Jump to content

Worm attack

Aggressor

By Aggressor
in Computer Discussions

 Share

Recommended Posts

Aggressor Scout - 1st Class

Aggressor

Posted
Posted

hello all,

been away for a while with school work and stuff. but i need you help once again.

my roommate used my rig while i was away for two days and its been acting up ever since.

i ran an avg virus scan and it showed a virus called i worm bofra..which i moved to the virus vault and deleted.

but it keeps setting my home page to res://C:\WINDOWS\System32\shdoclc.dll/navcancl.htm

and everytime i try to access any sites using my rig...the ie window says that it is blocked due to spyware and that i need to click on the links to d/l one, plus the spelling of the message isnt that great "futrue".

i ran lavasoft adaware and deleted the stuff that came out on the scans...but i still cannot get the rig to work or use my original home page.

please help.

thanks,

Aggressor

Link to comment
Share on other sites
firefly2442 Ghost - 1st Class

firefly2442

Posted
Posted

I wouldn't use IE anymore, too many security holes. Try Firefox.

www.mozilla.org

Anyway, as for the worm, here's some more information on it.

http://securityresponse.symantec.com/avcen...bofra.e@mm.html

Since it's not spyware I doubt AdAware will pick it up although it might. Your best bet is to run antivirus and try to get ride of it. Do you have Norton or just AVG?

Link to comment
Share on other sites
Dannik Ghost - 1st Class

Dannik

Posted
Posted

Sounds like an altered hosts file.

Open C:\WINDOWS\system32\drivers\etc and look for a file called 'hosts' with no extension. Open it with a text editor, and see if it contains any lines other than:

127.0.0.1 localhost

Excluding lines with a # sign preceding them. If you find any other entries, they may be signs of infection.

Just one of many areas to check, but it's my gut telling me to look there first.

Link to comment
Share on other sites
Aggressor Scout - 1st Class

Aggressor

Posted
  • Author
Posted (edited)

hello all,

thanks for the replies.

symantec has a tool to remove the worm, which i tried, but it told me that i was not infected with the worm.

did another scan using avg 7.0 with the latest files as well as adaware, but nothing came up. there were a few entries in adaware and one of em said something like a possible browser hijack attempt.

Sounds like an altered hosts file.

Open C:\WINDOWS\system32\drivers\etc and look for a file called 'hosts' with no extension.  Open it with a text editor, and see if it contains any lines other than:

127.0.0.1       localhost

Excluding lines with a # sign preceding them.  If you find any other entries, they may be signs of infection.

Just one of many areas to check, but it's my gut telling me to look there first.

just checked that file Dannik, and there is nothing else in that file except for what you mentioned above.

i have my homepage set to blank in ie but it still shows this address res://C:\WINDOWS\System32\shdoclc.dll/navcancl.htm

i will try a system restore and d/l firefox from now on :D

if anyone else has any ideas, keep em coming

thanks again for the help :D

Edited by Aggressor
Link to comment
Share on other sites
larocket83 Scout - 2nd Class

larocket83

Posted
Posted
I wouldn't use IE anymore, too many security holes.  Try Firefox.

www.mozilla.org

Anyway, as for the worm, here's some more information on it.

http://securityresponse.symantec.com/avcen...bofra.e@mm.html

Since it's not spyware I doubt AdAware will pick it up although it might.  Your best bet is to run antivirus and try to get ride of it.  Do you have Norton or just AVG?

A friend of mine is at college, and all his buds told him to use it too. He thought, yeah, ie isnt that great, I'll try it. Within the first five minutes it crashed his computer.

Link to comment
Share on other sites
Aggressor Scout - 1st Class

Aggressor

Posted
  • Author
Posted

Update:

All seems well after the system restore. i d/l'ed the latest avg and lavasoft stuff and did scans, nothing came up.

firefox works great on my rig, loads pages faster than ie. the only little thing is that it does not work with the latest msn messenger (beta), ie opens up when you click the notification box regarding your emails.

Thanks again everyone :rocky:

Link to comment
Share on other sites
firefly2442 Ghost - 1st Class

firefly2442

Posted
Posted
I wouldn't use IE anymore, too many security holes.  Try Firefox.

www.mozilla.org

Anyway, as for the worm, here's some more information on it.

http://securityresponse.symantec.com/avcen...bofra.e@mm.html

Since it's not spyware I doubt AdAware will pick it up although it might.  Your best bet is to run antivirus and try to get ride of it.  Do you have Norton or just AVG?

A friend of mine is at college, and all his buds told him to use it too. He thought, yeah, ie isnt that great, I'll try it. Within the first five minutes it crashed his computer.

Wow, that sucks. That's the first time I've heard of someone having problems with it. :(

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

Ghost Recon Net Forums

The worlds longest running Ghost Recon Forums, believe it or not we have been running these forums since 2003 - which predates the official forums!

Quick Internal Links

Quick External Links

Contact Us

  • Contact Ghost Recon Net
    • ×
    ×
    • Create New...