Loki

Go back to their website and download their latest version, the program updates you get now won't change the GUI or the program icons, you'll need to re-install the latest version to have the coolness I have lol.

It's cool though, the voice prompts are now female and not the boooooming male voice "VIRUS DATABASES HAVE BEEN UPDATED"

I think they are now using the AT&T Voicepacks maybe?

-Loki-

__________________
MAKE MONEY WITH 3D TOONS!
Need hosting? LokiCa$h Uses Amerinoc and love them!
Skype: LokiPorn Or Email 3dloki|at|gmail.com

Zverka

that white square is hidden iframe which can be recognized as
hidden iframe containg javascript in the source of the page
either gfy source page or advertisers iframe source page

__________________

halfpint

here is some more info on helping you to get rid of this shit

Look for these entries and Remove them These might not be the same on your comp but they will be simillar

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [flquqogp] C:\Documents and Settings\xxxx\Local Settings\Application Data\iwtnxrmxj\lkceppetssd.exe

O4 - HKLM\..\Run: [asam] C:\Documents and Settings\Administrator\Local Settings\Application Data\asam.exe

O4 - HKLM\..\Run: [ixbdhntx] C:\Documents and Settings\Administrator\Local Settings\Application Data\lbakdayih\tlduisstssd.exe

O4 - HKLM\..\Run: [fjscgslq] C:\Documents and Settings\xxxxx\Local Settings\Application Data\wjogyytnf\wmcjfdbtssd.exe

O4 - HKCU\..\Run: [flquqogp] C:\Documents and Settings\xxxx\Local Settings\Application Data\iwtnxrmxj\lkceppetssd.exe

O4 - HKCU\..\Run: [asam] C:\Documents and Settings\xxxx\Local Settings\Application Data\asam.exe

O4 - HKCU\..\Run: [fjscgslq] C:\Documents and Settings\xxxx\Local Settings\Application Data\wjogyytnf\wmcjfdbtssd.exe

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - Adobe - Adobe Acrobat: Create PDF file, edit PDF file, convert PDF to word, convert PDF to doc

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thi...wnloadCtrl.cab

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

After you remove these download hijackthis 2.04,

Then run CCleaner and make sure all entries are checked and then run the registry cleaner

Run Cleanup!

Then go to start, run, type msconfig and press enter. Go to the Startup tab, click disable all, then recheck your antivirus entry, then reboot

Reboot back into safemode

Then run Combofix, Malwarebytes, Microsoft Security Essentials, Remove all infections found with malwarebytes and MSE.

__________________

Get FREE website listings on Cryptocoinshops.net

Fabien

Same as Loki here

Barefootsies

__________________
Should You Email Your Members?

Link1 | Link2 | Link3

Enough Said.

"Would you rather live like a king for a year or like a prince forever?"

Cyber Fucker

Yes, I got it too ...wtf admin does?! I mean no Eric, he's not tech... but there is a tech admin here, am I right? Can't you just secure the server and script?

__________________

ProG

I had to enable ads to find it but the domain ESET is seeing as a threat is http://qa.dep.lt/

(ps: don't click that URL unless you are protected)

__________________
History will be kind to me for I intend to write it.

CIVMatt

I'm still not sure what and where I'm putting those things into the FF network screen

__________________
Make easy money with Webcams

starpimps

Ok so i had that popup but right now no fake antivirus app, so am I in the clear? Running malwarebytes right now.

__________________
Teen Porn Models / Solo Girls

madawgz

i saw a white banner in the banner space, maybe that was it

__________________
TAEMDLRMSKRJIXMRLSMRJ.

fatfoo

GFY installs malware? I am not aware and I did not see any signs that this happened.

__________________
Send me an email: [email protected]

Jayvis

I got hit, guys its a simple solution... just buy the malware software when its installed! Wall-ah! Problem fixed.

Loki

Jayvis: LMAO.. um... NO, Well I mean sure if you want to risk some good ole' fashioned identity theft then go right ahead and buy it.

