99 replies to this topic

[captarheel]

Sorry again.

Based on yesterday's experience (I did not get the pop ups at all during the day), it may be tomorrow morning before I see anything again. I will go radio silent unless I hear from you until tomorrow morning. I will let you know what happens after 6:09.

Thanks again for hanging in there with me.

[captarheel]

Hey MrC,

A friend asked if I knew the name of the virus I got infected with. Does this thing have a name?

[MrCharlie]

No it doesn't, MrC

[captarheel]

Let's call it "The really, really hard to get rid of" thing.

[captarheel]

does the malware, virus, whatever have a purpose?

[MrCharlie]

does the malware, virus, whatever have a purpose?

It certain does, most likely malicious.

Oversee.net <---------has a real bad reputation
http://oversee.net/privacy-policy <---privacy policy
http://hosts-file.net/?s=oversee.net <---review of the site


Softlayer Technologies <---seems OK but is still blocked by MVPS HOSTS
http://www.softlayer.com/ <---site
http://www.hostrevie...er-technologies <---review of site


MVPS HOSTS file:
http://winhelp2002.mvps.org/hosts.txt <-----what the MVPS host file blocks


MrC

[captarheel]

a little skittish here -- I assume the links you gave above are informational but not to the bad guys themselves?

[MrCharlie]

They're all OK, I went back and edited what they are.

Have you ever cleared out all your cookies??

MrC

[captarheel]

I suspect they all got cleared out from FF when I uninstalled it. I don't know that I have ever otherwise emptied them all.

[MrCharlie]

The best one to use would be ATF:

Double-click ATF Cleaner.exe to open it
http://www.atribune..../click.php?id=1
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

MrC

[captarheel]

task completed

[MrCharlie]

OK, see how it is, MVPS HOSTS is basically going to do the same thing MB does, blocks the site and ip.

MrC

[captarheel]

will I get a notification from MVPS, or will it be silent, in the background? Should I expect any negative impact from MVPS -- anything to be on the lookout for?

[MrCharlie]

Click on this link > it's being blocked by MVPS HOSTS > you can't get to it.

http://www.adtrader.com

Should I expect any negative impact from MVPS -- anything to be on the lookout for?

No, this is a good program to have on the system, it won't allow you to go to a bad site.

Read all about it on this page:
http://winhelp2002.mvps.org/hosts.htm

We can always return to the original host file....it's still on the system.

MrC

[captarheel]

awesome -- thanks.

So I assume it's safe to put on all computers used by the kids?

[MrCharlie]

Yes, it will prevent them from going to malicious sites.
You have to update it once in a while though.
MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post, MrC

[captarheel]

I was traveling yesterday and did not use the computer. However, I did not seen any pop-ups on Tues or Wed after we changed the hosts file, and have not seen any today. I have also checked the MBAM logs and don't see any blocked IP addresses since the Tues morning incident, again, before we changed the hosts file.

Thank you very much for your help.

Can you give me a suggestion for Paypal?

[MrCharlie]

I did not seen any pop-ups on Tues or Wed after we changed the hosts file, and have not seen any today. I have also checked the MBAM logs and don't see any blocked IP addresses since the Tues morning incident, again, before we changed the hosts file.

OK, that's good news

Can you give me a suggestion for Paypal?

That's up to you

---------------------------------------

I see your a Honorary Members now!!

-----------------------------------------------------

Some clean up to do............

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------


Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.