consumeralertsystem.com is taking me over...

I tried to post this under adware and hijackings, which I thought was more appropriate, but I was denied, so here I am under General Topics. PLEASE help. I am not ignorant or computer illiterate, just new to the board and unfamiliar with the mechanics of malware, so please don't flame me for miscategorization or anything.

Recently, I had that awful malware called Elite that hijacked my toolbar, periodically sent me to searchmiracle.com, and hyperlinked random words on my websites to same. In the end the only thing that worked was a program specifically designed to kill Elite. Otherwise, the malware simply regenerated itself whenever I tried to wipe it.

Now, I am on my cousin's computer, and she has got a nasty one that operates in a very similar manner, except that the links take you to consumeralertsystem.com sites, and instead of the fake toolbar there are random regenerating shortcuts on the desktop and in the favorites list. The web is crowded with pop-ups, no matter what site we're on.

I've tried all of the following programs, which were either pre-installed or recently downloaded: PC-cillin Realtime Scan, Lavasoft Ad-Aware, Spybot Search & Destroy, Google toolbar pop-up blocker, Elite Toolbar Remover.

Anyone have any information regarding this malware and how to destroy it? Respond or even better, E-mail [COLOR=Blue]Removed[/COLOR] if you have any insight.

Email address removed to prevent harvesting--Ron

 

If your cousin's computer has Spybot, go to :
http://forums.net-integration.net/index.php?

If your cousin's computer has Ad-aware, go to :
http://castlecops.com/forum142.html

Both forums utilize Hijackthis program, if required .

 

Thanks for the welcome and the responses, guys, but remember... I'm *really* new. I don't know what HijackThis is, and I don't know how to post a hijack log. I've looked under related forums at Wilders, and can neither post nor read posts there on a new account. I went to one of those links SpiritWind posted, and did not know where to proceed from there. I am inexperienced and need specifics.

 

Since I am more familar with Ad-aware than Spybot and "favor" the
castlecops forum, after you click on the link I provided, you will see
"New User?Needhelp?Click here...." at top of screen; you will need to
"register" there just like you registered here, so click after "here" and
register. After that is done, and assuming your cousin has Ad-aware,
you will post an Ad-aware logfile in that forum by following the directions
of the "sticky"s at the top of the forum. Instructions on how to post an
Ad-aware logfile can be found by going to www.lavahelp.net, then
clicking "How To Guides", then clicking "How To : Remove Unwanted
Detected Objects". While there, you will see a "link" on "How To Post A
Logfile"; click that link and follow its directions. If your cousin has a
printer, it would probably help if you printed out the directions so you
have a piece of paper in your hand to more easily follow the directions.
P.S. Having advised on the Ad-aware forums, I know "special instructions"
are needed for removing difficult spyware, so "Corrine" will guide you
through the removal process.

 

Here is an answer:

My guess is that the virus scanners and ad-filers just haven't caught up to this one
yet.
I think I got this when I opened a publishers clearing house spam.
All of the sudden I got a number of viruses and spyware.
I tried a number of different products and found a number of things But the
consumeralertsystem didn't want to go away. It was tagging text in my browser and
adding links in my favorites and on my desktop. Nothing seemed to be even finding
it.

The way I finally got rid of it. (And I'm pretty sure I did get rid of it was to
pull it out by hand)
Under "Program Files" I found two folders "cas" and "casstub". I removed these and
all of their contents. It didn't want to delete them at first. There was an
uninstall that seemed to work. . . at first but I part of the uninstall seemed to be
to create a program that would go back and re-download the original program again
(how sneaky).
Also to get rid of all the files I had to shut down "casclient.exe" from the task
menu. (wow I hope this isn't turning too complicated) I also had trouble removing a
.dll file until I restarted the machine again.

After I removed the folders "cas" and "casstub" my virus detectors started catching
new items that had been installed (presumably when I used the uninstall feature for
the cas software.) These files were in my system folders. "InstallAPS" and
"installer_marketing30.exe" If your virus scanner doesn't catch them then pull them
yourself. I think they might re-download the cas software if you don't get rid of
them.

Then it was just a matter of cleaning up my desktop and my favorites. I haven't had
a problem since, but I'm still keeping an eye open.

Hope that answers your question.

~Chaz Yorick

 

Thanks everyone for their help and comments, but thanks ESPECIALLY to Chaz Yorick. I followed your instructions and wiped the nasty bugger off, as far as I can tell. I can't tell you how relieved I am.

 

Don't forget to take steps to prevent malware getting on your computer again

 

~Chaz Yorick
You are a genius this works, consumeralertsystem is gone!!!!! Thankyou i found your answer when doing a search for consumeralertsystem.com in yahoo. Thanks so much for taking the time to post the info.

 

Panda Platinum Internet Security version 8 removed it from my system just today. I recommend you download the trial version, REMOVE ANY OTHER ANTIVIRUS PROGRAMS YOU HAVE RUNNING (very important, even if just temporarily), and install the trial. once updated, a scan should removed the bug.

Don't be surprised if Windows complains though. apparently, the nasty bug had infected/replaced my notepad.exe file, and Windows File Protection popped up when Panda disposed of it. Have your installation disks ready (in other words, get ready for a Windows Repair process [WFP doesn't work properly if you have downloaded SP2 as an update; it assumes you have an installation disk with SP2 on it, and if you don't, it refuses to use your pre-SP2 installation disk] ). Pray to...well...whomever...that it was something unimportant affected, like notepad (instead of, say, winlogon.exe, or maybe, oh, I dunno, ntoskrnl.exe)

 

Seems he's already clean ;-)

 

I simply went to their website and downloaded their uninstall program. It supposedly got rid of the files (including *.exe) mentioned above. I would assume everything worked fine, but just did it so i don't know for sure. You may or may not want to try the same. Most of these "programs" out there have accessible web sites with uninstall programs, you just have to find them...

 

Chaz rules!!! I fought with this damn thing for hours before I found your post!

Thanks!!!!!
Gary and Joan

 

I wouldn't trust or touch a removal program from the spyware/hijackware's purveyor with someone else's ten foot pole, let alone my own.

 

My computer is infected too but I have neighter of the folders you just described ("cas" or "casstub")

 

thanks Chaz! That was a big help.