keggerz Posted November 21, 2010 Share Posted November 21, 2010 anyone know anything about this thing? My LT was acting weird and then the next thing I know I have this Whitesmoke software and toolbar downloaded on my LT....I didn't initiate it or allow it....did a quick google search and can't really find anything...doing a scan now...part that sucks is that for the most part the only sites I have been on today is here, MFL, cbssportsline.com Quote Link to comment Share on other sites More sharing options...
keggerz Posted November 22, 2010 Author Share Posted November 22, 2010 (edited) this dirty MF'r...ran hijackthis and when I try to put the log into a reader it kills the connection...try to email myself the log it kills the connection....try to PM myself the log it kills the connection (PM myself the word test it works) now need to try and run the log file from another PC(why I posted it here) Edited November 22, 2010 by keggerz Quote Link to comment Share on other sites More sharing options...
rocknrobn26 Posted November 22, 2010 Share Posted November 22, 2010 All I can find out about Whitesmoke is it is a translation toolbar/reader. I have a feeling the virus/malware is spoofing Whitesmoke. Boot into safe mode and do a scan. Better yet try and do a restore, but go into safe mode first. Quote Link to comment Share on other sites More sharing options...
keggerz Posted November 22, 2010 Author Share Posted November 22, 2010 All I can find out about Whitesmoke is it is a translation toolbar/reader. I have a feeling the virus/malware is spoofing Whitesmoke.Boot into safe mode and do a scan. Better yet try and do a restore, but go into safe mode first. I am in the middle of a full system scan right now....Fn thing is doing re-directs now too and FF wont even open up...IE is all that is working now Quote Link to comment Share on other sites More sharing options...
rocknrobn26 Posted November 22, 2010 Share Posted November 22, 2010 I am in the middle of a full system scan right now....Fn thing is doing re-directs now too and FF wont even open up...IE is all that is working now I did find a few other people w/ a similar problem, but no resolve. Sorry. Did you try the 'restore' yet? Prolly won't work as this seems like a smart one that's flying under the radar. Quote Link to comment Share on other sites More sharing options...
keggerz Posted November 22, 2010 Author Share Posted November 22, 2010 (edited) I did find a few other people w/ a similar problem, but no resolve. Sorry. Did you try the 'restore' yet? Prolly won't work as this seems like a smart one that's flying under the radar. i basically went thru the hijack this line by line to see what wasnt letting it parse for the log analyzer...found this as the culprit but I dont know what it is. http://w w w.Xupdate.Xmicrosoft.Xcom/XwindowsXupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194652676296 I had to put in the spaces between the www and added all the RED X's to be able to post the link but that is what was keeping HJT from being able to parse...actually if you take out the spaces and the red X's and cut and paste it into the google search it will most likley give you a response like it is not connected to the internet this is what the entire string looks like in HJT(or course still take out the Red Xs and the spaces between www) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://w w w.Xupdate.Xmicrosoft.Xcom/XwindowsXupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194652676296 Edited November 22, 2010 by keggerz Quote Link to comment Share on other sites More sharing options...
rocknrobn26 Posted November 22, 2010 Share Posted November 22, 2010 i basically went thru the hijack this line by line to see what wasnt letting it parse for the log analyzer...found this as the culprit but I dont know what it is. http://w w w.Xupdate.Xmicrosoft.Xcom/XwindowsXupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194652676296 I had to put in the spaces between the www and added all the RED X's to be able to post the link but that is what was keeping HJT from being able to parse...actually if you take out the spaces and the red X's and cut and paste it into the google search it will most likley give you a response like it is not connected to the internet this is what the entire string looks like in HJT(or course still take out the Red Xs and the spaces between www) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://w w w.Xupdate.Xmicrosoft.Xcom/XwindowsXupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194652676296 So where are you? Quote Link to comment Share on other sites More sharing options...
keggerz Posted November 22, 2010 Author Share Posted November 22, 2010 (edited) So where are you? did a system restore in safe mode....can now open firefox...initially didn't get any redirects but have now gotten some...also did full system scan with MS Security Essentials and it didn't find anything...but I know it is still there in some capacity anyway at this point I am not even sure what to try next...actually going to run malwarebytes next and go from there Edited November 22, 2010 by keggerz Quote Link to comment Share on other sites More sharing options...
Puddy Posted November 22, 2010 Share Posted November 22, 2010 So that's why LT's play has slipped recenty Quote Link to comment Share on other sites More sharing options...
rocknrobn26 Posted November 22, 2010 Share Posted November 22, 2010 did a system restore in safe mode....can now open firefox...initially didn't get any redirects but have now gotten some...also did full system scan with MS Security Essentials and it didn't find anything...but I know it is still there in some capacity anyway at this point I am not even sure what to try next...actually going to run malwarebytes next and go from there Can't hurt, but this sounds like a new one. If you can, give it a few days and re-google. Sorry i couldn't help more. C'mon Redrum...................where are you? Quote Link to comment Share on other sites More sharing options...
