My Computer is Under Total Assault

[DaytonBuck]

Long story short my search engine links on all browsers have been hijacked, I can only periodically actually log into any web site and my avast goes crazy popping up warning trojan or virus at even safe sites like Buckeyeplanet, CNNSI, Disptach, etc.

I've ran Kapersky online scanner, trend micro, panda soft, spybot, adaware, malawarebytes and avg from a friends lap top. They picked up some stuff but the main problem is still there.

The amazingtech's site listed in the beginning that had the hijack this log isn't taking logs now.

Can anyone recommend a good forum other than spyware hammer?

 

[BUCKYLE]

Sounds like the same problem BN27 was having..well, one of the problems he was having.

Link to his thread about the issue.

 

[DaytonBuck]

I'm about to bust out the fucking shine box

 

[DaytonBuck]

tried looking for the twain.exe and no dice

 

[NFBuck]

I blame DickRod. And MySpace.

 

[DaytonBuck]

I knew I should have never let tyrone willingham use my lap top at the airport.

I'm like the president in Independence Day mulling over the nuclear option of reinstalling windows but that would be a serious pain in the ass

 

[Gatorubet]

I knew I should have never let tyrone willingham use my lap top at the airport.

I'm like the president in Independence Day mulling over the nuclear option of reinstalling windows but that would be a serious pain in the ass

One question: did Scooter send you links to barelylegal.com?

I think I see your problem.

 

[3074326]

One question: did Scooter send you links to barelylegal.com?

I think I see your problem.

I see no problem with this.

You SEC fans are weird.

 

[Dryden]

It is a program called AV360. Started making the rounds on Dec 11 and it's getting worse because it has infected media payloads on MySpace and Facebook. I have dealt with two systems compromised here in the past week. Systems completely borked solely because the user browsed MySpace with IE 7 on an XP machine.

The first thing you need to do is go to the system restore utility and roll back to a restore point about a week ago.

From another computer you need to download the latest versions of MalWareBytes free and Ad Aware free, then copy those over to a USB key or CD to get them on the infected computer.

After you have rolled the infected machine's restore point back a week, install Ad Aware and immediately do a full scan. DO NOT DO A REBOOT. DO NOT RUN THE UPDATER. AV360 includes a dnsdll.exe interceptor that will catch outbound requests from your machine to sites such as MalWareBytes, Ad Aware, Symantec, etc and will deliver a phony definition database that will break these programs and prevent them from removing the AV360 rogue. For example, one thing I found in this rogue that's actually very clever is that when you try to enter www.lavasoft.com directly into your browser (the URL for Ad Aware) it pops a window prompting you to enter your username and password. If you visit lavasoft.com on an uninfected machine, that won't happen ... its just another Web site.

After Ad Aware has cleaned up any ancillary garbage, you can try MalWareBytes, then update both and run both again.

The file on your system that delivered the badness will probably be named InstallAVg_77024201[1].exe and be located in your IE cache. If you have that anywhere on your system, you've been fucked by AV360 and the Russian Federation.

This thing is a bitch to remove. Good luck.

 

[DaytonBuck]

It is a program called AV360. Started making the rounds on Dec 11 and it's getting worse because it has infected media payloads on MySpace and Facebook. I have dealt with two systems compromised here in the past week. Systems completely borked solely because the user browsed MySpace with IE 7 on an XP machine.

The first thing you need to do is go to the system restore utility and roll back to a restore point about a week ago.

From another computer you need to download the latest versions of MalWareBytes free and Ad Aware free, then copy those over to a USB key or CD to get them on the infected computer.

After you have rolled the infected machine's restore point back a week, install Ad Aware and immediately do a full scan. DO NOT DO A REBOOT. DO NOT RUN THE UPDATER. AV360 includes a dnsdll.exe interceptor that will catch outbound requests from your machine to sites such as MalWareBytes, Ad Aware, Symantec, etc and will deliver a phony definition database that will break these programs and prevent them from removing the AV360 rogue. For example, one thing I found in this rogue that's actually very clever is that when you try to enter www.lavasoft.com directly into your browser (the URL for Ad Aware) it pops a window prompting you to enter your username and password. If you visit lavasoft.com on an uninfected machine, that won't happen ... its just another Web site.

After Ad Aware has cleaned up any ancillary garbage, you can try MalWareBytes, then update both and run both again.

The file on your system that delivered the badness will probably be named InstallAVg_77024201[1].exe and be located in your IE cache. If you have that anywhere on your system, you've been fucked by AV360 and the Russian Federation.

This thing is a bitch to remove. Good luck.

I didn't see a pop up when I went to lavasoft.com does that mean anything?


How do I go back to the old dates on my computer?

When I burn Ad Aware (I'm assuming you're talking about the new one) and malware bytes do I burn them as .exe on to the cd?


Thank you for your help

 

[iambrutus]

buy a mac

 

[DaytonBuck]

buy a mac

I'm not going to be that guy

 

[Dryden]

If you're not getting the intercept for lavasoft you may have another, similar type of rogue, but in any event, if it's resistant to ad aware or malwarebytes, you should roll back a week.

XP? If so, goto Start -> All Programs -> Accessories -> System Tools -> System Restore.

You should have some automatic restore points in there from other software installations, so you can pick any arbitrary point in the recent past (probably a week, minimum, to be safe). This will not remove any files you've created on your system, it'll just replace the current registry with a previous backup. You will likely need to reinstall any applications that you've added between that restore point and today, but it's not anything major that'll result in you losing months worth of data or anything.

 

[DaytonBuck]

So I just go back, run lavasoft and malwarebytes and just run from there? I haven't saved or downloaded anything important in my computer in a while

 

[Dryden]

So I just go back, run lavasoft and malwarebytes and just run from there? I haven't saved or downloaded anything important in my computer in a while

Just make certain you have clean, uninfected copies of the most recent installers for ad aware & malwarebytes downloaded from a 'good' computer, and burn them to a CD. After you roll back a restore point, disconnect the infected computer from the network, so that when you install ad aware & malwarebytes again, the rogue doesn't redirect and pull garbage definition files off the Internet. The rogue can't prevent you removing it if it can't hose your removal utilities.

There are lots of rogues like this going around. AV360 is just the most recent one. The previous version was called Anti Virus 2009. There are others. They are very well designed, as they masquerade as other common useful utilities, like ad blockers and so forth. The tip-off is usually pop-ups with broken English. Search engine hijacks are very common symptoms of these rogueware installers, which are essentially just vehicles that dupe you into putting username/password pairs into things that don't require them, or popping dialogues that actually begin covert installation of other malware without your knowledge.

They're a pain in the ass. It's why I switched to Linux 9 years ago.