CreeperX™
June 25th, 2004, 07:01 AM
Don't know if any of you have experienced this very malicious virus-trojan-whatever-it-was ?
It took me 7 hours to get rid of it (I think I got rid of it).
I was cruising some pr0n-sites, suddenly a little popup opened, and something really happened - something was installed!!!
1st of all my Desktop was changed to a security warning from: (DO NOT CLICK THIS LINK IF YOU DON'T KNOW WHAT YOU'RE DOING!) Removed address - Pilli, my homepage was changed to c:\windows\secure.html, in Task Manager a new process called mstasks2.exe was runnning - slowing down the system by using 100% of the CPU - there was about 20 new dll's in windows and system32 folders, there was a new Hosts-file and so on, deleting the files resulted in creation of new files, such as a new secure.html, a new hosts-file - mstasks2.exe now called mstasks3 - 4 and so on.
I'm always running SpywareBlaster, SpywareGuard, SpyBot, AdMuncher and TrendMicro PC-Cillin with firewall !!!
I had to run a new program (to my knowledge) called HijackThis and delete all of the secure.htm things, then restart in safe mode, and run 1st AdAware (did find around 200 hits) and then SpyBot, after that I deleted all of the files I could find created after the time I was attacked. I think I'm cleaned now - but my (msconfig) win.ini and my system.ini are GONE. I can not shut the system down properly, have to use the power switch.
I've never experienced such a hostile attack before - so be aware.
I'll try and attach a textfile (originally a html-file) regarding the security.info thing. If you're brave, try one of the links in the file. And please tell me what this is - is it new or what, and why didn't my protection work?
Sorry for this neverending story, but I had to due to my mental state.
Be well
CreeperX™
It took me 7 hours to get rid of it (I think I got rid of it).
I was cruising some pr0n-sites, suddenly a little popup opened, and something really happened - something was installed!!!
1st of all my Desktop was changed to a security warning from: (DO NOT CLICK THIS LINK IF YOU DON'T KNOW WHAT YOU'RE DOING!) Removed address - Pilli, my homepage was changed to c:\windows\secure.html, in Task Manager a new process called mstasks2.exe was runnning - slowing down the system by using 100% of the CPU - there was about 20 new dll's in windows and system32 folders, there was a new Hosts-file and so on, deleting the files resulted in creation of new files, such as a new secure.html, a new hosts-file - mstasks2.exe now called mstasks3 - 4 and so on.
I'm always running SpywareBlaster, SpywareGuard, SpyBot, AdMuncher and TrendMicro PC-Cillin with firewall !!!
I had to run a new program (to my knowledge) called HijackThis and delete all of the secure.htm things, then restart in safe mode, and run 1st AdAware (did find around 200 hits) and then SpyBot, after that I deleted all of the files I could find created after the time I was attacked. I think I'm cleaned now - but my (msconfig) win.ini and my system.ini are GONE. I can not shut the system down properly, have to use the power switch.
I've never experienced such a hostile attack before - so be aware.
I'll try and attach a textfile (originally a html-file) regarding the security.info thing. If you're brave, try one of the links in the file. And please tell me what this is - is it new or what, and why didn't my protection work?
Sorry for this neverending story, but I had to due to my mental state.
Be well
CreeperX™