ATS and Adware/Spyware/Hi-Jackers

I have been having problems also.

There was a thread made about it that was sent to bts and no one seemed to care to look into it.

Then someone else had the same problem and made a thread which stayed on ats.

This is practically the only site I visit so it is unlikely that it is coming from somewhere else.

I would suspect hacking before thinking the staff is compromising our computers.

I was having a variety of problems but after running several new antispywares and switching to firefox it seems much better.

I have no idea what is up with my computer. I usually have been able to figure this kinda thing out..I thought maybe it was JAVA related. No luck. I don't know and don't know how to fix. Have tried contacting some PC repair guys I know but so far haven't heard from them.

I use Avast and twice in as many days, it has alerted me and blocked a virus and I've been on ATS both times it happened. I'm like Flyers Fan, I'm not a computer guru so, this is as much detail as I can give.

Folks...

I really do appreciate the apparent issues you're encountering, and we do everything possible to investigate what may be issues on ATS, or our advertisers.

However, please excuse my frustration related to what looks like unsubstantiated reports of rumors of problems.

Without back-up (such as anti-malware/adware/virus scanner logs), claims of "I'm getting alerts too," come across as little more than unfounded fear mongering.

I, and many of our staff, spend a lot of time on ATS --- myself and others, on Windows/IE expressly designed to give alerts for valid concerns --- and we're simply not seeing what's being reported in this and other threads.

Please, please, please... if you have what appears to be a valid issue, before you post about it, do the slight bit of extra effort to obtain the logs from your anti-malware/adware/virus scanner so that we have some data to use to investigate the potential problem. Otherwise, there's nothing we can do.

I tried to substantiate my claims on my thread. Microsoft Spyware told me I had these problems:

Spyware.\Emonster.b
Z.lob.PornAdvertiser.Xplisit
Trojan.InfoStealer.Banker.s

But I'm not sure 'Microsoft Spyware was legitimate.

411 Spyware told me I had these problems:

Trojan.Vundo
Trojan-Dropper.Delf
Trojan-Downloader.Matcash
Rogue.Virus Remover 2008
Rogue. AntiSpyware Master
Backdoor.TDSS

I don't have any experience dealing with these sort of problems, but tried to give some information to the members who were trying to help me. This was the best I could do.

Is this the sort of information that will help you?

[edit on 26-1-2009 by berenike]

Originally posted by berenike
Is this the sort of information that will help you?

No.

Those types of issues could come from anywhere.

We need to see the anti-virus/spyware logs to determine which IP address attempted the intrusion on your computer.

like this? It has been happening to me too, but didn't know what was going on. Hope this helps some.

