General discussion


Virus Alert

By the_webninja ·
Virus Report

I know the people who keep up on all the Viruses probably know a lot more about them than I do,
But I got a Virus yesterday, so I wanted to let everyone know How I got it, what it does, and what I did to clean it, and the Companies who are involved with the Virus I received.

I got the Virus on Myspace, someone requested to be my friend, and when I went to their Profile page to check them out to see if I wanted to be their Friend or not, another page auto-loaded on top of their Profile Page, with a Link on it that said ?Download Myspace Adult Viewer? I assumed this was because this particular Girl had Nude Pics of herself or something and this was the way that Myspace regulated adult viewers. WRONG!

I Clicked on the Link and Downloaded the Program which I THOUGHT was some kind of Myspace Adult media player, and after it installed, I realized I just made a terrible mistake. The link I had Clicked on that said ?Download Myspace Adult Viewer? downloaded a Virus into my Computer, which immediately took over my Internet Explorer. I wasn?t even USING internet Explorer for the Internet I use Firefox, so I thought I was safe, but I forgot that Internet Explorer still exists on your Computer as long as you are using Windows. Regardless of what Browser is your default browser, the Virus will take over Internet Explorer and begin to Launch Internet Explorer and use the Back Door Channels in Internet Explorer to stream you Endless amounts of Pop up ads.

Then it wants you to BUY a particular Software Program called ?Virus Burster? to fix the problem. This leads me to believe that the people at Virus Burster CREATED the Virus (which Mcafee could not clean) just to Force you to buy their Program. And if you buy their Program, then they have all of your Credit Card Information, and judging from the way they marketed their product I don?t think I want to trust them with my Credit Card Information.

On top of all of this, while you are Busy trying to fight off all the Pop Ups and make sense of what is happening to your Computer, the Hackers have complete access to your Computer through the Back door in Internet Explorer, allowing them to collect information such as Passwords from your Cookies Folder, or Addresses and Phone Numbers from Software Registration Forms stored on your Computer, all of which they can use to either Hack your Sites and Spread their Virus by Posting their Virus on YOUR Myspace Profile, and or, hacking other Sites you have passwords stored for in your Cookies Folder, or Using your Personal Information from Software Registration forms to engage in Identity Theft.

I tried cleaning the Virus by using Mcafee. Mcafee at first detected the Virus, then said it Cleaned it, but the Virus Self Replicates, and then Mcafee doesn?t try to clean it anymore. It just forgets about it, or the Virus contains something in it to disable Mcafee. I Tried using Ad-Aware Scanner to remove pieces of the Virus, it Cleaned parts of it also, yet, the Virus still functioned. Then I went through every single File associated with the Virus in my Registry and tried to Manually Clean it, but even with the related files were deleted from my Registry the Virus Still functioned.
I unchecked all my windows Services to Block the Hackers from Remote Access to my Computer, but the Virus still functioned even though it could not access the Internet. I tried unchecking all the things in my Start up using msconfig one by one to determine what was infected. It appears that the file ctfmon.exe was related in someway to the Virus, and that is how the Virus was unable to be deleted or removed. I am not a Software programmer, so I can get that specific, I can only tell you the behavior of the Virus and by process of elimination which files I found were associated with the Virus. I can tell you that the Majority of the Files were hidden, so I could not even FIND them on my Computer. But the Virus still functioned so I know it was there. It seems to infect any Toolbars that you have such as Yahoo or Google, to access your Computer.

The Companies Involved with this Virus either by paying these people to Create it, or paying them for Advertising in USE with the Virus are:
Mmedia Codecs

I Received the Virus from Myspace, and the Following Display Names on Myspace were also found to contain the Virus:

If you know about Viruses or if you are involved in helping Protect people from Viruses, please address this Problem. I would really like to see these people arrested for the aggravation they cause others.

The only way I was able to Clean the Virus was to Delete the Partition, Format my Hard Drive and Completely re-install everything. I want to see these people arrested.

Thank you,

Mark Evans

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Get in line- you are the fifth or sixth person I have heard about.

by Tig2 In reply to Virus Alert

I had done a Google search on this one before- this site, had the best information. I cut and pasted one of the fix responses below.

"Download SmitFraudFix, extract it, then restart your computer in safe mode. Run SmitFraudFix and it should get rid of it. I used this recently to get rid of the stupid Virus Burster thing on one of our computers."

Thank you for posting such an informative note. I always knew I stayed away from MySpace for a reason! Be aware though, this is the first time i have heard this tracked back to a profile so something may be changing. I have heard of people being infected in a number of ways.

Glad to know that you were able to rid yourself of the beastie!

Collapse -

Those porn things

by zlitocook In reply to Get in line- you are the ...

Seem to get allot of people, I got four of those emails and I deleted them all. I also have won three lotteries in other countries; I have had people in other countries who be happy to send me millions of draknars or some such.
Don?t open email from some one you don?t know, don?t open attachments if the person did not tell you they were sending one. Do not use a hyper link unless the person you know said they were sending it and then still be vary careful? I am not paranoid just don?t trust any one. :)

Collapse -

Sorry that it happened, but you should know better

by sMoRTy71 In reply to Virus Alert

First, I have to say that I am sorry you got a virus; however, you fell for one of the oldest tricks in the book. You don't open attachments or click links from people you don't know, especially links to install software.

With that said, thanks to being willing to post this info despite the fact that we would all know what you were trying to view :)

Collapse -

Makes me want to backup!

by hyposave In reply to Virus Alert

Words like...

"The only way I was able to Clean the Virus was to Delete the Partition, Format my Hard Drive and Completely re-install everything."

is the reason why we backup. Hopefully its not a virus that manages to create its own little partition and continiously restore itself.

Collapse -

Use CallingID LinkAdvisor

by arthur In reply to Virus Alert

First and foremost: use caution when connecting to an unknown site.
If in doubt, don't connect, but if you are curious (and aren't we all) use CallingID. It is a freeware download you can use to identify what site you're connecting to. It si available for IE and FireFox. A new and very useful development is CallingID LinkSAdvisor, which in essence tells you the risk of clicking on the link in an email. If you hover your mouse over the link, the software will verify the site, and advise you of the risk. I'm not in any way connected to CallingID, just a very satisfied user of the software.

Collapse -


by bdfew In reply to Use CallingID LinkAdvisor

Since you are using Firefox, you should try the Netcraft toolbar. It will tell you where you actually are when you follow the links.

Collapse -


by breshears_michael In reply to Virus Alert
Collapse -


by collignond In reply to Virus Alert

I have had numerous encounters with similar or even possibly the same sort of infections.

It is caused by a virus/add-ware hybrid.

The hybrid is actually so advanced that you can remove it from one profile and it can still be active in another.

The best course of action is usually prevention. Get Microsoft?s windows defender and an antivirus and keep windows, the antivirus and windows defender up to date.

For those who have been unfortunate enough to get infected, firstly physically disconnect from the internet, get windows defender installed and get the updated definitions for you antivirus and defender also get hold of a little program called HijackThis.

Restart the machine in safe mode and let window defender do a full scan, the newer antivirus will pick up some of the instances of the malicious software while the scan is being processed, once the scan has bee processed, defender will list all instances that it recognises and show you a yellow or red shield, the reds will be automatically selected for removal, just remember if you are running any remote control software to leave that one as ignore and remove the rest.

Do a full scan using your antivirus, make sure that all explorer windows are closed and launch hijackthis, the program will scan the registry for possible hijack software entries, the program will list a number of legitimate programs as well. The legitimate entries will be for programs you have installed on the machine. It will also show you entries if the home page and proxy settings are different to windows default and you can chose to "Fix" them if they are different than the settings that you use.

This process needs to be repeated in safe mode for all profiles on the machine.

This is a long method but it dose save having to reload the entire machine.

Collapse -

Virtual appliances may help

by ProfTheory In reply to Virus Alert

It sounds like what you may want to try is a VMware appliance. What that is an OS (likely linux) that contains a web browser. (Nautilus, Firefox, or Opera) that can be used for checking out suspect or known hazardous sites. Since your browsing from a virtual computer your real system should go untouched. VMware Player is free from and from there you can search for the web appliance of your choice.

I would love to know if some one has tried this or similar in a work environment.

Though for me part of safe computing is to not use IE (including IE7) for routine browsing. Don't run programs from internet without first scanning for malware. If something needs an "adult viewer" then don't look. And I would agree with the sentiment "Don't accept candy from strangers."

P.S. Also many newer malware are coming with root kits. With a root kit the only way I know of getting rid of them is to reinstall.

P.P.S This is where disaster recovery planning is needed because it's not just about hardware failure but about anything that makes the system unusable. If you had an image of that system then it could be back in operation in a matter of minutes rather then the time to repatition, format, and reinstall.

Collapse -

Rootkit solution

by donniebnyc666 In reply to Virtual appliances may he ...

F-Secure is the only rootkit remover I know of. I used their beta version to successfully remove a rootkit infection on a client's system.

F-Secure online scanner link (requires active-x install):

*Disclaimer: I am not connected to F-Secure in any way, blah, blah, blah.

Related Discussions

Related Forums