Go back to their website and download their latest version, the program updates you get now won't change the GUI or the program icons, you'll need to re-install the latest version to have the coolness I have lol.

It's cool though, the voice prompts are now female and not the boooooming male voice "VIRUS DATABASES HAVE BEEN UPDATED"

I think they are now using the AT&T Voicepacks maybe?

-Loki-

that white square is hidden iframe which can be recognized as
hidden iframe containg javascript in the source of the page
either gfy source page or advertisers iframe source page

here is some more info on helping you to get rid of this shit

Look for these entries and Remove them These might not be the same on your comp but they will be simillar

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [flquqogp] C:\Documents and Settings\xxxx\Local Settings\Application Data\iwtnxrmxj\lkceppetssd.exe

O4 - HKLM\..\Run: [asam] C:\Documents and Settings\Administrator\Local Settings\Application Data\asam.exe

O4 - HKLM\..\Run: [ixbdhntx] C:\Documents and Settings\Administrator\Local Settings\Application Data\lbakdayih\tlduisstssd.exe

O4 - HKLM\..\Run: [fjscgslq] C:\Documents and Settings\xxxxx\Local Settings\Application Data\wjogyytnf\wmcjfdbtssd.exe

O4 - HKCU\..\Run: [flquqogp] C:\Documents and Settings\xxxx\Local Settings\Application Data\iwtnxrmxj\lkceppetssd.exe

O4 - HKCU\..\Run: [asam] C:\Documents and Settings\xxxx\Local Settings\Application Data\asam.exe

O4 - HKCU\..\Run: [fjscgslq] C:\Documents and Settings\xxxx\Local Settings\Application Data\wjogyytnf\wmcjfdbtssd.exe

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - Adobe - Adobe Acrobat: Create PDF file, edit PDF file, convert PDF to word, convert PDF to doc

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thi...wnloadCtrl.cab

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

After you remove these download hijackthis 2.04,

Then run CCleaner and make sure all entries are checked and then run the registry cleaner

Run Cleanup!

Then go to start, run, type msconfig and press enter. Go to the Startup tab, click disable all, then recheck your antivirus entry, then reboot

Reboot back into safemode

Then run Combofix, Malwarebytes, Microsoft Security Essentials, Remove all infections found with malwarebytes and MSE.

Same as Loki here

Yes, I got it too ...wtf admin does?! I mean no Eric, he's not tech... but there is a tech admin here, am I right? :( Can't you just secure the server and script? :Oh crap

:thumbsup

I had to enable ads to find it but the domain ESET is seeing as a threat is http://qa.dep.lt/

(ps: don't click that URL unless you are protected:))

I'm still not sure what and where I'm putting those things into the FF network screen

Ok so i had that popup but right now no fake antivirus app, so am I in the clear? Running malwarebytes right now.

i saw a white banner in the banner space, maybe that was it

GFY installs malware? I am not aware and I did not see any signs that this happened.

I got hit, guys its a simple solution... just buy the malware software when its installed! Wall-ah! Problem fixed.

Jayvis: LMAO.. um... NO, Well I mean sure if you want to risk some good ole' fashioned identity theft then go right ahead and buy it.

IF a company creates fake viruses to pimp out their software they MUST be an honest and safe company to give your credit card info to.

IF you're NOT talking about the payload software (the software that keeps popping up once your infected) then disregard my post ;)

-Loki-

The irony is that is impossible,since it always popup how you are infected and slowing system a lot.

to BIGTYMER tical already explain this to you
in addition I can say they install keylogger on
your machine.

I hope all you have root password on the paper clip
instead stored somewhere in the files.

Good luck lads

And all this shit could be avoided if ff and adblock pro was used.

Grabbed the page info----

Location: /http/://qa.dep.lt/info/us1.html/s002102317805r0409J00020401R3f1d03ebXd11548b9Y9afc 18fbZ03003f36

Type: application/pdf

Size:`44.16 KB (45,215 bytes)

Dimensions: 0px × 0px

Page: http://www.gofuckyourself.com/showth...=967899&page=3

are you trying to change the proxy settings in the FF network ?

