1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fucken spyware installed on my computer from a download link posted here

Discussion in 'BlackHat Lounge' started by mikie46, Dec 11, 2008.

  1. mikie46

    mikie46 Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2008
    Messages:
    1,454
    Likes Received:
    1,102
    I'v spent all day trying to remove the fucken spyware that was installed on my PC by clicking on a member posted download link here last night. Even though i have F-Secure installed the load was dumped on my PC and i have not been able to get rid of it.

    It has been an all day event. Even Microsoft's Malicious Spyware removal tool could not find it. Not to mention Xosftspy and two others. WTF. Be warned, alternate links to download something may infect your PC. If it not Rapidshare or Mediafire dont click on any other file sharing network.

    This shit pisses me off and im still searching for a solution to get rid of this crap. 4 supposed spyware software failed to find this. Does anyone else have a suggestion on what to use here.

    I tried to do a system restore. It fails. I dont know why but XP cannot restore. Just tells me it cant restore. I suspect this shit is stopping me from doing a restore.

    I found on instance of a file named a0046333.exe and that was deleted. But after 8hrs of no ads i start seeing them being dumped into my IE and Firefox browser. I thought FF was immune to this kind of shit. Arrrggggggggggggghhhhhhhhhhhhhh!
     
    Last edited: Dec 11, 2008
  2. niche1

    niche1 Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 22, 2007
    Messages:
    285
    Likes Received:
    144
    Link that you clicked please?

    This will warn others.....

    Sorry about your troubles, it does really suck.

    How did you find out about it?
     
  3. mikie46

    mikie46 Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2008
    Messages:
    1,454
    Likes Received:
    1,102
    How did i find out about it? This morning it started dumping ads into my IE and FF browser. Then i went to work trying to remove it.

    Its a link that is not a Mediafire or Rapidshare download link. All i know is that when i click on the download link it dumped a ton of windows into my browser that even F-Secure didn't detect.
     
  4. mintyfresh94

    mintyfresh94 Registered Member

    Joined:
    Nov 19, 2008
    Messages:
    59
    Likes Received:
    7
    pleas post the link or the person who uploaded... im really sorry to hear that as removing spyware can be a pain in the *a_ss*. If you are looking to remove it i would download avg cuz its free, or download nod 32 from a warez site.
    I hope you can fix it
     
  5. popcrdom29

    popcrdom29 Jr. VIP Jr. VIP Premium Member

    Joined:
    May 20, 2008
    Messages:
    807
    Likes Received:
    518
    I'm afraid your attempts may be futile. Last week I got the same thing from clicking on a link from here and I tried everything under the sun to get rid of it. Like you, I have spyware, antivirus programs installed but somehow that crap still got onto my system. That was the first time in a long time I have been infected. It pissed me off too.

    I looked up the spyware/virus articles and all reviews says that it is nearly impossible to get rid of it. The only way is to format and and reinstall, which I've already done. I was planning on doing a reinstall on a larger drive anyway so the timing is not that bad. But it still pisses me off that I got infected.

    Unfortunately I don't remember the exact link that I clicked on but it had something to do with an ebook and not software. If I remember I'll post it here.
     
    Last edited: Dec 11, 2008
  6. mikie46

    mikie46 Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2008
    Messages:
    1,454
    Likes Received:
    1,102
    Last edited: Dec 11, 2008
  7. adamster

    adamster Regular Member

    Joined:
    Nov 1, 2008
    Messages:
    210
    Likes Received:
    83
    Mikie, download Malwarebyte at download.com. install it then run the update. restart your computer on the safe mode by hitting the F8 key. Run a scan, reboot and the files will hopefully go away.
     
  8. mikie46

    mikie46 Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2008
    Messages:
    1,454
    Likes Received:
    1,102
    Thanks ill give it a try.

