.:`=-~rANdOm~`-=:. Game Servers
Support (Read Only) => Help => Topic started by: Ἆxule on November 14, 2011, 10:01:42 PM
-
It's quite odd, for awhile now I've been having these... noises, songs, advertisements, and whatever else, occasionally playing. There is nothing to close either. This is happening as I type.
There are also times when there are two or more playing at once.
And now, a webpage keeps opening up. The website is blinkx something.
What the hell is going on...
-
Sounds like Adware, I'm unsure how to remove this.
Do a full virus scan and install Malawarebytes. Thats all I can contriubute
-
http://forum.randomgs.com/index.php/topic,5564.0.html (http://forum.randomgs.com/index.php/topic,5564.0.html)
-
So far I've only been able to get to the RKill thing. Whenever I try downloading or running it, the command prompt pops up once or twice and nothing happens after.
-
Gaming ghosts? :trollface:
-
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org (http://www.malwarebytes.org)
Database version: 8165
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/15/2011 6:56:28 AM
mbam-log-2011-11-15 (06-56-28).txt
Scan type: Full scan (C:\|Q:\|)
Objects scanned: 601090
Time elapsed: 4 hour(s), 13 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\Users\Nate's\AppData\Local\servicesys32.dll (Trojan.SHarpro.Gen) -> Delete on reboot.
c:\programdata\mouseprofileupdate.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
c:\Users\Nate's\AppData\Local\Google\googleupdate\Googleup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0EAB238E-497A-4884-AFA7-AAA599F601Fb} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EAB238E-497A-4884-AFA7-AAA599F601FB} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EAB238E-497A-4884-AFA7-AAA599F601FB} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EAB238E-497A-4884-AFA7-AAA599F601FB} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MouseProfileUpdate (Trojan.SHarpro.PGen) -> Value: MouseProfileUpdate -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Oberon Update (Trojan.SHarpro.PGen) -> Value: Oberon Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Trolltech Update (Trojan.SHarpro.PGen) -> Value: Trolltech Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinRAR Update (Trojan.SHarpro.PGen) -> Value: WinRAR Update -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Nate's\AppData\Local\Temp\thpm3062737837039021031.tmp (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\thpm377124260971730934.tmp (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsc1DE0.tmp\msintl1a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsc1DE0.tmp\msintl1c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsc1DE0.tmp\msintl1e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nshF251.tmp\tzdworf1.png (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nshF251.tmp\tzdworf2.png (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nshF251.tmp\tzdworf3.png (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsn9993.tmp\001.jgg (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsn9993.tmp\002.jgg (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsn9993.tmp\003.jgg (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsqBACC.tmp\errpoid2.xx (Trojan.Tracur.VGen) -> Quarantined and deleted successfully.
c:\Users\Nate's\local settings\application data\servicesys32.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\servicesys32.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
c:\programdata\mouseprofileupdate.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Google\googleupdate\Googleup.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
-
holy shitfuck
enjoy dem trojans
-
I'm not sure where they came from.
They should be gone now though.
-
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MouseProfileUpdate (Trojan.SHarpro.PGen) -> Value: MouseProfileUpdate -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Oberon Update (Trojan.SHarpro.PGen) -> Value: Oberon Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Trolltech Update (Trojan.SHarpro.PGen) -> Value: Trolltech Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinRAR Update (Trojan.SHarpro.PGen) -> Value: WinRAR Update -> Quarantined and deleted successfully.
Just had to.
-
OHGOD I LOL'D AT THE TROLLTECH
So everything is working naow?
-
OHGOD I LOL'D AT THE TROLLTECH
So everything is working naow?
Haven't had the time to find out.
Let it scan overnight, and had to leave for school early morning
-
I'm pretty sure they will be gone thanks to Mbam. Remember to update it if you ever do a second scan. Versions that aren't correctly updated won't pick up all the viruses.
-
fml so much right now.
I swear my computer hates me.
Everything was fine for awhile, but then out of nowhere the stupid sounds came back. And adding on to that, everytime I try to google something, it redirects me to something else.
O.O
I'm gonna do the damn scan again and hope it goes away for good.
-
Defrag your computer and show me the results.
-
Also, To make this clear:
I hear things that aren't there.
-
Defrag your computer and show me the results.
I did a full scan over night and here are the results.
Scan type: Full scan (C:\|Q:\|)
Objects scanned: 601090
Time elapsed: 4 hour(s), 13 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\Users\Nate's\AppData\Local\servicesys32.dll (Trojan.SHarpro.Gen) -> Delete on reboot.
