Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

mistikotitatuipologisti

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

mistikotitatuipologisti

Unread postby tulip » May 19th, 2008, 7:44 am

I got a big problem I cant get onto the Internet anymore a annoying page is coming up saying its mistikotitatuipologisti.com and it does not let me connect to internet, I checked with AVG spyware but I cant get rid of it pls any help????
tulip
Active Member
 
Posts: 4
Joined: May 19th, 2008, 7:36 am
Advertisement
Register to Remove

Re: mistikotitatuipologisti

Unread postby ktreffin » May 24th, 2008, 3:47 pm

Hi Tulip, Welcome to the forums!Image

My name is Ken, on these forums I am known as ktreffin. I will be helping you with your current problem. Please note that I am still in training at Malware Removal University, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Please make an Uninstall List using HiJackThis.

To access the Uninstall Manager you would do the following:
    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.

Lastly, please keep these points in mind:
  • If you have questions, please DON'T hesitate to ask!
  • The instructions I give are specific to your current problem and should not be used on other systems.
  • Please post your replies only to this topic, and please DO NOT start a new thread.
  • Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"

Let me know if you have any problems.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: mistikotitatuipologisti

Unread postby tulip » May 26th, 2008, 6:25 am

Ken, thanks for you reply to my problem.
In meantime i managed to get rid of the annoying thing,,
I kept some sceenshots to give you a full idea of this annoying thing

Το malware MISTIKOTITATUIPOLOGISTI its probably one of the most difficult things, as it can not be catched by antivisus, antispam etc.It goes and makes a new job in task scheduler which is executed on preassigned times. As you are working a window is popping up which tells you about security problemThe reason why antivirus does not catch this is because this window is just a simple browserin the form of opo-upwithout any bars or buttons. Its not a virus bur the page which it takes you too has virus

Image
Image

A new window is opened, which tells you that your computer has a security problem relatively with personal information its doing a scan and a window opens (receiving archives the one you would say ok to if you wanted to download something to your computer, so its wants to download some program, even by pushing NO/INVALID this program continues to download somithing it AS IF YOU HAD SAY YES).
There is no adress type
http://www.????????.com etc only on the first window it mentions MistikotitaToyIpologisti
tulip
Active Member
 
Posts: 4
Joined: May 19th, 2008, 7:36 am

Re: mistikotitatuipologisti

Unread postby ktreffin » May 26th, 2008, 9:32 am

Hi Tulip,

Thanks for the screenshots, very interesting....I am a little confused. Did you get the problem resolved or are you still needing assistance?

Please let me know if you still need help. Thanks.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: mistikotitatuipologisti

Unread postby tulip » May 28th, 2008, 5:45 am

The annoying page is not popping up any more the only problem I still have is that when I want to save a link to my pc or a picture ( with right click) it takes much too long for them to save on my computer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:23 μμ, on 26/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\unsecapp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AE40EBA0-2D49-48C9-BA8D-E9F046240F5F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [JMB36X Configure] C:\Windows\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B50541AD-B6E7-497F-B659-2D85893ED153}: NameServer = 194.219.227.2,193.92.150.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MDServ - formessengers.com - C:\Program Files\Messenger Detect\MDServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Net Monitor for Employees Agent (NMEmployeesAgent) - Unknown owner - C:\Windows\system32\nlnme\NLSAgentSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - G:\games\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Ubersoldier 2 Drivers Auto Removal (pr2anmue) (pr2anmue) - City Interactive Sp z o.o. - C:\Windows\system32\pr2anmue.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8393 bytes