    The message you have entered is too short. :rolleyes:
     
  9. popcrdom29

    popcrdom29 Jr. VIP Jr. VIP Premium Member

    Joined:
    May 20, 2008
    Messages:
    807
    Likes Received:
    518
    That spyware/virus installed itself somewhere in the registration file so finding it will be extremely difficult. Even if you delete the ad websites, it replicates and comes right back. If I remember correctly it had something to do with the ubuntu virus. It's a really nasty one.
     
  10. mikie46

    mikie46 Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2008
    Messages:
    1,454
    Likes Received:
    1,102
    Thats not good news. I know my XP installation is only 6 months old. Im using F-Secure Interent Security 2008. I'd like to ask them why their spyware/malware scanner failed. Its the first time iv seen it fail like this. Maybe its something new i dont know.
     
  11. mikie46

    mikie46 Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2008
    Messages:
    1,454
    Likes Received:
    1,102
    Is a custom built PC with XP on it, 32-bit. Ill boot it into safe mode as suggested by adamster and see what it reveals.
     
  12. zensiq

    zensiq Junior Member

    Joined:
    Jun 14, 2008
    Messages:
    171
    Likes Received:
    27
    I agree with adamster, you can also try adaware se its another good adware remover
     
  13. twinkle88

    twinkle88 Junior Member

    Joined:
    Sep 28, 2008
    Messages:
    184
    Likes Received:
    45
    Do this thing:

    Go here:
    hxxp://www.askvg.com/is-your-system-infected-with-a-virus-spyware-adware-trojan-2/

    The blog author is a microsoft verfied professional, so you can trust him.

    Now follow the instruction mentioned in that post.


    The author asks you to to pot your log in comments section, post it and wait with some patience.

    If you are not able to wait, you can view the log file and if you find anything suspicious, start the system in safe mode and click fix this by tick marking the suspected log file.

    Hope this may help.
     
  14. emgxxg

    emgxxg Registered Member

    Joined:
    Nov 3, 2008
    Messages:
    93
    Likes Received:
    523
    I got slammed by 2-3 yesterday.. and had a tough time getting rid of 'em, actually I could not use any browsers either.. all of 'em kept freezing up on me.. I tried ie6/7, firefox, safari, chrome actually long story short.. I disabled my net connect.. downloaded the newest copy of avg 8 (10 yr license) on my laptop and that did the trick.. see if that helps.. get it from:
    btw. its definitely clean.
    Cheers!!
     
  15. KaisGuy

    KaisGuy Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 18, 2008
    Messages:
    1,106
    Likes Received:
    1,259
    Location:
    South Africa
    Home Page:
    Bru i know your pain... been through it a couple of times!

    I noticed you tried to do a system restore mate... I am pretty sure it wouldn't have helped you as it only restores to a certain Windows System State and if you have virusses, spyware or whatever this possibility of them still being there is pretty high.

    The only files that System Restore actually restores are as follows:

    # Registry
    # Files in the Windows File Protection (Dllcache) folder
    # Local user profile
    # COM+ and WMI Databases
    # IIS Metabase
    # Specific file types monitored

    These are the files and configurations that System Restore doesn't actually restore:

    # DRM settings
    # Passwords in the SAM hive.
    # WPA settings (Windows authentication information is not restored)
    # Specific directories/files listed in the Monitored File Extensions list in the System Restore section of the Platform SDK e.g. 'My Documents' folder.
    # Any file types not monitored by System Restore like personal data files e.g. .doc, .jpg, .txt etc.
    # Items listed in both Filesnottobackup and KeysnottoRestore (hklm->system->controlset001->control->backuprestore->filesnottobackup and keysnottorestore) in the registry.
    # User-created data stored in the user profile
    # Contents of redirected folders

    Have you tried SpyBot? I've used it with great success before.

    Here's the link:

    Code:
    http://www.safer-networking.org/en/spybotsd/index.html
    Try this aswell:

    RunAlyzer is an autostart & configuration manager that allows you to view and edit all the spots where Windows looks for programs or services to start. It's a combination of a standard configuration manager and an advanced tool to locate and remove places where hijackers, spyware and other malware hide.

