Your welcome and thanks to you and bigtymer and all the other users for helping me to get rid of this

URL causing issues is coinurlredirect.com

No problem man! Glad to help. Its a nasty little problem.

I have forgot to warning you that if you are infected and have
ftp accounts stored somewhere in your computer that high
chances all your sites resides in that ftp accounts are infected
also. So check it out now or your sites will be flagged by google
as spyware source. Good luck lads. It is such pain in the ass.
When that happened to me I was in killing mood for days.

holograph: That might be true BUT all I can say is Avast will NOT load anything past part of that code, It does not load his sig, it just cut's off at the code snippit, IF it was his sig though, why are the prior posts loaded with it?

What post came after Smokey's code snippit? maybe that is what Avast is blocking then?

I'll make and post a shot real quick

-Loki-

What makes you think that?

yup got hit too, had to do a system restore... it wouldn't let me execute anything after it loaded (kept saying "whatever.exe is infected"). i updated acrobat reader, not sure if that will help future attempts...

what a pain in the ass

I had avast running when I got it and it did not give me any warning at all and it still does not even when I view Smokey's Code snippet

I am running a full scan with avast now and so far it has come up with this JS:Pdfka-AFK [Expl] which was in the temp folder in firefox

lol took me 5 tries to get page 1 to actually load again, Avast was blocking the entire page, BUT I finally got it to load up to the stopping point....

http://www.lokiporn.com/gfy2.jpg

-Loki-

some of these adware installations will dump password data from browsers and ftp clients and send them to a host somewhere... i've seen it happen on several machines of mine over the years

i would find a plain text file on my system that had all of my usernames/passwords in it (ie, firefox, cuteftp)

Fuck... I better change all passwords just to be safe.

It wont let me run mallwarebytes. A windows security window pops up preventing me opening mallware...WTF?

Thats weird how your avast is stopping it and mine aint doing shit :Oh crap

halfpint: this is what I have been seeing for the last two hours now:
http://www.lokiporn.com/gfywtf.jpg

Notice the address is this thread, I tab GFY most times, so I had just opened this thread in a new tab and got that warning, and the other screenshot above (stop shot) is as far as I can get without manually coming to the 2nd page

What I'm using:
Avast 5.0.507
Virus Definitions version: 100511-0

All live scans are enabled (or shields)

-Loki-

restart you computer in safemode then run malwarebytes and then change the proxy settings in your browsers

http://www.eset.com/download
http://www.eset.com/download
http://www.eset.com/download
http://www.eset.com/download
http://www.eset.com/download
http://www.eset.com/download

Go back to their website and download their latest version, the program updates you get now won't change the GUI or the program icons, you'll need to re-install the latest version to have the coolness I have lol.

It's cool though, the voice prompts are now female and not the boooooming male voice "VIRUS DATABASES HAVE BEEN UPDATED"

I think they are now using the AT&T Voicepacks maybe?

-Loki-

that white square is hidden iframe which can be recognized as
hidden iframe containg javascript in the source of the page
either gfy source page or advertisers iframe source page

here is some more info on helping you to get rid of this shit

Look for these entries and Remove them These might not be the same on your comp but they will be simillar

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [flquqogp] C:\Documents and Settings\xxxx\Local Settings\Application Data\iwtnxrmxj\lkceppetssd.exe

O4 - HKLM\..\Run: [asam] C:\Documents and Settings\Administrator\Local Settings\Application Data\asam.exe

O4 - HKLM\..\Run: [ixbdhntx] C:\Documents and Settings\Administrator\Local Settings\Application Data\lbakdayih\tlduisstssd.exe

O4 - HKLM\..\Run: [fjscgslq] C:\Documents and Settings\xxxxx\Local Settings\Application Data\wjogyytnf\wmcjfdbtssd.exe

O4 - HKCU\..\Run: [flquqogp] C:\Documents and Settings\xxxx\Local Settings\Application Data\iwtnxrmxj\lkceppetssd.exe

O4 - HKCU\..\Run: [asam] C:\Documents and Settings\xxxx\Local Settings\Application Data\asam.exe

O4 - HKCU\..\Run: [fjscgslq] C:\Documents and Settings\xxxx\Local Settings\Application Data\wjogyytnf\wmcjfdbtssd.exe

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - Adobe - Adobe Acrobat: Create PDF file, edit PDF file, convert PDF to word, convert PDF to doc

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thi...wnloadCtrl.cab

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

After you remove these download hijackthis 2.04,

Then run CCleaner and make sure all entries are checked and then run the registry cleaner

Run Cleanup!

Then go to start, run, type msconfig and press enter. Go to the Startup tab, click disable all, then recheck your antivirus entry, then reboot

Reboot back into safemode

Then run Combofix, Malwarebytes, Microsoft Security Essentials, Remove all infections found with malwarebytes and MSE.

Same as Loki here

Yes, I got it too ...wtf admin does?! I mean no Eric, he's not tech... but there is a tech admin here, am I right? :( Can't you just secure the server and script? :Oh crap

:thumbsup

I had to enable ads to find it but the domain ESET is seeing as a threat is http://qa.dep.lt/

(ps: don't click that URL unless you are protected:))

I'm still not sure what and where I'm putting those things into the FF network screen

Ok so i had that popup but right now no fake antivirus app, so am I in the clear? Running malwarebytes right now.

i saw a white banner in the banner space, maybe that was it

GFY installs malware? I am not aware and I did not see any signs that this happened.

I got hit, guys its a simple solution... just buy the malware software when its installed! Wall-ah! Problem fixed.

Jayvis: LMAO.. um... NO, Well I mean sure if you want to risk some good ole' fashioned identity theft then go right ahead and buy it.

IF a company creates fake viruses to pimp out their software they MUST be an honest and safe company to give your credit card info to.

IF you're NOT talking about the payload software (the software that keeps popping up once your infected) then disregard my post ;)

-Loki-

The irony is that is impossible,since it always popup how you are infected and slowing system a lot.

to BIGTYMER tical already explain this to you
in addition I can say they install keylogger on
your machine.

I hope all you have root password on the paper clip
instead stored somewhere in the files.

Good luck lads

And all this shit could be avoided if ff and adblock pro was used.

Grabbed the page info----

Location: /http/://qa.dep.lt/info/us1.html/s002102317805r0409J00020401R3f1d03ebXd11548b9Y9afc 18fbZ03003f36

Type: application/pdf

Size:`44.16 KB (45,215 bytes)

Dimensions: 0px × 0px

Page: http://www.gofuckyourself.com/showth...=967899&page=3

are you trying to change the proxy settings in the FF network ?

KlenTelaris:not 100% true, I only use FF and I have Adblock Pro turned on, I only avoided the issue by having the latest and most updated Avast running on my machines.

The funny thing is ABP is flawed as hell, don't believe me
head to a site like http://www.blogtalkradio.com for example,

look at all the ads that ABP allows to still come through,

then "Open blockable items" and find the shown ads and manually block them

reload the page and see the MOST of the same ads.

Don't get me wrong ABP is GOOD helper BUT it just don't stop all that it could stop,and day by day the ad networks are finding ways around ABP and other blockers.

-Loki-

This has been located and should be resolved. Please let me know if you see this error from now on.