consumeralertsystem.com is taking me over...

Discussion in 'privacy problems' started by loveroflit, Jun 19, 2005.

Thread Status:
Not open for further replies.
  1. loveroflit
    Offline

    loveroflit Registered Member

    I tried to post this under adware and hijackings, which I thought was more appropriate, but I was denied, so here I am under General Topics. PLEASE help. I am not ignorant or computer illiterate, just new to the board and unfamiliar with the mechanics of malware, so please don't flame me for miscategorization or anything.

    Recently, I had that awful malware called Elite that hijacked my toolbar, periodically sent me to searchmiracle.com, and hyperlinked random words on my websites to same. In the end the only thing that worked was a program specifically designed to kill Elite. Otherwise, the malware simply regenerated itself whenever I tried to wipe it.

    Now, I am on my cousin's computer, and she has got a nasty one that operates in a very similar manner, except that the links take you to consumeralertsystem.com sites, and instead of the fake toolbar there are random regenerating shortcuts on the desktop and in the favorites list. The web is crowded with pop-ups, no matter what site we're on.

    I've tried all of the following programs, which were either pre-installed or recently downloaded: PC-cillin Realtime Scan, Lavasoft Ad-Aware, Spybot Search & Destroy, Google toolbar pop-up blocker, Elite Toolbar Remover.

    Anyone have any information regarding this malware and how to destroy it? Respond or even better, E-mail [COLOR=Blue]Removed[/COLOR] if you have any insight.

    Email address removed to prevent harvesting--Ron
    Last edited by a moderator: Jun 19, 2005
  2. ronjor
    Online

    ronjor Global Moderator

  3. SpiritWind
    Offline

    SpiritWind Registered Member

  4. loveroflit
    Offline

    loveroflit Registered Member

    Thanks for the welcome and the responses, guys, but remember... I'm *really* new. I don't know what HijackThis is, and I don't know how to post a hijack log. I've looked under related forums at Wilders, and can neither post nor read posts there on a new account. I went to one of those links SpiritWind posted, and did not know where to proceed from there. I am inexperienced and need specifics.
  5. ronjor
    Online

    ronjor Global Moderator

    Sara

    Read the instructions at the link. CastleCops
  6. SpiritWind
    Offline

    SpiritWind Registered Member

    :D Since I am more familar with Ad-aware than Spybot and "favor" the
    castlecops forum, after you click on the link I provided, you will see
    "New User?Needhelp?Click here...." at top of screen; you will need to
    "register" there just like you registered here, so click after "here" and
    register. After that is done, and assuming your cousin has Ad-aware,
    you will post an Ad-aware logfile in that forum by following the directions
    of the "sticky"s at the top of the forum. Instructions on how to post an
    Ad-aware logfile can be found by going to www.lavahelp.net, then
    clicking "How To Guides", then clicking "How To : Remove Unwanted
    Detected Objects". While there, you will see a "link" on "How To Post A
    Logfile"; click that link and follow its directions. If your cousin has a
    printer, it would probably help if you printed out the directions so you
    have a piece of paper in your hand to more easily follow the directions.
    P.S. Having advised on the Ad-aware forums, I know "special instructions"
    are needed for removing difficult spyware, so "Corrine" will guide you
    through the removal process.
    Last edited: Jun 20, 2005
  7. chazyorick
    Offline

    chazyorick Registered Member

    Here is an answer:

    My guess is that the virus scanners and ad-filers just haven't caught up to this one
    yet.
    I think I got this when I opened a publishers clearing house spam.
    All of the sudden I got a number of viruses and spyware.
    I tried a number of different products and found a number of things But the
    consumeralertsystem didn't want to go away. It was tagging text in my browser and
    adding links in my favorites and on my desktop. Nothing seemed to be even finding
    it.

    The way I finally got rid of it. (And I'm pretty sure I did get rid of it was to
    pull it out by hand)
    Under "Program Files" I found two folders "cas" and "casstub". I removed these and
    all of their contents. It didn't want to delete them at first. There was an
    uninstall that seemed to work. . . at first but I part of the uninstall seemed to be
    to create a program that would go back and re-download the original program again
    (how sneaky).
    Also to get rid of all the files I had to shut down "casclient.exe" from the task
    menu. (wow I hope this isn't turning too complicated) I also had trouble removing a
    .dll file until I restarted the machine again.

    After I removed the folders "cas" and "casstub" my virus detectors started catching
    new items that had been installed (presumably when I used the uninstall feature for
    the cas software.) These files were in my system folders. "InstallAPS" and
    "installer_marketing30.exe" If your virus scanner doesn't catch them then pull them
    yourself. I think they might re-download the cas software if you don't get rid of
    them.

    Then it was just a matter of cleaning up my desktop and my favorites. I haven't had
    a problem since, but I'm still keeping an eye open.

    Hope that answers your question.

    ~Chaz Yorick
  8. loveroflit
    Offline

    loveroflit Registered Member

    Thanks everyone for their help and comments, but thanks ESPECIALLY to Chaz Yorick. I followed your instructions and wiped the nasty bugger off, as far as I can tell. I can't tell you how relieved I am. :cool:
  9. Vikorr
    Offline

    Vikorr Registered Member

    Don't forget to take steps to prevent malware getting on your computer again :)
  10. thankyou
    Offline

    thankyou Guest

    ~Chaz Yorick
    You are a genius this works, consumeralertsystem is gone!!!!! Thankyou i found your answer when doing a search for consumeralertsystem.com in yahoo. Thanks so much for taking the time to post the info.
  11. PerfectApproach
    Offline

    PerfectApproach Guest

    Panda Platinum Internet Security version 8 removed it from my system just today. I recommend you download the trial version, REMOVE ANY OTHER ANTIVIRUS PROGRAMS YOU HAVE RUNNING (very important, even if just temporarily), and install the trial. once updated, a scan should removed the bug.

    Don't be surprised if Windows complains though. apparently, the nasty bug had infected/replaced my notepad.exe file, and Windows File Protection popped up when Panda disposed of it. Have your installation disks ready (in other words, get ready for a Windows Repair process [WFP doesn't work properly if you have downloaded SP2 as an update; it assumes you have an installation disk with SP2 on it, and if you don't, it refuses to use your pre-SP2 installation disk] ). Pray to...well...whomever...that it was something unimportant affected, like notepad (instead of, say, winlogon.exe, or maybe, oh, I dunno, ntoskrnl.exe)
  12. Detox
    Offline

    Detox Retired Moderator

    Seems he's already clean ;-)


  13. honk
    Offline

    honk Guest

    I simply went to their website and downloaded their uninstall program. It supposedly got rid of the files (including *.exe) mentioned above. I would assume everything worked fine, but just did it so i don't know for sure. You may or may not want to try the same. Most of these "programs" out there have accessible web sites with uninstall programs, you just have to find them...
  14. gdog
    Offline

    gdog Guest

    Chaz rules!!! I fought with this damn thing for hours before I found your post!

    Thanks!!!!!
    Gary and Joan
  15. Detox
    Offline

    Detox Retired Moderator

    I wouldn't trust or touch a removal program from the spyware/hijackware's purveyor with someone else's ten foot pole, let alone my own.
  16. bdude
    Offline

    bdude Guest

    My computer is infected too but I have neighter of the folders you just described ("cas" or "casstub")


  17. b0b
    Offline

    b0b Guest

    thanks Chaz! That was a big help.
Thread Status:
Not open for further replies.