BleepingComputer.com: Windowsettings.org

Hello, I am having trouble with some maleware that opens up IE and tries to connect me to the following page
update.windowssettings.org/2/update.php
McAfee detects it is a phising page and blocks it which is good. I have used Stopzilla, Spybot, Windows defender and Maleware bytes to find it and kill it but each one says my machine is clean. What is this page and how do I find the pesky little piece of code?

So far all I found was SiteAdvosors comment. I submitted it there. Will have to keep an eye on this.

Quote

http://www.siteadvisor.com/sites/windowsse...gs.org/summary/

Please perform an online scan with Kaspersky WebScanner.

Click on

You will be promted to install an ActiveX component from Kaspersky, Click

• The program will launch and then begin downloading the latest definition files.
  
• Once the files have been downloaded click on
  
• Now click on
  
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
  
  
• Click
  
• Now under select a target to scan:
  Select My Computer
  
  
• This will program will start and scan your system.
  
• The scan will take a while so be patient and let it run.
  
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button.
  
  
• Save the file to your desktop.
  
• Copy and paste the scan results in your next reply.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 26, 2008 22:20:01
Records in database: 1149234
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 41280
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:13:22


File name / Threat name / Threats count
C:\Documents and Settings\Marina J\Desktop\LIMEWARE\lim\Tom Novy - Back To The Streets.wma Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Documents and Settings\Marina J\intelOP.exe Infected: Hoax.Win32.Renos.vavt 1
C:\Documents and Settings\Marina J\My Documents\igrice\[PC GAME Crack] Dracula Origin (Crack NO CD + Serial)\Crack.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\LIMEWARE\George Michael - Careless Whisper.wma Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Program Files\eMule\Incoming\[PC GAME Crack] Dracula Origin (Crack NO CD + Serial).[wnet.co.il].rar Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\WINDOWS\Wincra\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

The selected area was scanned.

Your Kaspersky scan results show that you are using crack tools so that's probably how you became infected. The practice of using crack or keygen tools is not only considered illegal activity but it is a serious security risk.

Quote

trendmicro.com/vinfo

If you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a smörgåsbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

I suggest you remove all the infected files by downloading and using FileASSASSIN FA_Portable.zip.

• Create a new folder on your C:\ drive called FileASSASSIN and extract (unzip) the file to that folder. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.)
  
• Open the folder and double-click on FileASSASSIN.exe.
  Note: If you downloaded the installable version instead, just double-click on fa-setup.exe to install and then launch FileASSASSIN from the program folder.
  
• Select the bad file to delete by dragging it onto the text area or select it using the (...) browse button.
  
• Select a removal method. Start with the default "Attempt FileASSASSIN's method of file removal"
  
• Click delete and the removal process will begin.
  
• If that did not work, start the program again, select the file(s) the same way as before and this time check "Use delete on reboot function from windows."

Quote

Then please download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "safe mode".
-- Post the log in your next reply and let me know how your computer is running.

Hi! How are you?
Look at this!
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, September 11, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, September 11, 2008 11:19:17
Records in database: 1212256
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 227341
Threat name: 10
Infected objects: 17
Suspicious objects: 0
Duration of the scan: 03:25:14


File name / Threat name / Threats count
C:\Users\Andre\AppData\Local\Temp\jb0.94.exe Infected: Backdoor.Win32.SdBot.gvj 1
C:\Users\Andre\AppData\Local\Temp\MPSampleSubmit\tsxngabr.dll.xor Infected: Trojan.Win32.Vapsup.kqa 1
C:\Users\Andre\AppData\Local\Temp\MPSampleSubmit\tsxngabr_1.dll.xor Infected: Trojan.Win32.Vapsup.kqa 1
C:\Users\Andre\AppData\Local\Temp\MPSampleSubmit\vtqnxfko.dll.xor Infected: Trojan.Win32.Vapsup.kpy 1
C:\Users\Andre\AppData\Local\Temp\MPSampleSubmit\vtqnxfko_1.dll.xor Infected: Trojan.Win32.Vapsup.kpy 1
C:\Users\Andre\Downloads\AVG Anti-Virus + Firewall v8.1 With Keygen.rar Infected: Trojan-Downloader.Win32.Agent.zyx 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\IMSP[1].exe Infected: Hoax.Win32.Renos.vavt 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kqd 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kqb 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kqc 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kpz 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kqa 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kpy 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9X0YI7D\MediaTubeCodec_ver1.1463.0[1].exe Infected: Trojan-Downloader.Win32.Zlob.wtb 1
C:\Users\Tancredi\intelOP.exe Infected: Hoax.Win32.Renos.vavt 1
C:\Windows\eplm.exe Infected: Trojan.Win32.Vapsup.kqd 1
C:\Windows\rafbsvnx.dll Infected: Trojan.Win32.Vapsup.kqc 1

The selected area was scanned.


----------------

I suppose that there's no problem if I delete any of those files, is it?


By the way, altough I'm working in my own account and I don't have Administrator privileges, my NOD32 Antivirus does NOT work, as you can see. When I try to delete the program I don't know what happens that the Antivirus doesn't disappear. The Vista begins to show up firewall alerts saying that the antivirus is not working. Then I restart the PC and the Antivirus reappear... What's going on? What Antivirus should I get now?
Now, after the Kaspersky Scan, the NOD32 found only one or two virus and when I click Delete it doesn't stop saying this: "Error While Deleting (Access Denied)" Altough antivirus has Administrator Privileges... I just don't understand what's going on here. And I will definitely not reformat the PC... again. This is driving me crazy...

(I know that that Antivirus is Cracked, but c'mon, I don't have any money to buy an original one)

I really appreciate your help I'm desperate!!

Quote

Why not? You need to be logged on as Administrator or an account with admin. privileges.

Quote

I gave you instructions to use FileASSASSIN to delete those files, then follow up with a scan using Dr.Web Cureit.

Quote

That is not an excuse as there are ample free anti-virus programs which you can use instead.
avast! 4 Home Edition (comes with built-in anti-rootkit and anti-spyware protection)
Avira AntiVir Personal - Free Antivirus (provides some rootkit detection and removal))
AVG Anti-Virus Free Edition 8.0
RISING Antivirus Free Edition
ClamWin Free Antivirus
PC Tools AntiVirus Free Edition