God DAMN Internet Porn Sites - Chicagoland Sportbikes
Chicagoland Sportbikes
 
Open Forum This forum is for all off-topic discussion.

 
LinkBack Thread Tools Display Modes
post #1 of 27 (permalink) Old 12-15-2003, 07:44 PM Thread Starter
IDK WTF TO PUT HERE NOW!
 
Lupi's Avatar
 
Join Date: Apr 2002
Location: Lakemoor, IL
Posts: 2,765
Location: Lakemoor, IL
Sportbike: The GF!
Years Riding: 3,201,394
How you found us: champ91
           
Send a message via AIM to Lupi Send a message via MSN to Lupi Send a message via Yahoo to Lupi
God DAMN Internet Porn Sites

....sigh....

Ok, so a friend sends me a link to a porn site. Being a red blooded male, I click on the link. At some point in viewing this site, or something off of it, I get some fucking script installed on my PC.

When I turn on my PC I get a pop up:

"Error Starting Program
A required .DLL file, PSAPI.DLL, was not found."

When I open IE, it is trying to go to http://66.250.130.200/main/hp.php as my home page. when I keep trying to reset Hotmail as my homepage.

I also get the following links added to my favorites:
http://66.250.130.200/main/b3.php
http://66.250.130.200/main/b2.php
http://66.250.130.200/main/b1.php








For the life of fucking all that is holy....isn't it illigeal or something to run a script that fucks with a home PC?

In any event, I have tried removing it, looked for an installed program, cleared cookies, cleared cache and temp files, and can not figure out where this fucker planted itself.

Anyone have any idea how to get rid of this crap?

Ciao,
Lupi
Lupi is offline  
Sponsored Links
Advertisement
 
post #2 of 27 (permalink) Old 12-15-2003, 07:45 PM
Administrator
 
HDTony's Avatar
 
Join Date: Apr 2002
Location: Plainfield IL
Posts: 45,956
Location: Plainfield IL
Sportbike: A couple of pasta rockets
Years Riding: Since 1989
How you found us: In the beginning there was CLSB and Tony saw that it was good.
           
Send a message via AIM to HDTony
Something is running int he back round. I would give spybot a chance.




HDTony.... Damn glad to meet you!

Government's view of the economy could be summed up in a few short phrases: If it moves, tax it. If it keeps moving, regulate it. And if it stops moving, subsidize it.

- Ronald Reagan

AirTek Heating & Air inc.
HDTony is offline  
post #3 of 27 (permalink) Old 12-15-2003, 07:48 PM Thread Starter
IDK WTF TO PUT HERE NOW!
 
Lupi's Avatar
 
Join Date: Apr 2002
Location: Lakemoor, IL
Posts: 2,765
Location: Lakemoor, IL
Sportbike: The GF!
Years Riding: 3,201,394
How you found us: champ91
           
Send a message via AIM to Lupi Send a message via MSN to Lupi Send a message via Yahoo to Lupi
Quote:
Originally posted by GsxrTony
Something is running int he back round. I would give spybot a chance.
Freewhare and where can I get it?
Lupi is offline  
post #4 of 27 (permalink) Old 12-15-2003, 08:06 PM
Administrator
 
HDTony's Avatar
 
Join Date: Apr 2002
Location: Plainfield IL
Posts: 45,956
Location: Plainfield IL
Sportbike: A couple of pasta rockets
Years Riding: Since 1989
How you found us: In the beginning there was CLSB and Tony saw that it was good.
           
Send a message via AIM to HDTony
Download.com search for spybot I think its called spybot seek and destroy, but just spybot should get you to it.

yup its free.




HDTony.... Damn glad to meet you!

Government's view of the economy could be summed up in a few short phrases: If it moves, tax it. If it keeps moving, regulate it. And if it stops moving, subsidize it.

- Ronald Reagan

AirTek Heating & Air inc.
HDTony is offline  
post #5 of 27 (permalink) Old 12-15-2003, 08:14 PM
CLSB SuperHero
 
TerminatorR1's Avatar
 
Join Date: Jun 2002
Location: Crest Hill...didnt think you've heard of it
Posts: 1,808
Location: Crest Hill...didnt think you've heard of it
Sportbike: None right now
Years Riding: since '95
How you found us: friend
  
Spybot seach and destroy is the best.

