Consumeralertsystem.com won't go away...Please HELP!

Discussion in 'malware problems & news' started by poohj80, Jun 14, 2005.

Thread Status:
Not open for further replies.
  1. poohj80

    poohj80 Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    3
    Hi all! I'm new here and hope some of you can help me out.

    I got infected by one/several viruses yesterday and am still trying to clean up my machine. Programs I know I removed include Virtual Bouncer, AdDestroyer, AproposMedia, PeopleonPage, etc. The one remnant I can't seem to get rid of is a web page called (don't click here in case it cuases you problems) consumeralertsystem.com . It keeps showing up in IE even when I type a known URL. The other strange thing that is happening is that when I reply to a post in an online forum, it frequently inserts its URL into the original message I am replying to when I am quoting that message.

    I want to make it stop but I can't figure it out. Anyone else dealt with this?

    When I run SpyBot, MS AntiSpyware, and Norton they all don't find any threats. I have tried searching on consumeralertsystem and I'm not finding anything.

    Thanks!

    PJ
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Poohj80 welcome to Wilders.

    You will need to download and run “Hijack This” found here and post your log at one of the HijackThis Specialist Forums, the two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    Once your system is clean I would suggest that you take a look here: Why did I get infected in the first place? Also, for further information on security and how to make your system that much stronger, see here, as well there are discussions here and even more here.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  3. poohj80

    poohj80 Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    3
    Thanks for the help! I have run Hiajck This several times and shown the log to my local IT expert. The same file keeps showing up even though I "fix it" in Hijack so Hijack isn't solving the problem. It seems like the programs keep getting reinstalled somehow after I delete/quarantine them.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I would suggest posting your HJT Log at one of the forums that I advised above.

    Let us know how you go...

    Cheers :D
     
  5. poohj80

    poohj80 Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    3
    Thanks, I did and am still waiting for a response.
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Would you mind posting a link to where you posted your HJT log Please ?

    Also....Please understand that these Forums that specialize in Highjack cleaning are swamped with infected PC's and the wonderful volunteers have an uphill battle. I can assure you they will eventually get to you....but you will need Patience.
     
  7. chazyorick

    chazyorick Registered Member

    Joined:
    Jun 20, 2005
    Posts:
    2
    Here is an answer:

    My guess is that the virus scanners and ad-filers just haven't caught up to this one
    yet.
    I think I got this when I opened a publishers clearing house spam.
    All of the sudden I got a number of viruses and spyware.
    I tried a number of different products and found a number of things But the
    consumeralertsystem didn't want to go away. It was tagging text in my browser and
    adding links in my favorites and on my desktop. Nothing seemed to be even finding
    it.

    The way I finally got rid of it. (And I'm pretty sure I did get rid of it was to
    pull it out by hand)
    Under "Program Files" I found two folders "cas" and "casstub". I removed these and
    all of their contents. It didn't want to delete them at first. There was an
    uninstall that seemed to work. . . at first but I part of the uninstall seemed to be
    to create a program that would go back and re-download the original program again
    (how sneaky).
    Also to get rid of all the files I had to shut down "casclient.exe" from the task
    menu. (wow I hope this isn't turning too complicated) I also had trouble removing a
    .dll file until I restarted the machine again.

    After I removed the folders "cas" and "casstub" my virus detectors started catching
    new items that had been installed (presumably when I used the uninstall feature for
    the cas software.) These files were in my system folders. "InstallAPS" and
    "installer_marketing30.exe" If your virus scanner doesn't catch them then pull them
    yourself. I think they might re-download the cas software if you don't get rid of
    them.

    Then it was just a matter of cleaning up my desktop and my favorites. I haven't had
    a problem since, but I'm still keeping an eye open.

    Hope that answers your question.

    ~Chaz Yorick
     
  8. Augie

    Augie Registered Member

    Joined:
    Jun 23, 2005
    Posts:
    1
    Chaz/PJ

    I just had this one the last few days, very painful, wish I had found the help. I happened to notice that the icons that were popping up on my desktop were actually sitting on my disk at \Program Files\cas\. Found the uninstaller, lots of McAfee virus and spy scans later I was good. No clue how I got this, I assume this is an Internet Explorer vunerability? I have no clue how/what process was running to reinstall the icons, could be some IE cache design.

    Desktop icons that automagically appeared were things like: casino, plasma TV, baccarat, etc, seem to random appear in different quantities after reboots. This one was so foul I am still not 100% sure it is gone.

    Augie
     
Loading...
Thread Status:
Not open for further replies.