AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Software > Data Security

Data Security Viruses, Firewalls and Safe computing


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 3rd January, 2007, 06:50 PM
Member
 
Join Date: July 2004
Posts: 659

Weird spyware

Hi guys

My girlfriends pc has some funky new desktop spyware type thing...... on boot up her desktop wallpaper has a water mark saying

http://img.photobucket.com/albums/v2...WierdBible.jpg

If a program is open it goes away but comes back on startup we have tried Ad-ware as well as Spybot and they dont pick it up

Any ideas would be cool
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 3rd January, 2007, 07:05 PM
Favu's Avatar
AOA's resident barman
 
Join Date: October 2005
Location: /Wales/Abergavenny
Posts: 4,004
Send a message via ICQ to Favu Send a message via AIM to Favu Send a message via MSN to Favu

maybe it is active desktop being wierd? I would also try an AVG scan.

Checking the running services and programs could also be revealing.
__________________
AOA Team fah
 

Custom 8-bit Sharp Z80 @ 4.194304 MHz
Reflective LCD @ 160 × 144
8 kByte S-RAM






Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 3rd January, 2007, 07:08 PM
Pitch's Avatar
AOA Staff
Asteroids Champion, Maeda Path Champion, Disco Racer Champion, Alpha Bravo Charlie Champion, Van Champion
 
Join Date: February 2004
Location: The cake is a lie.
Posts: 5,025
Send a message via MSN to Pitch

She's still using IE...

Format to be honest.
__________________


XBL/PNS = neolad
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 3rd January, 2007, 08:30 PM
Member
 
Join Date: July 2004
Posts: 659

whats wrong with IE I still use it lol
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 3rd January, 2007, 08:45 PM
Favu's Avatar
AOA's resident barman
 
Join Date: October 2005
Location: /Wales/Abergavenny
Posts: 4,004
Send a message via ICQ to Favu Send a message via AIM to Favu Send a message via MSN to Favu

oh dear.
__________________
AOA Team fah
 

Custom 8-bit Sharp Z80 @ 4.194304 MHz
Reflective LCD @ 160 × 144
8 kByte S-RAM






Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 3rd January, 2007, 09:16 PM
Got EpOx's Avatar
Team 45 Folder
 
Join Date: April 2005
Location: Exmouth, UK
Posts: 2,569
Send a message via MSN to Got EpOx Send a message via Skype™ to Got EpOx

Quote:
Originally Posted by IE User
whats wrong with IE I still use it lol
Make the switch to Opera and you'll never look back
__________________
Intel Core 2 Duo T5500 1.66Ghz
1GB PC2-5300 667Mhz
Matsh1ta DVD/RW Drive
232GB Western Digital 'My Book' External HDD USB 2.0
80GB Hitachi SATA HDD
Onboard Audio
Intel GMA 950 Onboard Video
Want to make a difference without leaving your chair?, then join the AOA folding team today!
AOA Folding @Home
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 3rd January, 2007, 09:39 PM
skool h8r's Avatar
Member
 
Join Date: January 2005
Location: Rotherham, UK
Posts: 3,157
Send a message via MSN to skool h8r

Quote:
Originally Posted by Got EpOx
Make the switch to Opera and you'll never look back
Do ya know how many people say "you'll never look back"? Well i also prefer IE over any other browser.

As for the original problem, i know what this is. It's a worm called Bustoy-A. If you want, i can create one of my specialised batch removers that should rid the computer of the worm.

HTH,
Scott.
__________________
i7 2600K (4.3Ghz 1.34v) | GTX580 | 16GB (4x4GB) Patriot Viper Sec. 5 Ser. 2 (1866 - 9-11-9-27) | P67A-UD4-B3
Corsair AX1200 | Vertex II 240GB SSD | 4TB RAID0 (Samsung HD204UI) | Logitech G930 Wireless Headset

YouTube - Benchmark Results (Coming Soon!)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 4th January, 2007, 12:06 AM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,606

Opera, but I can't find my way back, I just barely got here! ":O}
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 4th January, 2007, 12:19 AM
Favu's Avatar
AOA's resident barman
 
Join Date: October 2005
Location: /Wales/Abergavenny
Posts: 4,004
Send a message via ICQ to Favu Send a message via AIM to Favu Send a message via MSN to Favu

