Welcome to Gaia! ::

RYO OHKl's avatar

9,050 Points
  • Grunny Grabber 50
  • Grunny Rainbow 100
  • Conventioneer 300
EDIT - APR 12, 2012: For most recent info and computer scan results please see my other posts. Skip to that if you want...

------

OLD INFO [You can skip] :


EDITED: I did the Basic Removal in the Virus Sticky in this Forum minus the HijackThis [because I don't like downloading stuff]. I believe I did everything in it to the best of my ability Except the "hijackthis" stuff. I'm not the smartest at computers...I didn't do any other like advanced removal or super removal because I'm afraid to break my computer or download a bunch of stuff.



Questions:


Will a redirection virus break my computer if I cannot get rid of it?
What harm can it do?
If I left it on what would happen?



I may have other viruses and ETC....idk. Read below....

More Info: My scan on virus scan and spy scan both seem to say nothing is wrong but I still have the redirect. It goes to a few sites but mainly "happili.com" which you should probably not go on even though safeweb norton says it's safe.

..............................
----------------------------
.............................

ORIGINAL:

NOTE: Before you read this I have read the sticky "Spyware/Adware/Virus/Trojan/Rootkit/Keylogger Removal Guide" but I do not understand it and it seems very difficult and I don't wanna break my computer or cause damage if I'm ok atm. I will be looking into it but please if you can read the following and help me I'd appreciate it especially if it may save me time.

Note: I posted this on another Forums but no reply so far and it's not been on long but please don't get upset or be mean or report me. I'm really trying to just get help and advice...I'm looking into alot but I thought it'd be smart to go ahead and post this so maybe I could get more info quicker and keep safer...


ORIGINAL POST:

NOTE: First of all I don't know where to post this and this seemed like the correct place. I could go on another forums and see what I could find but I'm not sure where and so this seems to be a good place while I try to search on google for info on what I'm looking for. If this is the wrong forums just try to be nice about it and help me out? Please read fully and try to help. If you can't then just don't post or be mean or anything. This is hard enough yeah?

Note: I am not sure if Free Gaia Cash is responsible for my issues but I'm 80 percent sure it is and stated below and reasoned out.


----------------------------------------

MY STORY:

So on my other account I went to the "Free Gaia Cash" section of gaia online. I assumed these would be safe and verified by Gaia Online since they are linking to them and all. So I got a total of like between 800 and 1000 Gaia Cash. Some paid out and some didn't. I had to download a lot of junk which I then removed later but during the download there were alot of popups saying "Virus detected" and "thread detected" and stuff on my Anti-Virus. I thought it would be ok cause it sometimes pops up during totally safe things anyways so I clicked "accept" or "allow" or whatever. It poped up a ton of times and I allowed each time.

Anyways so when I was done I removed things and virus scanned my computer and it found stuff so I removed them. I virus scanned my computer with a couple things and got rid of all the stuff I could. So I scan after and it says nothing is there. But a few days later like I scanned and it had a bunch of stuff again. And now when I go on google search and click a link it like redirects me to some random pages. There are 2 pages it keeps taking me to and idk why. Just now It found 8 things labeled as Trojans. After my last scan and removal I thought I fixed everything but it's still there and probably will return.

I believe it has been a week or two agosince I did the Free Gaia Cash then. I changed a few of my passes and stuff but not all of them. So far I do not think anyone has hacked me though I do not know if they could attach any kind of virus upon logging in or anything like that. My E Mail has a ton of spam though that is due to me accepting the offer to pretty much get aton of spam so thats my fault as long as they are safe which idk if they are...

Anyways I think that's about it but I'll edit this if I can think of anything else...

----------------------------------------

Note: I am only a little tiny bit computer literate but not much.

QUESTIONS:

* Why would Gaia Online link to such things on their site that they support [I assume]? Although Gaia TOS says they aren't responcible or w/e I think they should take the time to make sure things are legit and cannot harm the users computers or give off adware,malware,viruses, and etc....
*Why would someone want to put a virus or trojan on my computer or hack me? I have little or no money to steal and nothing that they would gain off of me IRL or online I'd think. I don't understand why people would cause this trouble and try to hurt and cause hard for such little gain?
*What can I do to Fix everything and also make sure it is fully gone and will not come back aswell as prevent anything like this in the future?


*What should/can I do to fix my computer and keep it safe?
*Can a computer Trojan/Trojan Virus actually break my computer?
*Can any of this actually break my computer and make it unusable?
*could any of this destroy the customization I have on my computer?
*What do I do if it was cause from Free Gaia Cash?
*What if it was cause by somthing else I don't know of?
*Anything else? Any other tips or anything at all?

----------------------------------------

Anyways....

