I Have a weird Virus?

[Guest]

Below is the source code or something for what is going on with my home page
of my internet explorer. I posted before about how my home page is constantly
be diverted to SYSSECURITYSITE.com
When I open windows explorer a message saying I have W32.Myzor.FK@yf virus
and need to download their software. The properties of the page say it is a
Hypertext protocol, HTML document, and not encrypted.

HERE IS THE SOURCE CODE; I couldnt get anything from it. It would be much
appreciated if someone could fix my problem. I cant afford to fork out money
to fix it if I have to because my brother came from the hospital in
scottsdale and had a heart transplant. Check the Scottsdale Tribune paper
website. I am not lying. Youngest kid in the state to have a heart transplant
only 16

<html>
<head>
<title>Security Center</title>
<style>
body,th,td {font-family:Tahoma; font-size:12px;}
a.resources {color:#0000FF; text-decoration:none;}
a.resources:hover {text-decoration:underline;}
a.resources1 { font-family:Trebuchet MS; color:#006699;
text-decoration:none; font-size:14px; font-weight:bold;}
a.resources1:hover {text-decoration:underline;}
a.resources2 { font-family:Trebuchet MS; color:#006699;
text-decoration:none; font-size:22px; font-weight:bold;}
a.resources2:hover {text-decoration:underline;}
a.recommended {color:#D5E5FF; text-decoration:none;}
a.recommended:hover {color:#D5E5FF; text-decorationverline underline;}
</style>
<script>
<!--
function sf() {

self.moveTo(0,0);
self.resizeTo(screen.width, screen.height);

}
// -->
</script>

</head>

<body topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0"
onLoad="sf();">

<table cellpadding="0" cellspacing="0" width="100%" bgcolor="#FFFFFF">
<tr>
<td colspan="2" style="background-image:url(img/bg.gif);
background-repeat:repeat-x;" align="right" valign="top">

<table width="100%" cellpadding="0" cellspacing="0">
<tr>
<td height="69" align="left" valign="bottom" style="padding-bottom:12px;
padding-left:10px;"><font style="color:#F7FAFF;">Recommended Anti-Spyware
Software: <a href="http://www.pesttrap.com/?advid=177"
class="recommended">Pest Trap</a>, <a href="http://malwarewipe.com/?rid=246"
class="recommended">Malware Wipe</a>, <a
href="http://thespyguard.com/?aff=103" class="recommended">Spy
Guard</a></font></td>
<td align="right"><font color="#FFFFFF" size="5">Internet</font><font
color="#FFFFFF" size="5">
Security </font> </td>
</tr>
</table>

</td>
</tr>
<tr>
<td style="background-color:#FFFFFF; padding:5px" align="center" rowspan="3"
valign="top" width=220>

<div>
<table cellpadding="0" cellspacing="0" style="border:1px solid #BDCAEA;">
<tr><td style="font-size:18px; padding:3px; color:red;
background-color:#FFFFFF" align="left"> TOP RATED</td></tr>
<tr><td align="center">
<table bgcolor=#EFF3FE><tr><td align="left">
<table width="200">
<tr>
<td style="text-align:justify;">
<li type="square"><a href="http://www.pesttrap.com/?advid=177"
class="resources1">Pest Trap</a><br>
Most popular spyware/adware cleaner software all over the world. Cleans
all known viruses and worms.<br>
<div align="right" style="margin:0px;">• <a
href="http://www.pesttrap.com/?advid=177" class="resources">Visit
Website</a> • <a
href="http://www.pesttrap.com/install.php?advid=177&s=0&lix=2"
class="resources">Free Scan</a></div>
</li>
<br>
<li type="square">
<a class="resources1" href="http://malwarewipe.com/?rid=246">Malware
Wipe</a><br>
Became one of the most popular programs very fast. It`s really easy to
use and at the same time very effective.<br>
<div align="right" style="margin:0px;">• <a class="resources"
href="http://malwarewipe.com/?rid=246">Visit Website</a> • <a
class="resources" href="http://malwarewipe.com/?rid=246">Free Scan</a></div>
</li>
<br>
<li type="square"><a href="http://thespyguard.com/?aff=103"
class="resources1">The Spy Guard</a><br>
Developed as the most efficient spyware cleaner with realtime
protection.<br>
<div align="right" style="margin:0px;">• <a
href="http://thespyguard.com/?aff=103" class="resources">Visit
Website</a> • <a href="http://thespyguard.com/get.php?aff=103"
class="resources">Free Scan</a></div>
</li>
<br>
<li type="square"><a href="http://www.bravesentry.com/?advid=177"
class="resources1">Brave Sentry</a><br>
Award-winning spyware removal utility that will help you fighting all
kinds of spyware including keyloggers, trojans and password thieves.<br>
<div align="right" style="margin:0px;">• <a
href="http://www.bravesentry.com/?advid=177" class="resources">Visit
Website</a> • <a href="http://www.bravesentry.com/download.php?advid=177"
class="resources">Free Scan</a></div>
</li>
<br>
<li type="square"><a href="http://adprotect.com/?aid=259"
class="resources1">AD Protect</a><br>
World's leading software application that checks, protects and re-checks
spyware and spam vulnerability in your home computer. <br>
<div align="right" style="margin:0px;">• <a
href="http://adprotect.com/?aid=259" class="resources">Visit Website</a> • <a
href="http://adprotect.com/download.php?rid=259" class="resources">Free
Scan</a></div>
</li>
<br>
</td>
</tr>
</table>
</td></tr></table>
</td></tr>
</table>
</div>