9/25/2008 3:41:27 PM SYSTEM 1696 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
9/25/2008 3:41:27 PM SYSTEM 1696 An error has occured while attempting to update. Please check the logs.
10/31/2008 10:46:47 AM Home 1276 Sign of "Win32:Trojan-gen [Other]" has been found in "C:\DOCUME~1\Home\LOCALS~1\Temp\bar.0\A9SRCSP.EXE" file.
11/5/2008 1:40:03 PM SYSTEM 1268 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
12/6/2008 5:54:09 PM SYSTEM 1272 Sign of "JS: Packed-T [Trj]" has been found in "http://76.74.239.45/zy010100/pdf.php?id=1530" file.
12/6/2008 5:54:09 PM SYSTEM 1272 Sign of "JS: Packed-T [Trj]" has been found in "http://76.74.239.45/zy010100/pdf.php?id=1530&vis=1" file.
12/6/2008 5:54:29 PM SYSTEM 1272 Sign of "JS: Packed-T [Trj]" has been found in "http://76.74.239.45/zy010100/pdf.php?id=1530&vis=1" file.
12/27/2008 2:16:37 AM SYSTEM 1312 Sign of "HTML:Iframe-inf" has been found in "http://bigmp3online.com/?sid=aff0043\?sid=aff0043" file.
1/20/2009 7:04:15 AM SYSTEM 1484 Sign of "JS: FakeAV-B [Trj]" has been found in "http://bestanti-virusscan.com/360/1/en/_freescan.php?sid=880821" file.
1/20/2009 7:05:16 AM SYSTEM 1484 Sign of "JS:FakeAV-B [Trj]" has been found in "http://bestanti-virusscan.com/360/1/en/_freescan.php?sid=880821" file.
1/23/2009 4:25:35 AM SYSTEM 1484 Sign of "HTML:Iframe-inf" has been found in "http://banners.exitexchange.com/banner_js?pubid=1290383&bsize=1&rnd=0.532904436708894&ts=1232706334432\banner_js?pubid=1290383&bsize=1&rnd=0" file.
1/24/2009 8:45:43 PM SYSTEM 1484 Sign of "JS: Packed-T [Trj]" has been found in "http://oa.we1woiea.com/zyewroiuwa/pdf.php?id=9196" file.
1/24/2009 8:45:44 PM SYSTEM 1484 Sign of "JS: Packed-T [Trj]" has been found in "http://oa.we1woiea.com/zyewroiuwa/pdf.php?id=9196&vis=1" file.
1/24/2009 8:46:03 PM SYSTEM 1484 Sign of "JS: Packed-T [Trj]" has been found in "http://oa.we1woiea.com/zyewroiuwa/pdf.php?id=9196&vis=1" file.
1/25/2009 8:48:45 PM SYSTEM 1484 Sign of "JS: Packed-T [Trj]" has been found in "http://solo.eo1qiowr1ew.com/zyowoiurqwo/pdf.php?id=18116" file.
1/25/2009 8:48:45 PM SYSTEM 1484 Sign of "JS: Packed-T [Trj]" has been found in "http://solo.eo1qiowr1ew.com/zyowoiurqwo/pdf.php?id=18116&vis=1" file.
1/25/2009 8:49:05 PM SYSTEM 1484 Sign of "JS: Packed-T [Trj]" has been found in "http://solo.eo1qiowr1ew.com/zyowoiurqwo/pdf.php?id=18116&vis=1" file.
1/25/2009 8:49:12 PM SYSTEM 1484 Sign of "JS: Packed-T [Trj]" has been found in "http://solo.eo1qiowr1ew.com/zyowoiurqwo/pdf.php?id=18116&vis=1" file.


[edit to add: Sorry I should have U2U'd this instead of posting it here. but too late now. If you need any other info I will see what I can dig up on my comps log]

[edit on 27-1-2009 by RustykShade]

[edit on 27-1-2009 by RustykShade]

Originally posted by RustykShade
1/20/2009 7:04:15 AM SYSTEM 1484 Sign of "JS:FakeAV-B [Trj]" has been found in "http://bestanti-virusscan.com/360/1/en/_freescan.php?sid=880821" file.

That domain: bestanti-virusscan.com... appears to be where the problems are coming from. It's a known distributor of malware.

sorry i had to add the beginning of the log because I found an Ip sorry i didn't leave it in, but I didn't remember having problems that far back. but there you go.
Thanks for the help.

In all the years I have been a member of this forum I have been lucky enough no to have problems with the site, until the advertising started.

Beside the pop ups that was a far as it came.

But then the hijacking started and that was the top of the iceberg.

Well I don't let anything mar my mood and experience in this site so I will always get around getting the pesky trouble makers (malware) on check.

I have been clean since the last time I posted that I was been hijacked.

Can it be possible that ATS may be targeted randomely by outsiders?

Mild Mannered IT Consultant here. First of all I've never had any problems here on ATS, on anywhere actually.

1. Don't use Internet Explorer

If you're fully internet savvy, totally happy you know about Activex controls, the privacy settings, firewall turned on with a decent AV & Anti Spyware program PLUS don't go visiting websites that are known to carry spyware - then please carry on using Internet Explorer 7 - just ensure you're totally up to date with Windows Update.

