Anybody had this bullshit Antisoft Malware on their computers (Help Needed Please) - GoFuckYourself.com

halfpint · 05-11-2010, 06:56 AM

I have the bullshit antisoft spyware on my computer and cant get rid of it I have tried changing the lan settings in IE even though I dont use it as it somehow uses a proxy and changes your homepage Then I ran Rkill Then Malwarebites which does pick it up and deletes it but as soon as I load up firefox or EI it just comes back agian IV been trying all sorst to get rid of this and it dont work

I also have avast running which does not seem to pick it up at all

Anybody know how to get rid of this

Barefootsies · 05-11-2010, 07:01 AM

Are you making sure to close it out in task manager, and do those other steps in safe mode?

halfpint · 05-11-2010, 07:08 AM

Quote:

Originally Posted by Barefootsies

Are you making sure to close it out in task manager, and do those other steps in safe mode?

Yep I have tried it in safe mode and also using RKill to stop it from running which should I think close it down in task manager. All this was done in safemode

TXXXTN · 05-11-2010, 07:10 AM

Quote:

Originally Posted by halfpint

I have the bullshit antisoft spyware on my computer and cant get rid of it I have tried changing the lan settings in IE even though I dont use it as it somehow uses a proxy and changes your homepage Then I ran Rkill Then Malwarebites which does pick it up and deletes it but as soon as I load up firefox or EI it just comes back agian IV been trying all sorst to get rid of this and it dont work

I also have avast running which does not seem to pick it up at all

Anybody know how to get rid of this

I use a combination of HijackThis / MalwareBytes and Super Anti-Spyware all in Windows Safe mode to remove rouge software like this. Sometimes you get one that hooks on to windows so fucking bad you need to rebuild the local profile ...sucks

Hijack this will show any suspicious software / reg keys that are on your box ...dump a log on here...maybe i can help you out.

candyflip · 05-11-2010, 07:10 AM

I got it last week somehow and got rid of it quickly. It stopped pretty much anything from opening, including the Task Manager.

I found a link that recommended Malwarebyte's Anti-Malware software. I booted into Safe Mode, installed the app (freeware) and it got rid of the issue on the first try.

http://download.cnet.com/Malwarebyte...=dl&tag=button

halfpint · 05-11-2010, 07:13 AM

Quote:

Originally Posted by TXXXTN

I use a combination of HijackThis / MalwareBytes and Super Anti-Spyware all in Windows Safe mode to remove rouge software like this. Sometimes you get one that hooks on to windows so fucking bad you need to rebuild the local profile ...sucks

Hijack this will show any suspicious software / reg keys that are on your box ...dump a log on here...maybe i can help you out.

OK we will just boot the computer back up in safemode and do that

seeandsee · 05-11-2010, 07:13 AM

i hate removing problems

Flashcash-Andy · 05-11-2010, 07:13 AM

I just got this and was able to remove it by doing a system restore. I had to run it from the f8 menu on reboot though (windows 7). it wouldn't let me do it from the system restore program in programs/accessories/system tools.

halfpint · 05-11-2010, 07:15 AM

Quote:

Originally Posted by candyflip

I got it last week somehow and got rid of it quickly. It stopped pretty much anything from opening, including the Task Manager.

I found a link that recommended Malwarebyte's Anti-Malware software. I booted into Safe Mode, installed the app (freeware) and it got rid of the issue on the first try.

http://download.cnet.com/Malwarebyte...=dl&tag=button

I have tried using Malewarebytes as I have this running on my computer
and it does pick it up and delete it but a soon as I boot back from safemode it just comes back

halfpint · 05-11-2010, 07:15 AM

Quote:

Originally Posted by Flashcash-Andy

I just got this and was able to remove it by doing a system restore. I had to run it from the f8 menu on reboot though (windows 7). it wouldn't let me do it from the system restore program in programs/accessories/system tools.

ok if all else fails I will try that as well

thanks guys

MikeFold · 05-11-2010, 07:21 AM

Quote:

Originally Posted by Flashcash-Andy

I just got this and was able to remove it by doing a system restore. I had to run it from the f8 menu on reboot though (windows 7). it wouldn't let me do it from the system restore program in programs/accessories/system tools.

