# Explorer virus...



## evegodenraven (Feb 17, 2009)

ok... heres the thing... i can't seem to figure out what the problem is and why it is only me that this thing is attacking but here i go.

well i played a game 1 month ago and i stopped because the main site i got help from to get better at the game gave me a huge virus, deleted all my save points for my system recovery, didn't let me use explorer sometimes, i couldn't even do a hard system recovery... anyways..

the site i went to is www.pso-world.com and i didn't even click on any links to download anything, i would click on a link to go to a page i want and for a split second i got a download for like 1 second(which i couldn't stop) i told people about the virus and everyone else tells me that their fine, they have no problems going on the site. and i tested this out 2 times, i got the virus, got rid of it, went back to the site, and the virus came back... welll... lets say worm, because it was a worm. i downloaded malawarebytes which solved my problem but now i'm going to some sites and my internet explorer keeps telling having a message pop up saying like,
"site was not able to open, internete explorer closing" or something like that and today i tried going onto it again, it wnt, message poped up and a virus protection link popped out, (pressed on the X), and the thing started scanning, i quickly pulled my eternet out of my computer and used malawarebytes and ccleaner, and both of them didn't find anything.

the other thing is, when i try going on the sites with my MFF explorer, it works, but it recently just keeps giving me issues.... is there anything i can do to protect my computer better? like maybe a computer firewall idk about? or evern like a super virus protection program idk about.

the virus protection programs i have is Avast, Malawarebytes, Ccleaner, and Ad-Ware SE Plus. i had spybot S&D but got rid of it.


----------



## ToeClaws (Feb 17, 2009)

Hard to say without knowing what you clicked on, and also whether you were logged in or not and had previously cached cookies, as all of those things profoundly effect the dynamic content generated for you when you enter the page.  

The code is particularly nasty (as with most sites like this), and even as a guest visiting the first page throws 13 Cookies at me, 8 from the site itself, the rest are 3rd party, and 24 Javascripts, about 1/3 of which are 3rd party.  It's plausible that something could be slipped onto a system with those if the page had it's code hacked.


----------



## ArielMT (Feb 17, 2009)

It could've been from the ad banner.

Did you mean "Ad-Aware SE"?  I thought Lavasoft haven't made or updated a program called "SE" in the last two years.  You might want to look at getting updated versions of your programs, as well as making sure their definitions and other data files are up to date.

Is Windows up to date on patches from Windows Update or Automatic Updates?  (When last I checked, the "Windows Genuine Advantage" spyware wasn't being installed through Automatic Updates, only through Microsoft's Windows Update site.)

If you're using IE7, then try Tools -> Internet Options -> Advanced -> Reset Internet Explorer Settings -> Reset.  [Edit: You'll have to reset your home page and reenable/reinstall any toolbars you genuinely want after this.  Resetting the home page is easy, though: Browse to the page you want, then hit Tools -> Internet Options -> Use Current -> OK.]

If you're using IE6, then try a repair install.  Microsoft KB Article 318378 tells how.

I highly recommend, and you'll hear this echoed, that you download an alternative Web browser then stop using IE completely.  Microsoft Internet Explorer is the most highly targeted, most easily exploitable, and most difficult to protect Web browser out there.


----------



## ToeClaws (Feb 17, 2009)

ArielMT said:


> I highly recommend, and you'll hear this echoed, that you download an alternative Web browser then stop using IE completely.  Microsoft Internet Explorer is the most highly targeted, most easily exploitable, and most difficult to protect Web browser out there.



^ Echo!

You may also consider something called Hosts file blocking on your system:

http://www.mvps.org/winhelp2002/hosts.htm

This site produces a continually updated HOSTS file that you can put on any Windows, Linux, Unix or whatever box that redirects all known bad spyware and ad sites to your local machine, thus making it impossible for the browser to load content from them.  Not only does it help to protect you, it also is rather nice not to see a ton of ads when viewing web pages.


