Computer Taken Over?

kah22

Turned on the computer this morning, went to start Firefox and was presented with this box reading something like 'Message from webpage - Warning your computer is at risk from Malware attack' try to close it and you get this automated scanning.

Now I know I've been taken over in some way, don't know how to get rid of what's attacked me. This seems to be the offending page.

you'll have to put the www bit in yourself I've removed it for safety reasons: 1.self-checker11.in/?p=p52dcWplanKHjsbIo22AgYVe0KCfYWCcU9LXoKitaVzHysd2lJN%2Fel6orKWeZpXJZWdlmmpxmpKIo6THodjXoFe!!!zZytell3FfmqGgnXaHo83LqG1TnaJ1lWaXXmGZZJGYk19oZWmL08ifb5ytqKhuZ2jYpNuUkpKQq6Sh2JLUo57LodrT1ZxllaWT1s5oWKiscWlmcG%2BSZZucZGZTqKVqoV6UaGaXZZqalmddlZmiqKVfqZ2dcXFnbA%3D%3D

It wouldn't let me continue to browse so I just let the message sit there and opened up a different browser and that's how I'm sending this message. I haven't turned the computer off as I'm cautious about turning it on again.

I have Vipre anti virus but that doesn't seem to be of any help.

What to do?

Kevin

dogmaryxx

Save http://dl.surfright.nl/HitmanPro35.exe to desktop
Then Hold down the left CTRL-key when you start Hitman Pro and all non-essential processes will be terminated, including the malware process before the scan.

Download MALWAREBYTES free version
http://www.malwarebytes.org/mbam.php
Open malwarebytes and go to UPDATE and click 'check for updates'. After its updated go to SCANNER and click PERFORM FULL SCAN then click SCAN
Remove everything thats found (needs to be ticked)
Post the COMPLETE log here AFTER youve deleted everything it finds

kah22

Ran the complete scan; nothing marked. So why am I getting that thing from the address I gave above?

Here's the log file.

Malwarebytes' Anti-Malware 1.46
https://www.malwarebytes.org

Database version: 4739

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04/10/2010 12:56:36
mbam-log-2010-10-04 (12-56-36).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 274696
Time elapsed: 51 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

kah22

Went to my old computer - haven't used it for at least two weeks - and tried to access two blogs I'm building. It was then I discovered that that message popped up when I attempted to access them.

Carried out an ctl-alt-delete to force the browser to shut, turned off the computer and restarted. Went to Google News and just randomly selected news sites, no bother they all opened without that security alert thing. Which would suggest that two of my blogs are infected.

Can't understand this as I've only been working on them for a short time and I've actually cleared the database on a number of occassions as I'm working trial and error.

Not posting the url as they are at a very early stage but I've PM you the address

Kevin

ps just popped over to my ISP freedin2surf and got this message:

There is a problem with this website's security certificate.



The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.


That's the second or third time I've seen that message over the past number of weeks. I'm beginning to think there is something strange going on.

debitcardmayhem

My Norton stopped the traffic before it got to my VirtualBox Linux,
but I would suggest that you edit your first post ^^^ quote to make it not an URL so no-one without AV does not get the same result.

kah22

debitcardmayhem wrote: »

My Norton stopped the traffic before it got to my VirtualBox Linux,
but I would suggest that you edit your first post ^^^ quote to make it not an URL so no-one without AV does not get the same result.

Link deleted

tomtiddly

Is it possible you're only having problems with https sites rather than http?

Can you check the time/date on your PC is correct, if wrong then your pc will think the certificate on the website is incorrect and complain

kah22

4 oct 2010 15.42

debitcardmayhem

Hi,

ps just popped over to my ISP freedin2surf and got this message:

There is a problem with this website's security certificate.



The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

Are you getting this from freedom2surf or from your blog/domain name.

kah22

From my ISP: go to freedom2surf and the message pops up occasionally - don't understand it.

kah22

I'm just wondering, is it possible that the bug is coming from my ISP?

My blog is not that far developed so what would happen if I went into my ISP and completely deleted the database? Just thinking out loud.

Kevin