Life is too short to ride anything but an R1

In memory of FastBlueR1...RIP

TerminatorR1 is offline  
post #6 of 27 (permalink) Old 12-15-2003, 08:39 PM Thread Starter
IDK WTF TO PUT HERE NOW!
 
Lupi's Avatar
 
Join Date: Apr 2002
Location: Lakemoor, IL
Posts: 2,765
Location: Lakemoor, IL
Sportbike: The GF!
Years Riding: 3,201,394
How you found us: champ91
           
Send a message via AIM to Lupi Send a message via MSN to Lupi Send a message via Yahoo to Lupi
Did a free McaAfee scan showed up:



McAfee FreeScan has detected 1 infected file on your computer!
You need an immediate anti-virus solution! Your personal information might be vulnerable to exposure or corruption.
Also, your computer might transmit infected files to friends, family and co-workers.
Get immediate virus protection with McAfee VirusScan Online. Buy Now! Learn More...

Important! If you disabled your anti-virus software, please re-enable it now!
Scan Location
Drive C My Documents Windows Files
Scan Status
Files Scanned: 26318
Files Infected: 1
Information: Scanning completed!

List of Infected Files
File Name Virus Name
C:\WINDOWS\svchost.exe Spy-Tofger








I cannot delete svchost.exe because it is in use by windows.
Lupi is offline  
post #7 of 27 (permalink) Old 12-15-2003, 08:43 PM
Registered User
 
jcc_rr's Avatar
 
Join Date: Apr 2002
Location: South Suburbs
Posts: 329
Location: South Suburbs
           
Get a dos boot disk and startup with that in the floppy (or CD). Then manually delete the file (or rename it to *.xxx just in case you need it later) using dos commands - don't start windows.

Also might take a look at this:


link

link

2011 Suzuki GSXR750
2001 Suzuki GSXR600

Last edited by jcc_rr; 12-15-2003 at 08:52 PM.
jcc_rr is offline  
post #8 of 27 (permalink) Old 12-15-2003, 08:52 PM Thread Starter
IDK WTF TO PUT HERE NOW!
 
Lupi's Avatar
 
Join Date: Apr 2002
Location: Lakemoor, IL
Posts: 2,765
Location: Lakemoor, IL
Sportbike: The GF!
Years Riding: 3,201,394
How you found us: champ91
           
Send a message via AIM to Lupi Send a message via MSN to Lupi Send a message via Yahoo to Lupi
Quote:
Originally posted by jcc_rr
Get a dos boot disk and startup with that in the floppy (or CD). Then manually delete the file (or rename it to *.xxx just in case you need it later) using dos commands - don't start windows.

Also might take a look at this:


link

link
Renamed the exe file...still doing it!
Lupi is offline  
post #9 of 27 (permalink) Old 12-15-2003, 08:57 PM
CLSB SuperHero
 
TerminatorR1's Avatar
 
Join Date: Jun 2002
Location: Crest Hill...didnt think you've heard of it
Posts: 1,808
Location: Crest Hill...didnt think you've heard of it
Sportbike: None right now
Years Riding: since '95
How you found us: friend
  
Lupi....did you try S&D?

Life is too short to ride anything but an R1

In memory of FastBlueR1...RIP

TerminatorR1 is offline  
post #10 of 27 (permalink) Old 12-15-2003, 08:58 PM
Registered User
 
jcc_rr's Avatar
 
Join Date: Apr 2002
Location: South Suburbs
Posts: 329
Location: South Suburbs
           
try going here and finding a fix for the virus under download virus removal tool:

symantec

or fix from here:

fix link

2011 Suzuki GSXR750
2001 Suzuki GSXR600

Last edited by jcc_rr; 12-15-2003 at 09:03 PM.
jcc_rr is offline  
post #11 of 27 (permalink) Old 12-15-2003, 09:05 PM Thread Starter
IDK WTF TO PUT HERE NOW!
 
