a new fucking virus wants to fuck all of us

[WidowSEXplorer]

I found that virus yesterday. What is this Virus doing:
1. It changes the links on the pages you are opening with IE. The links are leading to "http://thesten.com/main/k.php?key=FETISH". It changes the category acording to the page content.
2. Chanes your main page and search pages.
3. Changes your host file.
4. Downloads thefolowing files from internet:
iedll.exe
loader.exe
DNSerr.exe

I found a similar virus on spermatrix.com
What I've done to remove teh virus:
1. First search the regestry for "thesten" and delete all the entryes I found.
2. Delete this 3 files I mentioned.
3. Then downloaded this software.
http://www.spywareinfo.com/~merijn/f...hijackthis.zip
!!!IMPORTANT. Do not fix everything the software finds. Just the host files and if there is iedll.exe,loader.exe or DNSerr.exe runned. If you remove everything then you must reinstall it.

[goBigtime]

not if you're running mozilla firebird it doesn't

[jeroman]

adaware pro takes care of similar stuff like this

[goBigtime]

and while you're at it, why don't you replace that exploit prone MS outlook with mozilla thunderbird .

[WidowSEXplorer]

The problem is that I din't catch the virus trough the e-mail. It is a web based virus and it infects the serfers from a webpage.

[WidowSEXplorer]

do you remember this virus ththrous popups when you have sextracker? The new one is worst because it will still your traffic. Imagine that infected surfer goes to your webpage. This virus changes the link on your page and when the surfer clicks on your page it goes to http://thesten.com or another page but not to your traders or galleries. I think this can become a serious problem for all of us.

[buzzard]

praise jebus

[MattO]

you need Mozilla Pterodactyl

[Spice]

WOW, I got the same exact thing here. It scared the shit outta me at first seeing half of my links going to thesten.com. I thought that someone hacked my server. After refreshing, it went away. I think that I'd better run my adware program to make sure that it's gone. I do have Norton Net Security 2004, but sometimes when I'm looking at pages, it doesn't display all of the images, so I disable it to view them.

[Spice]

I'd bet that the owner of that domain has something to do with it ;(

[TheViper]

iedll.exe is a nasty fucker for sure, if you remove it by hand it installs itself again after a few minutes or on boot up.

[Gemini]

Email his host and get his plug pulled and then as he moves from host to host... follow his b*tt and tell each host. lol Amazing how fast they take them down when they see it for themselves. If the host doesn't respond, step up the food chain to the upstream provider.

[WidowSEXplorer]

Spice

It can't just gone and there is no antivirus for this shit because it's "handmade". The antivirus companies does not even know about it but it will be to late when they learn about it. Spermatrix is site with about 200k traffic daily. Can you imagine howmany people get infected. Probably 100 000 everyday.

[Seb From Holland]

Just make your host file read only.

[jacker]

My buddy got hit at home...he managed to find the files and delete them but it really messed his PC up. Thanks for the info re: cleaning the bug out.

Cheers
James

[pudcat]

Quote:

Originally posted by goBigtime
and while you're at it, why don't you replace that exploit prone MS outlook with mozilla thunderbird .

while you're at it... try Linux, bsd macosx or whatever... it's amazing how little you need to be worried about viruses, crashes, the computer going super slow for no particular reason... and your work might even speed up a little

[WidowSEXplorer]

The problem is not in the host file and not even in my computer. The problem is with the thousands of clicks that this motherfucker will still from all of us.

[loverboy]

im well protected w/ Windows XP ICF