Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Virus Advertisement

  • This topic is locked This topic is locked
2 replies to this topic

#1 zdravkayancheva


  • Members
  • 1 posts
  • Local time:07:55 AM

Posted 06 October 2009 - 01:32 AM

Dear Sirs and Madams,

I have caught a virus-advertisement. Below I am trying to explain its details.

Virus behavior

I caught this disgusting virus approximately 1 week ago. The text is in Russian language and says that all advertised products could be found and purchased on sexshopextra.ru . The advertised products set changes at the consecution virus activations. I have never visited that site. I am not interested in porno. But I use Russian sites, because I know the language and I find interesting information there.

The advertisement virus is started even when all other software application were stopped (no application was started after computer turning power on). The advertisement virus appears approximately every 2-5 minutes after its closure. On the down right corner the advertisement has a button “Close”. If you press this button and keep your nerves quiet for one minute, the advertisement closes itself and stays inactivated for 2-5 minutes. After pressing the button “Close” a warning message begins to blink in blue/red colors and says “Do you want to eliminate this advertisement?” If you are nervous (obviously you are) and click on this warning the counting down of this one-minute time threshold for advertisement closing restarts the counting down and in this way the advertisement stays on your screen unlimited time.

When the computer is too busy, for example with downloading or installing GFI EventsManager, the virus advertisement could not appear for longer time (approximately for 10 minutes your computer is working without the advertisement).

Operational environment

My operating system is Windows XP Home edition, Version 2002, Service pack 3. My computer is laptop is TOSHIBA Satellite A50-106. At the moment of infection my anti-virus software was AVG. As it could not deal with the infection I installed Panda Antivirus Pro 2010, Version 9.00.00. It could not find and cure this virus. After that I downloaded SUPERAntiSpyware Free Edition Ver. It could not cure the virus. Today I downloaded twice GFI EventsManager (build 20090302). The results of its execution (screen-shots log) were the same and they are shown in the attached files. The software GFI EventsManager (build 20090302) can not start, because immediately after starting the processing of the events on local computer the software was stopped (see the yellow message on the screens log).

Attached files description and Final Observations

I attach the following 3 files:

CFI_run_interrupted_1.doc created 05.10.2009 at 09:17
CFI_run_interrupted_2.doc created 05.10.2009 at 14:13
CFI_run_interrupted_3.doc created 05.10.2009 at 18:48

The 3 files contain screen-shoots log of the process of starting the GFI EventsManager.
On 05.10.2009 I made 2 downloads and installations of GFI EventsManager(build 20090302).
The first download and installation was made at 08:00 approximately. Before sending technical support letter to CFI I decided to read the information from your manuals. I found that I have made mistake because I have made the installation when I was logged as usual user (not admin) and I have given you wrong account information. For that reason I downloaded and installed GFI EventsManager(build 20090302) again at 18:28. Of course before that I made "Uninstall" procedure using "Control panel >> Add or Remove Programs".

Today I found out that before starting the GFI EventsManager (first screen in the 3 screen-shot log files) that:

CFI Event Manager Service is not running
Syslog Sever is not running
SNMP Traps is not running

were marked in red before starting the execution of GFI EventsManager. Yesterday I accepted this fact as normal. Today I pay attention that also on the first screen-shot there is yellow attention mark with warning "Activity Overview". This makes me think that possible I made some downloading and installation mistake. I would like to apologize myself if I made a mistake at the downloading and installation process, but with this virus, appearing every 2-5 minutes I can not read installation manuals and other documentation.

Please, help me!

Kind regards,
Zdravka Yancheva,
e-mail: removed to protect from spambots. ~ OB

Edited by Orange Blossom, 06 November 2009 - 08:15 PM.

BC AdBot (Login to Remove)


#2 fireman4it


    Bleepin' Fireman

  • Malware Response Team
  • 13,512 posts
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:55 AM

Posted 23 October 2009 - 07:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.



If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,011 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:55 AM

Posted 06 November 2009 - 08:15 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users