If you don't fit into the above then please use either Google Chrome or Mozilla Firefox. There is not much difference between them, they will both import all your favourites automatically. Chrome will even import your IE usernames and passwords if you have had it set to remember them.
By all means Chrome and Firefox are not immune from Spyware but over 96% of all spyware will only infect Internet Explorer. If you are running anything less than the latest IE7 then you are asking for trouble.

2. Free Software

When installing software, either shareware or freeware do not blindly press NEXT during the installation options. ALWAYS choose the CUSTOM INSTALLATION rather than the typical one. Using the former will allow you to select not to install usage trackers and useless toolbars etc. which again increases risk of spyware.

3. Already Infected?

AdAware is largely useless, especially the free version - they have to give you some incentive to buy it. If infected I recommend Avast Anti Virus Free Edition which is as good as the commercial one and has given me so far 100% detection and 99% removal rate of nasties from customers machines.

Depending on what spyware / virus you have, anything you download may be infected before you can run it. If this is so, I suggest download Avast to a USB stick on a clean computer. Reboot your PC in Safe Mode (without networking) and run the installation from there.

3. Anti Virus 2008

A few of you seem to be reporting this one. It shows you a screen much like the Windows Security Centre screen, offers to scan your PC then urges you to buy it. It's run by a bunch of crooks External Link
This is notoriously difficult to remove with most Anti Virus programs (including Avast - hence the 99%) being unable to remove it. The easiest way to get rid of this is to download and run the following free program:MalwareBytes Anti Malware

This will completely remove all trace of the offending malware.

That's it for now but the main point I'm making is don't use Internet Explorer. It really has been and always will be targeted.


[edit on 27/1/09 by vonspurter]

[edit on 27/1/09 by vonspurter]

Originally posted by RustykShade
10/31/2008 10:46:47 AM Home 1276 Sign of "Win32:Trojan-gen [Other]" has been found in "C:\DOCUME~1\Home\LOCALS~1\Temp\bar.0\A9SRCSP.EXE" file.

That one is "My Web Search". Goto Control Panel --> Add/Remove Programs --> Find it amongst the list of installed programs and Click Remove.

It's not so much malware, just plain ole' Crapware.

I use Avast anti virus full version. and I love it. As for the "trojan" its been taken care of, but thank you, I had no idea what it was. Learn something new everyday

My computer has been cleaned and is free of most (if not all) malware and adware. Yay!! I haven't had any problems with any hijacking in a few days so I think whatever was doing it is gone now.

be well.

I have noticed that my Adware program goes nuts here at ATS. I have good security but none of them are perfect. It will go off every 10 to 30 seconds. I dont have this problem to this extent anywhere else I go on the web.

Whats up with all this spware?? Now I know its not just me.

Originally posted by tommyb98201
I have noticed that my Adware program goes nuts here at ATS. I have good security but none of them are perfect. It will go off every 10 to 30 seconds. I dont have this problem to this extent anywhere else I go on the web.

Please.

Read this posted above.

Statements like that are beginning to get downright frustrating... if not irritating.

reply to post by SkepticOverlord


I run Linux with a Linux based firewall, and Tor and Privoxy. Here is the repot I got when I opened the site....

Reported Attack Site!

This web site at bestanti-virusscan.com has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

I suspect an unknowing Windows user would get something bad from the site.

Originally posted by berenike
I tried to substantiate my claims on my thread. Microsoft Spyware told me I had these problems:

Spyware.\Emonster.b
Z.lob.PornAdvertiser.Xplisit
Trojan.InfoStealer.Banker.s

But I'm not sure 'Microsoft Spyware was legitimate.

411 Spyware told me I had these problems:

Trojan.Vundo
Trojan-Dropper.Delf
Trojan-Downloader.Matcash
Rogue.Virus Remover 2008
Rogue. AntiSpyware Master
Backdoor.TDSS

I don't have any experience dealing with these sort of problems, but tried to give some information to the members who were trying to help me. This was the best I could do.

Is this the sort of information that will help you?

[edit on 26-1-2009 by berenike]

You have been infected by Vundo according to what you posted.

Go to www.majorgeeks.com and download a program called 'Combofix' run the program in safe mode as well as regular mode.