My Home computer picked this up this morning from gfy. Is there a way to get to system restore in XP like you did in windows 7?

thanks

candyflip · 05-11-2010, 07:25 AM

Quote:

Originally Posted by MikeFold

My Home computer picked this up this morning from gfy. Is there a way to get to system restore in XP like you did in windows 7?

thanks

I don't surf anything on this Windows box and this GFY is the only place I've gotten any sort of warning lately.

So I'm wondering if it came from here as well.

Flashcash-Andy · 05-11-2010, 07:27 AM

Quote:

Originally Posted by MikeFold

My Home computer picked this up this morning from gfy. Is there a way to get to system restore in XP like you did in windows 7?

thanks

I can't 100% remember, but i don't believe xp has a restore option on the f8 menu, but you could try booting in safe mode and then trying to run system restore from programs/accessories/system tools

selena · 05-11-2010, 07:29 AM

Get a copy of Hiren's boot cd from a clean machine, then trying running some of the programs off of it in safe mode.

Flashcash-Andy · 05-11-2010, 07:29 AM

Quote:

Originally Posted by candyflip

I don't surf anything on this Windows box and this GFY is the only place I've gotten any sort of warning lately.

So I'm wondering if it came from here as well.

hmm...me too, i just randomly got it this morning and i believe i had gfy open at the time. I had other browsers open at the time too though

candyflip · 05-11-2010, 07:32 AM

Quote:

Originally Posted by Flashcash-Andy

hmm...me too, i just randomly got it this morning and i believe i had gfy open at the time. I had other browsers open at the time too though

This blocked me out of everything. Couldn't open Chrome, IE or Firefox. Couldn't open the Task Manager. Couldn't open AVG. Couldn't open Defender.

I was surfing GFY using Chrome when things went downhill. GFY and a handful of techblogs (Gizmodo, Engadget, etc) are all I surf from this box.

Adraco · 05-11-2010, 07:33 AM

Quote:

Originally Posted by TXXXTN

I use a combination of HijackThis / MalwareBytes and Super Anti-Spyware all in Windows Safe mode to remove rouge software like this. Sometimes you get one that hooks on to windows so fucking bad you need to rebuild the local profile ...sucks

Hijack this will show any suspicious software / reg keys that are on your box ...dump a log on here...maybe i can help you out.

Those suggested solutions are a great combination, use them in Safe Mode, preferrably even create a NEW computer admin account to run them from. Add to the other programs it Spybot Search & Destroy with it's immunization function, run the above mentioned programs first to clear out any nasties. Then immunize the system with SpyBot S&D, restart and then restart again. After second restart, run all program again, but this time in normal mode. That will clear almost anything available. Return here if you need more help and I'll be around to follow up on you.

MikeFold · 05-11-2010, 07:36 AM

thanks andy & selena...will deal with it when i get home....
I am almost positive it was from here...I hit the bookmark, went out to have s moke, and when i returned my screen was lit up with fake warnings, and nothing on the screen was clickable.
(although I have spectorsoft on my home machine, if i do a system restore i will lose the video capture from this morning, i seem to recall seeing a 'brief' pop from adobe updater?)
which i 'clicked Not Now'
but it was definitely java type (i noticed the hard drive clicking away and gfy not loading right) so i immediately closed gfy (too late)
it was early and no coffee yet, so it could have been a fake

Helix · 05-11-2010, 07:39 AM

I have had good success using the free BitDefender Live CD. It boots into linux and scans. Windows never starts, so the bugs don't have a chance to load.
http://www.techmixer.com/bitdefender...tion-features/

halfpint · 05-11-2010, 08:08 AM

I am also starting to think it was from GFY cause My comp was fine last night and after I logged in to GFY I all of a sudden had this shit on my computer

candyflip · 05-11-2010, 08:11 AM

Quote:

Originally Posted by halfpint

I am also starting to think it was from GFY cause My comp was fine last night and after I logged in to GFY I all of a sudden had this shit on my computer

Let's keep this bumped and hopefully they will address it. It looks like there are others who've gotten stung by this too.

