Addware loaded from Majorgeeks !!

Its my daily ritual to check out M.G.each and every morning..This morning,for the first time ever,I noticed M.G. took long to come up on screen.
Thats when I noticed info from an addware site loading onto my laptop!
This was all from M.G...Whats up guys? Id hate to not visit here anymore because of this.
While typing here I also notice some changes to the M.G. website and a heading"majorgeek-co owner..."

Unfortunately I dont know enough about the procedure to check for the addware..but I am a master at Hijack this already..(Thanks to M.G...)Will follow up and post my finding..

Nokia.

 

Gees,Thanks guys..give me a coupla secs..I want to find it and Ill pm you guys..

 

Ok,Got it..017-domain hijack

O17 - HKLM\System\CCS\Services\Tcpip\..\{4A6CBB9D-8EB8-41C0-A127-F63078E46EBF}: NameServer = 196.25.255.34 196.25.255.3

You need more?
Log file?

Nokia.

 

Any way I can check back to see what loaded? I dont have a clue as to how I would proceed to check it..Can you advise?
Will post a screenshot.

Nokia.

 

The file was too big-had to resize..hope you can see ok..

 

Adds.revski.com..Just reloaded itself again as I went on to M.G....

 

Just done a new log..thanks C.P.

 

Got a pic of the download..

 

Halo,No,Ewido does not pick up anything untoward...I also found that rather strange..

Ill check out the noted HJT log thingy...

 

revsci[dot]net belongs to a company called Revenue Science. the revsci[dot]net domain appears to be just where they store their scripts and ads. Their main site is revenuescience[dot]com

There privacy statment is here.

http://www[dot]revenuescience[dot]com/privacyStatement.asp

Not sure if this helps at all, I've edited live links, after reading that who'd want to go to the page. I can download the whole statement safely without going to the site if anyone wants.

Matt

 

That's an adware related entry.

Do the steps in the tutorial Halo linked to.

 

Good morning nokia!

Just checking in to see how you are progressing with the steps in the READ & RUN ME FIRST Before Asking for Support thread? Are you having any problems with the steps?

If you have not started to complete them yet I strongly urge you to do so as there does in fact appear to be something malicious on your computer.

What I DO think is happening is that whatever you have is one of those variants that only shows itself on sites that either have a removal tool to get rid of it or a specialized forum such as we have for helping users to clean their computers. One reason this is done is to try and discredit the site. Some of these malicious proggies will go so far as to block you completely from accessing sites like ours in an attempt to keep you from cleaning it off your computer. We have had multiple cases like this so users will access the site via a different computer to get help.

Please do complete the clean up steps and attach your logs so we can get to the bottom of this. No one else but you has reported seeing this mysterious hijack and we really would like to see a resolution.

Thank you.

 

I have downloaded all the programs I need,Im actually going to start the complete operation now.
While logging on now,something downloaded that filled the whole download bar from left to right with numerals,letters and squigly stuff..(!@#$%^&*()_+)..

Its like swimming in the ocean knowing theres a BIG fish about...

BTW,This all started just after I installed a program for Firefox called :Stumble:..

Its a reccomended download from Mozzila themselves...

Nokia..

 

Ive done the whole procedure and even included an Ewido scan..Nothing at all..I think in total 4 cookies were found and deleted..

I followed the process to the letter..mmmm...

 

You haven't attached the 3 logs...BitDefender, Panda Active Scan & HijackThis (analyse.exe). Please attach them so they can be reviewed and we can make absolutely sure there is no problem.

I find it rather intriguing you mention now that your problem began when you downloaded Stumble for your FireFox browser. I wasn't familiar with Stumble b/c I don't use FF so I had to look it up to see what it was. Have you tried removing all traces of it from your computer to see if your issue resolves itself?

 

I have used stumble on IE, and whilst they try to take care about the sites they add, since they are 'user added' pretty much anything could be in there.

Stumble itsself probably isn't the problem, its only an add on that takes you to a random site when you are bored. Its morelikely one of the sites it took you too has done a driveby on your computer.