LocostBuilders - powered by XMB

Damn ads!

chrisg - 5/8/07 at 07:10 PM

I've got something on my computer that seems to open random websites all the time.

any ideas how o get rid?

Cheers

Chris

BenB - 5/8/07 at 07:16 PM

Try running Adaware and Search + Destroy

Hellfire - 5/8/07 at 07:16 PM

Seems like you been on some dodgy websites Chris... YES?

You have a virus/spyware m8!

Run your Antivirus Software/Adware/SpyBot etc etc...

Steve

[Edited on 5-8-07 by Hellfire]

BenB - 5/8/07 at 07:22 PM

Better blame the monkey

Confused but excited. - 5/8/07 at 07:34 PM

^^^^^^

chrisg - 5/8/07 at 07:36 PM

This is the dodgiest site I use!

Thing is I've tried AVG and Adaware, it's still there.

I'll try search and destroy

Cheers

Chris

Hellfire - 5/8/07 at 07:44 PM

quote:
Originally posted by chrisg
This is the dodgiest site I use! YEAH RIGHT!

Thing is I've tried AVG and Adaware, it's still there. Ooh, it's a proper one then

I'll try search and destroy

Cheers

Chris

Highjackthis may be your answer... run it and post log. Chances are it's infected your boot sequence and needs to be stopped to eliminate. I may be around your neck of the woods tomorrow... let me know. U2U sent!

Steve

[Edited on 5-8-07 by Hellfire]

thunderace - 5/8/07 at 07:48 PM

do you think the monkey spanking site done it???????????

chrisg - 5/8/07 at 08:28 PM

Highackthis log

"Logfile of HijackThis v1.99.1
Scan saved at 21:26:30, on 05/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
Crogram FilesCommon FilesAutodata Limited SharedServiceADCDLicSvc.exe
Crogram FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
CROGRA~1GrisoftAVGFRE~1avgamsvr.exe
CROGRA~1GrisoftAVGFRE~1avgupsvc.exe
CROGRA~1GrisoftAVGFRE~1avgemc.exe
Crogram Filesewido anti-spyware 4.0guard.exe
Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
Crogram FilesAutodesk3dsMax8mentalraysatelliteraysat_3dsmax8server.exe
C:WINDOWSSystem32nvsvc32.exe
Crogram FilesCyberLinkShared FilesRichVideo.exe"

Cheers

Chris

Dangle_kt - 5/8/07 at 09:19 PM

install firefox - it's miles better than IE and its free - plus you can download add ons like gestures etc.

Fantastic bit of kit - i use it on all my PC's - and I'm a geek.

PhilCross66 - 5/8/07 at 10:24 PM

Try running F-Secures blacklight , it finds hidden root kits, think there's a free demo of it.
These things are often part of free software and even if you delete them with blacklight they may just return until you un-install the proggy they came with.
I dont think Firefox will fix it cos its software running in the background. Last time I tried to run Firefox I kept finding sites it wont open, oh how usefull.

Dangle_kt - 6/8/07 at 12:15 AM

quote:
Originally posted by PhilCross66

I dont think Firefox will fix it cos its software running in the background. Last time I tried to run Firefox I kept finding sites it wont open, oh how usefull.

I have never found a website that won't except it - bar one, the egg website that utilises the "password safe" - which has to use IE - poor design by egg if you ask me.

Firefox is superior to IE in every way, it is only due to the fact IE comes pre intalled that the masses don't realise how poor it is in comparison to the compition.

anyway -

If you have a personal firewall that you can grant internet access a program at a time, look at the current settings and look for programs that you don't recognise, knock em off one at a time, but keep a record of the original settings so you can return them to stock

If it was me I would start with svchost.exe you have running - it is a well know virus that uses the same name as a ligit program which windows requires.

JamJah - 6/8/07 at 08:21 AM

Ermm. I wouldnt touch svchost! Do you know what it does?? Obviously not otherwise you wouldnt recommend interferring with it...

Basically it initiates part of the registry. The Services part of it at that! Touch it with high risk...! You may not get rebooted.

Hellfire - 6/8/07 at 08:32 AM

Don't stop SVC host it's an intigral part of Windows!!! Especially in system32 directory

If it's elsewhere it may be a corrupt file but otherwise, leave it alone!

INFORMATION HERE

Steve

Dangle_kt - 6/8/07 at 09:18 AM

quote:
Originally posted by JamJah
Ermm. I wouldnt touch svchost! Do you know what it does?? Obviously not otherwise you wouldnt recommend interferring with it...

Basically it initiates part of the registry. The Services part of it at that! Touch it with high risk...! You may not get rebooted.

I mentioned earlier checking the access granted to *.exe via the firewall - I didn't say delete it or anything did i?

checking if it has access via your firewall will not stop windows booting...