WARNING - Intelligent Explorer Virus

12/7/03 | TC

[Tumbleweed_Connection]

I sat dont at my station over an hour ago and responded to an Explorer upgrade option without thinking.

This ISN'T a normal option, it was simply a pop-up. Without thinking I responded to upgrade and downloaded a nightmare.

I have yet to break this.

It consists of an additional bar which creates a new home page, http://find.intelius.com with files I've deleted in addition to wwd.ieplugin[1] - and proceeds to iniate infinite pop-ups of EVERY type out of http://www.n-case.com.

ANYTHING internet related will be tattooed with the new bar. View - Toolbars - Intelligent Explorer" will eliminate the bar from your current page but each new one you bring up will require you to go through the process of removing it again.

[suzyq5558]

have you tried ad ware? i accidently DLed hotbar and my life turned into pop up hell. i was told about ad ware and its been great.

[boycott]

AdAware - I picked up viruses every time I did an AdAware scan.

ZoneAlarm - Too many crashes for me with the ZoneAlarm.

Just my personal experiences.

[general_re]

I just tried installing Firebird and it doesn't really "Install", it just downloads the files to use and you make your own icons.

Yeah, Firebird is still pretty raw in a lot of ways, which is probably why there's no nice installer package yet. That's why I would say stick with Mozilla for the near future, for most people. But feel free to play with it if you get it up and running - the Firebird team can always use people reporting issues and bugs, if you feel like contributing a bit.

The user interface though seems so "bland" for lack of better words and the there seem to be no skins designed for it yet.

The Netscape Theme Park has been defunct for some time now, but there are skins for NS 7.0/7.1 - you can get them from the mozdev theme collection, which has themes for Mozilla, Netscape, and Firebird. Just make sure to check the compatibility before trying to install a theme - make sure that the theme you want is compatible with the browser and version you're running. Trying to install themes on browsers not listed as compatible is likely to A) cause problems, or; B) simply not work at all.

[Styria]

If the pages it pops up are all on the same site, and a lot of people have the virus, it must be awful on their bandwidth.

[Tumbleweed_Connection]

Just ran the scan a second time and it I'm no better off. Still have the additional bar as well as the pop-ups. Everything I manually removed is still gone, I doubt if deleting IE6 would do me any good. My best be would be another browser which isn't IE based, but I lose all of my IE files.

[A CA Guy]

That is a startpage virus perhaps. Look it up on google or do a computer search for viruses with housecall when you ca.

It's a free virus search frm the net.
Often can remove the virus for you as well.

[COEXERJ145]

There is something odd going on lately on several forums that I'm also a member of. We're getting a ton of very weird popups. Some are just annoying as heck (full screen needing Alt-F4 to close) and others do what is being described here. No one knows where they're coming from and it is becoming a serious pain.

The popups aren't being caused by spyware as it does it to me whether I've dual booted to Windows 2000 or Windows XP. I've run every known anti-spyware program and found nothing. Thankfully it hasn't FUBARed my computer yet but a lot of other people haven't been as lucky.

[Tumbleweed_Connection]

I just realized whith this disease one cannot leave open sites on their computer over night... You will return with an infinite number of pop-ups.

[A CA Guy]

I picked up a free pop-up add blocker that works 100% for me so far. Haven't seen an ad in weeks.

Do a google search and you can get it if you wish.

[Richard Kimball]

Unfortunately, the system no longer considers it a virus. Because you gave permission, the system considers it an installed program. It won't turn up in a virus search anymore than Word would.

Since it is a program, have you tried looking in the installed programs to see if you can uninstall it?

I've seen some pretty tricky stuff done by these guys. I even had a popup which told me it needed to install a program and had no options but OK and even had the close dialog X box in the upper right hand corner greyed. I ctl-alt-deleted out of it.

[Reagan Man]

bump

[Wacka]

Simple solution- use a Mac!

[hmmmmm]

When I was on Drudge's site earlier this evening I was getting a continuous pop-up offering this "upgrade". I finally noticed that it's caused by a banner ad at the top of Drudge's page. It said something about mousing over this particular line of text to download. It looked exactly like something IE related. Needless to say, I was irritated enough by this that I won't be visiting the Drudge Report anytime soon.

[Steve Van Doorn]

bump for a latter time

[Concerned]

I had a new Trojan Horse attempt at 9:49 P.M. CST from 66.76.100.241 : 2060, but I didn't get the name of it written down. It had something like "Net" in the name of it.

My Norton Utilities Visual Tracking hasn't been working correctly the last several days and has just been blank when I have attempted to get info about attackers.

Unfortunately, I "downloaded" the Sunday night updates, but fortunately, I did NOT "install" them. How can I get the "downloaded" files off my computer? Anybody know?

Also, I have had SpyBot for a while, but got lax in running it at the beginning of EVERY SINGLE TIME I got online. However, I try not to even be PHYSICALLY connected to the internet when rebooting because of problems I have had with attackers completely taking over my rebooted computer with the reboot. I COMPLETELY lost control over my own computer because of attackers and deceptive SPAM email which tricked me to believing it was a legitimate email from someone I knew.

Now, I actually PHYSICALLY DISCONNECT the cable going into my computer and put my Motorola Surfboard cable modem on "standby," and then rehook and turn on after FULLY rebooted. It is a PAIN to have to do so, but until I "downloaded" the stuff Sunday night, it was working well.

Recently, I started getting a FEW RED (checked) items on SpyBot to delete, but I now also have a TON on BLUE things like Registry Key (if I'm recalling correctly from memory), etc. Should I go ahead and delete the BLUE items? I have NEVER had it come up with BLUE things listed before---only RED ones.

BTW, a while back, I bought (but have not installed yet) a "NetGear FM114P 11Mbps Cable/DSL ProSafe 802.11b Wireless Firewall with 4-port 10/100 Mbps switch with Print Server." Would that solve the almost CONSTANT attempted attacks which I have to keep confirming I want blocked?

[Concerned]

I was trying to post the following to all previous posters to this thread, but for some reason, the others didn't show up in my "To" section.

Please see:
http://www.freerepublic.com/focus/f-news/1035915/posts?page=55#55

Thanks!

(TO: Tumbleweed_Connection, ImaGraftedBranch, GummyIII, visualops, 11th Earl of Mar, Indie, mhking, chilepepper, martin_fierro, Jeff Gordon, witnesstothefall, Holly_P, commish, Vision, Petronski, matrix2225, arasina, TheBattman, Free Trapper, righthand man, pctech, ChadGore, Ronin, general_re, Yohan, Danette, Happy2BMe, orbitboy, EUPHORIC, Mixer, blowfish, MeneMeneTekelUpharsin, steplock, suzyq5558, boycott, Styria, A CA Guy, COEXERJ145, Richard Kimball)

[Hawkeye's Girl]

Should I go ahead and delete the BLUE items?

YES! You must delete everything Spybot finds. The blue ones are messing with your registry.

[Cultural Jihad]

You have to use semicolons ; between email recipients rather than commas , as you had done.

[Stop Legal Plunder]

Any suggestions?

Get a Mac.

[philetus]

Bummer. I never get any of those.