KlenTelaris:not 100% true, I only use FF and I have Adblock Pro turned on, I only avoided the issue by having the latest and most updated Avast running on my machines.

The funny thing is ABP is flawed as hell, don't believe me
head to a site like http://www.blogtalkradio.com for example,

look at all the ads that ABP allows to still come through,

then "Open blockable items" and find the shown ads and manually block them

reload the page and see the MOST of the same ads.

Don't get me wrong ABP is GOOD helper BUT it just don't stop all that it could stop,and day by day the ad networks are finding ways around ABP and other blockers.

-Loki-

This has been located and should be resolved. Please let me know if you see this error from now on.

:thumbsup

BarryP: Cool Cool, however the first page of this thread is STILL setting off Avast (I'm thinking due to Smokey's post #46 where he showed the code of the exploit)

-Loki-

Barry I know this is not your fault but to leave the forum for so long with this maleware running just aint funny. I spent a good half a day trying to get this off my comp.

Glad its sorted now

Try it now.

Edit. Just seen what I posted in another thread.

Finally was able to remove this damn thing...looks good so far.

Fucking spyware :321GFY

I was kidding around, did a hard boot from yesterday and it was gone. :winkwink:

This shit happens everywhere. Even on paysites and affiliate programs.


If you are worried about local FTP accounts being compromised (+ the keylogger), try WinPatrol monitoring.

For simpler PDF usage, use Sumatra reader.

Run browsers and software in encrypted sandboxie. As portable versions, if possible.

Don't run your OS by default in administrative mode.

Only turn javascript and flash on, when you fap off to your own tubes :)

Shit happens, thanks for getting it Berry

:1orglaugh:1orglaugh

All is good on page 1 now (hence I can quote now lol)

-Loki-

have you got it removed from your comp now ?

Glad I use NoScript and don't run javascript on GFY.com. I have had no problems because viruses cannot install themselves when you don't run javascript. GFY doesn't require JS (like a good website should not) and therefore, it displays and functions just fine without it.

ImageVenue .com has it now!

http://safeweb.norton.com/report/sho...imagevenue.com

Sorry but all 'good websites' use JavaScript :winkwink:

Is this just today? ... I havent logge don until now seeing this thread first....

Happened to me this morning ... UK time

I rebooted to safe mode and ram Malwarebytes and it fund the infection.My proxy settings in FF were normal. But upon re-boot to normal mode the infection came back twice already and I still cannot get rid of this thing! This is ending up to be a whole day wasted and I had a lot of work to do today!

I wanted to point this out again as i can unfortunately positively confirm that i found this shit injected into some of my sites.. (only those sites are affected, where i saved the account details in my ftp client). I can also confirm that this triggers some sort of "killing mood".

This is what I found in the pdf file:

What FTP client do you use?

i use FileZilla

Have you got IE installed as well cause you should check the proxy settings in that as well

I had to do it twice and also make sure you browsers are shut down when you do the scan

I posted a log of some of the crap which you can remove manually to clean your comp. It wont be exactly the same but it will be similar

Aaaand this: http://pastebin.com/Nz8iVr2M :)

I had a time with it, but finally got mallwarebytes to launch and it found 14 infections. I haven't had any problems since I rebooted...knock on wood.

And yes, you are right what a way to waste allot of time :disgust

I got hit with Antispyware Soft.
I looked up what process were running and narrowed it to uoxottgtssd.exe
I then rebooted in safe mode deleted this file, started normally and had a problem with the proxies after restarting the computer
so I rebooted again and restored my computer back 2 days. Got rid of the damn problem. I ran a couple different scans to make sure It was gone lol

Bloody damn thing. All clear now?!

D'oh got someone in the office. =)

Crossing my fingers that my warning of the exploit late last night means that Kaspersky caught it n all is well. I did see a little box about an adobe error this morning, but nothing more. Almost afraid to reboot. n for me, the warning popped off a top banner on the main page of this forum.

It took effect for me without rebooting I went to login to gfy and about 30 seconds later it popped up installed