Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

copy-book.com


  • Please log in to reply
8 replies to this topic

#1 chot117

chot117

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 27 December 2008 - 06:08 AM

Can any one help. My web browser has been taken over by copy-book.com and a resycled virus. I have managed to get rid of the resycled virus. But the copy-book.com is not being picked up by avg and when I run a full scan on malwarebytes it freezes. I have all my work stuff on here (Which is backed up) but I have been working to clear this for 2 days with no success. Can any one help please

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:39 PM

Posted 27 December 2008 - 03:56 PM

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.

Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.

Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot. Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 chot117

chot117
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 28 December 2008 - 01:19 AM

Thanks for the quick responce. I am getting my dns settings from my internet provider. As soon as it arrives I will try it. Thanks for the help I will post an update soon

#4 chot117

chot117
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 28 December 2008 - 08:56 AM

hi buddy215
Thanks for the help but the copy-book.com is still appearing at the bottom of the page and it is still sending me to random pages. I followed your instructions to the letter but no luck so far. Can you help further.
Thanks Chot117

#5 buddy215

buddy215

  • BC Advisor
  • 12,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:39 PM

Posted 28 December 2008 - 09:23 AM

Use Super Antispyware to find and remove the malware. Download and install SAS. Be sure to update it. Then reboot into safe mode to run the scan. Instructions for SAS in link below.
http://www.bleepingcomputer.com/forums/ind...t&p=1040160

Some malware prevents you from downloading or installing security programs. If you have that problem you will need to download SAS using another computer and transferring to the infected one using a CD or other medium. Once the SAS.EXE is on the infected computer rename it before installing. Rename by right clicking on the .exe, choose rename, and name it lastchancescan. Then double click on the file to run it.

You can also try to run MalwareBytes AntiMalware in safe mode first and see if it will complete its scan. Be sure to update MBAM.

After running the scans, see post here: http://www.bleepingcomputer.com/forums/ind...st&p=885665

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 chot117

chot117
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 01 January 2009 - 06:45 AM

Hey Thats has sorted it and found many more adware stuff.
Thanks for sorting this.

#7 buddy215

buddy215

  • BC Advisor
  • 12,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:39 PM

Posted 01 January 2009 - 07:29 AM

Glad your problem seems resolved. It would be better if you post the log(s) from the scans you ran using SAS and MBAM.
The logs may hold a clue to other malware not removed from your computer and it would help us here to help others.

You can block the Ad/ tracking cookies from ever installing on your computer by following the steps below.
This applies to Internet explorer browsers.
Click on tools
click on internet options
click on privacy tab
click on advanced button
put a check in the box next to override automatic cookie handling
put a check in the box next to first party accept
put a check in the box next to block third party cookies (those are the ad/ tracking cookies that AVG deletes)
Click OK to exit
Then just run another quick scan with SAS to remove the third party cookies that were installed before changing the settings.

Click start, All programs, Accessories, System tools, Disk Cleanup, Put a check next to all items except "compress old files".
Click on the more options tab, click on the "cleanup" button next to "system restore" (this will remove all of the restore points but the last one as many are infected) click OK and allow cleanup to run.

Use Secunia online scanner to check for missing security updates. http://secunia.com/vulnerability_scanning/online/
After updating Java (if you haven't done so already) go to Add/ Remove and remove ALL old Java programs.
IE browser, Adobe Reader, Adobel Flash and Java have all been exploited recently. Important to get the latest updates to avoid malware exploiting those programs.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 chot117

chot117
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 01 January 2009 - 11:43 AM

Hey thanks for that. I have done as instructed and here are the logs
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/01/2009 at 02:42 PM

Application Version : 4.24.1004

Core Rules Database Version : 3687
Trace Rules Database Version: 1663

Scan type : Quick Scan
Total Scan Time : 00:32:48

Memory items scanned : 478
Memory threats detected : 0
Registry items scanned : 414
Registry threats detected : 0
File items scanned : 6441
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\patrick\Cookies\patrick@avgtechnologies.112.2o7[1].txt

Malwarebytes' Anti-Malware 1.31
Database version: 1563
Windows 5.1.2600 Service Pack 2

01/01/2009 14:30:35
mbam-log-2009-01-01 (14-30-35).txt

Scan type: Quick Scan
Objects scanned: 62272
Time elapsed: 21 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Thanks

#9 buddy215

buddy215

  • BC Advisor
  • 12,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:39 PM

Posted 01 January 2009 - 12:09 PM

Thanks for posting back. Nothing is better than seeing all the zeroes and only one ad cookie.
Happy New Year!

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users