</td>
<td style="padding:5px;" align="center">

<table cellpadding="0" cellspacing="0" style="border:1px solid #E7C597"
width="100%">
<tr>
<td style="font-size:18px; color:red; padding:3px" align="left"> WARNING!
YOUR SYSTEM IS VULNERABLE TO HACKERS' ATTACKS AND BREAKDOWNS!</td>
</tr>
<tr>
<td style="text-align:justify; background-color:#FFF5E7;">
<div style="margin:10px;">

Attention! Your system is currently exposed. Any remote computer can easily
browse following folders and files on your computer:<br>
- <b>\Windows\System32</b><br>
- <b>\Program Files\Internet Explorer</b><br>
- <b>\My Documents</b><br>
- Drive <b>C:\</b> files<br>
<a href="http://malwarewipe.com/?rid=246">Click here</a> to download
official intrusion detection system (IDS software)
<br>
<!--
<div align="right" style="margin:0px;">
<form style="margin:0px; margin-top:8px;"><input type="button"
value="Recommendations..."></form>
</div>
-->
</div>
</td>
</tr>
</table>

</td>
</tr>
<tr>
<td align="center" style="padding:5px;">

<table cellpadding="3" cellspacing="0" style="border:1px solid #BDCAEA"
width="100%">
<tr>
<td style="font-size:18px; color:red;"> YOUR PRIVATE INFORMATION IS IN OPEN
ACCESS TO OTHER COMPUTERS</font></td>
</tr>
<tr>
<td style="background-color:#F3F6FF;">
<table width="100%">
<tr><td align="left">Your IP address:</td><td
align="right"><b>130.13.64.17</b></td></tr>
</table>
</td>
</tr>
<tr>
<td style="background-color:#FFFFFF;">
<table width="100%">
<tr><td align="left">Your Country:</td><td align="right"><b>US, United
States</b></td></tr>
</table>
</td>
</tr>
<tr>
<td style="background-color:#F3F6FF;">
<table width="100%">
<tr><td align="left">Your Browser:</td><td align="right"><b>Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)</b></td></tr>
</table>
</td>
</tr>
<tr>
<td style="background-color:#FFFFFF;">
<table width="100%">
<tr><td align="left">Your Operation System:</td><td align="right"><b>Windows
XP SP2 <b style="color:#FF0000">VULNERABLE</b></b></td></tr>
</table>
</td>
</tr>
<!--
<tr>
<td style="background-color:#FFFFFF;">
<table width="100%">
<tr><td align="left">Supported Languages:</td><td align="right"><b>EN-US
family</b></td></tr>
</table>
</td>
</tr>
//-->
<tr>
<td style="background-color:#F3F6FF;">
<table width="100%">
<tr><td align="left">System Security Status:</td><td align="right"><b
style="color:#FF0000">CAUTION</b></td></tr>
</table>
</td>
</tr>
<tr>
<td style="background-color:#FFFFFF;">
<table width="100%">
<tr><td align="left">Time of investigation:</td><td align="right"><b>Wed Jun
21 23:42:05 PDT 2006</b></td></tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>

