 Windowsettings.org, What is it and how do I kill it? |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
 Aug 24 2008, 01:00 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 24-August 08 Member No.: 232,870  |
update.windowssettings.org/2/update.php McAfee detects it is a phising page and blocks it which is good. I have used Stopzilla, Spybot, Windows defender and Maleware bytes to find it and kill it but each one says my machine is clean. What is this page and how do I find the pesky little piece of code? |
 |
 
|
|
Aug 24 2008, 06:17 PM
Post
#2
|
|
 To INSANITY and BEYOND !! Group: Moderator Posts: 21,869 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
So far all I found was SiteAdvosors comment. I submitted it there. Will have to keep an eye on this.
QUOTE windowssettings.org When we visited this site, we found that it may be designed to trick you into submitting your personal or financial information to online scammers. http://www.siteadvisor.com/sites/windowsse...gs.org/summary/ -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... Become a BleepingComputer fan: Facebook |
|
|
|
|
Aug 24 2008, 06:26 PM
Post
#3
|
|
 Bleepin' Janitor Group: Global Moderator Posts: 18,039 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
Please perform an online scan with Kaspersky WebScanner.
Click on  You will be promted to install an ActiveX component from Kaspersky, Click 
Scan Mail Bases 
-------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2009  Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
|
|
|
 Aug 27 2008, 01:34 AM
Post
#4
|
|
|
New Member Group: Members Posts: 3 Joined: 26-August 08 Member No.: 233,558 |
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, August 27, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, August 26, 2008 22:20:01 Records in database: 1149234 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ Scan statistics: Files scanned: 41280 Threat name: 3 Infected objects: 6 Suspicious objects: 0 Duration of the scan: 02:13:22 File name / Threat name / Threats count C:\Documents and Settings\Marina J\Desktop\LIMEWARE\lim\Tom Novy - Back To The Streets.wma Infected: Trojan-Downloader.WMA.GetCodec.b 1 C:\Documents and Settings\Marina J\intelOP.exe Infected: Hoax.Win32.Renos.vavt 1 C:\Documents and Settings\Marina J\My Documents\igrice\[PC GAME Crack] Dracula Origin (Crack NO CD + Serial)\Crack.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1 C:\LIMEWARE\George Michael - Careless Whisper.wma Infected: Trojan-Downloader.WMA.GetCodec.b 1 C:\Program Files\eMule\Incoming\[PC GAME Crack] Dracula Origin (Crack NO CD + Serial).[wnet.co.il].rar Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1 C:\WINDOWS\Wincra\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1 The selected area was scanned. |
|
|
|
|
Aug 27 2008, 07:13 AM
Post
#5
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 18,039 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
Your Kaspersky scan results show that you are using crack tools so that's probably how you became infected. The practice of using crack or keygen tools is not only considered illegal activity but it is a serious security risk.
QUOTE Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks. trendmicro.com/vinfoIf you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a smörgåsbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS. I suggest you remove all the infected files by downloading and using FileASSASSIN FA_Portable.zip.
QUOTE Caution: Be careful what you delete. FileAssassin is a powerful program, designed to move highly persistent files. Using it incorrectly could lead to serious problems with your operating system. Then please download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "safe mode". -- Post the log in your next reply and let me know how your computer is running. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2009 Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
|
|
|
|
Sep 11 2008, 12:08 PM
Post
#6
|
|
|
New Member Group: Members Posts: 1 Joined: 11-September 08 Member No.: 237,917 |
Hi! How are you?
Look at this! -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, September 11, 2008 Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, September 11, 2008 11:19:17 Records in database: 1212256 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ Scan statistics: Files scanned: 227341 Threat name: 10 Infected objects: 17 Suspicious objects: 0 Duration of the scan: 03:25:14 File name / Threat name / Threats count C:\Users\Andre\AppData\Local\Temp\jb0.94.exe Infected: Backdoor.Win32.SdBot.gvj 1 C:\Users\Andre\AppData\Local\Temp\MPSampleSubmit\tsxngabr.dll.xor Infected: Trojan.Win32.Vapsup.kqa 1 C:\Users\Andre\AppData\Local\Temp\MPSampleSubmit\tsxngabr_1.dll.xor Infected: Trojan.Win32.Vapsup.kqa 1 C:\Users\Andre\AppData\Local\Temp\MPSampleSubmit\vtqnxfko.dll.xor Infected: Trojan.Win32.Vapsup.kpy 1 C:\Users\Andre\AppData\Local\Temp\MPSampleSubmit\vtqnxfko_1.dll.xor Infected: Trojan.Win32.Vapsup.kpy 1 C:\Users\Andre\Downloads\AVG Anti-Virus + Firewall v8.1 With Keygen.rar Infected: Trojan-Downloader.Win32.Agent.zyx 1 C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\IMSP[1].exe Infected: Hoax.Win32.Renos.vavt 1 C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kqd 1 C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kqb 1 C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kqc 1 C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kpz 1 C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kqa 1 C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kpy 1 C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9X0YI7D\MediaTubeCodec_ver1.1463.0[1].exe Infected: Trojan-Downloader.Win32.Zlob.wtb 1 C:\Users\Tancredi\intelOP.exe Infected: Hoax.Win32.Renos.vavt 1 C:\Windows\eplm.exe Infected: Trojan.Win32.Vapsup.kqd 1 C:\Windows\rafbsvnx.dll Infected: Trojan.Win32.Vapsup.kqc 1 The selected area was scanned. ---------------- I suppose that there's no problem if I delete any of those files, is it? By the way, altough I'm working in my own account and I don't have Administrator privileges, my NOD32 Antivirus does NOT work, as you can see. When I try to delete the program I don't know what happens that the Antivirus doesn't disappear. The Vista begins to show up firewall alerts saying that the antivirus is not working. Then I restart the PC and the Antivirus reappear... What's going on? What Antivirus should I get now? Now, after the Kaspersky Scan, the NOD32 found only one or two virus and when I click Delete it doesn't stop saying this: "Error While Deleting (Access Denied)" Altough antivirus has Administrator Privileges... I just don't understand what's going on here. And I will definitely not reformat the PC... again. This is driving me crazy... (I know that that Antivirus is Cracked, but c'mon, I don't have any money to buy an original one) I really appreciate your help  I'm desperate!!
|
|
|
|
|
Sep 11 2008, 12:22 PM
Post
#7
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 18,039 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
QUOTE I don't have Administrator privileges Why not? You need to be logged on as Administrator or an account with admin. privileges.QUOTE Now, after the Kaspersky Scan, the NOD32 found only one or two virus and when I I gave you instructions to use FileASSASSIN to delete those files, then follow up with a scan using Dr.Web Cureit.click Delete it doesn't stop saying this: "Error While Deleting (Access Denied)" QUOTE I know that that Antivirus is Cracked, but c'mon, I don't have any money to buy an original one That is not an excuse as there are ample free anti-virus programs which you can use instead. avast! 4 Home Edition (comes with built-in anti-rootkit and anti-spyware protection) Avira AntiVir Personal - Free Antivirus (provides some rootkit detection and removal)) AVG Anti-Virus Free Edition 8.0 RISING Antivirus Free Edition ClamWin Free Antivirus PC Tools AntiVirus Free Edition -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2009 Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
|
|
|
|
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 02:05 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.