Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Infection


  • Please log in to reply
No replies to this topic

#1 handysamm

handysamm

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 13 September 2008 - 03:55 PM

running hp laptop with XP HE svc pack 3......

recently downloaded Google Chrome beta version to get away from IE, and java update ver 7.

now browser is hijacked to a "click verifier" screen that looks very similiar to the spammer protections.....
it lists a variety of subjects, all in distorted fonts, and you have to click on the one that matches the subject or website desired. Regardless of what you select, it goes to one of two online store websites
1) Alibaba
2) Abc

I can do a search of subjects using google or yahoo, and get a list, but none of them will connect. Get the IE can not connect to this website page, or get the "click verifier" screen.

Spybot prevented XP antivirus 2008 from loading when i first installed CHROME. None of its associated files are on my hardrive or in the registry that I can find, adaware, avast can find nothing. Hijack this shows five system32 files trying to load on startup called:
YUR.exe, yur1.exe, yur2.exe, yur3.exe, yur4.exe.

Search finds a total of 10 YUR files in system32, numbered yur 1.exe through yur9.exe. deletion of these files through regedit does nothing, they recreate each boot. A new directory inside program files / google called yurigamoa25 (spelling uncertain) reappears each time.

Nothing unusual operating in task lists, no unknown processes, ADD/delete programs shows nothing unusual, other than mentioned.

Killbox finds nothing, can not delete yur files, except on reboot and they recreate when laptop is rebooted...smitfraudfix finds two H/key null files, but nothing else. removal, of these two keys does nothing to.

I have tried researching these files, and a click verifier hijacker, and have been unsuccessful. XP restore to earlier update point was unsuccessful.

I am reformatting and reloading my laptop as i write this (on another machine obviously)....just curious if any one knows about these symptoms....

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users