Avast WEBforum
Other => Viruses and worms => Topic started by: crazy on April 14, 2008, 06:28:14 PM
-
Hi,
Some days back everything was fine on my Avast protected computer (system scan with Avast, Spybot, Adaware found no problems then). Then i did a google search on a celebrity name and opened the results one by one. The first few results were normal. But then one result was a link on the site awfulplasticsurgery.com. As soon as I clicked on that link, it tried to redirect me. IE7 showed me 'this site is trying to install the following Activex___ Do you want to___?' (sorry dont remember the exact thing.) i clicked on NO. But then it showed me some message 'this site is installing Activex in an unsafe way___' and tried to close the page (the window disappeared but left some unclickable background windows). Soon IE7 was not responding and I restarted the computer. Avast had not notified anything all this time.
I ran a full check and avast found no problems. Interestingly, Spybot now reported a VirtuMonde infection, but could not fix it and said it needed to restart and run on startup. But on startup and scan, it said it found nothing.
The next day when i started the comp, i saw this message
http://img515.imageshack.us/img515/214/spyware1pp9.jpg
Some unknown process trying to access the net. My firewall was already turned on, so i also checked 'allow no exceptions.'
I also got the Data Execution Prevention error which looked something like this:
http://fohs.bgu.ac.il/bgu-med/pub/windowserror.jpg
Finally, this message kept showing in SysTray each time i connected to the net:
http://img411.imageshack.us/img411/2535/spyware2po5.jpg
System message! Click for details
Avast still showed no viruses so I went to System Restore - and strangely all my Sys Restore points were deleted even though it was monitoring C drive! Even on creating a Restore point, it was getting deleted on restart. At this point I panicked because I had an important presentation to give on this computer yesterday, so I copied my MS-Office data, formatted the comp and reinstalled the OS (I didnt have time to post here that time, sorry). The problem is gone now, but thought I should report this on Avast and Spybot forums because i googled similar problems elsewhere:
http://itqueries.com/2008/04/02/system-message-click-here-for-details-keeps-appearing/
http://www.wilderssecurity.com/showthread.php?t=136452&page=16
-
:) Hi :
Just to make sure the "problem" is really gone,
I recommend you use "VundoFix", available from
http://vundofix.atribune.org/ ; make sure you follow the
"Normal Usage for Removal:" Instructions .
And to lessen the chances of going to a "suspect" Site,
you should seriously consider using "Finjan", available from
http://securebrowsing.finjan.com/index.html .
-
Thanks Spiritsongs.
Incidentally, I had asked a friend then and he had suggested the same vundo fix thing. I had run it and it said not found. Thats why i posted this - looks like a new or unrecognized malware (as that wildersecurity thread also testifies)
-
It's a part of the smitfraud family. Smitfraudfix could have removed it.