Please help! I just got infected by your thread on " Browser exploit test & ..."

Great minds think alike

 

ok, do both.



snowbound

 

Bigc

Yes, there is ... on the right side of the webpage ... please search for URLspoof.gen ... make sure you type the exact word and it will be there.

I tried to cut and paste the link on Firefox it just said ... I need to do something about config or something like that ...

chew

 

Take a quick look at this page

 

bigc

Yes, I have disable the system restore now ... but I still couldn´t delete it ....

I am just restarting my system now...

chew

 

Exploit-URLSpoof - http://vil.nai.com/vil/content/v_100927.htm

Removal Instructions:

Do this in safe mode ... as posted.

Then Disable System Restore directions - http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

Remember when you reboot after disabling ... to re-enable system restore.

 

This is what triggers the alert in the test page this is how it test's the browser, but it is not a trojan in this case it just has a similar means of execution when it runs the test. And mcafee thinks it is a trojan sending the alert. But it is still a pain getting the thing out of the cache and histoty and system restore.

 

bigc ... if this can get into my system ... and remain there I am very vulnerable ... as it cannot be removed at all and I got all the protection ... this virus is like time bomb sitting there.

Dog ... could you get me the full steps in how to carry out the Safe Mode?

Steps by steps please ... from the beginning until deleting the file. I am using Dell Inspiron 8100 laptop if that is any help.

thanks

chew

P/s: I definately wants it out of my system ...

 

Shut off computer and restart during reboot continuously tap the f8 key and at the prompt choose safe mode

 

Dog ... I think I can get into the safe mode ... but what do I do next?

Where can I delete the file?

Thanks

Chew

P/s: I appriciate your help very much but please please don´t tell me it causes no harm etc.,

 

This link will explain it very well ... Expand (click the plus sign) the section that is applicable to your OS (XP,2000,98 etc.) ... print it out if that will make it easier ...
http://service1.symantec.com/SUPPOR...ent&ExpandSection=4&Src=sec_doc_nam#_Section4

This is basics ... from that link ... expand the section that is applicable to you for step by step instructions.

HTH,

dog -

 

you can just go to the folder where the thing is or you can use search and find it. And then right click it and delete it.

 

navigate to here using windows explorer -> C:\documents & settings \me\application data\mozilla\firefox\profiles\default\o5s\cache71C3afO2dO1

 

Dog & BigC ... I did find the folder and I did find the infected file but it just won´t let me delete it. ... and that is the ONLY file left in that folder and it just won´t let me delete it. Keep saying "something protected ... "

OK I am in the safe mode now ... but which one?

I have 3 safe mode to choose from.

1) Safe mode
2) Safe mode with network.
3) Safe mode with command prompt.

ONce I get in what do I need to do?

Thanks

 

No. 1 ... then navigate to that file and delete it ... there shouldn't be any problem deleting it in safe mode.

 

BigC and Dog

I managed to delete the bugger (virus) in safe mode.

So what do I do next?

Empty the Recycle Bin and restart?

Thanks

Chew

 

OK ... now that the file is deleted ... do the following:

Delete the files for the recycle bin ... then ....

Disabling the System Restore Utility (Windows XP Users)

1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the System Restore tab.
3. Put a check mark next to 'Turn off System Restore on All Drives'.
4. Click the 'OK' button.
5. You will be prompted to restart the computer. Click Yes.

link - http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

Then Re-Enable System Restore:

To re-enable the Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

dog -

 

Dog ... I Disabled System Restore and went into Safe Mode to delete the virus.

Then I restart and check and the virus is not there anymore.

Then, I Enabled System Restore.

Then, I restart ...

Are those the right steps?

I will go back and check now ...

Chew

 

That'll do it! ~Congradulations Chew~ Your experience level just went up 10X ...

Snowbound, BigC, Ronjor & I were glad to help.

Look around here at Wilders' there's so much to learn ... it's a great free education ... and of course there's always help when you need it too.

Cheers,

dog -

 

A Big Thank You to:

Dog, Snowbound, BigC &
Ranjor.

You guys are Ace!

Now how do I prevent this from happening again in the future ... I have just restarted my PC and my Windows XP Net Messenger asked me to sign in ... hmmm ... I hope it is not the virus who is lurking and waiting for me there ... just restarted the pc will have a look now.

Will report back in few minutes.

Cheers

Chew

P/s: I am logging out from my friend´s pc now and returning back to my laptop ... back in 5 mins.

 

You are very Welcome from us All ... (Yes, they are Great Guys)

A good place to start would be here - How did I get infected in the first place

Then check out the rest of the forum ... there's useful information everywhere here ... it's also a great community ...

dog -

 

Chew what link did you click to get this exploit was it the forum thread or a link in one of the post's in the thread. This is kind of important, please let me know if it was a link in a post could you tell me what number the post was.

bigc

 

Dog

Everything is normal now ... thank you guys again.

Dog ... I did read all those articles here. I really feel sorry for people infected by all those nasties. Especially the "Hijack this" threads ... I can feel their pain. Theirs are worst than the one I contracted just now.

Dog, I did follow all the advice from "how do I get infected in the first place" ... I actually followed it to the letter.

What really puzzled me is that ... I got all the protection and this one still got through ... My McAffee AV couldn't even delete it and I got the latest DAT.

The rest did not even detected it ... so I really don't know how it got in especailly I use Fifefox 0.9.2 too ... any ideas?

What do you suggest to prevent this?

Cheers

Chew

P/s: might need to sleep in about 10 mins time ... it's about 3.50am now in Uk ...

 

@Chew - things happen it was an exploit test ... could you please tell BigC which link it was ... just so the staff can investigate it further ...

Thanks & Good Night ... you'll have pleasant dreams now that you got rid of the problem

dog -