Lupi's Avatar
 
Join Date: Apr 2002
Location: Lakemoor, IL
Posts: 2,765
Location: Lakemoor, IL
Sportbike: The GF!
Years Riding: 3,201,394
How you found us: champ91
           
Send a message via AIM to Lupi Send a message via MSN to Lupi Send a message via Yahoo to Lupi
Quote:
Originally posted by TerminatorR1
Lupi....did you try S&D?
Just did, and still doing it. Trying the other links!
Lupi is offline  
post #12 of 27 (permalink) Old 12-15-2003, 09:31 PM
Moderator
 
maks's Avatar
 
Join Date: Apr 2002
Location: Chicago
Posts: 3,613
Location: Chicago
Sportbike: 2002 CBR F4i
Years Riding: 3
How you found us: Original Gangsta
           
Send a message via AIM to maks
Spybot's a good suggestion. You could also try Ad-Aware which is also freeware or shareware, at least. Also, let this be a lesson! Surfing weird dirty porn sites fuxes ups your shits, so don't!
maks is offline  
post #13 of 27 (permalink) Old 12-15-2003, 09:47 PM
 
Join Date: Oct 2003
Posts: 1,544
    
Sorry, I stopped listening at wierd and dirty. What was that?
Honda4Ever is offline  
post #14 of 27 (permalink) Old 12-15-2003, 09:48 PM
YO MAMA
 
Odysseys's Avatar
 
Join Date: Apr 2002
Location: balls deep in someones mom
Posts: 60,261
Location: balls deep in someones mom
Sportbike: 2010 Electra Glide Police Edition 103cu
Years Riding: a long time!
           
thats what you get you dork!

hahahahaha



Odysseys is offline  
post #15 of 27 (permalink) Old 12-15-2003, 11:29 PM
TP5
Registered User
 
Join Date: Apr 2003
Location: Chicago
Posts: 178
Location: Chicago
   
Lupi


go to start/run and type in "regedit"
To to find/search and then type in each one of those links. As they pop up in the right hand plane delete them. What has happened is a script must have go in and changed your IE settings in the registry. Its the same thing some programs like [email protected] dial up and AOL do.

If you must check out porn sites before you do go to the security settings of your browser and set it to custom and then turn off the scripts settings. This will keep those pop ups from coming up also and prevent what happened to you from happening without having to install a 3rd party software
TP5 is offline  
post #16 of 27 (permalink) Old 12-16-2003, 01:07 AM
Who's faster Lupi
 
Champ91's Avatar
 
Join Date: Apr 2002
Location: Lake in the Hills, IL
Posts: 4,957
Location: Lake in the Hills, IL
Sportbike: 2004 ZX10R & 2005 CRF50
Years Riding: 20
How you found us: SBN
           
dude you better fix your puter b4 you mess up mine. Same network.

NESBA #456 Intermediate
Always 1 step ahead of Lupi. 1:24:7 BHF
And 1 step behind Kimmy

"SoB gets to spend yet ANOTHER season faster than me." -LUPI-
Champ91 is offline  
post #17 of 27 (permalink) Old 12-16-2003, 08:56 AM Thread Starter
IDK WTF TO PUT HERE NOW!
 
Lupi's Avatar
 
Join Date: Apr 2002
Location: Lakemoor, IL
Posts: 2,765
Location: Lakemoor, IL
Sportbike: The GF!
Years Riding: 3,201,394
How you found us: champ91
           
Send a message via AIM to Lupi Send a message via MSN to Lupi Send a message via Yahoo to Lupi
Used SpyBot. Found a half dozen other things and fixed them, but it did not resolve this specific issue.

I could care less about teh bookmark and homepage being reset. I'll be ditching this PC in a month anyway hopefully.

What I am worried about, is that this little app is a pasword sniffer. Now, since I have gotten it, I have only been into my hotmail, CLSB and EQ. So, no great paswords there. For the mean time I will not log into any other site that requires a pass just in case.

can this king of thing check cookies or whatever files store the passwords? I've been into other sites that I have set to auto log me in when i go to them. I have all ready deleted cookies, but do i need to delete the windows file that saves passwords?

