|
http://inf3ct3d.us/ [DON'T VISIT!]
I have a PC that launches IE to http://inf3cted.us/ upon boot every time. I have found from searching that it is indeed spyware and I have ran many scans that have fixed it for others. There is nothing in the registry to cause it to boot up (startup items in 'run' folder). There is also nothing in the startup folder, even checked hidden files.
The program most people found success with was Microsoft AntiSpyware, which found some objects for me but not inf3ct3d. From what I have read, the site itself isn't where the virus/spyware comes from, but rather is the result of getting the virus/spyware. (If you do visit the page, I recommend not clicking any links there) Anyone seen this or have ideas? cynthetiq removed URL so that no one accidentally clicked on it |
It boots into that page even after you change your settings (homepage, etc)? You could also try running HijackThis if you haven't already. I don't think I've heard of that particular site or infection but the site pretty much tells ya what it is.
I'm curious, did your scans find any hijackers or trojans? |
My homepage is set to google, it just launches an instance of IE and goes to that page when the PC boots up. No, my scans did not find any hijackers, only misc. spyware junk.
I did read that this is used to allow an attacker to download files onto the PC. Another strange thing is the page doesn't actually load on the infected PC - just says page cannot be displayed. |
which spyware programs did you run, and did you try running them in Safe Mode?
|
S&D
Spyhunter (Love this, but had to pay for it) Ad-Aware Microsoft AntiSpyware (Fixed the issue for most people I read about) About to try HiJackThis |
Be careful with Hijack.. make sure you know what you are going to remove. You can also try Spysweeper. http://www.webroot.com/downloads ==there is a trial version. It's the best IMO.
Also go to www.trendmicro.com and run housecall. It's free :) |
Interesting, trendmicro will not load either. Trying Spysweeper now though.
Thanks for the edit btw, Cynthetiq. |
If they don't seem to fix the problem go ahead and run your scans in safe mode.
|
Nothing found in safe mode. Still getting the window. :/
|
Are you virus definitions up to date??
Also double check your homepage and make sure it's set where you want it. If not then I guess you can backup what you need and do a format. Formtting if fun :D |
I am tempted to go to the website to see what happens. I have a firewall, antivirus, and I use Firefox. When the AIM virus was going around (send you a link to click on), I opened it in Firefox and a box popped up and asked if wanted to download "partypics67.jpg.exe" Knowing what would happen, I clicked no. IE users did not have this luxury as going to the website infected it automatically.
|
Yes, I just installed a new copy of Norton 2005 and updated everything... nothing found. To be honest, other than the page poping up, nothing is wrong with the PC, it runs fine... and its only when you boot up so you just simply close it. I really dont feel like reformatting over that, was just hoping someone had an idea to get rid of it :)
|
Search your registry for inf3ct3d and see if anything pops up.
|
Search your registry for inf3ct3d and see if anything pops up. You can also run msconfig and turn off all that stuff that runs on startup and see if it goes away. If it does, slowly turn things back on until it comes back. Then you will know what is causing it.
|
A bit of basic info, please :
What version of Windows? What browser do you use? What security software? You listed your AS and AV software, do you have a firewall? How about a network or hardware firewall? And a HijackThis log would help a lot, too. You shouldn't need to format over this, the only time I resort to formatting over malware is if a system is so badly infected that it's just not worth the necessary time to remove it all. If it's just the one virus/trojan/whatever the hell it is, it should be possible to get rid of it with no lasting harm done. |
Quote:
|
Like I said, the website itself doesn't infect you. It is the result of an infection. At least that's what all the forums said that I read.
Nothing to the effect of inf3ct3d is in the registry. And with all startup and services disabled, I still get the window (/boggle). However, I do not get it in safe mode. For Martian: What version of Windows? XP What browser do you use? IE / Mozilla, but window opens in IE (default) What security software? I have Norton AntiVirus / Internet Security 2005 You listed your AS and AV software, do you have a firewall? Yes, through Internet Security How about a network or hardware firewall? Actually at the moment, yes. But not normally. At the time of infection im sure there wasn't a hardware firewall. And a HijackThis log would help a lot, too. Ill do that in awhile and post it. Thanks for the help so far guys |
Okay. First, get us a HijackThis log. Then go to Start>Run>msconfig, pop over to the startup tab and hit 'disable all' and see if that helps.
|
The virus is called Backdoor.Shellbot -- http://securityresponse.symantec.com....shellbot.html
|
I found that too :) Problem is, an updated norton didn't find it and those registry entrys are not present. It seems I have the remains of it after a remove.
|
btw, its my bosses PC and she didn't bring it back today so it will probably be tomorrow before I can get a hijack log... thanks guys
|
hijack this shows nothing? what does spysweeper show? any changes in the host file?
|
| All times are GMT -8. The time now is 07:59 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project