secthought.e virus

Discussion in 'malware problems & news' started by heavyarms642, May 1, 2004.

Thread Status:
Not open for further replies.
  1. heavyarms642

    heavyarms642 Guest

    ok, im running avg anti virus, every now and then it pops up saying that i am infected with secthought.e, but i cannot find the directory. neither can the anti virus, when scanning, it doesnt see the directory it says that it is in. any help?
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    please follow instructions here
    https://www.wilderssecurity.com/showthread.php?t=15913
    and post a hjt log in the hiajck forum

    Turn off system restore by following instructions here
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039 for Xp
    or here
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239 for ME

    That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.
     
  3. Jack21221

    Jack21221 Guest

    I am running AVG anti-virus, and it just told me I got the SecThought.E trojan. However, when I ran the anti-virus, it had no trouble finding it, and getting rid of it.
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Follow the advice mentioned right above.

    regards.

    paul
     
  5. Shari

    Shari Guest

    I recently installed AVG anti-virus, and I'm beginning to wonder if its really all its hyped up to be.

    The day I installed it, it found the Stubby.A virus. Looking that virus up online, Norton and McAfee BOTH never had any info on it. The only info I did find on the Stubby.A virus were found on forums/msg boards, written by those who installed this AVG program.

    Now, this morning, after the geek squad cleaned this machine completely; including successful removal of the Stubby.A, I fire this baby up at home, and now suddenly its found the 'SecThought.E' virus? I did a quick search online for info on it, and once again ... only AVG picked it up or even makes mention of it.

    I wonder if AVG is pulling my leg.
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Shari,

    Follow Derek's advice as posted in answer #2. FYI: you'll have to register as a member first for that particular forum.

    regards.

    paul
     
  7. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Just FYI, most call SecThought "TrojanDownloader.Win32.SecondThough"

    Its actually just an Adware downloader, but the effect is to "trojanly download" a file without your consent. Not all that dangerous when its adware, but a nasty nonetheless which can be removed as per the advice above :)

    And check the rest of the Adware forum for suggestions on STAYING clean
     
  8. tWoLF

    tWoLF Guest

    One thought to keep in mind is that there are many anti-virus companies out there and frequently they do not share the info that they gather. For this reason you will have a worm or virus with more than one name, depending on the company. I.E. Norton will call it one thing and AVG or Trend Micro will call it another. Some times it makes it frustrating to seek the info.


    tWoLF
     
  9. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    flame post removed - snap
     
  10. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    I am using Windows 98 SE and I have the same problem with AVG detecting the SecThought.E virus. However, there is no link in the above instructions for Win 98 SE. Is that because I cannot turn off System Restore with Win 98 SE?
     
  11. Nitwit

    Nitwit Guest

    I just got this virus. I entered a site and AVG poped up and said I had it. Ran AVG, didnt find it. My system restore is disabled. Came here, followed the instructions above even though my System Restore was disabled, and re ran AVG and it didnt find anything. Any thoughts?
     
  12. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Nitwit,

    Looks like you've cleaned out this one ;).

    regards,

    paul
     
  13. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    You'd think so, but there's something weird about this one. I have ran AVG numerous times and had it detect nothing, yet AVG has detected the SecThought.E virus once on 6/10 and once again on 6/29.

    I'm still waiting for a reply to my hijackthis log too :D
     
  14. Dae

    Dae Guest

    AVG repeatedly picks it up on mine, says it sends it to the vault, then, BAM! it's back over and over again. And this is AFTER several episodes with secthought A and B. Surely there must be an init propogating...but darned if I can find it.
     
  15. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    Well the first thing I did was to check the Symantec webstie for instructions on how to remove it, but they didn't have anything on it and Mcaffee didn't either, so I'm wondering if it's just a flaw in the AVG program or something...

    The interesting thing is, I haven't had any trouble from this virus, but I still want to get rid of it just in case
     
    Last edited: Jul 14, 2004
  16. carpetdyer

    carpetdyer Guest

    The following html script is being generated by fastclick.com company or their user. It installs a trojan virus SecThought.exe under the guise of being a junk mail filter for IE.

