Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 07-12-2005, 07:15 AM   #1 (permalink)
Insane
 
Location: West Virginia
http://inf3ct3d.us/ [DON'T VISIT!]

I have a PC that launches IE to http://inf3cted.us/ upon boot every time. I have found from searching that it is indeed spyware and I have ran many scans that have fixed it for others. There is nothing in the registry to cause it to boot up (startup items in 'run' folder). There is also nothing in the startup folder, even checked hidden files.

The program most people found success with was Microsoft AntiSpyware, which found some objects for me but not inf3ct3d. From what I have read, the site itself isn't where the virus/spyware comes from, but rather is the result of getting the virus/spyware. (If you do visit the page, I recommend not clicking any links there)

Anyone seen this or have ideas?

cynthetiq removed URL so that no one accidentally clicked on it
__________________

- Artsemis
~~~~~~~~~~~~~~~~~~~~
There are two keys to being the best:
1.) Never tell everything you know

Last edited by Cynthetiq; 07-12-2005 at 09:10 AM..
Artsemis is offline  
Old 07-12-2005, 07:25 AM   #2 (permalink)
Registered User
 
It boots into that page even after you change your settings (homepage, etc)? You could also try running HijackThis if you haven't already. I don't think I've heard of that particular site or infection but the site pretty much tells ya what it is.

I'm curious, did your scans find any hijackers or trojans?
Glory's Sun is offline  
Old 07-12-2005, 08:52 AM   #3 (permalink)
Insane
 
Location: West Virginia
My homepage is set to google, it just launches an instance of IE and goes to that page when the PC boots up. No, my scans did not find any hijackers, only misc. spyware junk.

I did read that this is used to allow an attacker to download files onto the PC. Another strange thing is the page doesn't actually load on the infected PC - just says page cannot be displayed.
__________________

- Artsemis
~~~~~~~~~~~~~~~~~~~~
There are two keys to being the best:
1.) Never tell everything you know
Artsemis is offline  
Old 07-12-2005, 08:56 AM   #4 (permalink)
Insane
 
Cuatela's Avatar
 
Location: NC, USA
which spyware programs did you run, and did you try running them in Safe Mode?
__________________
Any sarcasm was intentional.
Cuatela is offline  
Old 07-12-2005, 09:07 AM   #5 (permalink)
Insane
 
Location: West Virginia
S&D
Spyhunter (Love this, but had to pay for it)
Ad-Aware
Microsoft AntiSpyware (Fixed the issue for most people I read about)

About to try HiJackThis
__________________

- Artsemis
~~~~~~~~~~~~~~~~~~~~
There are two keys to being the best:
1.) Never tell everything you know
Artsemis is offline  
Old 07-12-2005, 09:20 AM   #6 (permalink)
Registered User
 
Be careful with Hijack.. make sure you know what you are going to remove. You can also try Spysweeper. http://www.webroot.com/downloads ==there is a trial version. It's the best IMO.

Also go to www.trendmicro.com and run housecall. It's free
Glory's Sun is offline  
Old 07-12-2005, 11:20 AM   #7 (permalink)
Insane
 
Location: West Virginia
Interesting, trendmicro will not load either. Trying Spysweeper now though.


Thanks for the edit btw, Cynthetiq.
__________________

- Artsemis
~~~~~~~~~~~~~~~~~~~~
There are two keys to being the best:
1.) Never tell everything you know
Artsemis is offline  
Old 07-12-2005, 11:28 AM   #8 (permalink)
Registered User
 
If they don't seem to fix the problem go ahead and run your scans in safe mode.
Glory's Sun is offline  
Old 07-12-2005, 12:04 PM   #9 (permalink)
Insane
 
Location: West Virginia
Nothing found in safe mode. Still getting the window. :/
__________________

- Artsemis
~~~~~~~~~~~~~~~~~~~~
There are two keys to being the best:
1.) Never tell everything you know
Artsemis is offline  
Old 07-12-2005, 12:17 PM   #10 (permalink)
Registered User
 
Are you virus definitions up to date??

Also double check your homepage and make sure it's set where you want it. If not then I guess you can backup what you need and do a format.

Formtting if fun
Glory's Sun is offline  
Old 07-12-2005, 01:39 PM   #11 (permalink)
Go Cardinals
 
soccerchamp76's Avatar
 
Location: St. Louis/Cincinnati
I am tempted to go to the website to see what happens. I have a firewall, antivirus, and I use Firefox. When the AIM virus was going around (send you a link to click on), I opened it in Firefox and a box popped up and asked if wanted to download "partypics67.jpg.exe" Knowing what would happen, I clicked no. IE users did not have this luxury as going to the website infected it automatically.
__________________
Brian Griffin: Ah, if my memory serves me, this is the physics department.
Chris Griffin: That would explain all the gravity.
soccerchamp76 is offline  
Old 07-12-2005, 01:42 PM   #12 (permalink)
Insane
 
Location: West Virginia
Yes, I just installed a new copy of Norton 2005 and updated everything... nothing found. To be honest, other than the page poping up, nothing is wrong with the PC, it runs fine... and its only when you boot up so you just simply close it. I really dont feel like reformatting over that, was just hoping someone had an idea to get rid of it
__________________

- Artsemis
~~~~~~~~~~~~~~~~~~~~
There are two keys to being the best:
1.) Never tell everything you know
Artsemis is offline  
Old 07-13-2005, 03:48 AM   #13 (permalink)
"Officer, I was in fear for my life"
 
hrdwareguy's Avatar
 
Location: Oklahoma City
Search your registry for inf3ct3d and see if anything pops up.
__________________
Gun Control is hitting what you aim at

