Jump to content

racekites hacked again

sym170

By sym170
in The Lounge

 Share

Recommended Posts

  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Rocky77 my name is NEO

Rocky77

Posted
Posted

Here is the latest from Al

 

 

The attacks racekites is seeing is part of a mass attack to the internet, no site is completely safe from these attacks and its just a matter of time before more sites see similar issues...

 

The attacks are coming from China and use a new SQL injection technique, microsoft are currently looking into a patch, however in the mean time, its up to the site admins to generate their own fix...

 

Everyone should have antivirus software, which is your first line of defense... the internet is full of virus threats, racekites is not special in this case...

 

Maybe you would like to help us in finding a solution...

 

Cheers

A

Ped Phantom of the forum

Ped

Posted
Posted

Well my comps still ****ed!!!! The *******ing thing keeps coming up with pop ups now wantng me to download spyware rmoval tools!!!!

 

The annoying thing is all my AV tools find the viruses and deletes them but once i restart my comp they're back!!!

 

Ped:mad:

Gibbson710 the fs Sonic Hedghog

Gibbson710

Posted
Posted

do you know what infections are flashing up on your AV, also what AV are you running ???

 

try this program its free and pretty good at shifting naties from ya PC but run it from windows safe mode

http://www.superantispyware.com

 

 

I think it might just need a bit of work to get sorted but most of these infections once you head in the right direction can be removed.

Ped Phantom of the forum

Ped

Posted
Posted
do you know what infections are flashing up on your AV, also what AV are you running ???

 

 

I'm running - AVG anti virus

Zone Alarms fire Wall

Spy bot S&D

AdAware 2007

 

All with IE - I thought I was pretty well covered but looks like I got hit pretty bad:(

Middleend in the Crossfire

Middleend

Posted
Posted
do you know what infections are flashing up on your AV, also what AV are you running ???

 

try this program its free and pretty good at shifting naties from ya PC but run it from windows safe mode

www.superantispyware.com

 

 

I think it might just need a bit of work to get sorted but most of these infections once you head in the right direction can be removed.

 

This is a great piece of kit, cleaned up a nasty dose I hade once ;) and has kept me clean ever since

Ped Phantom of the forum

Ped

Posted
Posted
do you know what infections are flashing up on your AV, also what AV are you running ???

 

 

I'm running - AVG anti virus

Zone Alarms fire Wall

Spy bot S&D

AdAware 2007

 

Also have crapcleaner and registry mechanic on there to.

 

All with IE - I thought I was pretty well covered but looks like I got hit pretty bad:(

 

AVG is picking up a few .dll downloader viruses (calling them Lob virus?) + Its picking up a JS downloader - The problem is that AVG wont heal them and just moves them to the virus vault where i delete them then when the comp restarts there back:mad: I think its because when I look at the details of the viruses they are stuck in the temp back files of the comp - do I just need to turn off system restore for this then run the scans again???:confused:

 

Spybots picking up a good few things as well -

 

DoubleClick - 1 Entry

Media Plex - 1 Entry

Stat Counter - 1 Entry

Virtumonde.dll - 4 Entrys

Zedo - 1 Entry

 

This is just from running the comp for an hour this morning before work - I spent all of last night going through every scan on my comp and deleting everything that came up but againthis morning when the comp turned on they were back!!!!:mad:

 

I did a bit of google searching this morning on the viruses and a few web sites suggested going to the Kaspersky site and using there online scan to get rid of the Lob virus - I tried to do this but when I went onto the web site a box appeared on the screen saying there was a C drive run time error and I should leave the site so I ignored this and clicked on the tab to start the scan and my whole screen got filled with chinese writing!!!!!:mad:

 

Anyways I got rid of that and managed to get onto the kaspersky web site home page and have left the scan running while I've headed to work so I'll see if it picks up anything when i get home.

 

If I was to buy an external HD and transferred my pics and music onto that is the a chance the viruses will transfer onto that as well????

 

Just thinking I might have to reinstall XP:(

Gibbson710 the fs Sonic Hedghog

Gibbson710

Posted
Posted

try superantispyware first and see what that clears up

 

spybot is good but it aint the best bit of kit on the market id also look at upgrading your anti virus to a paid one avoid norton it will slow your comp down ESET is really good and about the same price as the main highstreet brands we all know.

 

try this program it will remove virtumonde from your comp heres the link http://www.softpedia.com/get/Antivirus/VundoFix.shtml

 

the JS downloader is related to a Java Script bug and so AVG will pick it up but cant rmove it

 

this will hopefully remove it http://www.precisesecurity.com/tools-resources/adware-tools/smitfraudfix/

 

hope this is of some help let me know if not and ill see what else i can find out

Pyro_Stu numero UNO

Pyro_Stu

Posted
Posted
Well my comps still ****ed!!!! The *******ing thing keeps coming up with pop ups now wantng me to download spyware rmoval tools!!!!