IF a company creates fake viruses to pimp out their software they MUST be an honest and safe company to give your credit card info to.

IF you're NOT talking about the payload software (the software that keeps popping up once your infected) then disregard my post ;)

-Loki-

__________________
MAKE MONEY WITH 3D TOONS!
Need hosting? LokiCa$h Uses Amerinoc and love them!
Skype: LokiPorn Or Email 3dloki|at|gmail.com

Klen

The irony is that is impossible,since it always popup how you are infected and slowing system a lot.

Zverka

to BIGTYMER tical already explain this to you
in addition I can say they install keylogger on
your machine.

I hope all you have root password on the paper clip
instead stored somewhere in the files.

Good luck lads

__________________

Klen

And all this shit could be avoided if ff and adblock pro was used.

MikeFold

Grabbed the page info----

Location: /http/://qa.dep.lt/info/us1.html/s002102317805r0409J00020401R3f1d03ebXd11548b9Y9afc 18fbZ03003f36

Type: application/pdf

Size:`44.16 KB (45,215 bytes)

Dimensions: 0px × 0px

Page: http://www.gofuckyourself.com/showth...=967899&page=3

__________________
nothing to promote

halfpint

are you trying to change the proxy settings in the FF network ?

__________________

Get FREE website listings on Cryptocoinshops.net

Loki

KlenTelaris:not 100% true, I only use FF and I have Adblock Pro turned on, I only avoided the issue by having the latest and most updated Avast running on my machines.

The funny thing is ABP is flawed as hell, don't believe me
head to a site like http://www.blogtalkradio.com for example,

look at all the ads that ABP allows to still come through,

then "Open blockable items" and find the shown ads and manually block them

reload the page and see the MOST of the same ads.

Don't get me wrong ABP is GOOD helper BUT it just don't stop all that it could stop,and day by day the ad networks are finding ways around ABP and other blockers.

-Loki-

__________________
MAKE MONEY WITH 3D TOONS!
Need hosting? LokiCa$h Uses Amerinoc and love them!
Skype: LokiPorn Or Email 3dloki|at|gmail.com

BarryP

This has been located and should be resolved. Please let me know if you see this error from now on.

__________________

GoFuckYourself.com
Have a Suggestion? Issue? Interested in Advertising? Contact me!
Barryp AT adult.com | icq 559539603

Barefootsies

__________________
Should You Email Your Members?

Link1 | Link2 | Link3

Enough Said.

"Would you rather live like a king for a year or like a prince forever?"

Loki

BarryP: Cool Cool, however the first page of this thread is STILL setting off Avast (I'm thinking due to Smokey's post #46 where he showed the code of the exploit)

-Loki-

__________________
MAKE MONEY WITH 3D TOONS!
Need hosting? LokiCa$h Uses Amerinoc and love them!
Skype: LokiPorn Or Email 3dloki|at|gmail.com

halfpint

Barry I know this is not your fault but to leave the forum for so long with this maleware running just aint funny. I spent a good half a day trying to get this off my comp.

Glad its sorted now

__________________

Get FREE website listings on Cryptocoinshops.net

BarryP

Try it now.

__________________

GoFuckYourself.com
Have a Suggestion? Issue? Interested in Advertising? Contact me!
Barryp AT adult.com | icq 559539603

CurrentlySober

Edit. Just seen what I posted in another thread.

__________________

My Dream Gal... XXX

Nikki_Licks

Finally was able to remove this damn thing...looks good so far.

Fucking spyware

__________________

Jayvis

I was kidding around, did a hard boot from yesterday and it was gone.

Dirty Dane

This shit happens everywhere. Even on paysites and affiliate programs.


If you are worried about local FTP accounts being compromised (+ the keylogger), try WinPatrol monitoring.

For simpler PDF usage, use Sumatra reader.

Run browsers and software in encrypted sandboxie. As portable versions, if possible.

Don't run your OS by default in administrative mode.