Ciao,
Lupi
Lupi is offline  
post #18 of 27 (permalink) Old 12-16-2003, 09:22 AM
Registered User
 
logtar's Avatar
 
Join Date: Mar 2003
Location: Glenview
Posts: 5,054
Location: Glenview
Sportbike: CURRENTLY LOOKING
Years Riding: since I was 8
How you found us: The NET is MINE
           
Ok dude, be careful or you will render that PC useless. That is a serious virus if you cannot disable it by just not running the program. It probably means that it is running a service. AdAware can sometimes pick up infections on your current processes... I did not see anyone mentions it. If not, I say get everything you need out of that computer and start over. What kind of personal firewall are you running? you might be able to detect if something is sending information out of your computer. If a "friend" sent you the link, he might be trying to take control of your computer... or might already have done so.

Logtar - John

My Blog - @Logtar - Google+
logtar is offline  
post #19 of 27 (permalink) Old 12-16-2003, 09:39 AM Thread Starter
IDK WTF TO PUT HERE NOW!
 
Lupi's Avatar
 
Join Date: Apr 2002
Location: Lakemoor, IL
Posts: 2,765
Location: Lakemoor, IL
Sportbike: The GF!
Years Riding: 3,201,394
How you found us: champ91
           
Send a message via AIM to Lupi Send a message via MSN to Lupi Send a message via Yahoo to Lupi
Ok, one other question. I renamed that file as was suggested above. iit possible that SpyBot is missing it on a scan because of that? Should I rename the file to what it was and re-run spybot?

Guess I will spend more time on this tonight.

I would prefer to not have to re-format everything again. I've done that a few times with HD failures on this 8yr old machine. LOL I just want it to last a few more weeks.

Ciao,
Lupi
Lupi is offline  
post #20 of 27 (permalink) Old 12-16-2003, 09:56 AM
Administrator
 
HDTony's Avatar
 
Join Date: Apr 2002
Location: Plainfield IL
Posts: 45,956
Location: Plainfield IL
Sportbike: A couple of pasta rockets
Years Riding: Since 1989
How you found us: In the beginning there was CLSB and Tony saw that it was good.
           
Send a message via AIM to HDTony
Quote:
Originally posted by Lupi
Ok, one other question. I renamed that file as was suggested above. iit possible that SpyBot is missing it on a scan because of that? Should I rename the file to what it was and re-run spybot?

I would try that.




HDTony.... Damn glad to meet you!

Government's view of the economy could be summed up in a few short phrases: If it moves, tax it. If it keeps moving, regulate it. And if it stops moving, subsidize it.

- Ronald Reagan

AirTek Heating & Air inc.
HDTony is offline  
post #21 of 27 (permalink) Old 12-16-2003, 11:49 PM
Slayed by the Dragon
 
BroBill's Avatar
 
Join Date: Apr 2002
Location: Westchester
Posts: 626
Location: Westchester
Sportbike: 2004 Aprilia Futura, Honda CBR1100XXX (BLACKBIRD), Honda 750 Shadow Spirit, SOLD! Suzuki Katana 600
Years Riding: 8
How you found us: you know me already.
 
Send a message via Yahoo to BroBill
Lupi, Lupi. Lupi. See what happend when you use your pc to get off. Hey mam, I am with John on this one I think your registery has been modified. Good luck.

  • A week at Deals Gap - $200.
  • Roasting a set of tires at the Gap - $350.
  • Low siding your CBR1100XX - $9,500.
  • Get a 2004 Aprilia Futura - Dream Come True!
  • Giving your life to Christ - PRICELESS.
  • Salvation - ETERNAL.