----------



## Rakiao (Feb 17, 2009)

ToeClaws said:


> ^ Echo!
> 
> You may also consider something called Hosts file blocking on your system:
> 
> ...



now thats useful, bookmarked for latter use


----------



## X (Feb 17, 2009)

if you want my suggestion get firefox.

get the no-script add on. (it will block flash unless you approve it running)

after that you can disable cookies if you think thats the cause.


----------



## Runefox (Feb 17, 2009)

Yeah, this sort of thing plagues Internet Explorer and all browsers based on it. It's swiss-cheesed, and you've been hit with what's called a "Drive-by Download" (TM), which IE will happily allow and even execute afterward (Safari has a similar "feature" (and they _are_ calling it a feature), but won't execute the file afterward).

Echoing the "use a different browser" option. Firefox, Opera, Safari, anything but IE (or anything that is based on IE, like Avant).


----------



## evegodenraven (Feb 17, 2009)

heres te thing,  use EI a lot because i can protect myself, but the virus i got from that pso-world.com (not logged on, the 2 tests where on the mag and weapon link on the site) messed up me a lot. it was a huge worm. i tried to remove the worm by finding the fake files in my system32 files (i made sure i deleted the right ones using google to see if the windows file popped up on a search) i was up to 37 files but i found out it was really huge so i tried looking up the virus itself to see if i can reverse the effect of the virus to send it back to the host. it was the Nort 360 virus(microsofts program, coded to be a virus) i never downloaded the file but i would get the pop up to download the file and some dragon explorer game and other things. anyways.

i got Malwarebtyes since the site recommended it and i did and it got rid of it. but i have a feeling something still hidding in my system32 files.

I tried to go onto firefox yesterday, but when i went to the site, it would do what my IE does, *can not open content, shutting down*

btw, i ment ad-aware =P
everyday i keep trying running more then one virus protector to see if something pops up or not, and i get nothing...


----------



## Runefox (Feb 17, 2009)

> heres te thing,  use EI a lot because i can protect myself


Anyone who uses IE has no way of protecting themselves from drive-by downloads except to completely limit their browsing habits, and even then the possibility exists that sites can be poisoned and/or hacked.



> Nort 360 virus(microsofts program, coded to be a virus)


... Microsoft has nothing to do with Norton, which is a Symantec product.



> everyday i keep trying running more then one virus protector to see if something pops up or not, and i get nothing...


You should only run a single virus scanner at any given point in time, otherwise you're going to run into major issues.

Your concept of protection is flawed. The easiest route for you to take at this point barring bringing your PC to a shop would be to reinstall Windows.


----------



## X (Feb 18, 2009)

im going to suggest something that toeclaws linked me to
http://www.majorgeeks.com/RemoveIT_Pro_d5205.html

it found 51 infected files in sys32 that no other anti-virus i had could see.


----------



## ToeClaws (Feb 18, 2009)

half-witted fur said:


> im going to suggest something that toeclaws linked me to
> http://www.majorgeeks.com/RemoveIT_Pro_d5205.html
> 
> it found 51 infected files in sys32 that no other anti-virus i had could see.



:shock: Holy crap dude.  That's more than I've ever seen with it.  Glad you tried it.


----------



## X (Feb 18, 2009)

ToeClaws said:


> :shock: Holy crap dude.  That's more than I've ever seen with it.  Glad you tried it.



apparently aim toolbar is a virus @_@

thanks for linking it for me in the first place, it actually fixed some of the stuff that was slowing down my cpu.


----------



## ToeClaws (Feb 18, 2009)

half-witted fur said:


> apparently aim toolbar is a virus @_@
> 
> thanks for linking it for me in the first place, it actually fixed some of the stuff that was slowing down my cpu.



Not surprised - the "toolbars" offered by AIM, Google, Yahoo and Ask are pretty intrusive technologies.  They often slip logs of what you're looking for or doing to the parent companies so that they can better target you with advertising and other services.  

No problem - glad it helped resolve some issues.  I've used it to save a number of boxes at work and for friends.


----------



## Aurali (Feb 18, 2009)

Runefox said:


> (Safari has a similar "feature" (and they _are_ calling it a feature), but won't execute the file afterward).



"It's not a bug! It's a feature!!!" 
Oh god I hate it when programmers try to tell me this..


----------

