Whodunnit ???

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by hundel, Dec 15, 2004.

  1. hundel

    hundel Private E-2

    Very intereesting. Moments ago, I received a typical addware popup - this is the messenger service "MSOFT" message with the "updatenow.org" link.

    These are brand new components - hard drive to the motherboard assembled last night!

    The ONLY sites visited are (in order, all using IE 6.0)...

    msn.com
    hotmail.com
    symantec.com (first ever live update was occuring at time of popup)

    I can provide a list of installed software. There are NO sketch freeware/shareware programs on the system. SpyBlocks v2 (installed right after symptom) reports BDE, MSBB, n-case adware.

    Is it correct to assume one of these sites is the culprit? WHO?!?
     
    hundel, Dec 15, 2004
    #1
  2. NeoNemesis

    NeoNemesis Moutharrhea

    Are you refering to Spyblocs? Because if so, Spyblocs is a fake spyware remover, its spyware itself
     
    NeoNemesis, Dec 15, 2004
    #2
  3. hundel

    hundel Private E-2

    Thanks NeoNemesis - where'd this come from and how do I save my new machine? I have a Hijackthis log if it helps....
     
    hundel, Dec 15, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    After doing ALL of the above if you still have a problem:

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Dec 16, 2004
    #4
  5. hundel

    hundel Private E-2

    Thanks chaslang - I've read the FAQs and sticky and will follow them to avoid future problems as best I can.

    In this case I was dealing with a brand new machine I had built that day with Win2000 sp4, IE6 fresh installs. It seemed best to reformat the hard drive and start clean so I did.

    I could see the complete internet history and it included only the sites listed below. Thought it would be interesting to speculate which of the site caused the original "MSOFT" message.
     
    hundel, Dec 16, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Infections can occur withing seconds of hooking a new system up to the internet. Problems like Blaster and Sasser worms can find you without even running a browser.

    You need to follow the steps here ASAP: How to Protect yourself from malware!

    Make sure you get ALL of Microsofts updates right away.
     
    chaslang, Dec 16, 2004
    #6
  7. hundel

    hundel Private E-2

    chaslang - you're absolutely right. None of those websites are to blame. It appears Windows Messenger Service was responsible for the popup - after reformatting my hard drive it appeared again within a minute or so of dialing up. I've disabled the messenger service, and have taken some added precautions. For example, using Mozilla, keeping Norton auto-updated getting my Windows update. Ironically, if you install W2K with SP4 and Norton, then let them do their auto updates, you can get hit by this type of pop-up before they've even protected themslves! Totally ironic.
     
    hundel, Dec 16, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! It a Catch-22. You need to be updated but to get updated you need to connect to the Internet but before you connect to the Internet you need to be updated. LOL!

    I put all kinds of updates and patches and scanners, firewall, etc on a CD. Then when I install a new system, before connecing I use my CD to add in all the updates and other software before hand. Works perfectly thus far.
     
    chaslang, Dec 16, 2004
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds