Download Korean movies | Myspace Layouts | Personal Car Finance | Electricity Suppliers | Myspace Backgrounds
Virus problem? [Archive] - PCMech Forums
PDA

View Full Version : Virus problem?

robrpb
03-25-2004, 04:49 PM
Hi,

My friend is running Win 98. He uses Norton anti-virus. He is on Bellsouth DSL. He has started having problems about a week ago. When he opens his IE browser he is redirected to a website www.4-counter.com. If he clicks on tools, then options, and view the address bar something is adding info to redirect him to the 4-counter website. We ran spybot, but it didn't help with this problem. There was a file in his temporary folder for "Class3softwarePublishers." We deleted it.

Still had problems. We then went into "regedit" and there were several places where "Class3SoftwarePulishers" were and we deleted them. We also did a search for "4-counter.com" and found it in several places. We deleted them from the registry. After we deleted them we rebooted the computer and when IE was opened we had the same problem. We the went back into the registry and all the entries for "4-counter.com" were reinserted. We then deleted them again from the registry and just let the computer sit for a couple of minutes and the "4-counter.com" was again reinserted into the registry and default page for IE browser.

How or what am I looking for that is causing these problems?

Thanks,
Rob
ghost2003
03-25-2004, 04:57 PM
try ad-aware www.lavasoftusa.com
make sure NAV and spybot are up-to-date.
here are some good online scaners:

http://housecall.trendmicro.com
http://www.bitdefender.com/scan/Msie/index.php#
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
robrpb
03-25-2004, 09:36 PM
Thanks, We'll give them a try.
Steve1
03-25-2004, 10:25 PM
4-counter.com is associated with the CoolWebSearch plague. You might want to download and run CWShredder (http://www.spywareinfo.com/~merijn/files/cwshredder.zip) letting it fix all it finds.
rapidarp
03-26-2004, 04:47 AM
Don't forget that virus writes are becoming more and more sophisticated. Virii often activate, copying their source file to a re-named file that can resemble systems files, pictures, etc. They're sneaky little punks.
robrpb
03-26-2004, 07:47 AM
With this in mind rapidarp, that the file has been renamed, then how do you find the source to delete it?
glc
03-26-2004, 08:52 AM
Spybot by itself is no longer adequate - you have to use it in conjunction with Ad-Aware and CWShredder, and maybe even HijackThis. This garbage really digs itself in deep these days. Same with Norton or any other antivirus, you need to crosscheck with online scanners.

It's gotten to the point where a majority of our service calls are for malware removal, not hardware issues like it used to be.

If your friend is on DSL and is not using a router, he needs a firewall too - Sygate Personal and Zone Alarm are the 2 most popular freebies.
robrpb
03-26-2004, 11:36 AM
Thanks, I'll pass it on and we'll give it a try.
robrpb
03-29-2004, 07:24 PM
My friend ran cwshredder and it fixed the problem. Thanks to everyone for your help.
Cricket
03-29-2004, 07:47 PM
Glad you got your friend's problem sorted out.

CoolWebShredder is a must have nowadays. Those malware writers (or whoever) did a DOS (Denial Of Service) attack (http://www.spywareinfo.com/newsletter/archives/0204/25.php) on their servers not long ago. Couldn't get updates for a couple of weeks. Things seem to be back to normal now.

:) Cricket