 

The annoying thing is all my AV tools find the viruses and deletes them but once i restart my comp they're back!!!

 

Ped:mad:

 

A possible quick fix to get rid of the pop ups is go into:

Control Panel - Administrative tools - services and end and disable messenger service

This is in no way linked to windows messenger or MSN and is only really used for popups and spam and so is normally best to turn off.

Middleend in the Crossfire

Middleend

Posted
Posted
Well my comps still ****ed!!!! The *******ing thing keeps coming up with pop ups now wantng me to download spyware rmoval tools!!!!

 

The annoying thing is all my AV tools find the viruses and deletes them but once i restart my comp they're back!!!

 

Ped:mad:

 

It sounds like you've got a dose of Vundo. Got to vundofix.atribune.org and download the free software and follow the instructions. Then go and get SuperAntispyware.com and run it a few times and that should sort it out.

 

It is a real pain in the A*** because everytime you reboot the pc restores the virus. If you are running a home network you'll need to clean up every PC as it spreads through networked computers. You will also afterards go to your temp files and clean out all the benign **** that it dumps there to soak up your virtual memory. I don't think it has anything to do with RK's troubles tho.

 

Good luck

Ped Phantom of the forum

Ped

Posted
Posted

Thanks for the advice and tips folks - I've run everything suggested about 3 / 4 times now in both normal and safe mode and it looks like my comps now clean the only thing that i'm not sure about is that when I reboot the comp when it starts up I get a run time error popping up with this on it -

 

C:\WINDOWS\system32\vpqyovlo.dll

 

According to google its a registry problem - would that be right???? Do I just run my registry mechanic to fix this??

 

Cheers

 

Ped:)

(Total computer numpty)

 

ps I also switched off system restore to delete the temp back up points stored in there is this ok??

Ped Phantom of the forum

Ped

Posted
Posted

Ok I've ran registry mechanic and restarted my comp and the run time error has gone away but I'm now getting a hardware wizard popping up wanting me to follow the instructions to install new hardware????

 

I've not plugged anything new in? Is this just a driver needing reinstalled?

 

Should I just bite the bullet and reformat?

 

Ped:(

 

ps when i think about it I downloaded a keygen for Zone alarms around about the same time as visiting racekites that didn't work so its possible thats whats killed me............:(

Middleend in the Crossfire

Middleend

Posted
Posted
Ok I've ran registry mechanic and restarted my comp and the run time error has gone away but I'm now getting a hardware wizard popping up wanting me to follow the instructions to install new hardware????

 

I've not plugged anything new in?

 

Should I just bite the bullet and reformat?

 

Ped:(

 

ps when i think about it I downloaded a keygen for Zone alarms around about the same time as visiting racekites so its possible thats whats killed me............:(

 

DON'T HIT REFORMAT :eek:. What is the wizard trying to install? If it's a plug in like a mic or something that you know about allow it to continue. If its an external drive run the Vundofix tool on it if you haven't already otherwise it will just come back again. Its a real b****r. I would then rerun on the hard disk if it was detected just incase. If you are confident that all is clean, and you've cleared out your temp files. Then turn your system restore back on and everything should (?!?!) be OK.

 

The keygen is higly likely to be your culprit. Best to avoid small file sizes or ones that are grouped in the same file size, but if you do scan it before you unzip or run the file......

Ped Phantom of the forum

Ped

Posted
Posted

Thats the problem it tells me that the hardware it wants to install is unknown so I've just cancelled it everytime - I've ran the Vundofix tool a few times now and it doesn't pick anything up + Superantispyware is coming back clean as well (at the most its picking up a tracking cookie after I've been online) AVG isn't picking up anything either:)

 

My comp is running a hell of a lot faster now both on and offline so I'm thinking I've cleaned everything off it (I deleted about 60gb of **** off it at the same time:))

 

My only worry now is if I allow this hardware wizard to run it wil all come back..............:(

 

The guy I work with recons I should just run it - he thinks the C:\WINDOWS\system32\vpqyovlo.dll run time error that reg mechanic fixed is prob a driver for my printer / web cam?

 

Anyways cheers for all the help so far:D

 

Ped:D

Middleend in the Crossfire

Middleend

Posted
Posted

The guy I work with recons I should just run it - he thinks the C:\WINDOWS\system32\vpqyovlo.dll run time error that reg mechanic fixed is prob a driver for my printer / web cam?

 

Like Tiny says if everything is backed up, your mate sounds confident. Vundo didn't give you a warning before it installed itself last time. You either live with it or you do something about it....:cool: ;) :D

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...