GFY Installing Malware - Post If You've Got Hit - Page 4 - GoFuckYourself.com

rowan · 05-11-2010, 03:11 PM

So it looks like the exploit is from Adobe [pdf] Reader?

It's a bloated piece of shit and this isn't the first time it has been exploited...

Change to Foxit Reader... you'll never look back...

GrouchyAdmin · 05-11-2010, 03:14 PM

Barefootsies · 05-11-2010, 03:14 PM

Quote:

Originally Posted by rowan

It's a bloated piece of shit and this isn't the first time it has been exploited...

Agreed.

Jakez · 05-11-2010, 03:14 PM

Quote:

Originally Posted by candyflip

Yep...definitely has something to do with Adobe, PDF and Reader.

ROFL, not surprising one bit.

quantum-x · 05-11-2010, 03:15 PM

Quote:

Originally Posted by rowan

So it looks like the exploit is from Adobe [pdf] Reader?

It's a bloated piece of shit and this isn't the first time it has been exploited...

Change to Foxit Reader... you'll never look back...

FoxIt is great, but is / was vulnerable to the latest round of attacks. Just so you know.

Vendzilla · 05-11-2010, 03:16 PM

I got hit, then contacted ICS, thanx Barry

I have AVAST, no worries, it blocked it

rowan · 05-11-2010, 03:17 PM

Quote:

Originally Posted by quantum-x

FoxIt is great, but is / was vulnerable to the latest round of attacks. Just so you know.

Well that's put a real downer on things!

I'd better go update.

rowan · 05-11-2010, 03:22 PM

PS: Vendors who change the look n' feel of their software every other update, suck.

mechanicvirus · 05-11-2010, 03:57 PM

bump for answers, who is getting banned for this stunt?

potter · 05-11-2010, 04:19 PM

Quote:

Originally Posted by mechanicvirus

bump for answers, who is getting banned for this stunt?

Anyone running windows deserved to get hit with a virus

BIGTYMER · 05-11-2010, 04:28 PM

If you got hit with this exploit I suggest you run a FULL virus scan and not the quick scan.

Malwarebytes will remove the main problem but might not get everything.

Avast found 3 other files that none of my other programs caught that appear to be connected to this exploit.

martialtiger · 05-11-2010, 04:30 PM

Got hit by this too.

Jim_Gunn · 05-11-2010, 04:55 PM

I managed to remove the main elelements of the exploit' but there seem to be still some issues when I try different anti malware and anti virus apps. MalwareBytes removed some files in safe mode and Spybot Search & Destroy removed others. I changed my proxy settings in my browsers. MS Malicious Software removal tool found another backdoor. Those steps removed the pop up fake anti virus app. And now I am running a full AVG scan to remove any detritus.

seeandsee · 05-11-2010, 05:14 PM

rrrrrr double post

seeandsee · 05-11-2010, 05:19 PM

avira catch it today, but it was just placed on hd, and avira stoped the shit

TisMe · 05-11-2010, 05:43 PM

Nice, fake anti-virus crap and one of the pages it'll open... adult.com.

devine · 05-11-2010, 06:17 PM

Avast blocked it yesterday but now it seems gone. I love my FREE Avast, will never understand those paying for crap like Kaspersky or Norton that usually got hit without even noticing it. And the paid version for 50 bucks or so ain't too shabby either

Agent 488 · 05-11-2010, 06:23 PM

....................................

NetHorse · 05-11-2010, 06:30 PM

haha I made a thread about it this morning too..

https://gfy.com/showthread.php?t=967847

StrokeKing · 05-11-2010, 06:43 PM

It works fine on my browser.

MaximX · 05-11-2010, 08:52 PM

Quote:

Originally Posted by TisMe

Nice, fake anti-virus crap and one of the pages it'll open... adult.com.

That's the same thing i was getting, it would sometimes go to porno .com or porno .org.

After visiting gfy this morning my computer went crazy for the second time and it took me half the day to remove this fake Antispyware. This site helped me remove it-->http://www.windowvistarepair.com/Vis...t-removal-516/ along with norton and spyware doctor. Norton and Spyware doctor did not remove the software the first time around. I also install Adblock plus for FF.