Visit Christian Sport Bikes
BROBILL #63, ILLINOIS - Frm. Chapter President.
BroBill is offline  
post #22 of 27 (permalink) Old 12-17-2003, 12:51 AM
Old Squid on a Blade
 
Blade Runner's Avatar
 
Join Date: Apr 2002
Location: Carpentersville
Posts: 9,389
Location: Carpentersville
Sportbike: 2000 929
Years Riding: Longer than most of you have been alive. And I'm still slow.
How you found us: The voices in my head told me to come here
           
Been there done that. Now one of the girls that works for me has it on her office machine. You know the shit I'm giving her. She claims she wasn't on a no no site. Right... Spybot fixed it.

There is nothing firm, nothing balanced, nothing durable in all the universe. Nothing remains in its original state, each day, each hour, each moment, there is change. Change is the essence of life. Embrace change as you do life. To fight change is to live in the past.
Blade Runner is offline  
post #23 of 27 (permalink) Old 12-17-2003, 11:30 PM
Resident Slow guy
 
Ohfugit's Avatar
 
Join Date: Jun 2003
Location: Chicago
Posts: 6,771
Location: Chicago
Sportbike: 250x_Dirtbike Triumph_Tripled_955i 90_H-D_Bagger CR80_Mini_Motard
Years Riding: Street_LOOOOOOONG_Time Track Backmarker
How you found us: Google
           
Send a message via AIM to Ohfugit
some of the ones coming out now are stubborn.
this is the way I fixem at work

open regedit go to the run section
export this key in case you fuck it up so you can restore it later

now delete any offending programs that are starting up
then reboot and run your spyware fix again.

it is common for the current spyware fixers to be unable to straighten out these things as the services are running and the os does not allow the offending files to be deleted if they are in use. check the following keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
but check these as well
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run key

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run

Ohfugit is offline  
post #24 of 27 (permalink) Old 12-17-2003, 11:37 PM
YO MAMA
 
Odysseys's Avatar
 
Join Date: Apr 2002
Location: balls deep in someones mom
Posts: 60,261
Location: balls deep in someones mom
Sportbike: 2010 Electra Glide Police Edition 103cu
Years Riding: a long time!
           
good ones to watch for ohfugit...also lupi check for this one:

HKEY_LOCAL_MACHINE\stop-looking/at-inter-netporn/andgo: get [email protected]!



Odysseys is offline  
post #25 of 27 (permalink) Old 12-18-2003, 12:25 AM
 
Join Date: Nov 2003
Posts: 1
 
Go to this sight and download the free version and it will fix the problem. Just for kicks as you probably do not have a firewall, install zonealarm and watch how many times this virus is pinging the internet.
isiero is offline  
post #26 of 27 (permalink) Old 12-18-2003, 08:00 AM
Registered User
 
Labdog's Avatar
 
Join Date: Sep 2002
Location: Roselle, IL
Posts: 9,589
Location: Roselle, IL
Sportbike: 2000 Hayabusa Blue & Silver! Mods-> Oh yeah!
Years Riding: Oh just a couple or so....
How you found us: Old SBN days.......
           
Quote:
Originally posted by Odysseys
good ones to watch for ohfugit...also lupi check for this one:

HKEY_LOCAL_MACHINE\stop-looking/at-inter-netporn/andgo: get [email protected]!


<--Kelly

.

2000 Hayabusa
2006 Honda CRF50
Labdog is offline  
post #27 of 27 (permalink) Old 12-19-2003, 08:16 PM
 
Join Date: Aug 2003
Posts: 569
           
Quote:
Originally posted by Ohfugit
some of the ones coming out now are stubborn.
this is the way I fixem at work

open regedit go to the run section
export this key in case you fuck it up so you can restore it later

now delete any offending programs that are starting up
then reboot and run your spyware fix again.

it is common for the current spyware fixers to be unable to straighten out these things as the services are running and the os does not allow the offending files to be deleted if they are in use. check the following keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
but check these as well
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run key

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run
Also, in the above directories, look for your problem site under hkey_local_machine\software\microsoft\internet explorer\main. I had a similar problem, and thats where it was always coming back to. Clean out the same file in the hkey_current_user area, too.
Also, I had to clean out my Restore file to keep it from replacing itself.
I had alot of luck with the trendmicro.com PCCillin material. Good luck.
drbub22 is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Chicagoland Sportbikes forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome