Warning! Notepad stolen, replaced

R

Rune

A couple of nights ago I was searching google for online translation sites
and found what seemed a likely one.

When I opened the page I suddenly had a dozen alerts that wanted me to
approve installation of various services. This despite firewall and virus
protection running.

After I escaped I found a new icon on my desktop for Internet Explorer
labeled "Click me!!!" I dumped it.

But later on when I tried to use Notepad I got a message from the firewall
that it was trying to access something online. Whether I reject it or accept
it the result is the same: I am disconnected and a new "Click me!!!" icon
appears on the desktop.

Clicking that icon opens IE and takes me to sexolojik.com, some porn site. I
then am treated to repeated requests to download and install their services.

Virus/worm scans find nothing.

A search for "notepad.exe" revealed that I now had 4 and the properties had
been changed to point to one of the phonies. Restoring the correct path and
dumping the phonies fixed it.

Hope this helps someone.
 
W

Will Denny

Hi

Have you tried these programs to look for any spyware on your system:

Ad-Aware - www.lavasoftusa.com
Spybot - http://www.safer-networking.org/
CWShredder - http://www.spywareinfo.com/~merijn/downloads.html

Also see the following link:

http://mvps.org/winhelp2002/unwanted.htm

--

Will Denny
MS-MVP Windows - Shell/User


| A couple of nights ago I was searching google for online translation sites
| and found what seemed a likely one.
|
| When I opened the page I suddenly had a dozen alerts that wanted me to
| approve installation of various services. This despite firewall and virus
| protection running.
|
| After I escaped I found a new icon on my desktop for Internet Explorer
| labeled "Click me!!!" I dumped it.
|
| But later on when I tried to use Notepad I got a message from the firewall
| that it was trying to access something online. Whether I reject it or
accept
| it the result is the same: I am disconnected and a new "Click me!!!" icon
| appears on the desktop.
|
| Clicking that icon opens IE and takes me to sexolojik.com, some porn site.
I
| then am treated to repeated requests to download and install their
services.
|
| Virus/worm scans find nothing.
|
| A search for "notepad.exe" revealed that I now had 4 and the properties
had
| been changed to point to one of the phonies. Restoring the correct path
and
| dumping the phonies fixed it.
|
| Hope this helps someone.
|
|
 
R

roger

Hi Rune,

Use HIjack This to take a snapshot of your system now that it is
working correctly. Choose to put the items in the ignore list.

When something like this happens in the future, you just need to run
Hijack this and you'll have the probable culprits, a search in google
will make sure of this.
http://www.spywareinfo.com/~merijn/downloads.html

Good luck
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Notepad Missing? 2
What happened to Notepad? 8
Notepad.exe Error Message 1
Notepad and new folder problem 1
Notepad unresponsive when trying to save... 5
Files saved to desktop not appearing on the desktop 2
Lost notepad for .txt documents 3
Notepad problem.. 1

Top