keggerz Posted November 22, 2010 Author Share Posted November 22, 2010 Can't hurt, but this sounds like a new one. If you can, give it a few days and re-google. Sorry i couldn't help more.C'mon Redrum...................where are you? would like to give it a few days but not sure that I can...I use Contribute to write my weekly huddle article on and I only have it on that laptop...I am not sure if it will effect my being able to use it since it does access the huddle thru the net and that is how I download my weekly template and then re-upload it to the site...fingers crossed because i normally only have to have 2 teams written by Wed. if there is a Thurs game...but this week there are 3 Thurs games so I wanted to have all 6 teams written up by Tues nite so they would be accessible for Wed. AM...again fingers crossed. Quote Link to comment Share on other sites More sharing options...
satelliteoflovegm Posted November 22, 2010 Share Posted November 22, 2010 I feel like I just did a table read for Star Trek. I'm all tingly. Quote Link to comment Share on other sites More sharing options...
keggerz Posted November 22, 2010 Author Share Posted November 22, 2010 (edited) full scan with malwarebytes in safe mode turned up nothing Edited November 22, 2010 by keggerz Quote Link to comment Share on other sites More sharing options...
redrumjuice Posted November 22, 2010 Share Posted November 22, 2010 Make sure your proxy wasn't enabled, it's pretty basic, google it. Quote Link to comment Share on other sites More sharing options...
keggerz Posted November 22, 2010 Author Share Posted November 22, 2010 (edited) Make sure your proxy wasn't enabled, it's pretty basic, google it. just checked FF and it is set like this "use system proxy settings" In IE the "use a proxy server for you LAN" box is NOT checked and the auto detect and auto configure boxes aren't checked either now what? Edited November 22, 2010 by keggerz Quote Link to comment Share on other sites More sharing options...
keggerz Posted November 22, 2010 Author Share Posted November 22, 2010 After some more searching it looks like this could be the "Google Redirect Virus" doesn't look fun...might have to change/fix dns stuff etc http://sites.google.com/site/k8omsbob/malware-removal Quote Link to comment Share on other sites More sharing options...
SEC=UGA Posted November 22, 2010 Share Posted November 22, 2010 C'mon Redrum...................where are you? He created it, he ain't gonna spill the beans on a fix for it. Quote Link to comment Share on other sites More sharing options...
rajncajn Posted November 22, 2010 Share Posted November 22, 2010 Keg, you must be the pron master. I've never seen anyone have more trouble with their computers than you. Quote Link to comment Share on other sites More sharing options...
redrumjuice Posted November 22, 2010 Share Posted November 22, 2010 In IE the "use a proxy server for you LAN" box is NOT checked and the auto detect and auto configure boxes aren't checked either Check that one, leave the other two unchecked. You need to download these on another machine, copy to flash drive or cd, then boot your other machine into safe WITH NETWORKING, run in this order: Disable system restore CCleaner, remove all temp files http://download.cnet.com/ccleaner/ Copy to desktop, run Combo fix, let it update and do whatever it suggests: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Malwarebytes, update, then full scan Where are you now? Quote Link to comment Share on other sites More sharing options...
keggerz Posted November 22, 2010 Author Share Posted November 22, 2010 Check that one, leave the other two unchecked. You need to download these on another machine, copy to flash drive or cd, then boot your other machine into safe WITH NETWORKING, run in this order: Disable system restore CCleaner, remove all temp files http://download.cnet.com/ccleaner/ Copy to desktop, run Combo fix, let it update and do whatever it suggests: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Malwarebytes, update, then full scan Where are you now? almost 3 hours into another malware bytes scan (updated it this time)...forgot my flash drive at home so won't be able to do anything else until I get home around 5. as for checking AUTO DETECT in IE what do i do for FireFox? I assume that I check "Auot-Detect proxy settings for this network" other options are: No Proxy Use System proxy settings (which is currently checked) Manual proxy configurations Automatic proxy configuration URL: Thanks! Quote Link to comment Share on other sites More sharing options...
keggerz Posted November 22, 2010 Author Share Posted November 22, 2010 Keg, you must be the pron master. I've never seen anyone have more trouble with their computers than you. Quote Link to comment Share on other sites More sharing options...
redrumjuice Posted November 22, 2010 Share Posted November 22, 2010 Never use a proxy, FF usually uses the settings set up for IE. Quote Link to comment Share on other sites More sharing options...
bpwallace49 Posted November 22, 2010 Share Posted November 22, 2010 C'mon Redrum...................where are you? He is busy trying to prove that Barack Obama created the computer virus to destroy the world . . . . and then show a link that says the anti-virus manufacturers all donate to his campaign, creating a sinister synergy that is designed to generate support for the New World Order and an all-world currency under the control of the Un . . . aww forget it . . . . Quote Link to comment Share on other sites More sharing options...
redrumjuice Posted November 22, 2010 Share Posted November 22, 2010 He is busy trying to prove that Barack Obama created the computer virus to destroy the world . . . . and then show a link that says the anti-virus manufacturers all donate to his campaign, creating a sinister synergy that is designed to generate support for the New World Order and an all-world currency under the control of the Un . . . aww forget it . . . . fixed. Quote Link to comment Share on other sites More sharing options...
gbpfan1231 Posted November 22, 2010 Share Posted November 22, 2010 fixed. YOU ARE MISSING SOME WORDS IN CAPS. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.