Please help me. My computer is very very important to me and I've personally customized it to my liking. It's like my home and my sanctuary. I'm also not very rich in real life and could not afford another computer, not that I want a new one, I love mine!
1.) The sticky isn't that hard, and should fix whatever issue you're having.

2.) GaiaCash free-rewards often do infect users PCs with ad-ware, spy-ware, ect.
If you know which ad caused with infection, report it, and GaiaOnline staff will do their best to work on it.

Note: Safe Mode (With Networking) + Malwarebytes has saved my life numerous times.
RYO OHKl's avatar

9,050 Points
  • Grunny Grabber 50
  • Grunny Rainbow 100
  • Conventioneer 300
Areweeffingserious
1.) The sticky isn't that hard, and should fix whatever issue you're having.

2.) GaiaCash free-rewards often do infect users PCs with ad-ware, spy-ware, ect.
If you know which ad caused with infection, report it, and GaiaOnline staff will do their best to work on it.

Note: Safe Mode (With Networking) + Malwarebytes has saved my life numerous times.


Basic Removal didn't work fully. I still have a redirection. I didn't do any of the "hijackthis" and i've not dome advanced or super removal because I'm afraid of breaking my computer and downloading things.

Malewarebytes removed some things my others didn't but I still have the redirects. Read my short Edit if you'd like?

I did do my scan in safe mode. But why must I scan in safemode btw?
RYO OHKl
Areweeffingserious
1.) The sticky isn't that hard, and should fix whatever issue you're having.

2.) GaiaCash free-rewards often do infect users PCs with ad-ware, spy-ware, ect.
If you know which ad caused with infection, report it, and GaiaOnline staff will do their best to work on it.

Note: Safe Mode (With Networking) + Malwarebytes has saved my life numerous times.


Basic Removal didn't work fully. I still have a redirection. I didn't do any of the "hijackthis" and i've not dome advanced or super removal because I'm afraid of breaking my computer and downloading things.

Malewarebytes removed some things my others didn't but I still have the redirects. Read my short Edit if you'd like?

I did do my scan in safe mode. But why must I scan in safemode btw?

Here's why.
HiJackThis might serve you well.
The sticky is out dated and I can't find the link for the new one. Just gotta wait for on of the regs to post it.
Disconsented
The sticky is out dated and I can't find the link for the new one. Just gotta wait for on of the regs to post it.
*posts*

Follow my sig, hun.

Also, this may help: http://majorgeeks.com/GooredFix_d7057.html
RYO OHKl's avatar

9,050 Points
  • Grunny Grabber 50
  • Grunny Rainbow 100
  • Conventioneer 300
Yuki the Third
Disconsented
The sticky is out dated and I can't find the link for the new one. Just gotta wait for on of the regs to post it.
*posts*

Follow my sig, hun.

Also, this may help: http://majorgeeks.com/GooredFix_d7057.html


Would my google redirection virus thing break my computer or just be annoying? I'd rather just keep it if it has NO way of breaking my computer or hurting me.

I trust the links and download atm but I don't like downloading cause I'll just have to delete it later and find all my stuff and reorganize and stuff. It's just a hassle and takes like hours to scan and all that...really annoying.

Thanks for the info...I'll look into it following your reply.

Thanks alot *Meow!*
It's a file smaller than a picture. You're making excuses.
RYO OHKl's avatar

9,050 Points
  • Grunny Grabber 50
  • Grunny Rainbow 100
  • Conventioneer 300
Yuki the Third
It's a file smaller than a picture. You're making excuses.


Ok...But can you just tell me if the redirect virus will just be annoying but ok OR could it break my computer? <- It may come back after I do all you said anyways.

If it's not much of a threat then I'd be ok keeping it because:

*I have to download things onto my computer to try to remove the redirect virus. Then I have to get rid of those downloads off my computer once I'm done.

*Since I'm going to be using all those downloads and also scanning my computer it could remove safe things that I'd like to keep aswell.

*The Scans take along time on my computer. It's about 8 hours for 2 scans and 10 mins for the quickscan I always do anyways.

*If it doesn't work then I have to do it all over again. I've already tried a couple times and it came back [before you posted your info].

*Also I've had the redirects for maybe 2 weeks to a month and I've removed it a couple times and it came back {?maybe] but as far as I know none of my accounts have been hacked.

---I'll be able to do the stuff in your link in a couple days but not right now because I'm using the internet and have to do some things. I heard you can't scan and be online while you're doing it or something. My family shares my computer aswell so I don't have the time sometimes.

Not trying to be annoying. I just like knowing all my options before I go about doing something. Thanks for your help.
RYO OHKl

*I have to download things onto my computer to try to remove the redirect virus. Then I have to get rid of those downloads off my computer once I'm done.
on one hand you have an infection that s taking your pages and pushing you to toher places that may be infected, and probably copying off everything you type including passwords. On the other hand, you have to tap the delete button once. Oh good lord, not the delete button! Not ONCE, what a cruel fate! Having your passwords and personal information on the internet is surely alot better than pressing a single button, right?