Jack Sparrow · 05-11-2010, 11:29 PM

Im a freaking noob with virii/trojans/malware, and the same goes with detecting and removing it.

Whats the best process to check/remove on a windows vista, with firefox, machine?

TrainWreckContent · 05-11-2010, 11:32 PM

Quote:

Originally Posted by candyflip

Yep...No issues on any of the Mac boxes. Just a Windows issue as usual.

thats cool i was on my mac last night when it happend and i was wondering if i had gotten infected but i guess i am good???

Brujah · 05-12-2010, 01:29 AM

So, after 4 pages.. any indication who was responsible?

Boobiepalooza · 05-12-2010, 01:57 AM

Quote:

Originally Posted by mrfrisky

Im a freaking noob with virii/trojans/malware, and the same goes with detecting and removing it.

Whats the best process to check/remove on a windows vista, with firefox, machine?

1st google exefix_vista you will need this to reset your .exe extentions at the moment the virus will be hijacking the exe extentions so any program you try open is opening the virus.

Startup in safe mode, the goto run and startup regedit, then goto

HKEY_CURRENT_USER_\Software\avsoft there will be another folder next to this one with a similar name i also removed that, then run the exefix_vista and restart normally it should of fixed the situation. Im no expert so if anyone else can help further then cool.

There also maybe something at C:\Users\(your user)\AppData\Local asam.exe and syssvc.exe remove these as well

seeandsee · 05-12-2010, 04:53 AM

Quote:

Originally Posted by Brujah

So, after 4 pages.. any indication who was responsible?

that would be valuable information, and anybody know what infection do?

ajrocks · 05-12-2010, 06:33 AM

I smell ZANGO!!

Vjo · 05-12-2010, 07:13 AM

IE7 here - seen nothing.

Internet Settings: Medium-High (default)
Also: Give (hardly) no site Trusted status.

Personally I like F-Prot for a mere $29.95 a year. (for use on up to 5 boxes I think) Out of Finland. Top notch. Better than Kaspersky imo. They won't stop hijackers if you are too loose on your browser settings but they will stop all virus and trojans as well as anyone.

It updates everyday and I don't even notice its on.

http://www.f-prot.com

I used to give lots of sites Trusted status. Got a hijacker and eventually had to reformat. Since then I run ultra tight settings on IE7 and (knock on wood) no problems.

Trusted status is hardly never needed. Medium-High "Internet" settings eliminates most of Active-X stuff. It disables alot of other stuff too and yet I get around fine.

Cyber Fucker · 05-12-2010, 09:19 AM

Thats why I no longer browse GFY on my work/sites administration computer... I can't afford to let some shit sneak to my system and then infect my servers and websites.

Vendzilla · 05-12-2010, 09:28 AM

Quote:

Originally Posted by devine

Avast blocked it yesterday but now it seems gone. I love my FREE Avast, will never understand those paying for crap like Kaspersky or Norton that usually got hit without even noticing it. And the paid version for 50 bucks or so ain't too shabby either

Same here, avast rocks

mechanicvirus · 05-12-2010, 10:19 AM

Quote:

Originally Posted by potter

Anyone running windows deserved to get hit with a virus

I'm running a super secret version of ubuntu that is so secure that I can leave my computer on a busy street corner and it won't even get infected!

selena · 05-12-2010, 11:22 AM

Quote:

Originally Posted by halfpint

here is some more info on helping you to get rid of this shit

Look for these entries and Remove them These might not be the same on your comp but they will be simillar

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [flquqogp] C:\Documents and Settings\xxxx\Local Settings\Application Data\iwtnxrmxj\lkceppetssd.exe

O4 - HKLM\..\Run: [asam] C:\Documents and Settings\Administrator\Local Settings\Application Data\asam.exe

O4 - HKLM\..\Run: [ixbdhntx] C:\Documents and Settings\Administrator\Local Settings\Application Data\lbakdayih\tlduisstssd.exe

