|
07-12-2005, 07:15 AM
|
#1 (permalink) |
|
Insane
Location: West Virginia
|
http://inf3ct3d.us/ [DON'T VISIT!]
I have a PC that launches IE to http://inf3cted.us/ upon boot every time. I have found from searching that it is indeed spyware and I have ran many scans that have fixed it for others. There is nothing in the registry to cause it to boot up (startup items in 'run' folder). There is also nothing in the startup folder, even checked hidden files.
The program most people found success with was Microsoft AntiSpyware, which found some objects for me but not inf3ct3d. From what I have read, the site itself isn't where the virus/spyware comes from, but rather is the result of getting the virus/spyware. (If you do visit the page, I recommend not clicking any links there) Anyone seen this or have ideas? cynthetiq removed URL so that no one accidentally clicked on it
__________________
- Artsemis ~~~~~~~~~~~~~~~~~~~~ There are two keys to being the best: 1.) Never tell everything you know Last edited by Cynthetiq; 07-12-2005 at 09:10 AM.. |
|
|
07-12-2005, 07:25 AM
|
#2 (permalink) |
|
Registered User
|
It boots into that page even after you change your settings (homepage, etc)? You could also try running HijackThis if you haven't already. I don't think I've heard of that particular site or infection but the site pretty much tells ya what it is.
I'm curious, did your scans find any hijackers or trojans? |
|
|
|
07-12-2005, 08:52 AM
|
#3 (permalink) |
|
Insane
Location: West Virginia
|
My homepage is set to google, it just launches an instance of IE and goes to that page when the PC boots up. No, my scans did not find any hijackers, only misc. spyware junk.
I did read that this is used to allow an attacker to download files onto the PC. Another strange thing is the page doesn't actually load on the infected PC - just says page cannot be displayed.
__________________
- Artsemis ~~~~~~~~~~~~~~~~~~~~ There are two keys to being the best: 1.) Never tell everything you know |
|
|
|
07-12-2005, 09:07 AM
|
#5 (permalink) |
|
Insane
Location: West Virginia
|
S&D
Spyhunter (Love this, but had to pay for it) Ad-Aware Microsoft AntiSpyware (Fixed the issue for most people I read about) About to try HiJackThis
__________________
- Artsemis ~~~~~~~~~~~~~~~~~~~~ There are two keys to being the best: 1.) Never tell everything you know |
|
|
|
07-12-2005, 09:20 AM
|
#6 (permalink) |
|
Registered User
|
Be careful with Hijack.. make sure you know what you are going to remove. You can also try Spysweeper. http://www.webroot.com/downloads ==there is a trial version. It's the best IMO.
Also go to www.trendmicro.com and run housecall. It's free  |
|
|
|
07-12-2005, 11:20 AM
|
#7 (permalink) |
|
Insane
Location: West Virginia
|
Interesting, trendmicro will not load either. Trying Spysweeper now though.
Thanks for the edit btw, Cynthetiq.
__________________
- Artsemis ~~~~~~~~~~~~~~~~~~~~ There are two keys to being the best: 1.) Never tell everything you know |
|
|
|
07-12-2005, 01:39 PM
|
#11 (permalink) |
|
Go Cardinals
Location: St. Louis/Cincinnati
|
I am tempted to go to the website to see what happens. I have a firewall, antivirus, and I use Firefox. When the AIM virus was going around (send you a link to click on), I opened it in Firefox and a box popped up and asked if wanted to download "partypics67.jpg.exe" Knowing what would happen, I clicked no. IE users did not have this luxury as going to the website infected it automatically.
