• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      UPDATE on Upgrade   02/07/2017

      We were somewhat delayed on getting the upgrade done, but it looks like it will now be done in the next few days or possibly even later today.   There is one change coming with the new upgrade that may affect people when they log in. There will no longer be separate Usernames and Display Names. Your Display Name will now be the only name you have for the forum and, if you used your Username to log in, you will now need to use your Display Name. It is likely that everyone who visits after the upgrade will need to log in again, so please keep this in mind.   Update again - Feb 7 - We have completed the main part of the upgrade and we are working to tweak settings for the site.  It will probably take us a while, but we will eventually settle down to the way we want it.  In the meanwhile, your posts should be secure, but the look of the forum and some functions may change over time.
    • cnm

      We backup daily at 9:00 PM Pacific Time   02/13/2017

      You may notice the forum being unresponsive for a few minutes around 9:00 PM PST (11:00 PM CST, 5:00 AM GMT) while we back up the database.
    • cnm

      Notifications blocked by Outlook.com, Hotmail, Live, etc   02/14/2017

      Our notifications are blocked by those mail servers. If you have email address at Hotmail, Hotmail.uk, etc etc then you will not get notifications and need to manually check for new replies. We recommend Gmail.   The notifications won't even be in your Spam folder - they just go down a black hole.
Sign in to follow this  
Followers 0
takemefishing.ca

Okay...so WTF was that thing?

4 posts in this topic

At first I thought I had the CWS about:blank trojan. But it would not repond to the fixes set out here and at other forums. Here's what it would do and the basic chronography...

Day1 ...Receieved a download alert...clicked no..popped up again and agaian till I CTRL-ALT-DEL the thing.

Day2- Pop-ups...subtle at first. Ran Ad Aware and SPybot...cleaned junk out...nothing of real note.

Day 3...New BHO (about:blank) and all hell starts to break loose. Getting pop-up saying I was infected (animation of worms copulating) and to 'Click here for removal software. Then porn, porn and more porn.

Day 4...AdAware and Spybot clean junk out...run HijackThis...find extra dll's and delete. Find and install SpywareBlaster...works once then goes kaput./ Reinstall no better (Error about bad disc sector or virus).

Try to open ever-changing dll files in Notepad...Notepad then goes AWOL.

Purchased Pest Patrol after a search indicates it can clunk this trojan.Cleans it out...safe for about 6 hours then new .dll's with new names. Raining porn again.

Check with Norton...Norton finds Revop c. Wasn't there before...quarantine and delete. Reboot. Damm...about:blank page again. System Restore now done in,too.

Copernic toasted.Easy GIF animator gone.

 

Day 5-Porn porn porn...Pest Patrol now shows all clear in spite of porn central staition. Pest Patrol now kaput.

HiJackThis now only thing working. Norton can no longer update. Guys at Virtualdr.com can offer nothing more than what I have done. I can clean and stay good for about 6 hours at a time now. I made the call to have my disc reformatted and was going to partition out 15 Gb for surfing and leave my Photoshop and other expensive goodies on 'D' drive so if I needed to I could just pooch the 'c' drive whenever I got crapped on.

 

Read a post somewhere about a fix in regedit by deleting a reg key in HLM>SoftwareEnvironment>Windows and renaming Windows to Windows2 then deleting the App_InitDlls file then renaming Windows2 back to Windows.

I was desperate. Had no clue what that registry did, but I was about to reformat anyway.

Deleted the registry, rebooted and voila...SpywareBlaster and pestPatrol go to town and clear the junk out. Norton Updates right away (had to replace the notepad.exe file thoguh).

AdAware and Spybot now run and clear out remaining junk.

Now been a week clear. I have so much damm anti-spyware stuff now...lol.

Mozilla Firefox now my browser. IE is cranked down and dormant (which I could delte the damm thing)

 

I read more on Trojans that week than anyone alive. I still cannot figure out which one it was or if it was a combo job. I know the trojan formed a new .dll that was hooked in the rundll which is how it kept recreating itself. I know that I am fine now and without IE I run perfeclty clear AdAware et al scans daily (always found some junk before when using IE).

 

 

Opinions?

Share this post


Link to post
Share on other sites

You had it rough! (I thought my easy-search prob. was bad.)

It sounds like you got a combination of pests.

For one, a start page downloader trojan--one of the

most annoying. CWS problems morph so often, it's hard to

pinpoint them; that's why they cause so many problems.

There are new variants every day.

 

Something that helped me that you may want to look into is

the tool in Spybot Search and Destroy under advanced mode/

tools/Host file. It enables you to block specific servers

(CoolWebSearch).

You can also set your homepage and

the searchURL files with the homepage shield.

Share this post


Link to post
Share on other sites

Hi fishing,

 

I had the same problem, but I don't think it got as far as yours. The most notable similarity was the rather distinctive pop-up with the green bugs in sexual positions. I do still have some issues (my c: drive is stuck in DOS compatibility mode), but I think I got

to the heart of the matter by following the advice in the following thread. Now, I don't know if you are running win98 or not, but if you are it might help. If you aren't, it might still help you to figure out what to do. Basically what the post tells is how to find a .dll in your system info program that is invisible by browsing that malware scanners most likely won't find. In this specific case (as well as mine) it was one that turns out to be exactly 57,344 bytes in size. It has you rename the file extension in DOS and somehow this makes the malware scanners (namely Ad-Aware in this post) able to find the file, recognize it as malware and then fix it. In this case that is the file that is responsible for regenerating the problem(s?) even after you have cleaned with HijackThis, Ad-Aware, etc.

 

I hope it helps you:

 

http://forums.spywareinfo.com/index.php?sh...c=10746&hl=bobO

Share this post


Link to post
Share on other sites

Oh, I forgot

 

I started to make progress in figuring this out when I looked up "about:blank" in the "virus info" page at www.pandasoftware.com. For me the "StartPage.FH" trojan description was closest to what I was experiencing. At least then I knew what to search for and what to call it. They had pictures of the home page and several of the popups I was getting. I figure they didn't show the green bugs because it's offensive. It didn't directly lead to my solving the problem but it did help (by searching for this specific type of trojan in the forums I found bobO's post), and as they used to say on GI-JOE, "knowing is half the battle"--the article has good info.

 

http://www.pandasoftware.com/virus_info/en...x?idvirus=48563

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0