<td style="padding:5px;" align="left">

<table width=100% cellpadding="0" cellspacing="0" style="border:1px solid
#BDCAEA">
<tr>
<td align="left" style="font-size:18px; color:red; padding:3px"> SOLUTION</td>
</tr>
<tr>
<td style="text-align:justify; background-color:#EFF3FF; padding:5px">
Download and install one of the following approved software products:
<div style="margin:10px;">

<table width="100%">
<tr>
<td>
<a class="resources2" href="http://malwarewipe.com/?rid=246">Malware
Wipe</a><br>
• Over 40,000 threats in the database<br>
• Exclusive algorythm of cleaning<br>
• IE Safe Mode - simply cleans your browser!<br>
• Manual / automatic update system<br>
• Autostart items / IE Objects / Running Processes manager<br>
• Dialer blocker, Popup blocker<br>
<br>
• <a class="resources" href="http://malwarewipe.com/?rid=246">Visit
Website</a> • <a class="resources"
href="http://malwarewipe.com/download.php?rid=246">Free Download</a>
</td>
<td>
<a href="http://www.pesttrap.com/?advid=177" class="resources2">Pest
Trap</a><br>
• Daily updated threat databases<br>
• Intelligent threat scanner<br>
• Application advanced firewall<br>
• IE security improvements<br>
• Advanced system securty features<br>
• Multiple scan options (fast / normal / deep)<br>
<br>
• <a href="http://www.pesttrap.com/?advid=177" class="resources">Visit
Website</a> • <a
href="http://www.pesttrap.com/install.php?advid=177&s=0&lix=2"
class="resources">Free Download</a>
</td>
</tr>
</table>

</div>
</td>
</tr>
</table>

</td>
</tr>
</table>

</body>
</html>

 

[TaurArian [MS-MVP]]

Try Security - Viruses

Web client -

http://www.microsoft.com/technet/co...fault.mspx?dg=microsoft.public.security.virus




--

===========================
TaurArian [MS-MVP] 2005-2006
===========================
http://www.dts-l.org/goodpost.htm
"Need more help? http://support.microsoft.com/?scid=ph;en-us;6527
(Links to web pages and MSKB Articles are posted for the purposes of keeping the
information current)


