Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE / Browser Hijack


  • Please log in to reply
1 reply to this topic

#1 wabli

wabli

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 26 August 2010 - 11:02 AM

problem description:

internet explorer
web pages are hijacked and replaced with a red banner screen saying
"Attention! Your web page request has been cancelled" in order to activate your security software, please press Fix Now(recommended)

option boxes: Resend request and Fix Now

[img]http://http://www.alep.biz/redpg.jpg[/img]

.....................................................
sysinfo:
Windows 7 - (winNT 6.00.3504)
internet explorer v8.00 (8.00.7600.16385)
Toshiba Laptop
......................................................


1) have searched for antivirus7 on system; not found.

2) run McAfee stinger(10.1.0.995 built aug 5 2010)

c:\program files\toshiba\TosApin\Comps1\TC\10033000\TC10033000C.exe\wtsetup.exe\11.nsis\6.nsis\7.nsis
found the Artemis!BB03AF6402B Trojan!!!
c:\ProgramData\WildTangent\951226E3-26FC-40BC-8085-3677B1128F95-extr.exe\7.niss
found the Artemis!BB03AF6402B Trojan!!!
c:\ProgramData\WildTangent\951226E3-26FC-40BC-8085-3677B1128F95-extr.exe\7.niss has been deleted.

clean files 20563
number of trojans 2
number of files deleted 1


3) run McAfee stinger(10.1.0.995 built aug 5 2010)

c:\program files\toshiba\TosApin\Comps1\TC\10033000\TC10033000C.exe\wtsetup.exe\11.nsis\6.nsis\7.nsis
found the Artemis!BB03AF6402B Trojan!!!

clean files 20560
number of trojans 1

4) run malwarebytes(current update) full scan... found none
.............................................
i have a hijackthis post if needed.

thanks for your help!

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 PM

Posted 30 August 2010 - 01:02 AM

Try this:

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users