LocusSoftware malware

[Tim Downie]

My daughter picked up something via MSN the other day and it's proving an
absolute b*sta*rd to clear out.

It one of your usual fake virus alert programs that continually badgers you
about things on your system using very plausible looking messages in your
system tray. I'm also getting pop-ups for a gambling site (Skypoker) and a
search engine.

I've tried a heap of trusted anti-spyware programs, AVAST and Windows
Defender on it but it won't budge.

One program I used claimed to find (and remove) Winfixer but it keeps coming
back.

In the c:/documents and settings/XXX/local settings/temp folder (where XXX
is my our user name) I keep getting new files with names like qrjatydi.exe
and other such garbage. Whatever the name, they always say "LocusSoftware,
Installer, LocusSoftware, Inc." beside them.

So far I've used Spyware Blaster, Ad-aware, Avast, SuperAntiSpyware (free
edition), Windows defender and Trend Micro Housecall, all to no avail.

To add to the complications, the laptop won't boot into regular safe-mode,
it always hangs at the same point when loading a driver. It *will* boot
into a system admin safe mode (which still has network access) but the
malware continues to be active in this mode and makes doing anything tricky.
I just don't seem to be able to shut it down.

Where do I go from here?

TIA

Tim

 

[pcbutts1]

Use Remove-it version 14, it's fast and free. It now has over 5000
signatures to remove All variants of Rogue scanners, Desktop/Homepage
Hijackers, Trojans, Codec's, and related Malware/Spyware. New Feature,
Remove-it will now update your hosts file. This tool is designed to
Specifically remove all variants. Scan time is about 2-10 minutes. Designed
for Windows 2000/XP only.First read this page
http://www.pcbutts1.com/downloads then use the email link on the bottom of
the page to receive the software.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

 

[jen]

My daughter picked up something via MSN the other day and it's proving
an absolute b*sta*rd to clear out.

It one of your usual fake virus alert programs that continually
badgers you about things on your system using very plausible looking
messages in your system tray. I'm also getting pop-ups for a gambling
site (Skypoker) and a search engine.

I've tried a heap of trusted anti-spyware programs, AVAST and Windows
Defender on it but it won't budge.

One program I used claimed to find (and remove) Winfixer but it keeps
coming back.

In the c:/documents and settings/XXX/local settings/temp folder (where
XXX is my our user name) I keep getting new files with names like
qrjatydi.exe and other such garbage. Whatever the name, they always
say "LocusSoftware, Installer, LocusSoftware, Inc." beside them.

So far I've used Spyware Blaster, Ad-aware, Avast, SuperAntiSpyware
(free edition), Windows defender and Trend Micro Housecall, all to no
avail.

To add to the complications, the laptop won't boot into regular
safe-mode, it always hangs at the same point when loading a driver.
It *will* boot into a system admin safe mode (which still has network
access) but the malware continues to be active in this mode and makes
doing anything tricky. I just don't seem to be able to shut it down.

Where do I go from here?

Get Hijackthis here:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Then go to the Avast Forum here:
http://forum.avast.com/index.php?topic=5373.msg39361#msg39361
let us know how you make out

-jen

 

[pcbutts1]

Use Remove-it version 14, it's fast and free. It now has over 5000
signatures to remove All variants of Rogue scanners, Desktop/Homepage
Hijackers, Trojans, Codec's, and related Malware/Spyware. New Feature,
Remove-it will now update your hosts file. This tool is designed to
Specifically remove all variants. Scan time is about 2-10 minutes. Designed
for Windows 2000/XP only.First read this page
http://www.pcbutts1.com/downloads then use the email link on the bottom of
the page to receive the software.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

 

[foghollow]

My daughter picked up something via MSN the other day and it's proving an
absolute b*sta*rd to clear out.

It one of your usual fake virus alert programs that continually badgers you
about things on your system using very plausible looking messages in your
system tray.

Last one I saw that did that was easily cleared out with the SmitFraudFix tool.
Google will find that for you.

 

[Leythos]

Remove-it will now update your hosts file.

It updates your host file to block downloading of quality malware
fighting tools. Do you really want to use something that blocks the
downloading of quality malware fighting tools?

--

Leythos - (e-mail address removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

 

[Leythos]

Remove-it will now update your hosts file.

It updates your host file to block downloading of quality malware
fighting tools. Do you really want to use something that blocks the
downloading of quality malware fighting tools?
--

Leythos - (e-mail address removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

 

[jen]

Last one I saw that did that was easily cleared out with the
SmitFraudFix tool.
Google will find that for you.

The latest "Smitfraud" variants require much more than a smitfraudfix
tool. He needs expert help from a site that specializes in Hijackthis
log analysis...

-jen

 

[foghollow]

The latest "Smitfraud" variants require much more than a smitfraudfix
tool. He needs expert help from a site that specializes in Hijackthis
log analysis...

-jen

Maybe. The last one I saw, about a month ago, was easily taken care of by quite an old version of
the fix utility.
I was quite surprised. I didn't even need to use Safe Mode, AFAIR.

 

[Tim Downie]

It updates your host file to block downloading of quality malware
fighting tools. Do you really want to use something that blocks the
downloading of quality malware fighting tools?

I have to say I'm always suspicious of anyone who emails out executable
files uninvited.

Tim

 

[Tim Downie]

Maybe. The last one I saw, about a month ago, was easily taken care
of by quite an old version of the fix utility.
I was quite surprised. I didn't even need to use Safe Mode, AFAIR.

