redirects to google
We received some reports about people that got redirected to google on various pictures. One of the people reporting proved to be a true detective by mailing the way he fixed this problem. Here is what he sent us, maybe it can be of help!
It seems that AntispyLab.com is somehow making use of your website to install their spy/malware to force users to pay for their products to remove software install by them. Via NetLimiter Monitor I was able to log the loading of fjhmaabi.exe (orginally named
loader.dat) on to my system. This loader then downloaded winsrc32.exe (identified as AntispyLab's "Spyware Scanner") which overtook my system and constantly loaded spy/malware onto my system while advertising their removal software. This is the first major spy/mlalware i have ever gotten after visiting TheHun.net. The IP address logged to these two programs was 85.255.117.174:80 (allmegabucks.com) which is listed as a known bad promoting spy/malware downloading and scamming.
The way I removed this infection was as follows:
- Restart system in safe mode. Before Windows loads press F8 to bring up the load menu. Choose "Safe Mode" and then your version of windows. Log into your user account which should be the Admin account also.
- Run any and all virus/spyware scanners you have. I had to run Spybot SD, Ad-Aware, HijackThis, ETRemover, and erase the start up list via MSConfig to completely remove all the spy/malware that was loaded on to my system.
Another suggestion is to make sure start/search pages were also not changed.
Security Center on my system also was altered, so I have disabled it for now. Microsoft had not solution for the reset of Security Center yet.
- Rerun all scanners until no listings appear. I had to run each three times to completely remove all files. Once you are sure it is all gone restart in normal Windows mode. If you see network activity (or your dialer pops up) shutdown ASAP and rerun the spy/mallware scanners in safe mode.
| I suggest having a firewall or network monitor like NetLimiter so you can see what files are accessing the internet. Also checking Task Manger for Processes can help. As soon as you see a file that you did not run or recall downloading end that task and run your scanners.
Fix for redirects
We have been getting reports about people experiencing redirects from several different sites list on The Hun's. This is caused by a piece of spyware that got in through an exploit in Internet Explorer. There is a fix for this that works for a lot of people. Here you go:
clear your computer's cache (go to tools | Internet Options and select Delete Files in the folder Temporary Internet Files) and go to www.thehun.net/test.html. You will get a blank page and if all is right the redirects are history!
Some people have CreazyRealm pop up on their site. A Hunner sent us a workaround for that problem. It's not a fix, it's more a patch, but 'till the anti-virus people have a solution for this it's pretty effective:
OK here is what works (at least so far)
Let the site open then copy the URL to your clipboard (right click and select 'copy shortcut')
Go to IE and tools and Internet Options
Click on the Security Tab and select Restricted sites
Paste in the URL and click on add and apply
So far NO Crazyrealm
Of course we thank 'the pony' for this workaround!
IE problems fix
We had a bit of a problem with a hacker last week. Some people reported their Internet Explorer having problems after it (The application failed to initialize properly). The fix for this problem is at http://www.ureader.com/message/2557106.aspx.
New Internet Explorer Exploit
On Internetnews an article was released about a new IE exploit that hasn't been fixed by microsoft so far. We get in a couple of reports a day now that we suspect are due to this exploit. We're working on finding where this comes from and how it can be fixed. Keep your eye on the Gazette, more news about this will follow!
| |
