Virus (new One?)
X_Stickman
Not good enough for a custom title. Join Date: 2003-04-15 Member: 15533Members, Constellation
Not good enough for a custom title. Join Date: 2003-04-15 Member: 15533Members, Constellation
in Off-Topic
<div class="IPBDescription">I never heard of anything like this...</div> So just a warning.
I made a post saying that i was having trouble on the forums (images not loading, things taking ages etc...). This started happening on all sites, and each time i refreshed it got worse and worse until every single link forwarded to some porn pop up site, which then gave me about 90 pop up ads and so on. after it did this, the cycle restarted (and for some reason set my homepage to "c:\windows\hp").
I ran adaware and AVG, and i found a few things, got rid of those and it seemed to stop. But, the next time i rebooted, i noticed (very, very quickly) a Dos Prompt running something, but then it was gone. Then the whole thing started again. I restarted again to check what it was and i saw "regedit" (i know, nasty) in the run thing. Me, being a total and complete nub, then deleted regedit because i didn't really know what it was (plus, after i found out, i also found that i don't really use it, ever).
The next time i restarted, the dos prompt came up again, but because regedit wasn't there, it just said "bad command or file name" and stayed there so i could read what it is. It's called "load" (not "loadqm"), and it's in windows. So i got rid of that, but now, i keep getting random pop ups, even if i'm not surfing (try fighting an onos, nearly winning, only to have NS minimised because of an "INCREASE YOUR ****!" advert).
So, i decided to format (i've wanted to try XP on here anyway). I told my mate in a PM on IRC what had been happening, and he has no idea what it was. But then, he asked me what an scf file was (i don't know, btw). I asked why, and apparantly i'd been trying to DCC him a file, but it wasn't me who was doing it. Must be this thing (i guess it's a trojan now... lol).
So anyway, just a warning to people. This thing didn't get picked up by any of my virus stuff/firewalls (tiny, avg, spybot, adaware etc), and it's trying to send itself to other people. It's probably not a new thing, but meh, it's the first time i've heard of anything like it, so do a search for "load" (it's an MS Dos Batch File). And i'll see ya's all again when i'm running XP
I made a post saying that i was having trouble on the forums (images not loading, things taking ages etc...). This started happening on all sites, and each time i refreshed it got worse and worse until every single link forwarded to some porn pop up site, which then gave me about 90 pop up ads and so on. after it did this, the cycle restarted (and for some reason set my homepage to "c:\windows\hp").
I ran adaware and AVG, and i found a few things, got rid of those and it seemed to stop. But, the next time i rebooted, i noticed (very, very quickly) a Dos Prompt running something, but then it was gone. Then the whole thing started again. I restarted again to check what it was and i saw "regedit" (i know, nasty) in the run thing. Me, being a total and complete nub, then deleted regedit because i didn't really know what it was (plus, after i found out, i also found that i don't really use it, ever).
The next time i restarted, the dos prompt came up again, but because regedit wasn't there, it just said "bad command or file name" and stayed there so i could read what it is. It's called "load" (not "loadqm"), and it's in windows. So i got rid of that, but now, i keep getting random pop ups, even if i'm not surfing (try fighting an onos, nearly winning, only to have NS minimised because of an "INCREASE YOUR ****!" advert).
So, i decided to format (i've wanted to try XP on here anyway). I told my mate in a PM on IRC what had been happening, and he has no idea what it was. But then, he asked me what an scf file was (i don't know, btw). I asked why, and apparantly i'd been trying to DCC him a file, but it wasn't me who was doing it. Must be this thing (i guess it's a trojan now... lol).
So anyway, just a warning to people. This thing didn't get picked up by any of my virus stuff/firewalls (tiny, avg, spybot, adaware etc), and it's trying to send itself to other people. It's probably not a new thing, but meh, it's the first time i've heard of anything like it, so do a search for "load" (it's an MS Dos Batch File). And i'll see ya's all again when i'm running XP
Comments
What is Loadqm anyway? I've got it on my computer and I can't figure out what it actually does....
[/nubquestion]
And also there is some sort of link going through mIRC i've heared.
When i was on Win98 (good times) I noticed
that LOADQM would appear in the back-ground if
I loaded MSN from the Programs bar. But if
I went to Hotmail.com, signed in and then waited for the
little MSN icon to appear in my systray I could sign-in
without LOADQM loading itself.
Eventualy i renamed it loadqm0001.exe and it seemed to
help (until MSN required updating).
Go to Google.com and type in "Spybot search and destroy"
it should point you to the Spybot homepage. Its a nice program
by Pepi MK software and is much better than AdaWare.
Who makes these things anyway; i only see two possiblities.
1) the compainies that make and sell popup and add blockers, they are making a market for thier product
2) people that just want to **** other people off
The "companies" that most of theese popups represent or are trying to sell for dont even exist! And if they did, why would they advertiste in the way of invasive spyware. Has anyone ever actully bought something you saw on a popup informing you on ways to "increase your size" or "improve your preformance?"
AVG Virus Scanner
Tiny Personal Firewall
AdAware
Spybot search and destroy.
Each time the pop up thing happened, i ran adaware and all the others, and they all found at least one thing, which i got rid of/healed etc... but then it just happened again. I tried running them twice, but after the first time, they didn't find anything new until the pop ups went mad again.
The pop ups range from porn, those f***ing annoying **** size growers, online shops, schools and so on.
The file was not "loadqm", it was simply called "load" and it sat in c:\windows. Given what happened to my computer with the pop ups, and then the DCC attempt (i only noticed the one to my friend, and only then because he told me about it. If i tried to DCC anyone in #natural-selection, i'm truly sorry), i'd assume it's either a clever virus or a trojan.
I hadn't downloaded anything out of the ordinary before this all started. Just the usual: patches, some teaser movies from games, some demos (and Half Life Demo movies) etc. I really don't know where i got this damn thing from.
No, but there's always some sex starved nerd out there who would try anything to get laid.
If have you XP I know there is a fix for it in the "How to get rid of Pop-Ups" thread. Not sure if that will your problem but it might.
If you don't have many files, do have a good cable connection, and do have alot of patience, then do what I did. Dump ALL of your files and reinstall windows, it's always nice to have a fresh start. (this would also give you a good chance to install XP if you have it but don't have it installed)
It sounds like a trojan that affected me. It would change my home page to a search engine every once in a while. It wasn't as malicious as yours, and it was a little less obvious, as well. Best to check it out.
I don't know how you were able to delete it regedit, either. It's a Windows program, it should be protected. You actually deleted it from the Windows directory, or just from Run?
Anyway, the problem's sorted now. I backed up what i needed, formatted, scanned all the files i backed up on the other computers, and i'm in the process of getting everything back now (and now i'm on XP).
Reminds of the stupid xupitertoolbar thing that was on my mothers computer. She couldn't get rid of it being the home page and it ran pop-up scripts all the time.
When you first go there, if you have anything installed it will go "WARNING! Such and such is installed on your PC"
Then it gives you a link to how to remove it.
Great stuff.