I visited an "alternative site" and within seconds, an evil script entered my system and took over. It puts the file mshp.dll into my Windows file whenever I enter the net, and reinstalls it there whenever it gets the chance, despite that I remove it all the time. This mshp.dll redirects me to a marihuana/pr0n/viagra/whatever crap portal every 15 minutes of surfing or so. Extremely annoying. It has also changed my system folder into a playlist, so that all system files are listed as MP3:s with song title, album, endurance, etc instead of system files info like changing date and similar things that would help me trace the virus/worm. The bad-ass software makes Norton Antivirus and the regedit crash as soon as I try to reach the problem. Anyone seen this? What did you do to solve it?
Announcement
Collapse
No announcement yet.
Evil script killing my comp
Collapse
X
-
Install Mozilla.
But I admit this can only hepl prevent this crap, not solve it."I have been reading up on the universe and have come to the conclusion that the universe is a good thing." -- Dissident
"I never had the need to have a boner." -- Dissident
"I have never cut off my penis when I was upset over a girl." -- Dis
-
The few times I've had malicious files causing problems, I've done a search from the Start Menu for all files that were changed the particular day the problem started. I sort these files chronologically and find the approximate time of the day the problem first occured, then delete whatever files I find to look suspicious. Clues for possible culprits include name, file type, and where the file is located.
Don't know if this will help, just that it's worked for me so far.
Comment
-
Winston, that was the first thing that entered my mind. I tried that and it did not help. (Just by the way, a DANISH site did this, www.adultlust.dk) Dont go there, I warn you!!!!So get your Naomi Klein books and move it or I'll seriously bash your faces in! - Supercitizen to stupid students
Be kind to the nerdiest guy in school. He will be your boss when you've grown up!
Comment
-
"I have been reading up on the universe and have come to the conclusion that the universe is a good thing." -- Dissident
"I never had the need to have a boner." -- Dissident
"I have never cut off my penis when I was upset over a girl." -- Dis
Comment
-
You have to make sure that all files are displayed, also the hidden ones and system files. But I'm sure you've thought of that already.
Maybe a search for all .exe, .pif, .scr files etc. regardless of date would be worth a shot? There has to be a bad apple somewhere on your C: drive.
Comment
-
'The very basis of the liberal idea – the belief of individual freedom is what causes the chaos' - William Kristol, son of the founder of neo-conservitivism, talking about neo-con ideology and its agenda for you.info here. prove me wrong.
Bush's Republican=Neo-con for all intent and purpose. be afraid.
Comment
-
Originally posted by Spiffor
How do you know this site is the culprit? I went there (my comp needs a good format anyway), and there wasn't anything abnormal...
I did a new search of the kind Winston suggested and found 9 files that was changed at excactly the same minute this problem entered my comp. I've removed them all, but two particular files seems too be badder than the rest. My system says " these files are in use and can't be removed". They are named msiesh.dll and iefeatsl.dll, located in the "wellknown" iefeatsl folder of my application data folder. How do I kill these bastards? ?So get your Naomi Klein books and move it or I'll seriously bash your faces in! - Supercitizen to stupid students
Be kind to the nerdiest guy in school. He will be your boss when you've grown up!
Comment
-
If you have difficulty rooting it out, I recommend 'Start-Up Mechanic' (it's free from the maker). It roots out programmes that like to 'run in the background' and have that nasty habit of silently installing themselves or other things over your connection.
Just make sure you don't use start-up mechanic to 'quarantine' anything you actually want like explorer!"Wait a minute..this isn''t FAUX dive, it's just a DIVE!"
"...Mangy dog staggering about, looking vainly for a place to die."
"sauna stories? There are no 'sauna stories'.. I mean.. sauna is sauna. You do by the laws of sauna." -P.
Comment
-
If you're under winxp, try ctrl+alt+suppr, and go for the "process" tab. Kill suspicious processes on sight. I don't think you can do anything harmful to your computer here, but this may lead to a disconnect or a restart.
If you have another computer in your home, connect both computers through a Network cable, and have the folders with suspicious files shared with writing-rights. Delete the files from the other computer."I have been reading up on the universe and have come to the conclusion that the universe is a good thing." -- Dissident
"I never had the need to have a boner." -- Dissident
"I have never cut off my penis when I was upset over a girl." -- Dis
Comment
-
I keep getting unwanted pop-ups about adult personals ads, Viagra, gambling, marijuana and whatever annoying or illegal stuff there is, every 15 minutes or so, apart fram the already annoying "Britney images and US green-card" pop-ups Marko already added to this site.
How could I be so stupid that I:
1) didn't reinstall and update Norton for 9 months?
2) Entered a pr0n portal I already knew had started to link to idiotic scripted sites, just ot watch some harmless amateur tits I could watch in my bedroom every night anyway?So get your Naomi Klein books and move it or I'll seriously bash your faces in! - Supercitizen to stupid students
Be kind to the nerdiest guy in school. He will be your boss when you've grown up!
Comment
-
Ending 'suspicious' looking processes when you don't really know what you're looking for is a great way to see the 'Remote Call Procedure Terminated' error message in XP.
Same thing for manually opening up regedit and deleting suspicious Registry Entries....they may simply be re-installed the next time you restart your computer if the Bad Stuff in question is well hidden.
General tips:
1. Start-up mechanic
2. Apolyton's front-page uses some good web based detectors that pick up a lot (it might be SB S &D?)
3. Make sure your frequently make system back ups, once a month, so that if you ever have to do an XP restore, you don't lose too much.
4. Lavasoft adaware picks up a lot of dialers.
5. Last resort: If you INSIST on visiting those places which WILL try to install junk (i.e. warez pages) get a router where you can watch, monitor, and controll all traffic in real-time via the software that comes with your router. You can of course do this just with your computer alone, but a router is an extra layer of foolproof protection if you really think someone has been executing commands or whatever and you haven't been able to find out how."Wait a minute..this isn''t FAUX dive, it's just a DIVE!"
"...Mangy dog staggering about, looking vainly for a place to die."
"sauna stories? There are no 'sauna stories'.. I mean.. sauna is sauna. You do by the laws of sauna." -P.
Comment
Comment