"syssecuritysite.com will not go away!!!!"
| Below is the source code or something for what is going on with my home page
| of my internet explorer. I posted before about how my home page is constantly
| be diverted to SYSSECURITYSITE.com
| When I open windows explorer a message saying I have W32.Myzor.FK@yf virus
| and need to download their software. The properties of the page say it is a
| Hypertext protocol, HTML document, and not encrypted.
|
| HERE IS THE SOURCE CODE; I couldnt get anything from it. It would be much
| appreciated if someone could fix my problem. I cant afford to fork out money
| to fix it if I have to because my brother came from the hospital in
| scottsdale and had a heart transplant. Check the Scottsdale Tribune paper
| website. I am not lying. Youngest kid in the state to have a heart transplant
| only 16
|
| <html>
| <head>
| <title>Security Center</title>
| <style>
| body,th,td {font-family:Tahoma; font-size:12px;}
| a.resources {color:#0000FF; text-decoration:none;}
| a.resources:hover {text-decoration:underline;}
| a.resources1 { font-family:Trebuchet MS; color:#006699;
| text-decoration:none; font-size:14px; font-weight:bold;}
| a.resources1:hover {text-decoration:underline;}
| a.resources2 { font-family:Trebuchet MS; color:#006699;
| text-decoration:none; font-size:22px; font-weight:bold;}
| a.resources2:hover {text-decoration:underline;}
| a.recommended {color:#D5E5FF; text-decoration:none;}
| a.recommended:hover {color:#D5E5FF; text-decorationverline underline;}
| </style>
| <script>
| <!--
| function sf() {
|
| self.moveTo(0,0);
| self.resizeTo(screen.width, screen.height);
|
| }
| // -->
| </script>
|
| </head>
|
| <body topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0"
| onLoad="sf();">
|
| <table cellpadding="0" cellspacing="0" width="100%" bgcolor="#FFFFFF">
| <tr>
| <td colspan="2" style="background-image:url(img/bg.gif);
| background-repeat:repeat-x;" align="right" valign="top">
|
| <table width="100%" cellpadding="0" cellspacing="0">
| <tr>
| <td height="69" align="left" valign="bottom" style="padding-bottom:12px;
| padding-left:10px;"><font style="color:#F7FAFF;">Recommended Anti-Spyware
| Software: <a href="http://www.pesttrap.com/?advid=177"
| class="recommended">Pest Trap</a>, <a href="http://malwarewipe.com/?rid=246"
| class="recommended">Malware Wipe</a>, <a
| href="http://thespyguard.com/?aff=103" class="recommended">Spy
| Guard</a></font></td>
| <td align="right"><font color="#FFFFFF" size="5">Internet</font><font
| color="#FFFFFF" size="5">
| Security </font> </td>
| </tr>
| </table>
|
| </td>
| </tr>
| <tr>
| <td style="background-color:#FFFFFF; padding:5px" align="center" rowspan="3"
| valign="top" width=220>
|
| <div>
| <table cellpadding="0" cellspacing="0" style="border:1px solid #BDCAEA;">
| <tr><td style="font-size:18px; padding:3px; color:red;
| background-color:#FFFFFF" align="left"> TOP RATED</td></tr>
| <tr><td align="center">
| <table bgcolor=#EFF3FE><tr><td align="left">
| <table width="200">
| <tr>
| <td style="text-align:justify;">
| <li type="square"><a href="http://www.pesttrap.com/?advid=177"
| class="resources1">Pest Trap</a><br>
| Most popular spyware/adware cleaner software all over the world. Cleans
| all known viruses and worms.<br>
| <div align="right" style="margin:0px;">. <a
| href="http://www.pesttrap.com/?advid=177" class="resources">Visit
| Website</a> . <a
| href="http://www.pesttrap.com/install.php?advid=177&s=0&lix=2"
| class="resources">Free Scan</a></div>
| </li>
| <br>
| <li type="square">
| <a class="resources1" href="http://malwarewipe.com/?rid=246">Malware
| Wipe</a><br>
| Became one of the most popular programs very fast. It`s really easy to
| use and at the same time very effective.<br>
| <div align="right" style="margin:0px;">. <a class="resources"
| href="http://malwarewipe.com/?rid=246">Visit Website</a> . <a
| class="resources" href="http://malwarewipe.com/?rid=246">Free Scan</a></div>
| </li>
| <br>
| <li type="square"><a href="http://thespyguard.com/?aff=103"
| class="resources1">The Spy Guard</a><br>
| Developed as the most efficient spyware cleaner with realtime
| protection.<br>
| <div align="right" style="margin:0px;">. <a
| href="http://thespyguard.com/?aff=103" class="resources">Visit
| Website</a> . <a href="http://thespyguard.com/get.php?aff=103"
| class="resources">Free Scan</a></div>
| </li>
| <br>
| <li type="square"><a href="http://www.bravesentry.com/?advid=177"
| class="resources1">Brave Sentry</a><br>
| Award-winning spyware removal utility that will help you fighting all
| kinds of spyware including keyloggers, trojans and password thieves.<br>
| <div align="right" style="margin:0px;">. <a
| href="http://www.bravesentry.com/?advid=177" class="resources">Visit
| Website</a> . <a href="http://www.bravesentry.com/download.php?advid=177"
| class="resources">Free Scan</a></div>
| </li>
| <br>
| <li type="square"><a href="http://adprotect.com/?aid=259"
| class="resources1">AD Protect</a><br>
