Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iworm_attck_v122.02a


  • Please log in to reply
6 replies to this topic

#1 j908

j908

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 26 June 2006 - 08:48 AM

Hello and HELP!

I downloaded a codec that obviously was NOT a codec, but a malware trojan or something that resets my homepage and re-directs me to hxxp:: //www.sysnetsecurity.com/

I have run Adaware SE, cyberscrub, spybot, cleared Temp Int Files etc etc and seem to have got rid of the System Tray Alert and pop ups (Yellow triangle with Exclamation mark).

My home page is set to www.google.com, but is hijacked with hxxp:: //www.sysnetsecurity.com/

Would REALLY appreciate some help in getting rid of this and also some reassurance that all traces of it are gone so I can browse / surf with confidence again!

Im running XPPro all up to date and run with Zonelabs Pro firewall and AVG free edition.

MANY THANKS

Mod Edit: disabled the bad url links - QM7

Edited by quietman7, 26 June 2006 - 09:47 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:44 PM

Posted 26 June 2006 - 09:53 AM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download, install and update Ewido Anti-Spyware v4.0. DO NOT perform a scan yet..
Print out the Ewido Install and Scan Instructions.

Go here and follow the instructions for using SmitfraudFix. Read "How to create/extract a ZIP File in Win ME/XP/2003" if your not sure how to do this.

After using the tool reboot again in "SAFE MODE" and Clean out your Temporary Internet files as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click "Delete Files" under Temporary Internet Files.
  • In the Delete Files dialog box, tick the "Delete all offline content check box", and then click "OK".
  • On the General tab, click "Delete Cookies" under Temporary Internet Files, and then click "OK".
  • Click on the Programs tab then click the Reset Web Settings button. Click "Apply" then "OK".
  • Click "OK".
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click "Ok" then "Apply" and "Ok".

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Then scan with Ewido per the instructions you printed out and reboot back to normal mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 j908

j908
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 26 June 2006 - 07:40 PM

Thanks quietman7!

Only difficulty is that I cant reboot in safe mode!

It runs 30-40 lines of script and then just hangs...

Script is something along the lines of multi disk//partition disk and then file names etc.

Any thoughts on that one?

Many Thanks.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:44 PM

Posted 27 June 2006 - 09:21 AM

Did you try Using the System Configuration Tool Method as instructed in the "How To" tutorial?
See Fig. 4.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 widemouthfrog

widemouthfrog

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 22 July 2006 - 11:41 AM

Hello Quietman7- Google brought me here after researching Iworm_attck_v122.02a. Your detailed instructions worked without fail and where very easy to understand. Thank you for the assistance.

Cheers!

Widemouthfrog :thumbsup:

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:44 PM

Posted 24 July 2006 - 07:11 AM

Your welcome and good job ridding yourself of the problem. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 j908

j908
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 24 July 2006 - 09:03 AM

Yes, Thank you Quietman7,

I can vouch for that albeit a little belatedely. I have managed to remove the infection.

One little annoyance which Im not sure if it is related or not is that everytime I reboot I get an Install wizard pop-up trying to install a modem of some sort.

Is this related? I have NOT tried to install any modem (Im on broadband) and I cant seem to find what or where it is coming from.

Any help or direction greatly appreciated.

THANKS, Josh. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users