You guys are good with computers, right?

[CivBase]

So, here's the scoop.  I was on a forum site when I noticed some random links on words that just lead to stupid search engins.
So, after a while, these windows started coming up that were just blank. I decided to see if it was just the site, so I moved to another site. Unfortuately, they kept oppening.
So then, I copied one of the sites urls and did a google search, nothing. Then I went back to the site and found the url changed. So I tried that url, this time something came up.
Sure enough, I found something about a file called GETMODULE24.EXE.
After further searching, I learned that GETMODULE24.EXE is malware and I also found out three locations that it takes root in.
I instantly killed the program and perminately delete all files (yes, I emptied the recycling bin).
Do you guys think it's gone? The popups stopped and the file didn't come back...
One of the sites wanted me to download Reg Run to delete the files, but I didn't want to take any chances with downloading something like that.
Here's where I found the files that I deleted:
C:/Program Files/GetModule
C:/Program Files/iCheck
C:/Documents and Settings/(User Name)/Application Data/GetModule
I just deleted those three folders and it seemed to have stopped. If you try this, don't forget to delete them from the recycling bin (I'm not sure if they can do anything from there or not...).
I then did a virus scan (CA)... but the weirdest thing kept happening. It kept deleting the same non-existant files in C:/WINDOWS/Fonts/' and the strangest thing is, neither the files nor the ' folder exist... and it's the same files in a loop. I let it run for almost three hours and it never stopped.
It seems to have stopped..... I haven't had any other problems all day, but I still get the random links.

[General BlackDragon]

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

That fixed my pc once, give it a try. If it says something about a rootkit, and doesnt remove it, well, General Manson has some links for removing rootkits somewhere.


Oh, BTW. NEVER click on random links like that. EVER

[Nielk1]

I use:
AVG Anti Virus
SpyBot Search and Destroy
Adaware
and lately, I also use Super Anti Spyware, but not so much

They keep my PC rather clean.
My Firefox has AdBlock and NoScript installed which makes browsing much safer.

[CivBase]

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

That fixed my pc once, give it a try. If it says something about a rootkit, and doesnt remove it, well, General Manson has some links for removing rootkits somewhere.

Before I download this, mind me asking what it is and what all it will do?
I'd rather not wipe my hard drive...
and uh, what's wrong with the links?

[VSMIT]

ComboFix is a program that will go through a computer thoroughly and remove any traces of spyware, malware, or viruses that it finds.  Before running it, empty the local folders/temp and local folders/temporary internet files for every user in order to lower the running time.  Back up any important files to a flash drive or other such device, as there is a 1% chance that your computer's OS will not survive the process.  After you run it, a DOS style window will open, and it will run.  It will ask you to restart the computer at some point, so restart it, and it will finish the cleanup when the computer comes back up.

VSMIT.

[CivBase]

1% eh.....
God, I hope I'm lucky.  I guess I'll run this tomarrow.
Just so I know I get the right folders, can you give me the path?

And so you guys know, I'm on XP, does that matter at all?

[Wraith]

Try downloading hijackthis from here.


http://www.filehippo.com/download_hijackthis/

Accept agreement and do a system scan and save a logfile.

Post logfile and ill let you know what to fix.

Combofix is considered a last resort before wiping a harddrive and could also damage the OS on the harddrive.

Do not fix anything without knowing what to fix first or you may permanently damage your system.

[CivBase]

Try downloading hijackthis from here.


http://www.filehippo.com/download_hijackthis/

Accept agreement and do a system scan and save a logfile.

Post logfile and ill let you know what to fix.

Combofix is considered a last resort before wiping a harddrive and could also damage the OS on the harddrive.

Do not fix anything without knowing what to fix first or you may permanently damage your system.

Yah, I think I'll try this first.  It said 'for advanced users only'.... just how advanced?

[Wraith]

Very. 

[CivBase]

Joy.... what do I need to know?

[Wraith]

When you open the program just click on Do a system Scan and save a log file. Then copy the contents from the notepad hijackthis log to here and it will eventually show up when it is done scanning. Dont fix anything until i say so.

[CivBase]

Save a log file?  Sounds pretty simple.

[Wraith]

Post logfile when ready.

[VSMIT]

Also, it would be a good idea to burn HijackThis to a CD at some point, because I've seen a case where a piece of spyware corrupted HijackThis.  By burning it to a CD, it cannot be corrupted, ensuring that it finds everything.

VSMIT.

[squirrelof09]

Also, it would be a good idea to burn HijackThis to a CD at some point, because I've seen a case where a piece of spyware corrupted HijackThis.  By burning it to a CD, it cannot be corrupted, ensuring that it finds everything.

VSMIT.

Could just mark the file as read-only. Unless the spyware changes it's attributes.