c:\programdata\mouseprofileupdate.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
c:\Users\Nate's\AppData\Local\Google\googleupdate\Googleup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0EAB238E-497A-4884-AFA7-AAA599F601Fb} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EAB238E-497A-4884-AFA7-AAA599F601FB} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EAB238E-497A-4884-AFA7-AAA599F601FB} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EAB238E-497A-4884-AFA7-AAA599F601FB} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MouseProfileUpdate (Trojan.SHarpro.PGen) -> Value: MouseProfileUpdate -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Oberon Update (Trojan.SHarpro.PGen) -> Value: Oberon Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Trolltech Update (Trojan.SHarpro.PGen) -> Value: Trolltech Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinRAR Update (Trojan.SHarpro.PGen) -> Value: WinRAR Update -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Nate's\AppData\Local\Temp\thpm3062737837039021031.tmp (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\thpm377124260971730934.tmp (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsc1DE0.tmp\msintl1a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsc1DE0.tmp\msintl1c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsc1DE0.tmp\msintl1e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nshF251.tmp\tzdworf1.png (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nshF251.tmp\tzdworf2.png (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nshF251.tmp\tzdworf3.png (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsn9993.tmp\001.jgg (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsn9993.tmp\002.jgg (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsn9993.tmp\003.jgg (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Temp\nsqBACC.tmp\errpoid2.xx (Trojan.Tracur.VGen) -> Quarantined and deleted successfully.
c:\Users\Nate's\local settings\application data\servicesys32.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\servicesys32.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
c:\programdata\mouseprofileupdate.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
c:\Users\Nate's\AppData\Local\Google\googleupdate\Googleup.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
-
now reboot
-
schizophrenia
-
can you record it? using audacity or something and setting it to stereo mix?
-
...did you actually delete the viruses?
All the scan does is quarantine them. Not remove them.
You should also use CCleaner afterwords to remove any left over registry entries.
-
...did you actually delete the viruses?
All the scan does is quarantine them. Not remove them.
You should also use CCleaner afterwords to remove any left over registry entries.
That would be nice to know.
-
Mbam removes them, but you have to reboot your computer in order for them to be completely removed. It usually prompts you after the scan has been finished.
-
Mbam removes them, but you have to reboot your computer in order for them to be completely removed. It usually prompts you after the scan has been finished.
I swear, I must be an idiot.
I keep getting a virus or something, but I'm watching what I do.
What the shit is this?
I'm always having to restore my pc to an earlier time.
This is really making me want to get that new Computer...
-
I swear, I must be an idiot.
I keep getting a virus or something, but I'm watching what I do.
What the shit is this?
I'm always having to restore my pc to an earlier time.
This is really making me want to get that new Computer...
If all else fails you can do that or buy a new hard drive.
-
If all else fails you can do that or buy a new hard drive.
>Laptop
-
>Laptop
>Laptop harddrives
http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives (http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives)
http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives (http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives)
http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives (http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives)
http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives (http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives)
http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives (http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives)
http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives (http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives)
http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives (http://www.newegg.com/Store/SubCategory.aspx?SubCategory=380&name=Laptop-Hard-Drives)
-
I honestly don't know what the hell is up.
I've done a full scan atleast 5 times now, and every time something has come up as corrupted or something.
My only explanation could be because I have firewall of, but I had that off for a loong time before any of this happened. and I can't have the firewall up if I want to play Gmod or something.
The only websites I go to is here, Pandora, occasionally Newgg, youtube, google, and Yahoo.
Another theory of mine might be how Steam got hacked. I didn't change my password until the advertiesments started coming, but what do I know.
-
I honestly don't know what the hell is up.
I've done a full scan atleast 5 times now, and every time something has come up as corrupted or something.
My only explanation could be because I have firewall of, but I had that off for a loong time before any of this happened. and I can't have the firewall up if I want to play Gmod or something.
The only websites I go to is here, Pandora, occasionally Newgg, youtube, google, and Yahoo.
Another theory of mine might be how Steam got hacked. I didn't change my password until the advertiesments started coming, but what do I know.
1. Get new antivurus, AVAST has worked for me. Even if you only get the free version it still could help.
2. On the MineCraft fourms there was an instance where something with an image caused a popup asking for your username and password (a single instance 1.5 years ago, mind you). Has anything simaler happened to you?
3. Y U NO PLAY GMOD WITH FIREWALL? Does your router atleast have a firewall?
4. Can you post your web history of when it started happening?
5. Mabie you got it when you downloaded something from a trusted site?
6. It could be a time bomb.
7. When you visit sites in/from google, you are visiting the site. Not only google. (this can happen with images too!)
-
1. Get new antivurus, AVAST has worked for me. Even if you only get the free version it still could help.
2. On the MineCraft fourms there was an instance where something with an image caused a popup asking for your username and password (a single instance 1.5 years ago, mind you). Has anything simaler happened to you?
3. Y U NO PLAY GMOD WITH FIREWALL? Does your router atleast have a firewall?
4. Can you post your web history of when it started happening?
5. Mabie you got it when you downloaded something from a trusted site?
6. It could be a time bomb.
7. When you visit sites in/from google, you are visiting the site. Not only google. (this can happen with images too!)
Well it seems things have suddenly started working right. After maybe a week a thing will pop up saying I got virsus and I need to buy the full subscription to get rid of it. obviously it's not true, so I just restart my computer to the day before.
I'm smart enough to to click pop-ups
When I have McAfee fire wall up, no servers show up. It's as if I'm offline or something.
All that's in my history is here, Youtube, Yahoo, and google mainly.
probably