To get into safe mode when the computer is starting, and before it hits the Windows splash screen, hit the F8 key repeatedly. If you did this right you will see a menu where you can choose safe mode.

After running that rerun your spyware scans.

Also I would also highly recommend downloading a program called 'CCleaner' this program will clean out all your temp files including your temporary internet files.

Let us know if you still get the Vundo warning after running Combofix.

Thanks

To all that are having adware/spyware popping up on their computers. The first thing I would suggest is switching to Firefox and downloading the add-on called 'NoScript'. This add on stops all Java scripts from running that you have not told it to allow.

Secondly, I would suggest going to the following website to receive help removing what you currently have been infected with.

www.whatthetech.com

There you will see, on the right hand side, 'Self help fixes' and 'Hijackthis logs'.

The 1st is, self explanatory, that you can find how to remove what you already know what you have.
The 2nd is where you request help and they will tell you what to download, where to download it, and how to run it so they can help you farther.

I have been a member of the above website for many years, and have learned how to remove spyware/adware/viruses from them.
I have been removing the above for well over 10 yrs now, and know that many are very hard, if not impossible, to remove using just anti-spyware tools. Many require manual removal and the mods on this site are more than willing to help you.
They do not charge you for this service and will make sure that you have a clean system when they have completed the removals with you.

Thanks

reply to post by gonzo610


Thanks - this was one of the first things I tried but I got the white and blue screen telling me that majorgeek was unavailable.

Same thing with another site that was recommended.

Basically, the virus seemed to anticipate everything I would do to try and get rid of it.

I tried to download some anti-virus software but got a message saying that Microsoft wouldn't allow me to have it.

My computer kept freezing for short periods then froze completely when I went into the task manager to see if I could find the name of the virus and get rid of it.

I couldn't use system restore either.

I can't use my old computer now - I've set up a new computer and broadband supplier and won't risk trying to use my infected computer for the internet again. Even if it would unfreeze itself.

It won't work offline and I think if I ever want to use it again I'll need a new hard drive?

I really don't know a lot about these things. I've only had the internet at home for about 7 or 8 months and someone else set it all up the first time. Having assured me that we had adequate protection.........

I got really fed-up because these people have robbed me of a computer and I don't know how to report it or who to report it to.

I kept getting pornographic and gambling sites coming up when I was on ATS and was relieved that it was adult pornography, unsavoury as that was. I was terrified of something worse presenting itself.

I'm repeating myself a bit here, but keep hoping that something I report may give someone the clue to what is happening.



[edit on 27-1-2009 by berenike]

Originally posted by berenike
reply to post by gonzo610

 

Thanks - this was one of the first things I tried but I got the white and blue screen telling me that majorgeek was unavailable.

Same thing with another site that was recommended.

Basically, the virus seemed to anticipate everything I would do to try and get rid of it.

I tried to download some anti-virus software but got a message saying that Microsoft wouldn't allow me to have it.

My computer kept freezing for short periods then froze completely when I went into the task manager to see if I could find the name of the virus and get rid of it.

I couldn't use system restore either.

I can't use my old computer now - I've set up a new computer and broadband supplier and won't risk trying to use my infected computer for the internet again. Even if it would unfreeze itself.

It won't work offline and I think if I ever want to use it again I'll need a new hard drive?

I really don't know a lot about these things. I've only had the internet at home for about 7 or 8 months and someone else set it all up the first time. Having assured me that we had adequate protection.........

I got really fed-up because these people have robbed me of a computer and I don't know how to report it or who to report it to.

I kept getting pornographic and gambling sites coming up when I was on ATS and was relieved that it was adult pornography, unsavoury as that was. I was terrified of something worse presenting itself.

I'm repeating myself a bit here, but keep hoping that something I report may give someone the clue to what is happening.



[edit on 27-1-2009 by berenike]

You can always download the programs on the new computer, burn them to a cd or thumb drive and plug them into the old computer.

If you do that I would suggest downloading AVG Free edition, Spybot, Ad-aware, Combofix, and Hijackthis.