O4 - HKLM\..\Run: [fjscgslq] C:\Documents and Settings\xxxxx\Local Settings\Application Data\wjogyytnf\wmcjfdbtssd.exe

O4 - HKCU\..\Run: [flquqogp] C:\Documents and Settings\xxxx\Local Settings\Application Data\iwtnxrmxj\lkceppetssd.exe

O4 - HKCU\..\Run: [asam] C:\Documents and Settings\xxxx\Local Settings\Application Data\asam.exe

O4 - HKCU\..\Run: [fjscgslq] C:\Documents and Settings\xxxx\Local Settings\Application Data\wjogyytnf\wmcjfdbtssd.exe

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - Adobe - Adobe Acrobat: Create PDF file, edit PDF file, convert PDF to word, convert PDF to doc

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thi...wnloadCtrl.cab

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

Thanks for posting that, it helped me find a couple of files to delete. I now have use of IE again. However, I still can't go to any virus/malware sites to update. Have they said yet who/what caused this?

chronig · 05-12-2010, 11:39 AM

I use Chrome and Win XP 2010 Black Edition... no popups/trojans/etc here... as far as I know anyway

iSpyCams · 05-13-2010, 07:30 AM

Shit. Ever since this crap FF is the only one of my browsers that can browse the internet. Trying to fix it now.

iSpyCams · 05-13-2010, 07:34 AM

Quote:

Originally Posted by pompousjohn

Shit. Ever since this crap FF is the only one of my browsers that can browse the internet. Trying to fix it now.

got it. The damn thing was putting the loopback IP in my proxy settings.

Darkcrni · 05-13-2010, 07:45 AM

Is it safe now????/

iSpyCams · 05-13-2010, 09:16 AM

god dammit. my w7 is totally hosed now, cant even fire up ad-aware. copying work files to a pen drive and gonna nuke this hard drive and reformat.

Nikki_Licks · 05-13-2010, 09:42 AM

I ran mallwarebytes once more this morning and came up with one infected file.

Could this thing be re installing some on me? I am semi new to getting rid of this stuff as I rarely pick up something like this, so any help would be appreciated ;)

SmokeyTheBear · 05-13-2010, 09:51 AM

Quote:

Originally Posted by Brujah

So, after 4 pages.. any indication who was responsible?

it was an automated hack to openx , not likely targetted.

The virus basically installs a rootkit so hacker can control or do pretty much anything he/she wants to target or from targets computer.

It doesn't stock install a keylogger but right away it opens up a secret backdoor and proceeds to install whatever it wants at runtime or at a later date and that may include keyloggers or pretty much anything.

p.s. most of the server it runs on are out of russia or russian connected , but that doesnt say much hackers often route thru russia/china so as to make tracking them harder and lawsuits seem unobtainable.

TisMe · 05-13-2010, 06:07 PM

It opened a browser on its own to adult.com

CYF · 05-13-2010, 06:22 PM

Quote:

Originally Posted by TisMe

It opened a browser on its own to adult.com

should be pretty easy to follow the money and see who's affiliate account it was.

Firefox + adblock plus + noscript FTW

USA · 05-13-2010, 06:36 PM

Quote:

Originally Posted by Icy

I posted this screenshoot in the thread i created, it showed up just when loading gofuckyourself, so it's not a sig but a banner, as it doesn't always pop, just from time to time (i guess when the banner enters in the rotation).

Microsoft security essentials gave me an alert about Exploit:Win32/Pdfjsc.FG trying to infect my computer and blocked it, so yes, seems related to that acrobat error some of you saw.

damn...

TisMe · 05-13-2010, 06:37 PM

I didn't, was busy trying to get rid of the crap.

