Old Men Online
Username:
Password:
Save Password


Register
Forgot Password?

 | Active Topics | Active Polls | Resources | Members | Online Users | Live Chat | Avatar Legend | Search | Statistics | 
[ Active Members: 0 | Anonymous Members: 0 | Guests: 14 ]  [ Total: 14 ]  [ Newest Member: Ancient ]
 All Forums
 Public
 Virus Alerts/e-Mail Scams
 Infected
 New Topic |   Reply to Topic |   Printer Friendly
Author Previous Topic: A scary e-mail... Topic Next Topic: Honor System Virus  

Festus-OMO
spoon
Posted - Apr 29 2004 :  07:50:42  Show Profile  Visit Festus-OMO's Homepage  Reply with Quote
I have been infected with some sort of ADWARE that i hae not been able to get rid of.

I have used Spybot, Adaware, and Spyware Blaster to no avail.

My Norton anti-virus finds the culprit, but I cannot delte or quarantine it. I get the following info;

mhsvcl.exe Adware.winpup


Anybody got any suggestions? I can't seem to track it down in my registry either.


Work like you don't need the money. Love like you've never been hurt. Dance like nobody's watching.
-- Satchel Paige
Country: Canada | Posts: 222

Nosehair-OMO
Administrator
Posted - Apr 29 2004 :  08:58:21  Show Profile  Send Nosehair-OMO an AOL message  Reply with Quote
stay away from "those" sites festy (you know what I'm talkin' 'bout)
Country: USA | Posts: 5300 Go to Top of Page

FuddyDud-OMO
Sub-reme Commander
Posted - Apr 29 2004 :  10:05:17  Show Profile  Send FuddyDud-OMO a Yahoo! Message  Reply with Quote
It's those damn dental warez sites.
Country: USA | Posts: 3586 Go to Top of Page

SmellyFart
Administrator
Posted - Apr 29 2004 :  11:26:24  Show Profile  Reply with Quote
I sent you a solution....

Smelly
Country: Canada | Posts: 632 Go to Top of Page

Petrified-OMO
Taxing Patience
Posted - Apr 29 2004 :  11:59:56  Show Profile  Reply with Quote
What smelly, re-install?

Country: USA | Posts: 7782 Go to Top of Page

Festus-OMO
spoon
Posted - Apr 29 2004 :  12:34:46  Show Profile  Visit Festus-OMO's Homepage  Reply with Quote
Thanks Smelly.

I'm running it now and will see if it works.


Work like you don't need the money. Love like you've never been hurt. Dance like nobody's watching.
-- Satchel Paige
Country: Canada | Posts: 222 Go to Top of Page

HEARTBURN-OMO
Spammer wannabe
Posted - Apr 29 2004 :  14:00:22  Show Profile  Reply with Quote
guess it's a secret



http://www.entertonement.com/clips/sgxwpvxvjk--I-wipe-my-own-ass
Country: USA | Posts: 4252 Go to Top of Page

PacemakerOMO
The Florida Racer!
Posted - Apr 29 2004 :  14:41:25  Show Profile  Reply with Quote
maybe it killed his comp.




Country: USA | Posts: 5531 Go to Top of Page

PacemakerOMO
The Florida Racer!
Posted - Apr 29 2004 :  14:41:32  Show Profile  Reply with Quote
maybe it killed his comp.




Country: USA | Posts: 5531 Go to Top of Page

Festus-OMO
spoon
Posted - Apr 29 2004 :  17:08:56  Show Profile  Visit Festus-OMO's Homepage  Reply with Quote
Nope still here, but this thing is rasiing hell with my system.

Its blocking Norton, at times will not let me even go to the Symantec website, disables my browser and email, and brings popups after I close my browser.

Like I said earlier, I'm long over due for a reformat, but its inconvienient for the next 2 weeks to do so.

Now downloading a program, cwshredder, to see if it works. evidently its picks up one nasty peice of work that all the other progys I've tried doesn't.