| World's leading software application that checks, protects and re-checks
| spyware and spam vulnerability in your home computer. <br>
| <div align="right" style="margin:0px;">. <a
| href="http://adprotect.com/?aid=259" class="resources">Visit Website</a> . <a
| href="http://adprotect.com/download.php?rid=259" class="resources">Free
| Scan</a></div>
| </li>
| <br>
| </td>
| </tr>
| </table>
| </td></tr></table>
| </td></tr>
| </table>
| </div>
|
| </td>
| <td style="padding:5px;" align="center">
|
| <table cellpadding="0" cellspacing="0" style="border:1px solid #E7C597"
| width="100%">
| <tr>
| <td style="font-size:18px; color:red; padding:3px" align="left"> WARNING!
| YOUR SYSTEM IS VULNERABLE TO HACKERS' ATTACKS AND BREAKDOWNS!</td>
| </tr>
| <tr>
| <td style="text-align:justify; background-color:#FFF5E7;">
| <div style="margin:10px;">
|
| Attention! Your system is currently exposed. Any remote computer can easily
| browse following folders and files on your computer:<br>
| - <b>\Windows\System32</b><br>
| - <b>\Program Files\Internet Explorer</b><br>
| - <b>\My Documents</b><br>
| - Drive <b>C:\</b> files<br>
| <a href="http://malwarewipe.com/?rid=246">Click here</a> to download
| official intrusion detection system (IDS software)
| <br>
| <!--
| <div align="right" style="margin:0px;">
| <form style="margin:0px; margin-top:8px;"><input type="button"
| value="Recommendations..."></form>
| </div>
| -->
| </div>
| </td>
| </tr>
| </table>
|
| </td>
| </tr>
| <tr>
| <td align="center" style="padding:5px;">
|
| <table cellpadding="3" cellspacing="0" style="border:1px solid #BDCAEA"
| width="100%">
| <tr>
| <td style="font-size:18px; color:red;"> YOUR PRIVATE INFORMATION IS IN OPEN
| ACCESS TO OTHER COMPUTERS</font></td>
| </tr>
| <tr>
| <td style="background-color:#F3F6FF;">
| <table width="100%">
| <tr><td align="left">Your IP address:</td><td
| align="right"><b>130.13.64.17</b></td></tr>
| </table>
| </td>
| </tr>
| <tr>
| <td style="background-color:#FFFFFF;">
| <table width="100%">
| <tr><td align="left">Your Country:</td><td align="right"><b>US, United
| States</b></td></tr>
| </table>
| </td>
| </tr>
| <tr>
| <td style="background-color:#F3F6FF;">
| <table width="100%">
| <tr><td align="left">Your Browser:</td><td align="right"><b>Mozilla/4.0
| (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)</b></td></tr>
| </table>
| </td>
| </tr>
| <tr>
| <td style="background-color:#FFFFFF;">
| <table width="100%">
| <tr><td align="left">Your Operation System:</td><td align="right"><b>Windows
| XP SP2 <b style="color:#FF0000">VULNERABLE</b></b></td></tr>
| </table>
| </td>
| </tr>
| <!--
| <tr>
| <td style="background-color:#FFFFFF;">
| <table width="100%">
| <tr><td align="left">Supported Languages:</td><td align="right"><b>EN-US
| family</b></td></tr>
| </table>
| </td>
| </tr>
| //-->
| <tr>
| <td style="background-color:#F3F6FF;">
| <table width="100%">
| <tr><td align="left">System Security Status:</td><td align="right"><b
| style="color:#FF0000">CAUTION</b></td></tr>
| </table>
| </td>
| </tr>
| <tr>
| <td style="background-color:#FFFFFF;">
| <table width="100%">
| <tr><td align="left">Time of investigation:</td><td align="right"><b>Wed Jun
| 21 23:42:05 PDT 2006</b></td></tr>
| </table>
| </td>
| </tr>
| </table>
| </td>
| </tr>
|<tr>
|
| <td style="padding:5px;" align="left">
|
| <table width=100% cellpadding="0" cellspacing="0" style="border:1px solid
| #BDCAEA">
| <tr>
| <td align="left" style="font-size:18px; color:red; padding:3px"> SOLUTION</td>
| </tr>
| <tr>
| <td style="text-align:justify; background-color:#EFF3FF; padding:5px">
| Download and install one of the following approved software products:
| <div style="margin:10px;">
|
| <table width="100%">
| <tr>
| <td>
| <a class="resources2" href="http://malwarewipe.com/?rid=246">Malware
| Wipe</a><br>
| . Over 40,000 threats in the database<br>
| . Exclusive algorythm of cleaning<br>
| . IE Safe Mode - simply cleans your browser!<br>
| . Manual / automatic update system<br>
| . Autostart items / IE Objects / Running Processes manager<br>
| . Dialer blocker, Popup blocker<br>
| <br>
| . <a class="resources" href="http://malwarewipe.com/?rid=246">Visit
| Website</a> . <a class="resources"
| href="http://malwarewipe.com/download.php?rid=246">Free Download</a>
| </td>
| <td>
| <a href="http://www.pesttrap.com/?advid=177" class="resources2">Pest
| Trap</a><br>
| . Daily updated threat databases<br>
| . Intelligent threat scanner<br>
| . Application advanced firewall<br>
| . IE security improvements<br>
| . Advanced system securty features<br>
| . Multiple scan options (fast / normal / deep)<br>
| <br>
| . <a href="http://www.pesttrap.com/?advid=177" class="resources">Visit
| Website</a> . <a
| href="http://www.pesttrap.com/install.php?advid=177&s=0&lix=2"
| class="resources">Free Download</a>
| </td>
| </tr>
| </table>
|
| </div>
| </td>
| </tr>
| </table>
|
| </td>
| </tr>
| </table>
|
| </body>
| </html>
|
|