05-11-2010, 03:14 PM	#152
GrouchyAdmin Now choke yourself! Industry Role: Join Date: Apr 2006 Posts: 12,085	__________________ AIM: GrouchyGfy

05-11-2010, 03:16 PM	#156
Vendzilla Biker Gnome Industry Role: Join Date: Mar 2004 Location: cell#324 Posts: 23,200	I got hit, then contacted ICS, thanx Barry I have AVAST, no worries, it blocked it __________________ Webair died? Carbon is not the problem, it makes up 0.041% of our atmosphere , 95% of that is from Volcanos and decomposing plants and stuff. So people in the US are responsible for 13% of the carbon in the atmosphere which 95% is not from Humans, like cars and trucks and stuff and they want to spend trillions to fix it while Solar Panel plants are powered by coal plants think about that

05-11-2010, 04:55 PM	#163
Jim_Gunn Confirmed User Industry Role: Join Date: Feb 2003 Location: Where The Teens Are Posts: 5,702	I managed to remove the main elelements of the exploit' but there seem to be still some issues when I try different anti malware and anti virus apps. MalwareBytes removed some files in safe mode and Spybot Search & Destroy removed others. I changed my proxy settings in my browsers. MS Malicious Software removal tool found another backdoor. Those steps removed the pop up fake anti virus app. And now I am running a full AVG scan to remove any detritus. __________________ Jim Gunn Filming Cinematic Porn Skype JimGunnProductions

05-11-2010, 05:14 PM	#164
seeandsee Check SIG! Industry Role: Join Date: Mar 2006 Location: Europe (Skype: gojkoas) Posts: 50,945	rrrrrr double post __________________ BUY MY SIG - 50$/Year Contact here Last edited by seeandsee; 05-11-2010 at 05:19 PM..

05-11-2010, 05:19 PM	#165
seeandsee Check SIG! Industry Role: Join Date: Mar 2006 Location: Europe (Skype: gojkoas) Posts: 50,945	avira catch it today, but it was just placed on hd, and avira stoped the shit __________________ BUY MY SIG - 50$/Year Contact here

05-11-2010, 03:11 PM	#151
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	So it looks like the exploit is from Adobe [pdf] Reader? It's a bloated piece of shit and this isn't the first time it has been exploited... Change to Foxit Reader... you'll never look back...

05-11-2010, 03:22 PM	#158
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	PS: Vendors who change the look n' feel of their software every other update, suck.

05-11-2010, 03:57 PM	#159
mechanicvirus Confirmed User Industry Role: Join Date: Feb 2005 Location: Southern California Posts: 3,759	bump for answers, who is getting banned for this stunt?

05-11-2010, 04:28 PM	#161
BIGTYMER Junior Achiever Industry Role: Join Date: Nov 2004 Location: Walled Garden Posts: 17,066	If you got hit with this exploit I suggest you run a FULL virus scan and not the quick scan. Malwarebytes will remove the main problem but might not get everything. Avast found 3 other files that none of my other programs caught that appear to be connected to this exploit.

05-11-2010, 04:30 PM	#162
martialtiger Registered User Join Date: Mar 2004 Location: Los Angeles Posts: 43	Got hit by this too.

05-11-2010, 05:43 PM	#166
TisMe Confirmed User Join Date: Aug 2008 Posts: 1,719	Nice, fake anti-virus crap and one of the pages it'll open... adult.com.

05-11-2010, 06:17 PM	#167
devine Confirmed User Join Date: Jul 2006 Posts: 620	Avast blocked it yesterday but now it seems gone. I love my FREE Avast, will never understand those paying for crap like Kaspersky or Norton that usually got hit without even noticing it. And the paid version for 50 bucks or so ain't too shabby either

05-11-2010, 06:23 PM	#168
Agent 488 Registered User Industry Role: Join Date: Feb 2006 Posts: 22,511	....................................

05-11-2010, 06:30 PM	#169
NetHorse Confirmed User Industry Role: Join Date: Dec 2006 Location: Chicago Posts: 3,526	haha I made a thread about it this morning too.. https://gfy.com/showthread.php?t=967847 __________________ ┌∩┐(◣_◢)┌∩┐ ICQ # 427013273

05-11-2010, 06:43 PM	#170
StrokeKing Confirmed User Join Date: May 2008 Posts: 232	It works fine on my browser. __________________ Adult Reviews by the Stroke King.