__________________
Brian Griffin: Ah, if my memory serves me, this is the physics department. Chris Griffin: That would explain all the gravity. |
|
|
|
07-12-2005, 01:42 PM
|
#12 (permalink) |
|
Insane
Location: West Virginia
|
Yes, I just installed a new copy of Norton 2005 and updated everything... nothing found. To be honest, other than the page poping up, nothing is wrong with the PC, it runs fine... and its only when you boot up so you just simply close it. I really dont feel like reformatting over that, was just hoping someone had an idea to get rid of it
__________________
- Artsemis ~~~~~~~~~~~~~~~~~~~~ There are two keys to being the best: 1.) Never tell everything you know |
|
|
|
07-13-2005, 03:49 AM
|
#14 (permalink) |
|
"Officer, I was in fear for my life"
Location: Oklahoma City
|
Search your registry for inf3ct3d and see if anything pops up. You can also run msconfig and turn off all that stuff that runs on startup and see if it goes away. If it does, slowly turn things back on until it comes back. Then you will know what is causing it.
|
|
|
|
07-13-2005, 04:37 AM
|
#15 (permalink) |
|
Young Crumudgeon
Location: Canada
|
A bit of basic info, please :
What version of Windows? What browser do you use? What security software? You listed your AS and AV software, do you have a firewall? How about a network or hardware firewall? And a HijackThis log would help a lot, too. You shouldn't need to format over this, the only time I resort to formatting over malware is if a system is so badly infected that it's just not worth the necessary time to remove it all. If it's just the one virus/trojan/whatever the hell it is, it should be possible to get rid of it with no lasting harm done.
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame |
|
|
|
07-13-2005, 04:40 AM
|
#16 (permalink) | |
|
Über-Rookie
Location: No longer, D.C
|
Quote:
__________________
"All that we can do is just survive. .All that we can do to help ourselves is stay alive." - Rush |
|
|
|
|
07-13-2005, 04:52 AM
|
#17 (permalink) |
|
Insane
Location: West Virginia
|
Like I said, the website itself doesn't infect you. It is the result of an infection. At least that's what all the forums said that I read.
Nothing to the effect of inf3ct3d is in the registry. And with all startup and services disabled, I still get the window (/boggle). However, I do not get it in safe mode. For Martian: What version of Windows? XP What browser do you use? IE / Mozilla, but window opens in IE (default) What security software? I have Norton AntiVirus / Internet Security 2005 You listed your AS and AV software, do you have a firewall? Yes, through Internet Security How about a network or hardware firewall? Actually at the moment, yes. But not normally. At the time of infection im sure there wasn't a hardware firewall. And a HijackThis log would help a lot, too. Ill do that in awhile and post it. Thanks for the help so far guys
__________________
- Artsemis ~~~~~~~~~~~~~~~~~~~~ There are two keys to being the best: 1.) Never tell everything you know |
|
|
|
07-13-2005, 05:01 AM
|
#18 (permalink) |
|
Young Crumudgeon
Location: Canada
|
Okay. First, get us a HijackThis log. Then go to Start>Run>msconfig, pop over to the startup tab and hit 'disable all' and see if that helps.
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame |
|
|
|
07-13-2005, 05:05 AM
|
#19 (permalink) |
|
Lover - Protector - Teacher
Location: Seattle, WA
|
The virus is called Backdoor.Shellbot -- http://securityresponse.symantec.com....shellbot.html
__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel |
|
|
|
07-13-2005, 07:07 AM
|
#20 (permalink) |
|
Insane
Location: West Virginia
|
I found that too
Problem is, an updated norton didn't find it and those registry entrys are not present. It seems I have the remains of it after a remove.
__________________
- Artsemis ~~~~~~~~~~~~~~~~~~~~ There are two keys to being the best: 1.) Never tell everything you know |
|
|
|
07-13-2005, 07:08 AM
|
#21 (permalink) |
|
Insane
Location: West Virginia
|
btw, its my bosses PC and she didn't bring it back today so it will probably be tomorrow before I can get a hijack log... thanks guys
__________________
- Artsemis ~~~~~~~~~~~~~~~~~~~~ There are two keys to being the best: 1.) Never tell everything you know |
|
|
|
07-13-2005, 06:01 PM
|
#22 (permalink) |
|
Junkie
Location: bedford, tx
|
hijack this shows nothing? what does spysweeper show? any changes in the host file?
__________________
"no amount of force can control a free man, a man whose mind is free. No, not the rack, not fission bombs, not anything. You cannot conquer a free man; the most you can do is kill him." |
|
|
| Tags |
| http or or inf3ct3dus or, visit |
|
|
![http://inf3ct3d.us/ [DON'T VISIT!]](/tfp/iconimages/tilted-technology/http-inf3ct3d-us-dont-visit_ltr.gif)
