Posted 13 September 2008 - 03:55 PM
running hp laptop with XP HE svc pack 3......
recently downloaded Google Chrome beta version to get away from IE, and java update ver 7.
now browser is hijacked to a "click verifier" screen that looks very similiar to the spammer protections.....
it lists a variety of subjects, all in distorted fonts, and you have to click on the one that matches the subject or website desired. Regardless of what you select, it goes to one of two online store websites
I can do a search of subjects using google or yahoo, and get a list, but none of them will connect. Get the IE can not connect to this website page, or get the "click verifier" screen.
Spybot prevented XP antivirus 2008 from loading when i first installed CHROME. None of its associated files are on my hardrive or in the registry that I can find, adaware, avast can find nothing. Hijack this shows five system32 files trying to load on startup called:
YUR.exe, yur1.exe, yur2.exe, yur3.exe, yur4.exe.
Search finds a total of 10 YUR files in system32, numbered yur 1.exe through yur9.exe. deletion of these files through regedit does nothing, they recreate each boot. A new directory inside program files / google called yurigamoa25 (spelling uncertain) reappears each time.
Nothing unusual operating in task lists, no unknown processes, ADD/delete programs shows nothing unusual, other than mentioned.
Killbox finds nothing, can not delete yur files, except on reboot and they recreate when laptop is rebooted...smitfraudfix finds two H/key null files, but nothing else. removal, of these two keys does nothing to.
I have tried researching these files, and a click verifier hijacker, and have been unsuccessful. XP restore to earlier update point was unsuccessful.
I am reformatting and reloading my laptop as i write this (on another machine obviously)....just curious if any one knows about these symptoms....