Beware of this one !!!

Discussion in 'privacy problems' started by CreeperX?, Jun 25, 2004.

Thread Status:
Not open for further replies.
  1. CreeperX?

    CreeperX? Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    2
    Don't know if any of you have experienced this very malicious virus-trojan-whatever-it-was ?
    It took me 7 hours to get rid of it (I think I got rid of it).
    I was cruising some pr0n-sites, suddenly a little popup opened, and something really happened - something was installed!!!
    1st of all my Desktop was changed to a security warning from: (DO NOT CLICK THIS LINK IF YOU DON'T KNOW WHAT YOU'RE DOING!) Removed address - Pilli, my homepage was changed to c:\windows\secure.html, in Task Manager a new process called mstasks2.exe was runnning - slowing down the system by using 100% of the CPU - there was about 20 new dll's in windows and system32 folders, there was a new Hosts-file and so on, deleting the files resulted in creation of new files, such as a new secure.html, a new hosts-file - mstasks2.exe now called mstasks3 - 4 and so on.
    I'm always running SpywareBlaster, SpywareGuard, SpyBot, AdMuncher and TrendMicro PC-Cillin with firewall !!!
    I had to run a new program (to my knowledge) called HijackThis and delete all of the secure.htm things, then restart in safe mode, and run 1st AdAware (did find around 200 hits) and then SpyBot, after that I deleted all of the files I could find created after the time I was attacked. I think I'm cleaned now - but my (msconfig) win.ini and my system.ini are GONE. I can not shut the system down properly, have to use the power switch.
    I've never experienced such a hostile attack before - so be aware.
    I'll try and attach a textfile (originally a html-file) regarding the security.info thing. If you're brave, try one of the links in the file. And please tell me what this is - is it new or what, and why didn't my protection work?
    Sorry for this neverending story, but I had to due to my mental state.

    Be well
    CreeperX™
     
    Last edited by a moderator: Jun 25, 2004
  2. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    Umm, I don't think this should be in the TDS-3 forum...

    Do you have Hijack This? If not, maybe you should download it, run it, and post the log in the "browser hijacks" forum.
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I'm wondering:
    searched in this forum and see several references to secure.html to what seemed to me different sources of infection, among others the "detected spyware! system error #384".
    Indeed best to post your HijackThis log another time: see also [thread]15913[/thread] about posting your log in that forum for expert review to make sure you're really clean.
    If you scan with TDS, did you see any other alerts or any other thing suspicious?

    If you look through the forums here (with search for detected spyware system error ) you will see the "detected spyware! system error #384" threads. same thing you hit if you look in the first part of your original file, the script moving you there with no escape and reading your normal browser info to create fear.
     
    Last edited: Jun 25, 2004
  4. CreeperX?

    CreeperX? Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    2
    Thank you very much - just scanned everything with TDS, now I'm quite sure I'm clean (found 6 more) - TDS is in fact a very use- and powerful program. Thx again.

    CreeperX™
     
Thread Status:
Not open for further replies.