Quote:
Originally Posted by skool h8r
It's a worm called Bustoy-A.
A quick search brought THIS up, I highly recommend reading it all the way through
Quote:
When first run W32/Bustoy-A copies itself to:

<Startup>\systemnt.exe - This will cause the worm to autorun on Windows startup.
<System>\mslogon.exe

W32/Bustoy-A will also attempt to copy itself to removable drives as toy.exe. The worm also creates the file autorun.inf on the drive in an attempt to run itself automatically when the drive is connected.
I would check all the pen drives you guys have used, just to make sure you haven't got an infestation on your hands.
__________________
AOA Team fah
 

Custom 8-bit Sharp Z80 @ 4.194304 MHz
Reflective LCD @ 160 × 144
8 kByte S-RAM






Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 4th January, 2007, 12:36 AM
Member
 
Join Date: July 2004
Posts: 659

oh bugger well luckly she only uses it for EQ2 so no copying of stuff as she only has a DVD ROM drive. Will kill this right away then
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #11 (permalink)  
Old 4th January, 2007, 12:41 AM
kellamne's Avatar
Member
 
Join Date: September 2003
Location: UK
Posts: 624

Quote:
Originally Posted by Daston
oh bugger well luckly she only uses it for EQ2 so no copying of stuff as she only has a DVD ROM drive. Will kill this right away then
No - all wrong. Look more carefully. You'll see it is infested with a case of westlife. Agreed though - "kill this right away then"
__________________
* Antec Fusion - ALiveNF6G-VSTA - X2/4000 - 2GB - 7800GT - XP
* Asus Eee 4G Surf - 1Gb
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #12 (permalink)  
Old 4th January, 2007, 09:38 AM
raphael2040's Avatar
Member
3D SuperBall Champion, Caray Snake 2 Champion, Casino Blackjack Champion, Helicopter Champion
 
Join Date: May 2005
Location: Blackburn, UK
Posts: 2,188
Send a message via AIM to raphael2040 Send a message via MSN to raphael2040

Looks like it's been screwing around with registries.

And if it copies itself, it'd mean that all your files on your PC are infected.

Like Pitch said, 'Format, tbh'. =)
__________________
ASUS X58 P6T-SE
OCZ Gold 6GB DDR3-1600
750W Corsair CMPSU-750TX
Intel Core i7 920 (Bloomfield) o/ced 4.03Ghz
ATI Sapphire Radeon 4850 w/ Accelero Twin Turbo Cooler
All housed in a Thermaltake Tai Chi Case with lots of silent fans.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #13 (permalink)  
Old 4th January, 2007, 04:48 PM
skool h8r's Avatar
Member
 
Join Date: January 2005
Location: Rotherham, UK
Posts: 3,157
Send a message via MSN to skool h8r

Quote:
Originally Posted by raphael2040
Looks like it's been screwing around with registries.

And if it copies itself, it'd mean that all your files on your PC are infected.

Like Pitch said, 'Format, tbh'. =)
even though formatting would seem the easy option, it's not. Like i said, i can make you one of my special removers that targets the worm directly. This is one area where i excel at using only batch files to remove the infection. And formatting won't rid the computer of MSIE
__________________
i7 2600K (4.3Ghz 1.34v) | GTX580 | 16GB (4x4GB) Patriot Viper Sec. 5 Ser. 2 (1866 - 9-11-9-27) | P67A-UD4-B3
Corsair AX1200 | Vertex II 240GB SSD | 4TB RAID0 (Samsung HD204UI) | Logitech G930 Wireless Headset

YouTube - Benchmark Results (Coming Soon!)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #14 (permalink)  
Old 4th January, 2007, 05:29 PM
Member
 
Join Date: January 2005
Location: Brighton
Posts: 4,856

I'm a bit confused about your last line. Nobodys trying to get rid of MSIE, you just use something else instead. We all know alternative browsers have far superior security features.
__________________


Quote:
Originally Posted by Wolf2000me
Skinny people are not petite in every aspect of the body, let me tell you that
Quote:
Originally Posted by dsio
I was searching for a synonym for testicles that rhymed with hats


[/FONT]


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #15 (permalink)  
Old 4th January, 2007, 05:31 PM
Member
 
Join Date: July 2004
Posts: 659

Skool H8r if you could make a file that would be sweet! What info do you need?
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #16 (permalink)  
Old 4th January, 2007, 06:41 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,606

Quote:
Originally Posted by skool h8r
even though formatting would seem the easy option, it's not. Like i said, i can make you one of my special removers that targets the worm directly. This is one area where i excel at using only batch files to remove the infection. And formatting won't rid the computer of MSIE
For those that are quite rightly nervous about using a Virus remedy from Shool h8r.... He has in the past provided this forums with several excellent Virus cleaners for specific bugs.

