Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Get read of 69.50.190.131


  • Please log in to reply
3 replies to this topic

#1 infman

infman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 02 July 2005 - 12:31 AM

I have been going to several internet pages and when i get in some of them i get a random porn page instead of the web page! The adress goes like this: http://69.50.190.131/?to=dname&from=in
I have been using many spyware and adware scanners, but none of them helped me. Please help me to get rid of this!

BC AdBot (Login to Remove)

 


#2 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:08:46 PM

Posted 02 July 2005 - 02:52 AM

First steps:
Is your Anti-virus program current and updated? If not you can download a free anti-virus program here (US Link): AVG Free
When you have downloaded and installed it you need to go online to register it and update it. (It will probably prompt you to do this.)
Once you have installed AVG uninstall your old Anti-Virus software because you should only have one running on your system.

Do you have any anti-spyware installed? If not download and update all of the following:Reboot your computer in Safe Mode and run the anti-virus scan and anti-spyware scans there.
If you are not sure how to boot in Safe Mode there is a tutorial here: Safe Mode

See if that helps :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#3 infman

infman
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 03 July 2005 - 02:24 PM

I have done all that you said, but the problem is still there. :thumbsup:
But I noticed something strange:
1. In C:\Windows\System32 there is a file called "kernels32.exe"
2. That file is always running in the background
3. It puts himself to the startup, but it cannot be removed from the startup
4. I can't delete it
5. Maybe this file is part of Windows and I know that it must have been changed some time
But i'll tell you something else: when I first had the problem with unwanted sites I reinstalled Windows XP Pro (I'm a master in reinstalling Windows) but that didn't solve the problem, and before reinstalling i have reformatted the hard disk!
I don't know what this means. Can the Windows XP install CD be infected??!! (Hope not, but if it is i'll use the other Windows XP Pro CD wich has no Service Packs)
Very strange is the fact that I found the virus [COLOR=red]Win32/Tufik.A [COLOR=black]in the BSPlayer install package wich I downloaded from BSPlayer site!!!
If I will know something else I will write it down immediately.
But I'm still worried angry and sad. :flowers: :trumpet: :inlove: :huh: I hate stupid spyware!
I also have a screenshot of a page and maybe you would like to see it. I can send it to your e-mail adress if you want, maybe that helps me.

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:04:46 AM

Posted 03 July 2005 - 02:39 PM

Looks like you have a Trojan.

Run these online scans:
WindowSecurity
aČ Online-Check

Also run these online virus scanners:
http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/

If that doesn't help, then I suggest you post a HijackThis log for examination.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users