Chicagoland Sportbike Forums banner

God DAMN Internet Porn Sites

1K views 26 replies 16 participants last post by  drbub22 
#1 ·
....sigh....

Ok, so a friend sends me a link to a porn site. Being a red blooded male, I click on the link. At some point in viewing this site, or something off of it, I get some fucking script installed on my PC.

When I turn on my PC I get a pop up:

"Error Starting Program
A required .DLL file, PSAPI.DLL, was not found."

When I open IE, it is trying to go to http://66.250.130.200/main/hp.php as my home page. when I keep trying to reset Hotmail as my homepage.

I also get the following links added to my favorites:
http://66.250.130.200/main/b3.php
http://66.250.130.200/main/b2.php
http://66.250.130.200/main/b1.php








For the life of fucking all that is holy....isn't it illigeal or something to run a script that fucks with a home PC?

In any event, I have tried removing it, looked for an installed program, cleared cookies, cleared cache and temp files, and can not figure out where this fucker planted itself.

Anyone have any idea how to get rid of this crap?

Ciao,
Lupi
 
See less See more
#6 ·
Did a free McaAfee scan showed up:



McAfee FreeScan has detected 1 infected file on your computer!
You need an immediate anti-virus solution! Your personal information might be vulnerable to exposure or corruption.
Also, your computer might transmit infected files to friends, family and co-workers.
Get immediate virus protection with McAfee VirusScan Online. Buy Now! Learn More...

Important! If you disabled your anti-virus software, please re-enable it now!
Scan Location
Drive C My Documents Windows Files
Scan Status
Files Scanned: 26318
Files Infected: 1
Information: Scanning completed!

List of Infected Files
File Name Virus Name
C:\WINDOWS\svchost.exe Spy-Tofger








I cannot delete svchost.exe because it is in use by windows.
 
#7 · (Edited)
Get a dos boot disk and startup with that in the floppy (or CD). Then manually delete the file (or rename it to *.xxx just in case you need it later) using dos commands - don't start windows.

Also might take a look at this:


<a href="http://www.pchell.com/virus/welchia.shtml">link</a>

<a href="http://www.winportal.com/chat.asp?ObjectID=8525">link</a>
 
#8 ·
jcc_rr said:
Get a dos boot disk and startup with that in the floppy (or CD). Then manually delete the file (or rename it to *.xxx just in case you need it later) using dos commands - don't start windows.

Also might take a look at this:


<a href="http://www.pchell.com/virus/welchia.shtml">link</a>

<a href="http://www.winportal.com/chat.asp?ObjectID=8525">link</a>
Renamed the exe file...still doing it!
 
#12 ·
Spybot's a good suggestion. You could also try Ad-Aware which is also freeware or shareware, at least. Also, let this be a lesson! Surfing weird dirty porn sites fuxes ups your shits, so don't!
 
#15 ·
Lupi


go to start/run and type in "regedit"
To to find/search and then type in each one of those links. As they pop up in the right hand plane delete them. What has happened is a script must have go in and changed your IE settings in the registry. Its the same thing some programs like AT@T dial up and AOL do.

If you must check out porn sites before you do go to the security settings of your browser and set it to custom and then turn off the scripts settings. This will keep those pop ups from coming up also and prevent what happened to you from happening without having to install a 3rd party software
 
#17 ·
Used SpyBot. Found a half dozen other things and fixed them, but it did not resolve this specific issue.

I could care less about teh bookmark and homepage being reset. I'll be ditching this PC in a month anyway hopefully.

What I am worried about, is that this little app is a pasword sniffer. Now, since I have gotten it, I have only been into my hotmail, CLSB and EQ. So, no great paswords there. For the mean time I will not log into any other site that requires a pass just in case.

can this king of thing check cookies or whatever files store the passwords? I've been into other sites that I have set to auto log me in when i go to them. I have all ready deleted cookies, but do i need to delete the windows file that saves passwords?

Ciao,
Lupi
 
#18 ·
Ok dude, be careful or you will render that PC useless. That is a serious virus if you cannot disable it by just not running the program. It probably means that it is running a service. AdAware can sometimes pick up infections on your current processes... I did not see anyone mentions it. If not, I say get everything you need out of that computer and start over. What kind of personal firewall are you running? you might be able to detect if something is sending information out of your computer. If a "friend" sent you the link, he might be trying to take control of your computer... or might already have done so.
 
#19 ·
Ok, one other question. I renamed that file as was suggested above. iit possible that SpyBot is missing it on a scan because of that? Should I rename the file to what it was and re-run spybot?

Guess I will spend more time on this tonight.

I would prefer to not have to re-format everything again. I've done that a few times with HD failures on this 8yr old machine. LOL I just want it to last a few more weeks.

Ciao,
Lupi
 
#20 ·
Lupi said:
Ok, one other question. I renamed that file as was suggested above. iit possible that SpyBot is missing it on a scan because of that? Should I rename the file to what it was and re-run spybot?

I would try that.
 
#21 ·
Lupi, Lupi. Lupi. See what happend when you use your pc to get off.:) Hey mam, I am with John on this one I think your registery has been modified. Good luck.:)
 
#22 ·
Been there done that. Now one of the girls that works for me has it on her office machine. You know the shit I'm giving her. She claims she wasn't on a no no site. Right... Spybot fixed it.
 
#23 ·
some of the ones coming out now are stubborn.
this is the way I fixem at work

open regedit go to the run section
export this key in case you fuck it up so you can restore it later

now delete any offending programs that are starting up
then reboot and run your spyware fix again.

it is common for the current spyware fixers to be unable to straighten out these things as the services are running and the os does not allow the offending files to be deleted if they are in use. check the following keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
but check these as well
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run key

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top