In the end, as there wasn't any valuable data on this particular laptop, it
was simpler just to do a re-install from an image disk. A heck of a lot
quicker too! The laptop had other issues as well and was probably overdue
for a windows reinstall anyway.

Thanks anyway.

Tim

 

[pcbutts1]

First of all you really need to learn what an executable file is. I did not
send you an executable file. Secondly uninvited? you asked for help I gave
you help. I could have just as easily gave you manual removal instructions
but then you don't know the difference between an executable file and a zip
file. You asked for help and was given help if not by me then by Jen, which
will just give a diagnostic, but at any rate those downloads are executables
not mine. Oh and BTW my Remove-it software would have cleaned your daughters
computer in 5 minutes which *is* much faster then a re-install.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

 

[Tim Downie]

First of all you really need to learn what an executable file is. I
did not send you an executable file.

You think it wise to open a zipped file from an unknown person?

Secondly uninvited? you asked
for help I gave you help.

I *didn't* ask for mystery parcels in my email. A link would have been
fine.

I could have just as easily gave you manual
removal instructions

Which is exactly the sort of advice I was looking for but no, you wanted to
plug your product.

but then you don't know the difference between
an executable file and a zip file.

I do, but I still wasn't about to open a zipped filed email uninvited from a
complete stranger.

You asked for help and was given
help if not by me then by Jen, which will just give a diagnostic, but
at any rate those downloads are executables not mine. Oh and BTW my
Remove-it software would have cleaned your daughters computer in 5
minutes which *is* much faster then a re-install.

So you say. Several other products have claimed the same thing. It was by
believing in unsubstantiated claims that the PC got infected in the first
place.

YOU need to learn some email manners. Always *ask* before sending
attachements to strangers, particularly when the subject concerns computer
viruses. You've done your company no favours.

Tim

 

[Tim Downie]

First of all you really need to learn what an executable file is. I
did not send you an executable file. Secondly uninvited? you asked
for help I gave you help. I could have just as easily gave you manual
removal instructions but then you don't know the difference between
an executable file and a zip file.

Having looked more closely at what you sent me I have to ask, what kind of
person considers an executable inside a zipped folder not an executable?

Pot, kettle, black.

Tim

 

[pcbutts1]

You are one of those people who are too smart (you think) for your own good.
You are also a hypocrite, First you wrongly complain about a zip file. Then
you complain because the zip file contains an executable yet you are willing
to download an executable had I given you a link, which I did but you didn't
notice it. If I wanted to "plug my product" then I would have sent you a non
working trial version that you have to have pay for to in order for it to
work. Look I do this for free, I can care less whether you use my software
or not but think next time you speak and don't criticize something you know
nothing about like malware.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

 

[Tim Downie]

You are one of those people who are too smart (you think) for your
own good. You are also a hypocrite, First you wrongly complain about
a zip file.

No I didn't. It contained an executable. YOU lied about the file.

Then you complain because the zip file contains an
executable yet you are willing to download an executable had I given
you a link,

I might have. Given what I've found out about you by googling, never in a
million years.

which I did but you didn't notice it. If I wanted to
"plug my product" then I would have sent you a non working trial
version that you have to have pay for to in order for it to work.
Look I do this for free, I can care less whether you use my software
or not but think next time you speak and don't criticize something
you know nothing about like malware.

An you know nothing about netiquette.

Someone who steals software and re-issues it under his own name is hardly
likely to be a trustworthy source of software. It seems my caution was
absolutely justified.

Tim

 

[pcbutts1]

Show me what I stole smart ass. You seem "100% sure" I stole something
because of what you read show me what I stole. You are nothing but a big
headed smart ass who felt embarrassed because you don't know the difference
between a zip file and an exe file. You are too dumb and stupid to realize
that every piece of software you install on a windows box is an executable.
Netiquette is when I zipped the file up as to not send you an executable.
Spyware Blaster, Ad-aware, Avast, SuperAntiSpyware, Windows defender and
Trend Micro Housecall are executable files you dummy. So don't try to bitch
and complain about a zip file that contains an executable. You are WRONG!
you are a bigheaded FOOL! and you should have Googled before you started it
up with me and you would have known that I don't take shit from no one
especially from some idiot like you who thinks I'm a thief. You are a lamer,
who probably got an email from the troll Leythos, who told you to format
your system because that is the only way to be "100% sure" and since you
both have the same mentality you agreed. Now **** off and get lost before I
embarrass your ass again.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

 

[Beauregard T. Shagnasty]

Show me what I stole smart ass.

Again? Shouldn't the first thousand times be adequate?

You seem "100% sure" I stole something because of what you read show
me what I stole.

How about that last link you posted just a couple hours ago? Aha,
busted again, Buttface!

You are nothing but a big headed smart ass who felt embarrassed
because you don't know the difference between a zip file and an exe
file. You are too dumb and stupid to realize that every piece of
software you install on a windows box is an executable.

and you should have Googled before you started it up with me and you
would have known that I don't take shit from no one especially from
[regulars in this group] who thinks I'm a thief.

Thinks you're a thief? KNOWS you're a thief!

Now **** off and get lost before I embarrass your ass again.

You couldn't embarrass your way out of a paper bag...

 

[pcbutts1]

Idiot! loser. You can't win a 5k and you can't win here. I say again ****
off.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

 

[Tim Downie]

Idiot! loser. You can't win a 5k and you can't win here. I say again
**** off.

First use of the "F" word. You lose.

XX

Tim