PartyPoker

Discussion in 'malware problems & news' started by HURST, Apr 26, 2008.

Thread Status:
Not open for further replies.
  1. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Hi

    I'm using my GF's laptop and IE keeps poping-up on a "partypoker" site. IE's homepage is win default "go.microsoft.com", since the deafult browser is Firefox.

    I performed a complete scan with SAS and it only found 3 tracking cookies.

    Real-time protection is NOD32 with Blackspear's settings and BOClean.

    I'll try to manually find this and fix it, but some help will be appreciated.
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I tried looking around a bit, this thing is a bugger evidently. I wonder if trying to remove it with Revo Uninstaller would do the trick? Also, if there is still an IE toolbar reference left over, check here to remove it: http://www.howtogeek.com/howto/wind...-items-from-the-internet-explorer-tools-menu/
     
  3. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Thanks for your suggestion, i'll check it out.

    I just performed a scan with PrevxCSI.

    It found 3 files, all listed as adware:

    1.- "manager live.exe"
    located at "docs and settings/All users/application data/Admin Inter 1 Mags"

    2.- "Long Burn Inside.exe"
    located at "Docs and settings/JAC/Application data/Hope Internet Cash"

    3.- "bis1138.exe"
    located at "Docs and settings/JAC/local conf/Temp"

    Also when checking msconfig, I found "Long Burn Inside" on the startup list
     
  4. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    UPDATE: CureIt took care of the one located at "hope internet cash" folder...
     
  5. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Hello HURST. Go to Add or Remove Programs and uninstall PokerStar and/or PartyPoker. If your gf installed the game(s) on purpose, let her decide if she really wants it/them (and the pop-ups).

    Download the ff:

    http://www.merijn.org/files/bfu.zip

    (use right-click>save target as...)
    http://metallica.geekstogo.com/alcanshorty.bfu

    Here's a tutorial on using BFU.

    Kindly submit the following files to samples[at]superantispyware.com,

    manager live.exe
    Long Burn Inside.exe
    bis1138.exe

    thanatos
     
  6. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Try scanning with a-squared free 3.5.
    http://www.emsisoft.com/en/software/download/

    It usually picks up what SAS doesn't and vice versa.

    Then try their free version of HijackFree. Allows you to manually go through all your registry and peform a search for a specific filename to then kill the process and remove the file. :thumb:
     
  7. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Will try a-squared today.
    I'll send manager live.exe and bis1138.exe to SAS, but Long Burn Inside.exe was eliminated by CureIt.

    She didn't install it. Only she and myself use that laptop under admin mode.

    Didn't find any reference in "add/remove programs".
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Just guessing because of the filenames and the symptoms, but I think this will turn out to be a LOP infection.

    If you still have problems check your Scheduled Tasks and see if you have one that looks like this:
    A6EF1C1391849263.job
    letters and numbers may vary, but the structure should be the same.

    If you do, post back and let us know which file it starts.
     
  9. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Will check it out soon, right now I'm ill so I'm guessing it will be tomorrow or the day after...

    thanks for the suggestion
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Sorry to hear that.
    Get well soon.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.