CIVMatt · 05-11-2010, 08:15 AM

Quote:

Originally Posted by halfpint

I have the bullshit antisoft spyware on my computer and cant get rid of it I have tried changing the lan settings in IE even though I dont use it as it somehow uses a proxy and changes your homepage Then I ran Rkill Then Malwarebites which does pick it up and deletes it but as soon as I load up firefox or EI it just comes back agian IV been trying all sorst to get rid of this and it dont work

I also have avast running which does not seem to pick it up at all

Anybody know how to get rid of this

GODDAMMIT, I just got it too, going to safe mode then use S&D to try to destory it

TXXXTN · 05-11-2010, 08:17 AM

weird ...been on here for a few hours now ...not a hiccup!

MikeFold · 05-11-2010, 08:19 AM

Quote:

Originally Posted by CIVMatt

GODDAMMIT, I just got it too, going to safe mode then use S&D to try to destory it

Did you see the adobe updater popup? I just saw it again (it was blocked on this machine).

Tom_PM · 05-11-2010, 08:20 AM

Just wanted to mention that when I first logged in to GFY this morning, IE warned me that it blocked some software download. I didnt think much about it until I saw that Java was running. So I logged back out and closed down everything and came back. This time there was no download attempt warnings or java.

The last time I got that malware you're talking about, it came in a PDF file. I try not to open those anymore except local pdfs.

BIGTYMER · 05-11-2010, 08:29 AM

It hit me yesterday. Restart computer in safe mode and run Malwarebytes. Restart computer and when you open FireFox/IE/Chrome you need to view the internet options and remove the proxy setting that the malware installed.

IP: 127.0.0.1 Port: 5555

BIGTYMER · 05-11-2010, 08:30 AM

It got me on a torrent site. I was trying to get last weeks episode of Survivor.

halfpint · 05-11-2010, 08:34 AM

Quote:

Originally Posted by BIGTYMER

It hit me yesterday. Restart computer in safe mode and run Malwarebytes. Restart computer and when you open FireFox/IE/Chrome you need to view the internet options and remove the proxy setting that the malware installed.

IP: 127.0.0.1 Port: 5555

Tried that still dont work

Tom_PM · 05-11-2010, 08:35 AM

Ah yes thats right! It sets a proxy in your browser(s) for you to go reset.

halfpint · 05-11-2010, 08:39 AM

Quote:

Originally Posted by PR_Tom

Ah yes thats right! It sets a proxy in your browser(s) for you to go reset.

Yes it does do that but you reset it and reboot the computer it just comes back again after trying all the above steps with malewarebytes also used hijackthis and have saved the logfile My son has posted this on a tech forum and they are going through the logs

candyflip · 05-11-2010, 08:41 AM

Boot Safe Mode
Run Malware Bytes
Reboot
Change Proxy Setting

This is all I did and it worked no problem.

halfpint · 05-11-2010, 08:43 AM

Quote:

Originally Posted by candyflip

Boot Safe Mode
Run Malware Bytes
Reboot
Change Proxy Setting

This is all I did and it worked no problem.

ok gonna try that again thanks

Tom_PM · 05-11-2010, 08:44 AM

I remember there'd been 2 different files I think that had been added to my startup files (trying to remember, was on another computer). They had gobblygook names. I also stopped adobe from running ANYTHING in the background since it acts like a conduit.

As I recall, AVG never knew something was wrong, I had to download Avast free version and that did find it.

BIGTYMER · 05-11-2010, 08:56 AM

Quote:

Originally Posted by candyflip

Boot Safe Mode
Run Malware Bytes
Reboot
Change Proxy Setting

This is all I did and it worked no problem.

Thats what I said. Worked for me too.

The Truth Hurts · 05-11-2010, 09:18 AM

i've had to remove that shit off 3 family members pcs in the past month..
though i do the manual removal method.. (safe mode with networking/lan settings/delete registry entries/delete files)
followed by a malware bytes scan..

halfpint · 05-11-2010, 11:04 AM

Ok I seem to have got rid of it now by running malewarebytes in safemode and then changing the proxy settings. And Im also running noscript as well

halfpint · 05-11-2010, 11:05 AM

Thanks guys for all of your help

halfpint · 05-11-2010, 11:37 AM

Ok im now running a full scan with avast and it has come up with this JS:Pdfka-AFK [Expl]

so whether that has or had anything to do with it I do not know

fatfoo · 05-11-2010, 12:23 PM

I have no idea. Good luck, halfpint.