 

[Guest]

Fairly sure I've seen this nasty before, and Ad-Aware dealt with it. Either
that or try Spybot Seach and Destroy.

Ad-Aware: http://www.lavasoftusa.com

Then get another browser. (Mozilla/Opera) - Internet Explorer is a 'Kick
Me!' sign hanging on your computer.

 

[Malke]

Below is the source code or something for what is going on with my
home page of my internet explorer. I posted before about how my home
page is constantly be diverted to SYSSECURITYSITE.com
When I open windows explorer a message saying I have W32.Myzor.FK@yf
virus and need to download their software. The properties of the page
say it is a Hypertext protocol, HTML document, and not encrypted.

HERE IS THE SOURCE CODE; I couldnt get anything from it. It would be
much appreciated if someone could fix my problem.

(snip source code - unnecessary and unwanted)

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Do all the preparatory work and follow instructions to do all scans in
Safe Mode.

Malke

 

[Guest]

I have had this ( as I would like to call it ) Virus.
It started with a "fake" task bar warning would state "you computer is
infected with a serious virus located in the SYS32 folder click here to find
recommended anti spyware programs"
If you did not click on that it would bring up an old school windows warning
window asking if you would like to find software to remove the "serious
Virus" ( likle the technical words used yeah "serious,SYS32") if you clicked
cancel it would eventually run IExplorer with the web page mentioned
originally and this would repeat the cycle until you wanted to kill somethin
............ ah, sorry for the out burst. Also it would close IE if I tried to
visit any page other than the one mentioned in a prev post

I ran windows defender, Norton anti virus, AD-Aware, and spy bot search and
destroy with no effect. knowing that I needed my machine now. I booted up in
safe mode and performaed a system restore. If any one knows how to completely
remove this "bug" with out a system restore please let me know

 

[anthonyyates]

I had this problem as well.
I used things like Ad-aware, SpyBot and Norton AntiVirus to get rid of
most of it but everytime I opened IE it went to syssecuritysite.com and
I couldn't work out how to stop it. I eventually managed to stop it
though by doing the following: -

Download AutoRuns program from the Sysinternals web site
http://www.sysinternals.com/Files/Autoruns.zip

Run this program and go to the Internet Explorer tab
Look for any unusual items that are starting up with Internet Explorer.

For me there was an item listed that was running a file called
hp103.tmp.
I deleted the entry and the various hpxxx.tmp files I found in the
system32 folder and that solved the problem for me.

Hope it helps,

Anthony

 

[David H. Lipman]

From: <[email protected]>

| I had this problem as well.
| I used things like Ad-aware, SpyBot and Norton AntiVirus to get rid of
| most of it but everytime I opened IE it went to syssecuritysite.com and
| I couldn't work out how to stop it. I eventually managed to stop it
| though by doing the following: -
|
| Download AutoRuns program from the Sysinternals web site
| http://www.sysinternals.com/Files/Autoruns.zip
|
| Run this program and go to the Internet Explorer tab
| Look for any unusual items that are starting up with Internet Explorer.
|
| For me there was an item listed that was running a file called
| hp103.tmp.
| I deleted the entry and the various hpxxx.tmp files I found in the
| system32 folder and that solved the problem for me.
|
| Hope it helps,
|
| Anthony
|

The fact that you had a file HP????.TMP is indicative of a ZLob/Puper Trojan infection.

The following set of instructions and utilities are programmed specifically for this Trojan
family...

Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate section.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE/JSE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
This is most likely why you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE/JSE Version 5.0 Update 7
be installed ASAP.

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version...

C:\Program Files\Java\jre1.5.0_07


http://www.java.com/en/download/manual.jsp



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


ALTERNATE:

Part 1
-----------

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


Part 2
-----------

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *

 

[Guest]

Ο χÏήστης "syssecuritysite.com will not go away!!!!" έγγÏαψε:

 

[Malke]

Ο χÏήστης "syssecuritysite.com will not go away!!!!" έγγÏαψε:

(snip)

We don't want your source code here since that isn't going to help your
problem at all. Instead, clean up your computer by going through the
preparatory steps here:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Then go through the specific removal steps here:

http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan

Finish up with the rest of the removal steps at the first link. You may need
to run HijackThis and post your log at one of the specialty forums listed
at the first link (not here, please).

Malke