Re: After i go to this Web Sit i have many virus he instal he want without permission ! its very Dangerous ! Plz Help

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 04/14/04 

Date: Tue, 13 Apr 2004 22:28:07 -0400

4/13/2004 10:25:05 PM Deleted DLIPMAN-1\lipman D:\temp\IE6\Temporary Internet
Files\Content.IE5\Z0WFDAGD\popupnew[1].htm Exploit-MhtRedir.gen

Exploit-MhtRedir.gen

http://vil.nai.com/vil/content/v_101170.htm - MS Vulnerabilities MS04-011 - 014

Dave

"Fraizer" <NOfraizerfrSPAM@yahoo.fr> wrote in message
news:407c7030$0$20165$636a15ce@news.free.fr...
| hello all
|
|
|
| - After i go to this F****** Web site http://www.appzplanet.com/ i have this
| ViruS:
|
|
| Under Kaspersky Anti-Virus 4.5.0.95 -> "TrojanDropper.Win32.Bridge" AND
| Under The Cleaner Pro 4.1 build 4252 -> (ABetterInternet) Type: Browser
| Hijacker
| ----------------------------------------------------------------------------
| ----------------------------------------------------------------------------
| --
| C:\Program Files\Internet Explorer\setup.exe
|
|
|
| Under Kaspersky Anti-Virus 4.5.0.95 -> "TrojanSpy.Win32.e" AND Under The
| Cleaner Pro 4.1 build 4252 -> (ABetterInternet) Type: Browser Hijacker
| ----------------------------------------------------------------------------
| ---------------------------------------------------------------------
| C:\WINDOWS\system32\a.exe (in file proprieties i have this version : 1, 0,
| 0, 1)
|
|
|
| Under Kaspersky Anti-Virus 4.5.0.95 -> "TrojanDownloader.Win32.Bridge" AND
| Under The Cleaner Pro 4.1 build 4252 -> (ABetterInternet) Type: Browser
| Hijacker
| ----------------------------------------------------------------------------
| ----------------------------------------------------------------------------
| -----
| C:\WINDOWS\system32\bridge.dll (in file proprieties i have this version :
| 1, 0, 0, 116 and description : bridge Module)
|
|
| After i erase all this files
|
|
|
| - And this web sit put me a file (ActiveX Controle) like this
| {1000000000-1000-0000-1000-000000000000} in the Internet proprieties->
| General -> Temoprary Internet Files After click on Config and click on
| Display Object u have this window : C:\WINDOWS\Downloaded Program Files\ and
| u see this file (ActiveX) {1000000000-1000-0000-1000-000000000000} withe
| other normals Files like : Update Class; Shockwave Flash Obkect; Office
| Update Installation Engine... he execute this : file://C:\Program
| Files\Internet Explorer\setup.exe
|
|
| - And i see he install me a program (i see in Add/uninstall Programs) the
| name : "Bridge" (Maybe he install me another think :( )
|
|
| - and he put me if i remeber (because i erase) a Rundll/bridge.dll or
| somthink like this...
|
|
| + After i erase all this files i do a Scan with Ad-aware 6.0 and i have this
| log file : (i earase all)
|
| WINFAVORITES
| ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
| obj[0]=RegKey : Bridge.brdg
| obj[1]=RegKey : Bridge.brdg.1
| obj[2]=RegKey : CLSID\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
| obj[3]=RegKey : TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0}
| obj[4]=RegKey : Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
|
|
|
|
| PLEASE help me :( (i format all my computer and install again and i have the
| same problem)
|
| sorry if my english is poor. :(
|
|
|
|
| PS: When i go to this link : http://www.appzplanet.com/ the first time he
| open a porno popup AND another window but this time He Ask Me if i accept a
| certificat if i remeber but i dont clik on Yes or No i just closed the
| window... and i see i have this problem i clean all like this and after i
| check my system because i dont undstand why.. i think its files after i run
| it but no and now i try many think i go again in the web sit and I Have The
| Same Problems.. Now i Knwo But in the Seconde Time when i go i have little
| Difference ! -> He just open a porno popups But he Dont ask me for the
| certificat... (if i closed the Certificat mean yes or what ??? what i do to
| have again ask me for certificat ??). [I IDENTIFY THIS ITS FOR SHOKWAVE
| PLAYER BECAUSE THIS F*** WEB SITE WANT THIS TO RUN A Bandau publicity...]
|
|
| PS2: I dont know if for another web sit i have this same problems.. i afraid
| to go :(
|
|
| PS3: when i tell you this : """"(Maybe he install me another think :( )""" i
| found this in Add/uninstall Programs ""Internet Explorer Q832894"" i dont
| know if its official or not... but i go in windows update to chek if i
| download this in my hitorical download and i see nothink when i search withe
| this name "Q832894" in the window and i try to uninstall but he dont want he
| tell "INF File Invalid" (in Add/uninstall Programs) (Note: i dont tell this
| its not normal i just tell u all i see to help :( )
|
|
| PS4: when i right this msg i see 7 critycals updates (3.6 mo..) in windows
| update since this morning to know :) 7 since 12 Hours... buged xp OS tsss...
|
|
| PS5: !! --> i just try with another computer with Windows XP pro Too and i
| have exactly the same problem !!!!!!! he install me the same files same
| registery etc... !!! all same !!! its the Web sit this Fu*** (sorry) web sit
| ! He Ask You Nothink ! He install without confirmation ! u have juste to go
| to the web sit and he do all without you now !
|
|
|
|
|
|
|

Relevant Pages
Loading