    Code:
    http://www.safer-networking.org/en/runalyzer/index.html
    These are apparently awesome tools and they are FREE:

    Malwarebytes Anti-Malware:

    Code:
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
    SUPERAntiSpyware:

    Code:
    http://www.download.com/SUPERAntiSpyware-Free-Edition/3000-8022_4-10523889.html
    The following are also worth checking out dude:

    Winpooch is a watchdog for Windows (2000, XP, 2003, but only 32-bits). It detects modifications in your system, so as to detect a trojan or a spyware installation. It also includes a real-time anti-virus.

    Code:
    http://sourceforge.net/projects/winpooch/
    Remote BHO Scanner scans a windows domain for Browser Helper Objects (BHOs) which are commonly installed with malware or spyware. It displays, for each machine, the BHOs installed, and if BHO is categorized as Spyware on the Castlecops CLSID BHO list.

    Code:
    http://sourceforge.net/projects/remotebhoscan/
    A-squared HiJackFree is a detailed system analysis tool which helps advanced users to detect and remove all types of hijackers, spyware, adware, trojans, and worms. Manage all types of Autoruns on your system, Explorer and Browser plug-ins (BHOs, Toolbars). Running processes and their associated modules, control all Services, even those Windows doesn't display, view open ports and the associated listening processes and edit the hosts file.

    Code:
    http://www.download.com/A-squared-HiJackFree/3000-8022_4-10719194.html
    Hope this helps a bit mate...

    GOOD LUCK!!!

    Ciao Dude,

    Ruoall
     
    • Thanks Thanks x 4
  16. mikie46

    mikie46 Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2008
    Messages:
    1,454
    Likes Received:
    1,102
    Thanks for the suggestions everyone. Im going offline for a few hours to get this off my PC.
     
  17. xbox360gurl70s

    xbox360gurl70s Elite Member

    Joined:
    Sep 28, 2008
    Messages:
    1,532
    Likes Received:
    349
    Location:
    In your wet dreams
    you will have to atleast to try 6 different spyware removers as they often get scripts in there that usually gets undetected by most anti spywares.

    Guys always scan the files in multiple scanners before pressing the .exe
     
  18. KaisGuy

    KaisGuy Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 18, 2008
    Messages:
    1,106
    Likes Received:
    1,259
    Location:
    South Africa
    Home Page:
    Yip I agree with xbox360gurl70s

    Try this aswell:

    Comodo BOClean AntiMalware

    Code:
    http://www.comodo.com/boclean/boclean.html
    The Comodo Products are really good.

    Have you got a Firewall? If not, download the Comodo one:

    Code:
    http://www.personalfirewall.comodo.com/
     
  19. uma4guma

    uma4guma Newbie Premium Member

    Joined:
    Oct 5, 2008
    Messages:
    48
    Likes Received:
    213
    Occupation:
    Internet Marketing
    Location:
    Honolulu, Hawaii
    Sorry to hear that you got infected.

    try the free trial of Kasperky Internet Security, while it's not the cheapest anti-virus product on the market it is really good one. it's system resource usage is minimal compared to the competition, Its scanner is super fast and it consistently catches and successfully removes more viruses than the rest.

    You can download a free trial here:
    Code:
    http://www.kaspersky.com/trials
     
  20. southhill

    southhill Newbie

    Joined:
    Nov 19, 2008
    Messages:
    6
    Likes Received:
    4
    This won't help get rid of the virus you have, but it could prevent future incursions:

    What I do is install Virtualbox, then install XP onto it. Whenever I download something, I boot up a virtual machine, and install it on the vbox first. Run it for a while, reboot the virtual machine, and see if there are any signs of nastiness. If so, I can just go back to a previous vbox snapshot. If not, then I install it on the main computer.
     
    • Thanks Thanks x 1