 2008 03:55 PM #5
    morganlefay
    morganlefay is offline
    AOs Resident Troll morganlefay has a reputation beyond repute morganlefay has a reputation beyond repute morganlefay has a reputation beyond repute morganlefay has a reputation beyond repute morganlefay has a reputation beyond repute morganlefay has a reputation beyond repute morganlefay has a reputation beyond repute morganlefay has a reputation beyond repute morganlefay has a reputation beyond repute morganlefay has a reputation beyond repute morganlefay has a reputation beyond repute
    Join Date
    Nov 2003
    Posts
    3,152
    What about hijack this...as previously suggested?

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer
    Reply With Quote Reply With Quote
  6. March 28th, 2008 09:40 PM #6
    C:\Saw
    C:\Saw is offline
    Senior Member C:\Saw is just really nice C:\Saw is just really nice C:\Saw is just really nice C:\Saw is just really nice C:\Saw's Avatar
    Join Date
    Jan 2008
    Posts
    125
    Try a-squared free: (3rd one down on the site)

    http://www.emsisoft.com/en/software/download/

    It works for me every time...or try the trial version of counterspy if that doesn't work:

    http://www.sunbelt-software.com/Home...ce/CounterSpy/

    these will hopefully get rid of it
    Last edited by C:\Saw; March 28th, 2008 at 09:43 PM.
    "...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."
    --Socrates

    *Einstein Would Be Proud*
    Reply With Quote Reply With Quote
  7. March 28th, 2008 09:57 PM #7
    oofki
    oofki is offline
    Senior Member oofki has a reputation beyond repute oofki has a reputation beyond repute oofki has a reputation beyond repute oofki has a reputation beyond repute oofki has a reputation beyond repute oofki has a reputation beyond repute oofki has a reputation beyond repute oofki has a reputation beyond repute oofki has a reputation beyond repute oofki has a reputation beyond repute oofki has a reputation beyond repute
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    Yup Ive seen that exact one before :-P Its been awhile but some of those desktop hijacks use active desktop to put a fullsize web page on your screen so even if you change you wall paper it still shows up :-P
    http://jumblehub.com
    Reply With Quote Reply With Quote
  8. March 29th, 2008 03:34 AM #8
    delstar
    delstar is offline
    Senior Member delstar has much to be proud of delstar has much to be proud of delstar has much to be proud of delstar has much to be proud of delstar has much to be proud of delstar has much to be proud of delstar has much to be proud of delstar has much to be proud of delstar has much to be proud of
    Join Date
    Dec 2001
    Posts
    319
    So...turning off active desktop would break it?
    Reply With Quote Reply With Quote
  9. March 29th, 2008 06:44 AM #9
    Darksnake
    Darksnake is offline
    Senior Member Darksnake is a splendid one to behold Darksnake is a splendid one to behold Darksnake is a splendid one to behold Darksnake is a splendid one to behold Darksnake is a splendid one to behold Darksnake is a splendid one to behold Darksnake is a splendid one to behold Darksnake is a splendid one to behold
    Join Date
    Jul 2002
    Location
    Texas
    Posts
    168
    smitfraud fix by siri!

    run it in safemode. Then run the usual suspects (adaware, avg, spyware doctor, spy sweeper, kaspersky, autoruns and hijackthis)

    should clean it, but make sure to run a disk cleanup. Should do it.

    What you have is a smitfraud variant
    <chsh> I've read more interesting technical discussion on the wall of a public bathroom than I have at AO at times
    Reply With Quote Reply With Quote
  10. March 29th, 2008 08:47 AM #10
    Cider
    Cider is offline
    Only african to own a PC! Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider has a reputation beyond repute Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,682
    Hey dark.

    You see I work for Panda so using 3rd party tools is abit of a no no

    But Ill give it a go ...
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Abbr: history of the computer virus
    By E5C4P3 in forum AntiVirus Discussions
    Replies: 12
    Last Post: April 30th, 2013, 08:05 PM
  2. Virus Research Information: What Are The Different Kinds?
    By Spyder32 in forum The Security Tutorials Forum
    Replies: 18
    Last Post: September 3rd, 2004, 11:23 PM
  3. The Bulgarian and Soviet Virus Factories
    By foxdie in forum AntiVirus Discussions
    Replies: 11
    Last Post: April 4th, 2004, 01:52 AM
  4. Black Wolf's Guide to Memory Resident Viruses.
    By ahmedmamuda in forum AntiVirus Discussions
    Replies: 2
    Last Post: March 20th, 2002, 01:03 AM
  5. So you want to learn about Viruses.
    By 3ntropy in forum AntiOnline's General Chit Chat
    Replies: 10
    Last Post: March 4th, 2002, 10:32 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides