Can any one help virus question

HentaiRulez

Member
Feb 10, 2009
38
0
Hey guys if im asking in the wrong place i apologise but im hoping someone can help recently ive been getting a virus from different websites and these arnt even bad websites what happens is for some reason adobe reader loads up thats how i know that the virus is starting i hear the pop up sound and it starts one of those your computer may be infected with spyware press here to scan blah blah blah i can get rid of them with malewarebytes but i want to stop it happening in the first place down the corner it says i have Antivirus.NET and BankerFoxA has anyone had this happen to them id appreciate any help

Im on XP btw

thanks
 

isityours

People don't dance no mo'
Sep 27, 2008
2,886
4,135
it is likely this is being caused by a buffer overflow attack. malicious user utilise this flaw to install programs like
first, (im not even sure why you have it installed in the first place), uninstall adobe reader. please use an uninstaller to do this (revo uninstaller for example), scan and remove any leftover files/folders. reboot into safe mode with networking. next dl/update MBAM and run a quick scan. remove any infected items, reboot again into safe mode with networking. next dl superantispyware and repeat (disable realtime protection). reboot into windows normally and run a virus scan with your RT scanner. (which AV are you using?) i recommend avast 5 as it also has a boot time scanner. it takes a while but is thorough.

"bankerfoxa removal tool" (should be run in safe mode). this is 'spyware doctor' btw
ttp://www.2-spyware.com/remove-bankerfox-a.html

dl ccleaner slim and remove junk files. then, run a registry clean (save registry backup file before running).

if you are still unsure, try scanning with spybot S&D (but dont install tea-timer).

once you feel sure everything has been removed, dl and install the latest stable version of firefox and add-on:

noscript
adblock plus
ghostery
better privacy
trackmenot
WOT

consider upgrading to a third-party firewall (comodo/zonealarm etc).

i also recommend spyware blaster.

i am currently happy with PDFX-change PDF viewer as an adobe alternative.
 

Ceewan

Famished
Jul 23, 2008
9,151
17,033
Fair advice isityours. I am not sure all that is necessary though.

First off HentaiRulez I need to know what browser you are using. I assume it is Internet Explorer? Just a wild guess, could be anything. It is an attack through your browser so I would want to look at the problem from that angle. I would also suggest using Firefox, although I would simply suggest disabling the adobe plugin. You shouldn't need it for most things. Any pdf file you can download and view, you do not need to open it with your browser.

Try downloading Spybot, (http://www.safer-networking.org/index2.html), it has an immunization feature for browwsers that should help as well. Don't worry, it is free.

Good Luck
 

isityours

People don't dance no mo'
Sep 27, 2008
2,886
4,135
...for some reason adobe reader loads up thats how i know that the virus is starting i hear the pop up sound and it starts one of those your computer may be infected with spyware press here to scan blah blah blah
this staement prompted me to think of this: ttp://www.adobe.com/support/security/advisories/apsa09-01.html the current flash player plugin is 10.2.153.1 but should only be updated after taking the necessary steps to remove the threat. the fact that a message is coming up indicates that there is at least an adware infection, hence the specific warnings/suggestions. worst case it is a fully fledged infection. any steps taken prior to removal could be made redundant by the 'virus'. spyware blasters immunisation feature is similar to S&D's. they both provide passive blocking against known threats.
First off HentaiRulez I need to know what browser you are using
im not sure that is relevant atm, but should definitely be reconsidered if it is IE.
I would simply suggest disabling the adobe plugin.
also not bad advice but some sites will not display properly/cannot be used without flash/java. it is easy enough to enable the plugins when necessary but that is the functionality of noscript. noscript blocks all flash/java content by default. if you trust a page then adding it to your whitelist means you dont need to be enabling/disabling the plugin all the time. you can also select which parts of pages you give access to. it has a 'Temporarily allow all this page' button for added convenience.
 

Ceewan

Famished
Jul 23, 2008
9,151
17,033
I do like Noscript but I wonder which of us is misunderstanding his problem. Could be me, no doubt. HentaiRulez is not exactly a "polished speaker", I can barely make out what he is saying. It doesn't sound as if he has a virus, just that he keeps picking one up while browsing. This would indicate that it is a browser vulnerability that is being exploited. Again, I admit, I could be wrong.

It is always a good idea to make sure your PC is virus free as well. Avira makes a nice free version that is fairly reliable, as good as Avast anyway, (which is also good).
 

isityours

People don't dance no mo'
Sep 27, 2008
2,886
4,135
down the corner it says i have Antivirus.NET and BankerFoxA has anyone had this happen to them id appreciate any help

Im on XP btw

thanks

probably easier if you read the article yourself

Antivirus.NET: ttp://www.geekpolice.net/t25973-remove-antivirusnet-removal-guide

this suggests that there is/may be an existing threat. if there is even a chance there is an infection then i suggest nothing less than a 99% effective approach to removing it. possibly overkill but bankerfox a is also keylogger (as well as a trojan).

youre absolutely right that OP is looking for a way to stop the infection in the first place but i dont think that OP is picking up the same virus repeatedly from a variety of websites, but is just infected with something that is popping up (probably from inside IE). installing FF or any other browser at this point may not solve the problem at all, and may even complicate things later.

i guess a really simple analogy is: changing a bandage because you think bacteria is getting in from the outside but effective 'healing' should really start with the cleansing and disinfection of the affected area before applying a fresh, more affective, dressing.
 

Ceewan

Famished
Jul 23, 2008
9,151
17,033
i guess a really simple analogy is: changing a bandage because you think bacteria is getting in from the outside but effective 'healing' should really start with the cleansing and disinfection of the affected area before applying a fresh, more affective, dressing.

I am not a kid. I don't need the analogy. An antivirus will also tell you what virus it is removing or blocking. I was not clear as to what message he was receiving, viewing and from where. This is not saying that you might not be spot on, like I said, you may be. I guess we will have to wait and see.
 

homerscousin

New Member
Sep 9, 2010
5
0
This is a little late, but I just read this thread. I have seen the exact same thing happen on my machine. I have used Firefox for years and Comodo firewall/ antivirus. If what you are experiencing is what I used to see, I think it is more a form of advertising. That web page tries to scare the crap out of you and submit to their instructions and maybe purchase their suggested a/v software. Try disabling javascript if it's on and visit the page again. If this is happening at sites like NFL.com or NewYorkTimes.com then it aint the same thing I am thinking about. Oh, and I dumped Adobe reader for Foxit.