Only turn javascript and flash on, when you fap off to your own tubes

CIVMatt

Shit happens, thanks for getting it Berry

__________________
Make easy money with Webcams

halfpint

__________________

Get FREE website listings on Cryptocoinshops.net

Loki

All is good on page 1 now (hence I can quote now lol)

-Loki-

__________________
MAKE MONEY WITH 3D TOONS!
Need hosting? LokiCa$h Uses Amerinoc and love them!
Skype: LokiPorn Or Email 3dloki|at|gmail.com

halfpint

have you got it removed from your comp now ?

__________________

Get FREE website listings on Cryptocoinshops.net

SpongeBub

Glad I use NoScript and don't run javascript on GFY.com. I have had no problems because viruses cannot install themselves when you don't run javascript. GFY doesn't require JS (like a good website should not) and therefore, it displays and functions just fine without it.

CurrentlySober

ImageVenue .com has it now!

http://safeweb.norton.com/report/sho...imagevenue.com

__________________

My Dream Gal... XXX

ProG

Sorry but all 'good websites' use JavaScript

__________________
History will be kind to me for I intend to write it.

Deej

Is this just today? ... I havent logge don until now seeing this thread first....

__________________

Deej's Designs n' What Not
Hit me up for Design, CSS & Photo Retouching


Icq#30096880

halfpint

Happened to me this morning ... UK time

__________________

Get FREE website listings on Cryptocoinshops.net

Jim_Gunn

I rebooted to safe mode and ram Malwarebytes and it fund the infection.My proxy settings in FF were normal. But upon re-boot to normal mode the infection came back twice already and I still cannot get rid of this thing! This is ending up to be a whole day wasted and I had a lot of work to do today!

__________________
Jim Gunn
Filming Cinematic Porn
Skype JimGunnProductions

itto

I wanted to point this out again as i can unfortunately positively confirm that i found this shit injected into some of my sites.. (only those sites are affected, where i saved the account details in my ftp client). I can also confirm that this triggers some sort of "killing mood".

__________________

Ecchi22

This is what I found in the pdf file:

__________________

BIGTYMER

What FTP client do you use?

itto

i use FileZilla

__________________

halfpint

Have you got IE installed as well cause you should check the proxy settings in that as well

I had to do it twice and also make sure you browsers are shut down when you do the scan

I posted a log of some of the crap which you can remove manually to clean your comp. It wont be exactly the same but it will be similar

__________________

Get FREE website listings on Cryptocoinshops.net

Ecchi22

Aaaand this: http://pastebin.com/Nz8iVr2M

__________________

Nikki_Licks

I had a time with it, but finally got mallwarebytes to launch and it found 14 infections. I haven't had any problems since I rebooted...knock on wood.

And yes, you are right what a way to waste allot of time

__________________

beerptrol

I got hit with Antispyware Soft.
I looked up what process were running and narrowed it to uoxottgtssd.exe
I then rebooted in safe mode deleted this file, started normally and had a problem with the proxies after restarting the computer
so I rebooted again and restored my computer back 2 days. Got rid of the damn problem. I ran a couple different scans to make sure It was gone lol

__________________
“If we are to have another contest in the near future of our national existence, I predict that the dividing line will not be Mason and Dixon's but between patriotism and intelligence on the one side, and superstition, ambition and ignorance on the other.”
-- Ulysses S. Grant

Altwebdesign

Bloody damn thing. All clear now?!

kristin

D'oh got someone in the office. =)

__________________
Vacares rules.

"Usually only fat guys have the kind of knowledge and ability that Kristin has."

PersianKitty

Crossing my fingers that my warning of the exploit late last night means that Kaspersky caught it n all is well. I did see a little box about an adobe error this morning, but nothing more. Almost afraid to reboot. n for me, the warning popped off a top banner on the main page of this forum.

Altwebdesign

It took effect for me without rebooting I went to login to gfy and about 30 seconds later it popped up installed