    It hides in ..Local Settings\Temporary Internet Files\ContentIE5\592FSDUF\install026[1].exe
    The IP number is 205.180.85.40 which identifies fastclick.com further a link is generated to redirect to
    "pc.cgi?mid=38469&sid=3225
    http://205.180.85.40/pc.cgi?mid=38469&sid=3225

    Only AVG identified the problem and there are lots of requests for help from users who have been infected and can't find or remove this virus.

    As an added note this occurred from a popup window from Morpheus. Once in your Temporary Internet Files cache, it leaves a file or two that cannot be deleted easily.

    I hope this helps somebody figure it out.

    The following html script is from the popup window: (I removed the <> and replaced them with {} on some of the items so the html wouldn't load)
    {html}
    {head}
    <title>1: Block Junk Mail</title>
    {/head}
    {body bgcolor="ffffff" link="0033CC" vlink="0033CC" leftmargin=0 rightmargin=0 topmargin=0 bottommargin=0 marginheight=0 marginwidth=0}
    <script language="javascript">
    var height='100';
    var width='312';
    var swf_path='http://cserver.mii.instacontent.net/fastclick/cid16818/366.swf';
    var img_path='http://cserver.mii.instacontent.net/fastclick/cid16818/back';
    var click_url='http://media.fastclick.net/w/click.here?cid=16818&mid=38469&sid=3225&m=2&c=9793&type=pc';
    var click_url2='http://media.fastclick.net/w/click.here?cid=16818&mid=38469&sid=3225&m=2&c=9793&type=pc';
    var bcolor='#ffffff';
    </script>
    <script src="http://cserver.mii.instacontent.net/fastclick/v4flash.js"></script>
    {/body}
    {/html}
     
  17. carpet dyer

    carpet dyer Guest

    DO NOT CLICK ON ANY OF THE WORKING LINKS IN MY LAST POST - You will likely get the virus if you do!
     
  18. carpetdyer

    carpetdyer Guest

    one more note, the culprit appears to be spamblockerutility.--- and their client fastutilities.--- Check your IE history for any links to any of these sites.





    links disabled,possible lead to infected sites==bigc
     
  19. carpetdyer

    carpetdyer Guest

    thanks bigc,

    I'm not sure how to post and make a link not work. The more dangerous one is in my first post here where I put the html in the post. Please make sure that link is disabled. My son says that a script can run itself even if you disable the html portion. Would it do any good to email this stuff to AVG or other virus ware companies?
    Thanks
    Connie
     
  20. natasha499

    natasha499 Guest

    I noticed that the toolbar spamblockerutility is advertising other websites from my travel website. When the toolbar is functioning and I go to my website http://www.vacations-abroad.com - Cheap Ticket popup ads appear along with a searchable function for airplane tickets and other information. Anyone feel like sueing this A**H*** This seems to be fraudulent since they are making money off my site without my approval. Anyone else notice this? There is that little toolbar at the top of the page when you do a search. :mad:
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I don't see anything there, and have tried it both with Internet Explorer and FireFox, I think you will find that it is your system that is having the problem. I would suggest running through the steps found here to make sure your system is clean: https://www.wilderssecurity.com/showthread.php?t=50662

    Hope this helps...

    Let us know how you go...

    Cheers :D
     
  22. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    same here, when i go to the link it just goes to the intended link with no popups or other ads.
     
  23. jimmyjam8824

    jimmyjam8824 Guest

    sorry, but I didn't have time to read every post in this thread, so this may have been mentioned before.
    As someone said, the virus may be called something different by other programs and I believe this may be the case, as I've had problems when I've
    visited sites and McAfee detected a virus.
    Second, as some people can't seem to find the thing, I've done a search and found a lot on this thing. I'm not worried so much about the system restore, as the Secthought hides in your temp. folders. running AVG when it detects
    the sucker does get rid of it. The problem is that certain sites tag this thing into your windows temp folder. I want to know is there someplace we can
    report what sites we got these from? I for one would love to never go there and let other people do the same. Hit these people where it really hurts.
     
Loading...
Thread Status:
Not open for further replies.