From: (e-mail address removed) (Stef)
Newsgroups: microsoft.public.scripting.virus.discussion
Subject: Re: fastsearch.cc/ydtfs/ pop-up
References: <
[email protected]>
NNTP-Posting-Host: 141.154.66.158
Message-ID: <
[email protected]>
Country: Unknown
Looking up !NET-209-66-122-0-1 at whois.arin.net.
NOTE: More information appears to be available at NOC41-ORG-ARIN.
Using cached answer (or, you can get fresh results).
CustName: APS Telecom
Address: 1802 N carson street
City: Carson City
StateProv: NV
PostalCode: 89701
Country: US
RegDate: 2003-04-16
Updated: 2003-04-16
NetRange: 209.66.122.0 - 209.66.122.255
CIDR: 209.66.122.0/24
NetName: MFN-C231-209-66-122-0-24
NetHandle: NET-209-66-122-0-1
Parent: NET-209-66-64-0-1
NetType: Reassigned
Comment: Abuse issues to (e-mail address removed)
RegDate: 2003-04-16
Updated: 2003-04-16
TechHandle: NOC41-ORG-ARIN
TechName: Metromedia Fiber Networks AboveNet
TechPhone: +1-877-479-7378
TechEmail: (e-mail address removed)
OrgTechHandle: NOC41-ORG-ARIN
OrgTechName: Metromedia Fiber Networks AboveNet
OrgTechPhone: +1-877-479-7378
OrgTechEmail: (e-mail address removed)
# ARIN WHOIS database, last updated 2003-11-13 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
also------------------------------------
Country: Unknown
Looking up !NET-209-66-64-0-1 at whois.arin.net.
NOTE: More information appears to be available at NOC41-ORG-ARIN.
Using cached answer (or, you can get fresh results).
OrgName: Abovenet Communications, Inc
OrgID: ABVE
Address: 360 Hamilton Avenue
City: White Plains
StateProv: NY
PostalCode: 10601
Country: US
ReferralServer: rwhois://rwhois.above.net:4321
NetRange: 209.66.64.0 - 209.66.127.255
CIDR: 209.66.64.0/18
NetName: NETBLK-ABOVENET2
NetHandle: NET-209-66-64-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS.ABOVE.NET
NameServer: NS3.ABOVE.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1997-04-09
Updated: 2001-04-27
TechHandle: NOC41-ORG-ARIN
TechName: Metromedia Fiber Networks AboveNet
TechPhone: +1-877-479-7378
TechEmail: (e-mail address removed)
OrgTechHandle: NOC41-ORG-ARIN
OrgTechName: Metromedia Fiber Networks AboveNet
OrgTechPhone: +1-877-479-7378
OrgTechEmail: (e-mail address removed)
# ARIN WHOIS database, last updated 2003-10-11 19:15
# Enter ? for additional hints on searching
http://www.dnsstuff.com/tools/lookup.ch?name=FASTSEARCH.CC&type=Agot
all the info from above link and this link
http://www.dnsstuff.com/tools/whois.ch?ip=209.66.122.167calling now
they have to pay for every call so call and calltill they are out of
money I got an answer for each phone number!pay back is a mother
****er call and call and call.a pissed off bitch!
Thanh said:
Hi, Knowledgeable Ones,
Anyone familiar with a kind of pop-up window that can't be
closed by Alt+F4, Esc., Task Manager, or anything else
besides the magic reset button? It shows up in IE6, but
not Mozilla Firebird.
The full-screen pop-up says "Hold down your enter key for
ten seconds to see something cool!" Not sure how this got
past ZA, but Network Connections/.../Internet Connection
Firewall was unchecked. All users get mail from web-based
email services, and no attachments were opened that I know of.
Needless to say, I told the users not to press enter. Upon
reset, the problem doesn't come back, but IE opens onto a
commercial website:
http://fastsearch.cc/ydtfs/
When I go to change this under Internet Options, this is
what's in the home page address field:
http://in.webcounter.cc/-/?cxl%6
f%77 about:blank
In Event Viewer, there are events which I don't fully
understand enough to know if they're suspicious or not, but
none seem to have started happening after the pop-up
appeared the first time.
Does anyone know, would running F-Prot in XP safe mode be
the thing to do (now I have to discover if XP even has safe
mode...)?
Thank you,
Thanh