Work like you don't need the money. Love like you've never been hurt. Dance like nobody's watching.
-- Satchel Paige
Country: Canada | Posts: 222 Go to Top of Page

Bifocal-OMO
Moderator
Posted - Apr 29 2004 :  18:34:44  Show Profile  Visit Bifocal-OMO's Homepage  Reply with Quote
I hope i never get that mess dagnabit
Country: USA | Posts: 2863 Go to Top of Page

Retread_OMO
Got Video?
Posted - Apr 30 2004 :  00:55:53  Show Profile  Visit Retread_OMO's Homepage  Send Retread_OMO a Yahoo! Message  Reply with Quote
Heres a direct link Festus....and Ill post it as well

http://securityresponse.symantec.com/avcenter/venc/data/adware.winpup.html





Type: Adware




Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

Removal: Low
Damage: Low




Intelligent Updater Definitions*
September 24, 2003


LiveUpdate™ Definitions **
September 24, 2003


*
Intelligent Updater definitions are released daily, but require manual download and installation.
Click here to download manually.

**
LiveUpdate definitions are usually released every Wednesday.
Click here for instructions on using LiveUpdate.





This threat can be detected only by Symantec products that support expanded threats. For more information on expanded threats, please go here.



Behavior
Adware.Winpup is an adware component that generates large amounts of pop-up advertisements.

Symptoms
The files on the system are detected as Adware.Winpup.

Transmission
This adware component must be manually installed or installed as a component of another program that you install.






File names: Winpup.exe; Winpup32.exe

When Adware.Winpup is executed, it performs the following actions:


Copies itself as some or more of the following files:

%System%\%Random%.exe
%System%\Winpup.exe
%System%\Winpup32.exe


--------------------------------------------------------------------------------
Notes:
%System% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

%Random% is a variable, which is a randomly generated number.
--------------------------------------------------------------------------------


Adds the value:

%Random% = %System%\%Random%.ex

to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


Generates large amounts of pop-up advertisements.


May also download an executable from the Web, possibly an update of itself.








--------------------------------------------------------------------------------
Note: Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.
--------------------------------------------------------------------------------

Update the virus definitions.
Run a full system scan and delete all the files detected as Adware.Winpup.
Delete the value from the registry.

For specific details on each of these steps, read the following instructions.

1. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.

2. Scanning for and deleting the infected files
Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
Run a full system scan.
If any files are detected as infected with Adware.Winpup, click Delete.


3. Deleting the value from the registry

CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

Click Start, and then click Run. (The Run dialog box appears.)
Type regedit

Then click OK. (The Registry Editor opens.)


Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


In the right pane, delete any values pertaining to the filename that was detected as Adware.Winpup.


Exit the Registry Editor.




I SHOOT DEAD PEOPLE
Country: USA | Posts: 1957 Go to Top of Page

Bifocal-OMO
Moderator
Posted - Apr 30 2004 :  04:13:25  Show Profile  Visit Bifocal-OMO's Homepage  Reply with Quote
cool thanks


Country: USA | Posts: 2863 Go to Top of Page

Festus-OMO
spoon
Posted - Apr 30 2004 :  14:00:36  Show Profile  Visit Festus-OMO's Homepage  Reply with Quote
Thats it..but I have not been able to find anything that resembles the lines in the registry.

Yeah, I know its random too, but nothing close.

Shutting down for reformatt and a new hardrive. Talk to yawl in a day or two.


Work like you don't need the money. Love like you've never been hurt. Dance like nobody's watching.
-- Satchel Paige
Country: Canada | Posts: 222 Go to Top of Page

henrya
frequent visitor
Posted - Aug 30 2004 :  12:07:38  Show Profile  Click to see henrya's MSN Messenger address  Reply with Quote
this virus convinced me. i am moving to windows 3.x
f0 h1zzl3 my n1zzl3 w1th s0m3 sh1zzl3 1n my j1zzl3
Country: Israel | Posts: 276 Go to Top of Page
  Previous Topic: A scary e-mail... Topic Next Topic: Honor System Virus  
 New Topic |   Reply to Topic |   Printer Friendly
Jump To:
Old Men Online © 2002 Old Men Online Go To Top Of Page
This page took 0.44 seconds to load Powered By: Snitz Forums 2000