Virus or what?

[vitik]

Hello,

I do not know what kind of virus I got; let me explain the
whole picture.

I have installed Windows XP Pro, IE 6.0, Norton Firewall
2002, Norton Antivirus 2002. All software and virus
definition are recently updated and patched.

I have noticed I got a virus because it constantly created
two shortcuts on desktop and in favorites "Buy Pills"
and "Pay Bills". After all my attempts to clean it up I
restored the system on day when computer was clean. But it
is still in. In Internet Explorer on words Mortgage, Loan,
Game, etc. it creates link for example "goto: mortgage".
Link properties: type: "COM/?GO=MORTGAGE", address:
sometimes "http://get-faster.com/?go=mortgage"
or "http://go-acct.com/?go=mortgage". If I click on this
link I get to "http://www.runsearch.com/top/go.php?
qq=mortgage". I check the page source it doesn't content
such a link, if I refresh the page link disappear.

When I enter wrong address in IE address bar, instead of
getting "Page NOT Found", it sends request to
runsearch.com web site that forwards to search-about.com,
for example: "http://www.search-about.net/search.php?
qq=mortgage"

Time to time it opens pop-us from www.8ad.com.

I run Norton Antivirus, Ad-Aware.v6.0.Pro; I scanned
registry and all files on hard drive for words "go-
acct", "runsearch", and nothing.

I would be very happy if you could help me to solve this
problem, or give me any good advice.

Thank you,

vitik

 

[PA Bear]

Check your system for "hijackware":

Dealing with Hijackware
http://mvps.org/winhelp2002/unwanted.htm
http://www.mvps.org/inetexplorer/Darnit.htm#tshoot
http://aumha.org/a/parasite.htm

You *must* seek updates for Ad-Aware, Spybot, etc., before each and every
use, even "right out of the box". But even then, they can't catch
everything. HijackThis (http://www.merijn.org/files/hijackthis.zip; [new
URL] ) is the preferred tool to use these days. It will help to both
identify and remove any hijackware/spyware. **Post your files to
http://forums.spywareinfo.com/ for expert analysis, not here.**

Also update your virus definitions and then run a full system scan. From
now on, do both daily.
--
HTH...Please post back to this thread

~Robear Dyer (aka PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

 

[Guest]

Hi, if you haven't already, run spybotS&D http://www.safer-
networking.org/ and Adaware http://www.lavasoftusa.com/
which should clean this up for you. Good luck.

 

[Someone somewhere]

Doesn't really sound like a virus to me, has this thing
deleted files or corrupted things? or is it more or less
spamming you to death, which it sounds to me, that is what
is doing. As long as your machine boots, runs, and is
stable, I dont think a virus is your problem, I think it
could be a well disguised SpyWare program somewhere in your
drive, usually common with file sharing clients( Kazaa,
Fileshare,BearShare..ect.)
I will bet a good dig through the registry manually will
provide some answers for you, looking for strange Keys and
deleting them(**If you do not know the registry, or are not
fluent with it,leave it alone**) however if you know your
machine and your installed software very well, you can find
the Keys that shouldn't be there and either modify their
values of delete them.
Usually virii will not try to sell you home loans, or
boats (though it may call itself "DLLHOST.EXE" and try to
access the internet) It will make it's way to your system
folders and copy itself and try to mass mail itself to
everyone in your contact list, or "backdoor" your computer
so someone somewhere can use your computer for something,
or to do something.
Another method is the reformat of your local drive, back
everything,you want, up to CD-R's or whatever you have, and
delete the drive, will usually take care of your problems,
but in my opinion is not the best way to fix a problem,
plus it can take a long time(O.S. reinstall is a wait)
**Long winded: yes. Helpful: I hope so If not: sorry Vitik
Best of luck.

 

[vitik]

I run Spybot and Adaware. Spybot cleaned up everything
perfectly, Ad-aware - bllsht.

Thanx.