'P**ochicks' pop up - very embarrassing

  • Thread starter Thread starter Martin Robson
  • Start date Start date
M

Martin Robson

Can someone help me to identify and get rid of a very annoying and
potentially very embarrassing pop-up. When I open up my home PC for the
first time each day it opens up a web site - 'www.pornochicks.com'. I have
never, as far as I am aware, ever been to this site (honest!), but you can
imagine the contents.

Has anyone else ever has this happen>? Is it a virus? A quick Google is not
conclusive but seem to suggest something called 'vundo'. I'm no expert,
however, so any help and previous experience would be greatly appreciated.

Thanks,
 
Can someone help me to identify and get rid of a very annoying and
potentially very embarrassing pop-up. When I open up my home PC for the
first time each day it opens up a web site - 'www.pornochicks.com'. I have
never, as far as I am aware, ever been to this site (honest!), but you can
imagine the contents.

Has anyone else ever has this happen>? Is it a virus? A quick Google is not
conclusive but seem to suggest something called 'vundo'. I'm no expert,
however, so any help and previous experience would be greatly appreciated.
Click to expand...

The vundo Trojan is detected by mainstream antivirus products. Which
one are you using? Symantec offers a removal tool here:

http://www.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html

No luck? Try a online scan by Kaspersky:

http://www.kaspersky.com/virusscanner

Art
http://home.epix.net/~artnpeg
 
Martin Robson said:
Can someone help me to identify and get rid of a very annoying and
potentially very embarrassing pop-up. When I open up my home PC for the
first time each day it opens up a web site - 'www.pornochicks.com'. I
have never, as far as I am aware, ever been to this site (honest!), but
you can imagine the contents.

Has anyone else ever has this happen>? Is it a virus? A quick Google is
not conclusive but seem to suggest something called 'vundo'. I'm no
expert, however, so any help and previous experience would be greatly
appreciated.
Click to expand...

The best advice I can gave you, get some anti-virus software, if you have
one installed try and update it and scan your computer.
 
Use this removal tool for winfixer only.

Removal Tool - Adware-Virtumundo/WinFixer Popups
http://forums.mcafeehelp.com/viewtopic.php?t=57049

When that is done then download Ewido, update it and run it. Let it remove
or fix whatever it finds.

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com
 
From: "Martin Robson" <[email protected]>

| Can someone help me to identify and get rid of a very annoying and
| potentially very embarrassing pop-up. When I open up my home PC for the
| first time each day it opens up a web site - 'www.pornochicks.com'. I have
| never, as far as I am aware, ever been to this site (honest!), but you can
| imagine the contents.
|
| Has anyone else ever has this happen>? Is it a virus? A quick Google is not
| conclusive but seem to suggest something called 'vundo'. I'm no expert,
| however, so any help and previous experience would be greatly appreciated.
|
| Thanks,
|



If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *
 
Martin,

Only download software from authorised sources. Google for "pcbutts1" if you
don't understand what I'm referring to.

David Lipman provides reliable advice, including the URLs where reliable
software is available from the vendor or creator.
 
Can someone help me to identify and get rid of a very annoying and
potentially very embarrassing pop-up. When I open up my home PC for the
first time each day it opens up a web site - 'www.pornochicks.com'. I have
never, as far as I am aware, ever been to this site (honest!), but you can
imagine the contents.

Has anyone else ever has this happen>? Is it a virus? A quick Google is not
conclusive but seem to suggest something called 'vundo'. I'm no expert,
however, so any help and previous experience would be greatly appreciated.

Thanks,
Click to expand...

Martin,

Only download software from authorised sources. Google for "pcbutts1" if you
don't understand what I'm referring to.

David Lipman provides reliable advice, including the URLs where reliable
software is available from the vendor or creator. Beware of malicious (wanna
bee) trolls.
 
Virus Guy said:
Click Start -> run -> type msconfig and hit return.

A window will open with a bunch of tabs across the top.

Select the last one (startup) and look at each line. See if
"www.pornochicks.com" is there. If so, remove the check in the box
beside the line. If you don't see it, then close msconfig and find
your startup folder and see if it's there.

Ultimately, what you want is Spybot Seach & Destroy, and AdAware (both
free). Spybot will "immunize" your browser from crap like that. You
should also download a hosts file (see mvps.org) - although the web
site you are having a problem with is not blocked by MVPS's most
recent hosts file.

If my PC was doing what yours is doing, I'd suspect something more
substantial had infected it, and a thorough viral/trojan scan is
probably needed. If you're running Windows XP, on a home computer
with broad-band internet access, and you are not using a NAT
router/hub (a box that sits between your cable or DSL modem and your
computer), then you are strongly advised to obtain a NAT router.
Click to expand...

To expand on this, it wouldn't hurt to let BugHunter have a look around
as well.
 
Martin said:
When I open up my home PC for the first time each day it opens
up a web site - 'www.pornochicks.com'.
Click to expand...

Click Start -> run -> type msconfig and hit return.

A window will open with a bunch of tabs across the top.

Select the last one (startup) and look at each line. See if
"www.pornochicks.com" is there. If so, remove the check in the box
beside the line. If you don't see it, then close msconfig and find
your startup folder and see if it's there.

Ultimately, what you want is Spybot Seach & Destroy, and AdAware (both
free). Spybot will "immunize" your browser from crap like that. You
should also download a hosts file (see mvps.org) - although the web
site you are having a problem with is not blocked by MVPS's most
recent hosts file.

If my PC was doing what yours is doing, I'd suspect something more
substantial had infected it, and a thorough viral/trojan scan is
probably needed. If you're running Windows XP, on a home computer
with broad-band internet access, and you are not using a NAT
router/hub (a box that sits between your cable or DSL modem and your
computer), then you are strongly advised to obtain a NAT router.
 
Back
Top