Given it's a case of format or try his custom cleaner, without a doubt I'd try his cleaner!
Thanks skool h8r for being here for us!
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #17 (permalink)  
Old 4th January, 2007, 06:44 PM
skool h8r's Avatar
Member
 
Join Date: January 2005
Location: Rotherham, UK
Posts: 3,157
Send a message via MSN to skool h8r

Quote:
Originally Posted by Daston
Skool H8r if you could make a file that would be sweet! What info do you need?
I don't need any. I'll be back in a few minutes to a few hours with the file.
__________________
i7 2600K (4.3Ghz 1.34v) | GTX580 | 16GB (4x4GB) Patriot Viper Sec. 5 Ser. 2 (1866 - 9-11-9-27) | P67A-UD4-B3
Corsair AX1200 | Vertex II 240GB SSD | 4TB RAID0 (Samsung HD204UI) | Logitech G930 Wireless Headset

YouTube - Benchmark Results (Coming Soon!)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #18 (permalink)  
Old 4th January, 2007, 07:22 PM
skool h8r's Avatar
Member
 
Join Date: January 2005
Location: Rotherham, UK
Posts: 3,157
Send a message via MSN to skool h8r

Doen and dusted! New record: 16 minutes (i finished it by 6). It's one single batch file. Just follow the onscreen instructions. Also, i recommend running it as an administrator just in case. Also, before using the cleaner, i strongly recommend checking any removable discs or drives (Floppy discs, writable discs, flash dives, etc) for a file called toy.exe. It has the hidden attribute so you should search with the option of showing hidden files and folders. There should also be an autorun.inf file in the same directory. You should remove this as well. Or, if you want me to create an application that will clean them as soon as the disc/drive is inserted, then i can have this ready within a few hours. It will be an exe file and you'll need to insert all removable devices that have been used since this infection first showed itself. Anyway, the cleaner is attached.
Attached Files
File Type: zip win32.busty.A cleaner.zip (1.4 KB, 51 views)
__________________
i7 2600K (4.3Ghz 1.34v) | GTX580 | 16GB (4x4GB) Patriot Viper Sec. 5 Ser. 2 (1866 - 9-11-9-27) | P67A-UD4-B3
Corsair AX1200 | Vertex II 240GB SSD | 4TB RAID0 (Samsung HD204UI) | Logitech G930 Wireless Headset

YouTube - Benchmark Results (Coming Soon!)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #19 (permalink)  
Old 5th January, 2007, 06:03 PM
Member
 
Join Date: July 2004
Posts: 659

Cheers dude just ran it and all seems well thanks for the help!!

Oh the only removable drive she has used is her MP3 player are they able to take .exe files?
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #20 (permalink)  
Old 5th January, 2007, 06:32 PM
Favu's Avatar
AOA's resident barman
 
Join Date: October 2005
Location: /Wales/Abergavenny
Posts: 4,004
Send a message via ICQ to Favu Send a message via AIM to Favu Send a message via MSN to Favu

if it shows up as a removeable drive then yeah it can.
__________________
AOA Team fah
 

Custom 8-bit Sharp Z80 @ 4.194304 MHz
Reflective LCD @ 160 × 144
8 kByte S-RAM






Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
AHHHH F*kin Spyware!!!! Daston Data Security 25 14th May, 2006 11:18 PM
Spyware Attack IceRaptor Data Security 9 21st February, 2006 09:11 AM
Spyware Daston Data Security 19 7th September, 2005 07:04 PM
Aaarrrrggghh!!!! Spyware! Lazgoat Random Nonsense! 16 8th October, 2004 05:53 PM
weird spyware/trojans BackBreaker CRASHED! 8 19th July, 2004 08:50 PM


All times are GMT +1. The time now is 11:02 AM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0