What's new
By:
Filters
ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

Hit by Google Related Virus, Again.



Rob

Rob

ClioSport Moderator
So once again whilst trying to get a crack for a damn piece of software for my boss, I've ended up getting another google related virus, the last one wouldnt let me search on google, but this one is much worse...

I cannot even access "www.google.com" or any derrivative, i.e my mozilla firefox homepage does not work.....

Any ideas? (as google is out)

I've tried clearing cookies etc, looking for new .exe files but nothing has ridded me of it, it started off just advertising some facebook layout overlay website, but now its that annoying fake virus scan screen, that then hides the window and makes a box appear telling you you have a virus. :rolleyes:
 
Rob

Rob

ClioSport Moderator
My host file?

It wasn't actually technically cracked software, as he owns it, but has lost his code... lol!!!!

I run malwarebytes etc and found lots, but nothing has rid me of this deamon!!!!

It has however found one .dll that it can't removed so that could be it???
 
The Hoff

The Hoff

  SLK 350
Check your browser add-ons, [tools>add-ons] in both FF and IE. Remove anything Java related from the list, retry, if that doesn't work also remove Java from your machine, retry.

Let me know if that helps your problem.

I doubt it's a hosts file entry, but you can check by looking in your C:\wINDOWS\System32\drivers\etc you can open it with Notepad. There shouldn't be anything in there [that's uncommented apart from a single localhost redirect], unless you have a custom list of bad URL's added. If you see anything related to 64.233.181.99 comment it out/remove it and resave the file.

Failing all of the above, also run an online NOD virus scan, and you may need to look into downloading Hijackthis and GMER [check bleepingcomputer.com for further assistance].

Let us know anyway.
 
K

Krispwee

  Z4
I've had something like that before. Try downloading spyware removal software using another laptop/PC and putting it on a USB device and installing it over to infected PC. Try boot in safemode aswell to install and scan to begin with and then boot into normal mode to do another scan. I noticied when I had mine I couldn't go to any of the known spyware removal sites either.

Also format the USB once you have installed all the software etc. After doing all the above my PC was fine but I formatted after anyway just to make sure.

Next time you need a crack I would recommend forums that cater to that kind of thing as if its a dodgy bit of software another user will have already found out and the crack would get deleted.
 
Rob

Rob

ClioSport Moderator
Hmmm, I've tried lots of anti spyware stuff so far, but I'm failing badly, it looks like I'll be doing a system reboot tbh, can't live without google...
 
Rob

Rob

ClioSport Moderator
AndyRS said:
Did you open the hosts file in the following directory:

C:\WINDOWS\System32\drivers\etc

?
Click to expand...

I don't know what you mean by "the hosts file"

Homer-Simpson said:
What operating system?
Click to expand...

Windows XP SP3 (hardcore) ;)

I've downloaded "Avast" Antivirus, and its picking it up and stopping it from doing it every time I try to load google, or firefox homepage....

Unfortunately this program just blocks it from opening, and doesnt seem to give me the ability to remove, or want to tell me the exact location?!!? So I can't go after it.

Its called (according to Avast):

JS:FakeAV-EJ[Trj] ??
 
A

Andy.

  Cupra
1zbw74y.jpg


You open it with notepad and see if there is an entry that has google in it:

Code: 
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
 
Rob

Rob

ClioSport Moderator
I f**king heart you hard!

Removed them in the "host" file, and offski the problem went, well that was something I never knew.

Cheers CS, better than Yahoo, fact

(But not google as I couldnt check it ;))
 
PinkoCommie

PinkoCommie

  182FF with cup packs
Robbos said:
There are two with google in mate, remove them and then CTRL + S?
Click to expand...

yes.

I would still get yourself a copy of HijackThis and run a scan, as it's entirely possible that something is memory resident and the next timee you reboot the entries will return to the hosts file.

After you save, right click the hosts file, choose properties, then clikc the "read only" option. This should stop anything screwing with the hosts file as easily.
 
Rob

Rob

ClioSport Moderator
PinkoCommie said:
yes.

I would still get yourself a copy of HijackThis and run a scan, as it's entirely possible that something is memory resident and the next timee you reboot the entries will return to the hosts file.

After you save, right click the hosts file, choose properties, then clikc the "read only" option. This should stop anything screwing with the hosts file as easily.
Click to expand...


Cheer Pink, I've used that before and didn't really rate it, but I'm still getting pop up's from my anti virus, so I'm guessing it will return. :S lol! Either that or its just something I'm not gonna be able to get rid of, it seems like a really persistant little git, it pops up like every 2 minutes... attacking loads of diff process's, svchost, iexplorer (which i don't even have) and firefox mainly


AndyRS said:
Glad it worked! Just out of interest, are there other entries in there too?
Click to expand...


Will copy it in....

Just one from Microsoft.

I'm pretty good with computers and keep mine pretty tidy, so I guess thats why its not as bad as it could be.


# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com
Click to expand...
 
The Hoff

The Hoff

  SLK 350
At the risk of being completely and utterly invisible again. I will repeat, Avast has pointed out an infection, run an online scan at NOD32's site, or Kaspersky and report back what it says.
 
David

David

  BMW e46 320 Ci Sport
this made me laugh

"I've tried lots of anti spyware stuff so far, but I'm failing badly, it looks like I'll be doing a system reboot tbh,"

ROFLCOPTERS
 
Rob

Rob

ClioSport Moderator
I just gave up last time and did that, I can reboot in an hour, so its not like its a biggie, everything's tidy on my computer, and content all stored on ex HD, lol!

I'll do the above a bit later when I'm home and post.
 
PinkoCommie

PinkoCommie

  182FF with cup packs
Robbos said:
Just one from Microsoft.
Click to expand...

Are you running a cracked version of windows?

If not then you also need to remove that MS entry.

mpa.one.microsoft.com is to do with the WGA (Windows Genuine Advantage), and you may not be able to download updates from windows update with that entry in there.

If you're running a hooky copy of windows though, you probably need it.
 
D

DMS

  A thirsty 172
Wouldn't surprise me if the malware in question put the entry for mpa.one.microsoft.com in there to prevent the computer automatically downloading and running the Malicious Software Removal Tool and getting rid of it.
 
PinkoCommie

PinkoCommie

  182FF with cup packs
Yeah, that's probably the reason for the entry, but I also know that putting this entry in is a work around for not being able to install service packs on XP machines that are using dodgy validation keys.
 
D

DMS

  A thirsty 172
Yup. Stops WGA from being able to "phone home" so that pikey cnuts can't use dodgy serial numbers.
Technet subscriptions FTW though. Legitimate software and legitimate keys for you to use illegitimately at your leisure :cool:
 
D

DMS

  A thirsty 172
And the "Subscriber downloads" section on the Technet website for when you're at home or leave the company :D
 
PinkoCommie

PinkoCommie

  182FF with cup packs
DMS said:
And the "Subscriber downloads" section on the Technet website for when you're at home or leave the company :D
Click to expand...


Yeah, I still have one of those from about 6 years ago linked to my hotmail account. I may have also added a couple of others onto the account as well. The company it was registered to doesn't axctually exist any more (they were bought out, and then the new parent comapny was bought out), so unfortunatly it doesn't have anything later than Office 2k3 iirc.
 
Rob

Rob

ClioSport Moderator
I am indeed running a hooky copy of windows, as it wouldnt let me downgrade from vista, and I HATE vista.... lol.

I guess thats what that is there for, once again I have masses of problems, awesome, there is a constant mouse click going on when ever I am browsing the web, sound like I'm pressing refresh or something.

I f**king hate this wanky s**t virus crap, I think I'm just gonna re-boot if I've still got the file :(
 
Rob

Rob

ClioSport Moderator
Trying eset scannner atm, will try that after, as recommended earlier in the thread by the hoff, didn't even see I'd ignored the poor chap :(

Just so damn fustrating, ya know?
 
You must log in or register to reply here.

Similar threads

F
Server Spyware/Virus Ugh...
Replies
14
Views
602
rctempire
rctempire
E
Virus problem and web browser recommendations
Replies
25
Views
774
Macester
Macester
Mike-bham
Virus / Trojan Help! Sorry Long question! Computer's Buggered!
Replies
21
Views
956
Mike-bham
Mike-bham
rctempire
PirateBay - Legal Threat - Yet Again.
Replies
22
Views
955
Longy
L
E
  • Sticky
How to install the Renault dialogue software/ sort out problems.
2 3
Replies
105
Views
123K
bozothenutter
bozothenutter


Top