Do not click on thread for free dating memberships

I don’t know what the fuck is in there, and not sure if I got it from the link in that thread that pointed to snopes, but fuck I’m infected bad and am in the middle of cleaning it up.

The reason I know it came from there:

  1. It was the only thing I was doing
  2. I run WinPatrol and it is going fucking crazy with warnings of programs putting themselves in start programs, new IE helpers, etc.
  3. It started as soon as I clicked on that link that pointed to snopes about the poppy seed thing.

So could be snopes is infected, or something in that link, but fuck man stay away.

I’m currently re-running malwarebytes full scan right now (last run last week) and it’s already up to 29 objects, course a few of those could be just ad cookies.

While I’m letting malwarebytes run (I also have teatimer running in background and it’s going fucking crazy as well)…btw when I say fucking crazy, I mean I’m getting warnings upon warnings every fucking time I kill a process. Something is really, really bad.

Here are files that keep coming up:

cbXRjHBu.dll
tuvTiJca.dll
ycuhjkhm.dll

A fuckload of hidden files have been installed on my system in last 30 min
acJITvut.ini
acJITvut.ini2
mhkjhucy.ini
ycuhjkhmldll
wvomfsro.dll
qjrzlh.dll
aoujqbvd.dll
471a5ec8-.txt
tuvTIJca.dll
wpa.dbl
nvapps.xml
settingsbkup.sfm
settings.sfm
DVCStateBkp-{000…
DVCState-{000…
cbXRjHBu.dll

Anyway, this is going to turn into a thread where I will attempt to track what the fuck is going on and if I can clean this. Anyone who can give me some tips / tricks to clean this faster please help, b/c it’s just getting worse. Malwarebytes is taking so long, that I know I’ll be rescanning for most of the day b/c this thing just keeps propogating.

Did you reboot into safe mode before running your scanners?

At that point, I wouldn’t even trust the reboot process. I’d pull the plug and ‘reboot’ into safe mode that way.

That is truly some vicious shit though.

Malwarebytes finally finished – It’s VUNDO and VUNDO.H

Rebooting to start my next scan…

I’ve used this with good effect against vundo infections:

http://vundofix.atribune.org/

Good luck Tmanpdx, Vundo is some serious shit. I think about half the entries checked by Spybot these days are Vundo-related. I’ve had it before and used the opportunity to reinstall windows (I needed a fresh install anyway, but Vundo was the kicker, it sunk it’s teeth pretty damn hard into my system).

The link from Malathor is pretty good, btw.

Vundofix is alright, but these days I just kill virtumonde and much of its brethren with combofix. You should only use it if you’re computer-savvy enough to fix things if it accidentally deletes important system files, though, because it’s extremely aggressive.

The offending link was removed in under an hour, sorry you got hit with it. That thread now consists of people posting and discussing weird disturbing images.

Thx for the link…I will run it as soon as my malwarebytes finishes and cleans the scan it’s currently on. Thank god for multiple computers…can do IE on my laptop while I’m cleaning my desktop.

when I’m done I want to find out how in the fuck this program installs. I’m uptodate with microsoft critical updates, I run teatimer, I have winpatrol running in the background. I mean, how does this thing fucking install in the first place?

I’ve been virus free for like 10 years. My viri free run has endeth with this bitch. I’ve cleaned many other people’s computers (wife, kids, friends, dad, sister), but I’ve always been able to say “good safe surfing habits, not reading attachments from good meaning friends and a heavy does of paranoia can keep you safe”…but now, I’m just shaking my head.

Well, I mean, you clicked on a link to a “free dating site” promising to get you laid. Not that you should historically expect to see that kind of thing on qt3, but that was hardly paranoia in action.

Which is, incidentally, another really good reason not to click on it.

sorry, no I didn’t. that link wasn’t in the thread when I went into the thread. It had already been removed.

I got it after clicking on the link that went to snopes.

Did you update Java, assuming you have it installed? It’s frequently installed through older versions.

Well, now I’m just pissed. I finished the clean of malwarebytes, it cleaned it, I ran vundofix it found nothing, I boot into normal mode and I’m still infected.

I’m off to the vundofix forums…

I read that early on…I can’t find java in add/remove programs, but still removed quite a few java files on my computer (some old stuff in there). Are there other search strings to find java files?

You’re looking for the Java™ Runtime environment by Sun Microsystems.

First off, Vundofix is oldschool. The new hotness is Malwarebytes. DISABLE SYSTEM RESTORE. Reboot to safe mode. Run Malwarebytes. Profit.

When I went to Snopes, Firefox stopped 4 bloody popups. That’s probably where you got it. It’s likely they have an infected banner ad.

Ya, I ran malwarebytes - 3 times and it didn’t clear it. Finally did ComboFix and everything appears to be fine.

Man, 2 1/2 hours of frustration.

But did you run it with system restore disabled?