halfpint · 05-11-2010, 12:46 PM

Quote:

Originally Posted by fatfoo

I have no idea. Good luck, halfpint.

thanks I have got rid of it now, just in the process of cleaning my machine

05-11-2010, 06:56 AM	#1
halfpint GFY's Halfpint Industry Role: Join Date: Jun 2007 Location: UK Posts: 15,223	Anybody had this bullshit Antisoft Malware on their computers (Help Needed Please) I have the bullshit antisoft spyware on my computer and cant get rid of it I have tried changing the lan settings in IE even though I dont use it as it somehow uses a proxy and changes your homepage Then I ran Rkill Then Malwarebites which does pick it up and deletes it but as soon as I load up firefox or EI it just comes back agian IV been trying all sorst to get rid of this and it dont work I also have avast running which does not seem to pick it up at all Anybody know how to get rid of this __________________ Get FREE website listings on Cryptocoinshops.net Last edited by halfpint; 05-11-2010 at 06:58 AM..

05-11-2010, 07:01 AM	#2
Barefootsies Choice is an Illusion Industry Role: Join Date: Feb 2005 Location: Land of Obama Posts: 42,635	Are you making sure to close it out in task manager, and do those other steps in safe mode? __________________ Should You Email Your Members? Link1 \| Link2 \| Link3 Enough Said. "Would you rather live like a king for a year or like a prince forever?"

05-11-2010, 07:10 AM	#5
candyflip Carpe Visio Industry Role: Join Date: Jul 2002 Location: New York Posts: 43,052	I got it last week somehow and got rid of it quickly. It stopped pretty much anything from opening, including the Task Manager. I found a link that recommended Malwarebyte's Anti-Malware software. I booted into Safe Mode, installed the app (freeware) and it got rid of the issue on the first try. http://download.cnet.com/Malwarebyte...=dl&tag=button __________________ Spend you some brain. Email Me Last edited by candyflip; 05-11-2010 at 07:11 AM..

05-11-2010, 07:13 AM	#7
seeandsee Check SIG! Industry Role: Join Date: Mar 2006 Location: Europe (Skype: gojkoas) Posts: 50,945	i hate removing problems __________________ BUY MY SIG - 50$/Year Contact here

05-11-2010, 07:13 AM	#8
Flashcash-Andy Confirmed User Join Date: Jul 2002 Location: Denver Posts: 155	I just got this and was able to remove it by doing a system restore. I had to run it from the f8 menu on reboot though (windows 7). it wouldn't let me do it from the system restore program in programs/accessories/system tools. __________________ FLASHCA$H.com - Signup Today! Email \| ICQ: 128023238

05-11-2010, 07:29 AM	#14
selena Confirmed User Join Date: Aug 2004 Location: On The Edge Posts: 7,992	Get a copy of Hiren's boot cd from a clean machine, then trying running some of the programs off of it in safe mode. __________________ ~ Doer of Things at MetArtMoney Where Flawless Beauty Meets Art ~The MetArt Network ~ selena.delgado9

05-11-2010, 07:36 AM	#18
MikeFold Confirmed User Join Date: Nov 2001 Location: semi-retired Posts: 465	thanks andy & selena...will deal with it when i get home.... I am almost positive it was from here...I hit the bookmark, went out to have s moke, and when i returned my screen was lit up with fake warnings, and nothing on the screen was clickable. (although I have spectorsoft on my home machine, if i do a system restore i will lose the video capture from this morning, i seem to recall seeing a 'brief' pop from adobe updater?) which i 'clicked Not Now' but it was definitely java type (i noticed the hard drive clicking away and gfy not loading right) so i immediately closed gfy (too late) it was early and no coffee yet, so it could have been a fake __________________ nothing to promote Last edited by MikeFold; 05-11-2010 at 07:39 AM..

05-11-2010, 07:39 AM	#19
Helix Confirmed User Join Date: Feb 2002 Location: Michigan Posts: 5,940	I have had good success using the free BitDefender Live CD. It boots into linux and scans. Windows never starts, so the bugs don't have a chance to load. http://www.techmixer.com/bitdefender...tion-features/ __________________ Free jscott !!! Free OneHungLo !!! Free Baddog !!!

