Virus on DD's site

[willoe]

Hey guys I just want to warn all of you out there, I got a virus from DD site, so be careful.

Edited November 17, 2010 by willoe

[prayin4peace]

We got the virus on two machines at the office from don't promote other sites. I will attach the email sent to me by DD.

All,

I am posting this "TROJAN VIRUS FIX" for your computer that was put up by Breitling early this morning for any who were affected by the "VIRUS" yesterday that attacked MANY of our systems from an AD.

Before becoming too frustrated with the initial information shared in the "Breitling's Virus Review/Brushover" section of this post, please READ the "Breitling's Explanations/Instructions" section at the bottom. Things should start becoming more clear.

I posted this on don't promote other sites's Tidbits as well, and you can find the post and subsequent Breitling "comments" by clicking HERE.

BREITLING'S VIRUS "REVIEW/BRUSHOVER":

I had to fix a few things before posting this. I had to find that same virus load it and fix it again in order to bring this forward. I apologize it has taken me so long to get this post together.

- Here is the registration key. The key is : 1145-17884799-7733

- You may want to key that in if your PC is locked, and then you can do a system restore for before when the virus hit your PC

- If that does not work, you need to be able to to get into your registry and delete the files below

- I'm not saying this is easy for the avg person, but it will fix the problem. I suggest you key in the numbers and system restore first.

The virus is probably located in/under either of the .exe files listed below:

- pw.exe

- MSASCui.exe

Remove the following "Registry" entries:

HKEY_CLASSES_ROOT\pezfile

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*

HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*

HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*

HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

Remove the following vista guard files:

%UserProfile%\AppData\Local\pw.exe

%UserProfile%\AppData\Local\MSASCui.exe

%UserProfile%\Local Settings\Application Data\pw.exe

%UserProfile%\Local Settings\Application Data\MSASCui.exe

BREITLING'S EXPLANATIONS / INSTRUCTIONS:

How do you know if you have the virus?

The virus shows up as if it is scanning your PC for viruses. If you haven't noticed anything of note, then you did NOT receive it. It's VERY noticeable, and you wouldn't miss it.

Where do you enter the "Registration Key" shared above?

If you got hit with this thing, at the top right corner of the pop-up box it says "register", what you need to do is take and key in this number : 1145-17884799-7733

Disclaimer / Warning:

If you don't know how to do this then find someone who can. If you delete the wrong file, it can cause your windows to stop working properly. So, this is WARNING. I will not be held liable for any action you decide to take when deleting the files I've shared above. If you ONLY delete the files shared above, you're good. If you delete others accidentally, you may find you have additional system problems. Please get help if your not sure what to do. This explanation can really help those who are helping you however.

How do you locate your "Registry"?

1. Click the Start button

2. Click Run, and type REGEDIT.

3. Click OK.

4. In the Registry Editor, select the key you want, then look for and delete the the files entered IN BLUE above.

PO Box 728, Lehi, UT 84043, USA

I'm no computer genius, but I was able to clear both machines by using system restore. When I went to edit the REGISTRY, the evil files were already gone.

[financeminister]

Guess you should stay on this site where it's safe then

[pamela]

Should also be added the site is now safe.

[willoe]

Oh I'm always on this site, but sometimes here and there I check a couple others, but I just wanted to let you all know. God Bless!

[ThankAVet]

Old news. This problem was fixed yesterday.

For those who don't want to deal with messing around in their registry, download Spybot (free program) and run it. It'll detect this Trojan (three files) and will give you the opportunity to delete it after your system is scanned. I did this yesterday and the problem was resolved in the 20 minutes it took to scan my drives.

I've been using Spybot for 5 years now and scan my system once a week for adware and any other potential issues. I'm sure there are other similar programs that'll do the same thing for you.

[VIZIOIRAQI]

Old news. This problem was fixed yesterday.

For those who don't want to deal with messing around in their registry, download Spybot (free program) and run it. It'll detect this Trojan (three files) and will give you the opportunity to delete it after your system is scanned. I did this yesterday and the problem was resolved in the 20 minutes it took to scan my drives.

I've been using Spybot for 5 years now and scan my system once a week for adware and any other potential issues. I'm sure there are other similar programs that'll do the same thing for you.

Not old news for the people that got the Virus and didn't know !

[Pilgrim]

Get a Mac......problem solved

[JugDawg1]

Get a Mac......problem solved

Send me the money for one.......problem solved.

[wedanie]

Mac has viruses also! they are even more destructive. This comes from a Network Engineer person.

[SAG]

We got the virus on two machines at the office from don't promote other sites. I will attach the email sent to me by DD.

Do you have norton? It should have caught it. How did you notice it?

[ThankAVet]

Not old news for the people that got the Virus and didn't know !

You'd know it right away. It tricked the Security Center into telling you there were issues with your system. If you chose to do a scan, you'd be able to click to remove the malicious files. When you clicked the button, you were taken to a page to purchase the software. There were several messages that would pop up on a rotating basis, every minute or so. Very annoying, but it ddn't do any harm to your system.