05-11-2010, 11:29 PM	#172
Jack Sparrow Almost goners.. Industry Role: Join Date: May 2008 Location: Netherlands Posts: 11,420	Im a freaking noob with virii/trojans/malware, and the same goes with detecting and removing it. Whats the best process to check/remove on a windows vista, with firefox, machine?

05-12-2010, 01:29 AM	#174
Brujah Beer Money Baron Industry Role: Join Date: Jan 2001 Location: brujah / gmail Posts: 22,157	So, after 4 pages.. any indication who was responsible? __________________ Free Premium Domain Lists and Tools at Clickmojo.com For Sale: Obscenity.com

05-12-2010, 06:33 AM	#177
ajrocks Confirmed User Join Date: Nov 2004 Location: On Uranus Posts: 4,526	I smell ZANGO!! __________________ SEO Strategy - Digital Strategy - Cannabis Lead Generation Skype aj.durden1

05-12-2010, 07:13 AM	#178
Vjo So Fucking Banned Industry Role: Join Date: Oct 2002 Location: Happy 4th of July :) Posts: 6,082	IE7 here - seen nothing. Internet Settings: Medium-High (default) Also: Give (hardly) no site Trusted status. Personally I like F-Prot for a mere $29.95 a year. (for use on up to 5 boxes I think) Out of Finland. Top notch. Better than Kaspersky imo. They won't stop hijackers if you are too loose on your browser settings but they will stop all virus and trojans as well as anyone. It updates everyday and I don't even notice its on. http://www.f-prot.com I used to give lots of sites Trusted status. Got a hijacker and eventually had to reformat. Since then I run ultra tight settings on IE7 and (knock on wood) no problems. Trusted status is hardly never needed. Medium-High "Internet" settings eliminates most of Active-X stuff. It disables alot of other stuff too and yet I get around fine. Last edited by Vjo; 05-12-2010 at 07:20 AM..

05-12-2010, 09:19 AM	#179
Cyber Fucker Hmm Industry Role: Join Date: Sep 2005 Location: On an endless road around the world for rock and roll. Posts: 12,642	Thats why I no longer browse GFY on my work/sites administration computer... I can't afford to let some shit sneak to my system and then infect my servers and websites. __________________

05-12-2010, 11:39 AM	#183
chronig Registered User Industry Role: Join Date: Oct 2009 Posts: 2,653	I use Chrome and Win XP 2010 Black Edition... no popups/trojans/etc here... as far as I know anyway

05-13-2010, 07:30 AM	#184
iSpyCams Amateur Gynecologist Industry Role: Join Date: May 2009 Location: Medellin Posts: 4,436	Shit. Ever since this crap FF is the only one of my browsers that can browse the internet. Trying to fix it now.

05-13-2010, 07:45 AM	#186
Darkcrni Confirmed User Join Date: Jun 2007 Location: Right Around The Corner Posts: 1,704	Is it safe now????/

05-13-2010, 09:16 AM	#187
iSpyCams Amateur Gynecologist Industry Role: Join Date: May 2009 Location: Medellin Posts: 4,436	god dammit. my w7 is totally hosed now, cant even fire up ad-aware. copying work files to a pen drive and gonna nuke this hard drive and reformat.

05-13-2010, 09:42 AM	#188
Nikki_Licks Confirmed User Join Date: May 2005 Location: Behind The Lens Posts: 6,323	I ran mallwarebytes once more this morning and came up with one infected file. Could this thing be re installing some on me? I am semi new to getting rid of this stuff as I rarely pick up something like this, so any help would be appreciated ;) __________________ Amateur Content ICQ: 292 356 077

05-13-2010, 06:07 PM	#190
TisMe Confirmed User Join Date: Aug 2008 Posts: 1,719	It opened a browser on its own to adult.com

05-13-2010, 06:37 PM	#193
TisMe Confirmed User Join Date: Aug 2008 Posts: 1,719	I didn't, was busy trying to get rid of the crap.