05-11-2010, 08:08 AM	#20
halfpint GFY's Halfpint Industry Role: Join Date: Jun 2007 Location: UK Posts: 15,223	I am also starting to think it was from GFY cause My comp was fine last night and after I logged in to GFY I all of a sudden had this shit on my computer __________________ Get FREE website listings on Cryptocoinshops.net

05-11-2010, 08:17 AM	#23
TXXXTN Confirmed User Industry Role: Join Date: Mar 2009 Posts: 265	weird ...been on here for a few hours now ...not a hiccup! __________________ i need money.

05-11-2010, 08:20 AM	#25
Tom_PM Porn Meister Industry Role: Join Date: Feb 2005 Posts: 16,443	Just wanted to mention that when I first logged in to GFY this morning, IE warned me that it blocked some software download. I didnt think much about it until I saw that Java was running. So I logged back out and closed down everything and came back. This time there was no download attempt warnings or java. The last time I got that malware you're talking about, it came in a PDF file. I try not to open those anymore except local pdfs. __________________ 43-922-863 Shut up and play your guitar.

05-11-2010, 08:29 AM	#26
BIGTYMER Junior Achiever Industry Role: Join Date: Nov 2004 Location: Walled Garden Posts: 17,066	It hit me yesterday. Restart computer in safe mode and run Malwarebytes. Restart computer and when you open FireFox/IE/Chrome you need to view the internet options and remove the proxy setting that the malware installed. IP: 127.0.0.1 Port: 5555

05-11-2010, 08:30 AM	#27
BIGTYMER Junior Achiever Industry Role: Join Date: Nov 2004 Location: Walled Garden Posts: 17,066	It got me on a torrent site. I was trying to get last weeks episode of Survivor.

05-11-2010, 08:35 AM	#29
Tom_PM Porn Meister Industry Role: Join Date: Feb 2005 Posts: 16,443	Ah yes thats right! It sets a proxy in your browser(s) for you to go reset. __________________ 43-922-863 Shut up and play your guitar.

05-11-2010, 08:41 AM	#31
candyflip Carpe Visio Industry Role: Join Date: Jul 2002 Location: New York Posts: 43,052	Boot Safe Mode Run Malware Bytes Reboot Change Proxy Setting This is all I did and it worked no problem. __________________ Spend you some brain. Email Me

05-11-2010, 08:44 AM	#33
Tom_PM Porn Meister Industry Role: Join Date: Feb 2005 Posts: 16,443	I remember there'd been 2 different files I think that had been added to my startup files (trying to remember, was on another computer). They had gobblygook names. I also stopped adobe from running ANYTHING in the background since it acts like a conduit. As I recall, AVG never knew something was wrong, I had to download Avast free version and that did find it. __________________ 43-922-863 Shut up and play your guitar.

05-11-2010, 09:18 AM	#35
The Truth Hurts Hb17uaaldwM Industry Role: Join Date: Nov 2002 Location: In Your Skull Posts: 15,147	i've had to remove that shit off 3 family members pcs in the past month.. though i do the manual removal method.. (safe mode with networking/lan settings/delete registry entries/delete files) followed by a malware bytes scan..

05-11-2010, 11:04 AM	#36
halfpint GFY's Halfpint Industry Role: Join Date: Jun 2007 Location: UK Posts: 15,223	Ok I seem to have got rid of it now by running malewarebytes in safemode and then changing the proxy settings. And Im also running noscript as well __________________ Get FREE website listings on Cryptocoinshops.net

05-11-2010, 11:05 AM	#37
halfpint GFY's Halfpint Industry Role: Join Date: Jun 2007 Location: UK Posts: 15,223	Thanks guys for all of your help __________________ Get FREE website listings on Cryptocoinshops.net

05-11-2010, 11:37 AM	#38
halfpint GFY's Halfpint Industry Role: Join Date: Jun 2007 Location: UK Posts: 15,223	Ok im now running a full scan with avast and it has come up with this JS:Pdfka-AFK [Expl] so whether that has or had anything to do with it I do not know __________________ Get FREE website listings on Cryptocoinshops.net

05-11-2010, 12:23 PM	#39
fatfoo ICQ:649699063 Industry Role: Join Date: Mar 2003 Posts: 27,763	I have no idea. Good luck, halfpint. __________________ Send me an email: [email protected]