Internet Explorer OR Outlook Express Virus? or What?

  • Thread starter Thread starter Don Wash
  • Start date Start date
D

Don Wash

Hi All!

A program automatically launches a site ("w.xx.gigan.to" where 'xx' is the
letters that I can't recall) and start to download a CAB file using Internet
Explorer. I tried to close it and a message box appear "You must choose yes
to install". So I didn't click anything and I shut down the Internet
Explorer using Task Manager.

And it didn't go away because I can see the movement in network activity. So
I disable the LAN. That's when I got a dialog box asking which connection I
want to use to connect to the Internet because 'you' or a program requested
information from <<site>>. Sorry guys I was really panicked and didn't
recorded the site address. But as far as I recall it is: "w.xx.gigan.to"
where 'xx' is the letters that I can't recall. That site also as one line of
text saying "If you are happy....you are a prick" or something like that. By
looking at this, we can concluded that this is a Trojan right? Showing
something interesting (or something that you need time to figure out) in
front of you and start messing up with your computer at the back.

So I start System Restore and I restore it to a previous point and when it
start to shut Windows down, Outlook Express ask a message box "Are you sure
you want to terminate this download?". That's when I concluded that the
virus might have entered (or still entering) to my computer through Outlook
Express. But it could also be thought Internet Explorer or any thing else
for that matter. I can't say for sure. After System Restore , my computer is
ok now.

Another strange thing to note is that this incident happened after I
rebooted my computer after running a security update from Microsoft for
Download.Ject virus detection and removal, which can be accessed via:
http://www.microsoft.com/security/incident/Download_Ject.mspx

Anybody happen to experience similar incident like mine? Or am I the only
one?

My computer has...
- Internet Explorer 6
- Outlook Express 6
- Windows XP SP1

Please, could anyone suggest what on earth is happening to my computer?

Thanks in advance!

Don
 
Activate the built in firewall if you're using XP (go to help type in
'firewall' for step by step instructions).
Then download a 2-way firewall such as that available free from:
www.zonelabs.com
This will allow you to monitor/enable/disable two-way traffic in and out of
your PC.

Then get an online virus scan from any or all of these:
Trend Micro - Free online virus Scan
http://housecall.trendmicro.com/

McAfee Security - FreeScan
http://www.mcafee.com/myapps/mfs/default.asp

Symantec Security Check
http://security.symantec.com/ssc/home.asp

Panda ActiveScan - Free online scanner
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Download and install a permanent anti-virus such as AVG Free Edition from
www.grisoft.com

See how things are after that.
Hope this helps.
Chek
 
Don Wash said:
Hi All!

A program automatically launches a site ("w.xx.gigan.to" where 'xx' is the
letters that I can't recall) and start to download a CAB file using Internet
Explorer. I tried to close it and a message box appear "You must choose yes
to install". So I didn't click anything and I shut down the Internet
Explorer using Task Manager.
Click to expand...

Please follow these steps in order to clean your computer of Malware which
can include Viruses, Trojans, Worms, Spyware, Hijackers and Dialers.

Step 1:
Download Spybot and Adaware from the following locations and install them.
You should run both programs and clean up what it finds. This is to
gaurantee that you find the most malware you can installed on your computer.

Before running the scans on both programs, it is mandatory that you update
the programs. There are update options in each program when you run them.

Spybot
http://www.safer-networking.org/index.php?page=download

Ad-Aware
http://www.lavasoftusa.com/software/adaware/

If you would like to learn more about how to use these two programs with the
proper settings you can read the tutorials below:

AD-AWARE Tutorial
http://www.bleepingcomputer.com/forums/index.php?showtutorial=48

SPYBOT SEARCH AND DESTROY Tutorial
http://www.bleepingcomputer.com/forums/index.php?showtutorial=43

When you scan with both programs, fix everything that it finds.

When you are done with the scan and fixing the items. Please continue with
the next step.

Step 2:

It is important that you run Spybot and Adaware before you proceed with this
step. Fixing enties with Hijackthis may leave behind unwanted files on your
computer if the previous step was not done first.

Create a directory on your hardrive to save HijackThis.exe. A directory
like c:\hijackthis. If you do not do this, you will not be able to use the
backup/restore features.

Download HijackThis from:

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Save this file into the directory you made previously and then run the
program. Click on the Scan button and when it is finished click on the Save
Log button. A Notepad window will open with the contents of this log. Click
on Edit then click on Select all. Then click on Edit and then Click on
Copy.

Register an account at http://www.bleepingcomputer.com and post this created
log into the Hijackthis Logs forum at that site. To do this, once you are
registered, create a new post, right click in message area and select paste
to paste the log into the post.

An expert will reply to you after reading this post. DO NOT fix any entries
unless you are absolutely sure you know what you are doing as you may cause
more damage to the system

To see a tutorial on using HijackThis you can click on the link below.

http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
 
First off, see...

Before You Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html

Check your system for "hijackware":

Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm

CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html

Run these tools in the following order with nothing else running in
background:

1. CWShredder (fix all found)

2. Ad-Aware (fix all found)

3. Spybot (RTFM but generally fix everything in red)

Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]

Also:

1. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...

2. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow all Removal steps.

WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then Disk Cleanup > More options > Delete all but the most
recent Restore Point.

3. Check in at Windows Update.

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
HTH - Please Reply to This Thread

~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

AumHa Forums
http://forum.aumha.org

What You Should Know About Spyware
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx
 
Back
Top