Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5659
  • Last Modified:

What the hell: Warning you visited an illegal Pedo site

Hello I was browsing some sites earlier today and I got a message from norton antivirus which said malicous script is trying to execute so I cancelled it from executing. However for some reason now

A browser opens with a message "Warning you visited an illegal Pedo site" every five minutes (address = http://81.211.105.49/)
and My homepage keeps changing to http://freednshost.info/ even if I change it back to yahoo

I think a virus has been installed

Can anyone tell me how to fix this?
0
auk_ie
Asked:
auk_ie
  • 12
  • 5
  • 5
  • +4
3 Solutions
 
Fatal_ExceptionCommented:
You have dnloaded some spyware onto your system...

Spyware/Adware removal tools
------------------------------

What is spyware : http://www.spychecker.com/spyware.html

SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml 

Ad-aware : http://www.webattack.com/download/dladaware.shtml 

You may also want to ck your Host file for anything that is not:   localhost  127.0.0.1

FE
0
 
Christopher McKayCommented:
Hi auk_ie,
It sounds as if your browser has been hijacked, I recommend using this to correct the problem:
CWShredder: http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

(Please note, you may have to run it more than once to get everything completely cleaned out.)

Hope this helps!

:o)

Bartender_1
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
sunray_2003Commented:
Check these registry entries

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\SearchURL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant
HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar


and remove http://freednshost.info/  if present
0
 
Fatal_ExceptionCommented:
You can also try these if the above does not work:

CWShredder (hijack removal):  http://www.spywareinfo.com/~merijn/downloads.html

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml 
0
 
sunray_2003Commented:
Forgot to mention .. after installing and before running these tools , update them all
0
 
Fatal_ExceptionCommented:
Boy did this thread get hammered quickly..!!   :)

FE
0
 
sunray_2003Commented:
Fatal_Exception,
> Boy did this thread get hammered quickly..!!   :)

Sure aslong as I am free today.. LOL !

got to help my friend here on his thesis work so wont be much active for next 30 mins.... I know you will rock
0
 
Fatal_ExceptionCommented:
*grin*
0
 
sunray_2003Commented:
FYI, SB is on vacation and is coming back tonite.. Cant do much from tomm tho.....
0
 
Fatal_ExceptionCommented:
Wondered where he has been lately...   Good to hear someone gets to take vacations..
0
 
auk_ieAuthor Commented:
I tried SpyBot-S&D, but it didn't work. There has to be some exe most likely running as a service that periodically

opens a browser
creates links on my desktop
and set a new homepage for me

Is there no way I can manually find and remove this

Should I just keep trying the spy utils. That sounds like a bit of a hit and hope idea
0
 
Fatal_ExceptionCommented:
It is probably in your Host file..

Look in this folder:

c:\windows\system32\drivers\etc

Open the host file with Notepad...  Then delete any and all entries BUT the localhost reference to 127.0.0.1

FE
0
 
auk_ieAuthor Commented:
What is the Host File? Whats it called?
0
 
Fatal_ExceptionCommented:
If you go to the folder I mentioned.. you will find host there..  You can also open Notepad and then File > Open and navigate to that location and open it..  

It could be that the attributes have been turned on too..  In this case, open Explorer and then Tools > Folder Options > View tab..  select to Show Hidden Files and Folders..

FE
0
 
Fatal_ExceptionCommented:
BTW:  the host file helps with name resolution..  here is a link to provide more understanding of the host file..

The short answer is that the Hosts file is like an address book. When you type an address like www.yahoo.com into your browser, the Hosts file is consulted to see if you have the IP address, or "telephone number," for that site. If you do, then your computer will "call it" and the site will open. If not, your computer will ask your ISP's (internet service provider) computer for the phone number before it can "call" that site. Most of the time, you do not have addresses in your "address book," because you have not put any there. Therefore, most of the time your computer asks for the IP address from your ISP to find sites.

http://www.accs-net.com/hosts/what_is_hosts.html
0
 
auk_ieAuthor Commented:
Yeah I opened the host file, There was a whole lot of crap I didn't recognise. So I deleted it all, then that stupid spy program executed again and threw all this in to the host file

213.159.118.226 1-se.com
213.159.118.226 58q.com
213.159.118.226 aifind.cc
213.159.118.226 aifind.info
213.159.118.226 allneedsearch.com
213.159.118.226 approvedlinks.com
213.159.118.226 auto.ie.searchforge.com
213.159.118.226 awebfind.biz
213.159.118.226 best.royalsearch.net
213.159.118.226 cracks.am
213.159.118.226 default-homepage-network.com
213.159.118.226 find.microgirls.com
213.159.118.226 find4u.net
213.159.118.226 freshvideogals.com
213.159.118.226 i-lookup.com
213.159.118.226 ie-search.com
213.159.118.226 in.webcounter.cc
213.159.118.226 itseasy.us
213.159.118.226 just.find-itnow.com
213.159.118.226 link.startmake.com
213.159.118.226 mysearchnow.com
213.159.118.226 nativehardcore.com
213.159.118.226 qwertysearch123.biz
213.159.118.226 search.ieplugin.com
213.159.118.226 search.psn.cn
213.159.118.226 searchbar.findthewebsiteyouneed.com
213.159.118.226 searchcentrix.com
213.159.118.226 searchmyrequest.com
213.159.118.226 super-spider.com
213.159.118.226 t.rack.cc
213.159.118.226 teen-biz.com
213.159.118.226 teenhqpics.com
213.159.118.226 tits.hardcore4ever.net
213.159.118.226 webcoolsearch.com
213.159.118.226 wmmse.com
213.159.118.226 www.008i.com
213.159.118.226 www.2fastsearch.net
213.159.118.226 www.8095.com
213.159.118.226 www.alfa-search.com
213.159.118.226 www.boredlife.com
213.159.118.226 www.couldnotfind.com
213.159.118.226 www.cracks.am
213.159.118.226 www.daum.net
213.159.118.226 www.dreamwiz.com
213.159.118.226 www.find-itnow.com
213.159.118.226 www.find-itnow.com
213.159.118.226 www.find4u.net
213.159.118.226 www.firstbookmark.com
213.159.118.226 www.gajai.com
213.159.118.226 www.hand-book.com
213.159.118.226 www.hao123.com
213.159.118.226 www.hotsearchbox.com
213.159.118.226 www.hotwebsearch.com
213.159.118.226 www.hugesearch.net
213.159.118.226 www.iquicksearch.com
213.159.118.226 www.lookfor.cc
213.159.118.226 www.maxxxhosters.com
213.159.118.226 www.naver.com
213.159.118.226 www.nkvd.us
213.159.118.226 www.novafuck.com
213.159.118.226 www.ohcorea.com
213.159.118.226 www.omega-search.com
213.159.118.226 www.onet.pl
213.159.118.226 www.power-search.info
213.159.118.226 www.rightfinder.net
213.159.118.226 www.search-1.net
213.159.118.226 www.search-and-go.com
213.159.118.226 www.search-dot.com
213.159.118.226 www.search-space.com
213.159.118.226 www.searchforge.com
213.159.118.226 www.searching-the-net.com
213.159.118.226 www.searchv.com
213.159.118.226 www.searchxl.com
213.159.118.226 www.seznam.cz
213.159.118.226 www.slotch.com
213.159.118.226 www.spidersearch.com
213.159.118.226 www.startium.com
213.159.118.226 www.therealsearch.com
213.159.118.226 www.ttjj.com
213.159.118.226 www.viewpornkey.com
213.159.118.226 www.wazzupnet.com
213.159.118.226 www.websearch.com
213.159.118.226 www.windowws.cc
213.159.118.226 www.xgmm.com
213.159.118.226 xwebsearch.biz
213.159.118.226 yourbookmarks.ws
0
 
LeeTutorretiredCommented:
You say you tried SpyBot Search & Destroy.  I would also try LavaSoft AdAware.  I use both on all three of the Windows versions I multiboot (98, ME, and XP Pro.)  What one tool misses, the other catches.  And make sure you have downloaded the latest data updates with both programs.  Also try CWShredder...
0
 
Fatal_ExceptionCommented:
Yep.. you have definitely been hijacked...  

CWShredder (above) should kill this for you..  If not, then dnload and run Hijackthis (also above) and post the results here..  we will try to sort this out for you..

FE
0
 
Fatal_ExceptionCommented:
One more thing..  you might try running the Anti-Spyware program in Safe mode..  It helps if nothing is loaded when it is executing..

FE
0
 
auk_ieAuthor Commented:
Hello I also tried Ad-aware : http://www.webattack.com/download/dladaware.shtml but with no luck

However, I did make some process, I found a process called rundll.exe and terminated it. Now That stupid web page doesn't appear every 5 minutes or so, the favaourites and shortcuts are not created etc.

Still though, Whenever I change my home page settings they change back to http://81.211.105.49/.

Before I terminated the process rundll.exe it used to change to http://freednshost.info/

Anyway I'll try CWShredder now
0
 
Fatal_ExceptionCommented:
yes.. try shredder..  but make sure you turn off everything in the startup menu..  Use msconfig to do this (Start > Run > msconfig)

Or boot to safe mode to kill it..

FE
0
 
Fatal_ExceptionCommented:
Thanks..  and Happy Easter..

FE
0
 
auk_ieAuthor Commented:
You to
0
 
sgt1035Commented:
'Grokster' is known to considerably slow a systemdown causing many programs toeventually crash. It also is known to change your network & internet connections.

Pest Patrol is terrific at handling this and most other 'Pests'. I usually run it after AdAware & Spybot.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 12
  • 5
  • 5
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now