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
737 Pilot in Command (FSX)
777 'The Modern Airliner Collection'
ACDSee Pro 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
Aerosoft's - Flight Tales I
aerosoft's - German Airports 2 - Dortmund X
aerosoft's - Lukla X - Mount Everest Mission
Aerosoft's - Mega Airport Budapest
aerosoft's - Mission Legacy 1 - FSX
aerosoft's - Venice X
AGEIA PhysX v8.01.18
Airbus Series Vol.1 (FS X)
Anti-Leech Plugin for Mozilla, Opera, Netscape
Ashampoo ClipFisher 1.04
Assassin's Creed
avast! Antivirus
AVG Anti-Spyware 7.5
Battlefield 2(TM)
Boeing B737NG Deluxe
Bytescout Watermarking 1.01a
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Conflict Denied Ops
ConvertXtoDVD 2.1.14.223
CrazyTalk v5.0 PRO
Creative System Information
Creative ZEN
CRIMES of WAR
CuteFTP 8 Professional
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
Easy GIF Animator 4.6 Pro
E-jets Virtual : Embraer 170 FSX
E-jets Virtual : Embraer 175 FSX
E-jets Virtual : Embraer 190 FSX
E-jets Virtual : Embraer 195 FSX
eTax2008
EuroRoute 2008
Firebird SQL Server - MAGIX Edition 2.0.0.1 (US)
Firefox Windows Media Player XPI
Flash Intro and Banner Maker 2.0.85
Flight One Software FSAvidyne
FLV Player 1.3.3
Fly The Heavies for FSX
Football Manager 2008
Frontline: Fields of Thunder
Frontlines: Fuel of War
FSX Missions - A321 Lufthansa
Futuremark SystemInfo
GameShadow
GameSpy Arcade
GetSmile v1.901
GoodOk Video Converter Gold 4.7
Google Earth
Hawaii Oahu
HijackThis 2.0.2
Hour of Victory Multi 6
Hoyle Board Games 2007
Hoyle Card Games 2007
Hoyle Casino 2007
Hoyle Puzzle Games 2007
Image Grabber II
ImgBurn (Remove Only)
IsoBuster 2.1
iTunes
IvAe v0.8.7 (b263)
IvAp v1.9.2 (build 1959)
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
JRAID
K-Lite Mega Codec Pack 3.5.7
Legacy 'The Luxury Aircraft Collection'
LG GSM PC Components
LightScribe Applications
LimeWire PRO 4.16.0
Logitech Gaming Software
Lost Via Domus
Mahjongg Investigations
Medal of Honor Airborne
Messenger Detect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X: Acceleration
Microsoft Flight Simulator X: Acceleration
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (Greek) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Greek) 2007
Microsoft Office Groove MUI (Greek) 2007
Microsoft Office InfoPath MUI (Greek) 2007
Microsoft Office OneNote MUI (Greek) 2007
Microsoft Office Outlook MUI (Greek) 2007
Microsoft Office PowerPoint MUI (Greek) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proofing (Greek) 2007
Microsoft Office Publisher MUI (Greek) 2007
Microsoft Office Shared MUI (Greek) 2007
Microsoft Office Word MUI (Greek) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
MSI Live Update 3
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 Parser and SDK
Nero 8
Nero PhotoShow Express 5
neroxml
NVIDIA Drivers
OpenAL
OpenOffice.org Installer 1.0
Overclocked
Perfect Flightware V1.0X
PHPMaker 5.0.1
PowerDVD
PowerISO
QuickTime
Right Click Image Converter
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Visio 2007 (KB947590)
Sky Simulations - MD-11 for FSX - N537JB
Sky Simulations - MD-11 SP1 for FSX - N537JB
SmartFTP Client 2.5 Setup Files (remove only)
Tag&Rename 3.3.5
TeamSpeak 2 RC2
The Chronicles of Narnia - Prince Caspian
The Spiderwick Chronicles
TimeShift
Tom Clancy's Ghost Recon Advanced Warfighter® 2
Tom Clancy's Rainbow Six Vegas
Trendyflash Site Builder
Trojan Remover 6.6.9
Turning Point - Fall of Liberty
Turning Point - Fall of Liberty
Turok
Unreal Tournament 3
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
USB Remote NDIS Network Device
Veoh Player
Video Edit Magic 4
Vista Manager
VP3 Codec Version 3.2.6.1
Webshots Desktop
WinAVI Video Converter
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Writer
Windows Media Player Firefox Plugin
WinPcap 4.0.2
WinRAR 3.70 beta2 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων
ZENcast Organizer
Βοηθός εισόδου του Windows Live
Συλλογή φωτογραφιών του Windows Live
tulip
Active Member
 
Posts: 4
Joined: May 19th, 2008, 7:36 am

Re: mistikotitatuipologisti

Unread postby ktreffin » May 30th, 2008, 4:51 pm

Hi Tulip,

Before we begin, I need to find out some additional information from you. In your log you have an entry for OverSpy. Did you install this program?

I also see signs of some type of a commercial monitoring program, and also a messenger program used to record all instant messenger chat conversations.

Are you using this system for commercial (business) purposes? Please let me know if you are familiar with any of these programs so we can proceed. Thanks.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: mistikotitatuipologisti

Unread postby tulip » June 2nd, 2008, 3:34 am

Thanks for quick reply

Overspy is unknown to me I did not install this

For messenger I use google talk but messenger program used to record all
instant messenger chat conversations, as far as I know I did not install something like this, and so im not familar with these programs,

In google talk I know that I can re check my message, bur maybe this was a built in program with google talk,
tulip
Active Member
 
Posts: 4
Joined: May 19th, 2008, 7:36 am

Re: mistikotitatuipologisti

Unread postby ktreffin » June 3rd, 2008, 3:19 pm

Hi Tulip,

I'm afraid I have unpleasant news for you. You have a Very Dangerous infection on this machine.
The infection is delivered by OverSpy.
It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.

We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The Decision Whether to ReFormat or Not should be based on:
  • The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
  • The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect. IN THIS CASE we have a <ENTER TYPE>, the worst kind.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: mistikotitatuipologisti

Unread postby ktreffin » June 6th, 2008, 11:06 am

Hello

THREE DAY BUMP!

It has been three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Please let me know if there are any problems. Thanks!

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: mistikotitatuipologisti

Unread postby NonSuch » June 11th, 2008, 2:10 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware