Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windowsettings.org


  • Please log in to reply
6 replies to this topic

#1 Larry May

Larry May

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 24 August 2008 - 01:00 PM

Hello, I am having trouble with some maleware that opens up IE and tries to connect me to the following page
update.windowssettings.org/2/update.php
McAfee detects it is a phising page and blocks it which is good. I have used Stopzilla, Spybot, Windows defender and Maleware bytes to find it and kill it but each one says my machine is clean. What is this page and how do I find the pesky little piece of code?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:21 AM

Posted 24 August 2008 - 06:17 PM

So far all I found was SiteAdvosors comment. I submitted it there. Will have to keep an eye on this.

windowssettings.org

When we visited this site, we found that it may be designed to trick you into submitting your personal or financial information to online scammers.



http://www.siteadvisor.com/sites/windowsse...gs.org/summary/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:21 AM

Posted 24 August 2008 - 06:26 PM

Please perform an online scan with Kaspersky WebScanner.

Click on Posted Image

You will be promted to install an ActiveX component from Kaspersky, Click Posted Image
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on Posted Image
  • Now click on Posted Image
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click Posted Image
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button.
  • Save the file to your desktop.
  • Copy and paste the scan results in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 pensacola

pensacola

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 27 August 2008 - 01:34 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 26, 2008 22:20:01
Records in database: 1149234
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 41280
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:13:22


File name / Threat name / Threats count
C:\Documents and Settings\Marina J\Desktop\LIMEWARE\lim\Tom Novy - Back To The Streets.wma Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Documents and Settings\Marina J\intelOP.exe Infected: Hoax.Win32.Renos.vavt 1
C:\Documents and Settings\Marina J\My Documents\igrice\[PC GAME Crack] Dracula Origin (Crack NO CD + Serial)\Crack.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\LIMEWARE\George Michael - Careless Whisper.wma Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Program Files\eMule\Incoming\[PC GAME Crack] Dracula Origin (Crack NO CD + Serial).[wnet.co.il].rar Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\WINDOWS\Wincra\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

The selected area was scanned.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:21 AM

Posted 27 August 2008 - 07:13 AM

Your Kaspersky scan results show that you are using crack tools so that's probably how you became infected. The practice of using crack or keygen tools is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

If you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a smörgåsbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

I suggest you remove all the infected files by downloading and using FileASSASSIN FA_Portable.zip.
  • Create a new folder on your C:\ drive called FileASSASSIN and extract (unzip) the file to that folder. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.)
  • Open the folder and double-click on FileASSASSIN.exe.
    Note: If you downloaded the installable version instead, just double-click on fa-setup.exe to install and then launch FileASSASSIN from the program folder.
  • Select the bad file to delete by dragging it onto the text area or select it using the (...) browse button.
  • Select a removal method. Start with the default "Attempt FileASSASSIN's method of file removal"
  • Click delete and the removal process will begin.
  • If that did not work, start the program again, select the file(s) the same way as before and this time check "Use delete on reboot function from windows."

Caution: Be careful what you delete. FileAssassin is a powerful program, designed to move highly persistent files. Using it incorrectly could lead to serious problems with your operating system.


Then please download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "safe mode".
-- Post the log in your next reply and let me know how your computer is running.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Tancredita

Tancredita

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 11 September 2008 - 12:08 PM

Hi! How are you?
Look at this!
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, September 11, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, September 11, 2008 11:19:17
Records in database: 1212256
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 227341
Threat name: 10
Infected objects: 17
Suspicious objects: 0
Duration of the scan: 03:25:14


File name / Threat name / Threats count
C:\Users\Andre\AppData\Local\Temp\jb0.94.exe Infected: Backdoor.Win32.SdBot.gvj 1
C:\Users\Andre\AppData\Local\Temp\MPSampleSubmit\tsxngabr.dll.xor Infected: Trojan.Win32.Vapsup.kqa 1
C:\Users\Andre\AppData\Local\Temp\MPSampleSubmit\tsxngabr_1.dll.xor Infected: Trojan.Win32.Vapsup.kqa 1
C:\Users\Andre\AppData\Local\Temp\MPSampleSubmit\vtqnxfko.dll.xor Infected: Trojan.Win32.Vapsup.kpy 1
C:\Users\Andre\AppData\Local\Temp\MPSampleSubmit\vtqnxfko_1.dll.xor Infected: Trojan.Win32.Vapsup.kpy 1
C:\Users\Andre\Downloads\AVG Anti-Virus + Firewall v8.1 With Keygen.rar Infected: Trojan-Downloader.Win32.Agent.zyx 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\IMSP[1].exe Infected: Hoax.Win32.Renos.vavt 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kqd 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kqb 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kqc 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kpz 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kqa 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2VKHKN\WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kpy 1
C:\Users\Tancredi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9X0YI7D\MediaTubeCodec_ver1.1463.0[1].exe Infected: Trojan-Downloader.Win32.Zlob.wtb 1
C:\Users\Tancredi\intelOP.exe Infected: Hoax.Win32.Renos.vavt 1
C:\Windows\eplm.exe Infected: Trojan.Win32.Vapsup.kqd 1
C:\Windows\rafbsvnx.dll Infected: Trojan.Win32.Vapsup.kqc 1

The selected area was scanned.


----------------

I suppose that there's no problem if I delete any of those files, is it?


By the way, altough I'm working in my own account and I don't have Administrator privileges, my NOD32 Antivirus does NOT work, as you can see. When I try to delete the program I don't know what happens that the Antivirus doesn't disappear. The Vista begins to show up firewall alerts saying that the antivirus is not working. Then I restart the PC and the Antivirus reappear... What's going on? What Antivirus should I get now?
Now, after the Kaspersky Scan, the NOD32 found only one or two virus and when I click Delete it doesn't stop saying this: "Error While Deleting (Access Denied)" Altough antivirus has Administrator Privileges... I just don't understand what's going on here. And I will definitely not reformat the PC... again. This is driving me crazy...

(I know that that Antivirus is Cracked, but c'mon, I don't have any money to buy an original one)

I really appreciate your help :thumbsup: I'm desperate!!

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:21 AM

Posted 11 September 2008 - 12:22 PM

I don't have Administrator privileges

Why not? You need to be logged on as Administrator or an account with admin. privileges.

Now, after the Kaspersky Scan, the NOD32 found only one or two virus and when I
click Delete it doesn't stop saying this: "Error While Deleting (Access Denied)"

I gave you instructions to use FileASSASSIN to delete those files, then follow up with a scan using Dr.Web Cureit.

I know that that Antivirus is Cracked, but c'mon, I don't have any money to buy
an original one

That is not an excuse as there are ample free anti-virus programs which you can use instead.
avast! 4 Home Edition (comes with built-in anti-rootkit and anti-spyware protection)
Avira AntiVir Personal - Free Antivirus (provides some rootkit detection and removal))
AVG Anti-Virus Free Edition 8.0
RISING Antivirus Free Edition
ClamWin Free Antivirus
PC Tools AntiVirus Free Edition
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users