Aim for the TFP, Donate Today
hrdwareguy is offline  
Old 07-13-2005, 03:49 AM   #14 (permalink)
"Officer, I was in fear for my life"
 
hrdwareguy's Avatar
 
Location: Oklahoma City
Search your registry for inf3ct3d and see if anything pops up. You can also run msconfig and turn off all that stuff that runs on startup and see if it goes away. If it does, slowly turn things back on until it comes back. Then you will know what is causing it.
__________________
Gun Control is hitting what you aim at

Aim for the TFP, Donate Today
hrdwareguy is offline  
Old 07-13-2005, 04:37 AM   #15 (permalink)
Young Crumudgeon
 
Martian's Avatar
 
Location: Canada
A bit of basic info, please :

What version of Windows?
What browser do you use?
What security software? You listed your AS and AV software, do you have a firewall? How about a network or hardware firewall?
And a HijackThis log would help a lot, too.

You shouldn't need to format over this, the only time I resort to formatting over malware is if a system is so badly infected that it's just not worth the necessary time to remove it all. If it's just the one virus/trojan/whatever the hell it is, it should be possible to get rid of it with no lasting harm done.
__________________
I wake up in the morning more tired than before I slept
I get through cryin' and I'm sadder than before I wept
I get through thinkin' now, and the thoughts have left my head
I get through speakin' and I can't remember, not a word that I said

- Ben Harper, Show Me A Little Shame
Martian is offline  
Old 07-13-2005, 04:40 AM   #16 (permalink)
Über-Rookie
 
Location: No longer, D.C
Quote:
Originally Posted by soccerchamp76
I am tempted to go to the website to see what happens.
I am glad I am not the only one *grin*... I guess I always was that kid who when told the stove was hot would immediately touch it and then exclaim, "Yup, the stove is hot!"
__________________
"All that we can do is just survive.
.All that we can do to help ourselves is stay alive." - Rush
oblar is offline  
Old 07-13-2005, 04:52 AM   #17 (permalink)
Insane
 
Location: West Virginia
Like I said, the website itself doesn't infect you. It is the result of an infection. At least that's what all the forums said that I read.

Nothing to the effect of inf3ct3d is in the registry. And with all startup and services disabled, I still get the window (/boggle). However, I do not get it in safe mode.


For Martian:
What version of Windows? XP
What browser do you use? IE / Mozilla, but window opens in IE (default)
What security software? I have Norton AntiVirus / Internet Security 2005
You listed your AS and AV software, do you have a firewall? Yes, through Internet Security
How about a network or hardware firewall? Actually at the moment, yes. But not normally. At the time of infection im sure there wasn't a hardware firewall.
And a HijackThis log would help a lot, too. Ill do that in awhile and post it.


Thanks for the help so far guys
__________________

- Artsemis
~~~~~~~~~~~~~~~~~~~~
There are two keys to being the best:
1.) Never tell everything you know
Artsemis is offline  
Old 07-13-2005, 05:01 AM   #18 (permalink)
Young Crumudgeon
 
Martian's Avatar
 
Location: Canada
Okay. First, get us a HijackThis log. Then go to Start>Run>msconfig, pop over to the startup tab and hit 'disable all' and see if that helps.
__________________
I wake up in the morning more tired than before I slept
I get through cryin' and I'm sadder than before I wept
I get through thinkin' now, and the thoughts have left my head
I get through speakin' and I can't remember, not a word that I said

- Ben Harper, Show Me A Little Shame
Martian is offline  
Old 07-13-2005, 05:05 AM   #19 (permalink)
Lover - Protector - Teacher
 
Jinn's Avatar
 
Location: Seattle, WA
The virus is called Backdoor.Shellbot -- http://securityresponse.symantec.com....shellbot.html
__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel
Jinn is offline  
Old 07-13-2005, 07:07 AM   #20 (permalink)
Insane
 
Location: West Virginia
I found that too Problem is, an updated norton didn't find it and those registry entrys are not present. It seems I have the remains of it after a remove.
__________________

- Artsemis
~~~~~~~~~~~~~~~~~~~~
There are two keys to being the best:
1.) Never tell everything you know
Artsemis is offline  
Old 07-13-2005, 07:08 AM   #21 (permalink)
Insane
 
Location: West Virginia
btw, its my bosses PC and she didn't bring it back today so it will probably be tomorrow before I can get a hijack log... thanks guys
__________________

- Artsemis
~~~~~~~~~~~~~~~~~~~~
There are two keys to being the best:
1.) Never tell everything you know
Artsemis is offline  
Old 07-13-2005, 06:01 PM   #22 (permalink)
Junkie
 
Location: bedford, tx
hijack this shows nothing? what does spysweeper show? any changes in the host file?
__________________
"no amount of force can control a free man, a man whose mind is free. No, not the rack, not fission bombs, not anything. You cannot conquer a free man; the most you can do is kill him."
dksuddeth is offline  
 

Tags
http or or inf3ct3dus or, visit

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 04:10 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360