Quote:
*Since I'm going to be using all those downloads and also scanning my computer it could remove safe things that I'd like to keep aswell.
which has never happened in the years I have been here. Ever.

Quote:
*The Scans take along time on my computer.
When it's using a full scanning program looking for millions of things, not a small program looking for a single item.
Quote:
It's about 8 hours for 2 scans and 10 mins for the quickscan I always do anyways.
You've got more issues than just the infections then.

Quote:
*If it doesn't work then I have to do it all over again. I've already tried a couple times and it came back [before you posted your info].
Wise man say: do it right, do it once.

Quote:
*Also I've had the redirects for maybe 2 weeks to a month and I've removed it a couple times and it came back {?maybe] but as far as I know none of my accounts have been hacked.
Yet.

Quote:
---I'll be able to do the stuff in your link in a couple days but not right now because I'm using the internet and have to do some things. I heard you can't scan and be online while you're doing it or something.
That's bullshit from back in the 90s.


Quote:
Not trying to be annoying. I just like knowing all my options before I go about doing something. Thanks for your help.
Your options are pretty simple, remove it or don't. I'm just pointing out that the excuses you're making are just that, excuses.
RYO OHKl's avatar

9,050 Points
  • Grunny Grabber 50
  • Grunny Rainbow 100
  • Conventioneer 300
Yuki the Third


Ok so from the page you sent me: This Link!

I've so far done the majority of what it told me to do. Could you review the following as I have questions. Please. The last part would maybe be the most important. I'm not sure...


SETUP PART:

1. In part one of the set up I downloaded the thing but it wouldn't work or run. It said it wouldn't work so I couldn't do it.

2. I believe I did this but I'm not sure as I'm not tech smart. I tried to be on "Google Chrome Incognito version" to look up the steps but I think it went to another Google chrome non-Incognito page when I clicked something so idk if that matters?

3. It was already off I think so I didn't do anything.

4. I deleted this before on previous tries and so it wasn't there to delete so I wasn't able to.


REMOVAL PART:

1. Downloaded both and only one worked. 4 Hour scan. Detected Nothing.
-Nonstep: I did a tdsskiller from kaspersky which I read about. Detected Nothing.
-Nonstep: I did the gooredscan you told me to do. It only scaned for like 1 second and found nothing. Did it work?

========== GooredScan ==========

(none)


2. I did those. I think they deleted whatever they found. I didn't look at what they deleted but i remember one may have deleted the other I downloaded.
2. Part1: 1 Item Found.
2. Part2: Nothing Detected.
2. Part3: 2 Item Found.
2. Part4: Nothing Detected.

3. Found 2 Items but I think they were the items I downloaded for step 2. 4 Hour scan.

4. I did this and it's what found a bunch. It said 53 Detected and This is the following. It has like 10 things and most were removed but not all of them. I don't know why. Why? Here is the results:
4.: Results:
**************************************REMOVED:
Exploit:Java/CVE-2010-0840.DR
Exploit:Java/CVE-2010-0840.DT
Exploit:Java/CVE-2010-0840.HH
Exploit:Java/CVE-2010-0840.IO
Exploit:Java/CVE-2010-0840.KI
Exploit:Java/CVE-2010-0840.LO
Exploit:Java/CVE-2010-0840.MB
TrojanDownloader:Java/OpenConnection.OS
TrojanDownloader:Java/OpenConnection.OU
************************************NOT REMOVED:
Exploit:Java/CVE-2012-0507.D!dr
------------I couldn't copy/paste it but anyways that's the results. It was another 4 Hour Scan. Should I redo the scan or Move to step 5? I also have a Question for that. ALSO I removed my current versions of Java and reinstalled it in case it was like infected or something? Idk if that fixes it or anything?

5. For this I already have a Anti-Virus. I think that if I download the other one [Avast] It will mess up my computer because I recall it did something like that before and I had to remove it. Should I just scan with my current [AVG] AntiVirus Scan?

Or should I delete my current AVG and download Avast? If so How can I do that safely since I would like have no Antivirus protection and apparently I have viruses still on my computer.

As of right now I'm going to scan with AVG . Then I will await and answer if you know and can help me further. Thank you!


I also have some not as important questions I can ask at a later time.

------

ALSO. When I did this before like a week ago and did scans via AVG in safemode it did it in a black box thing [or white i don't remember but it was a text box] or something and I think it said some things were locked and not detected. What does that mean? Again that was a week ago.AVG also has options for its scan. I have checked off on mine: * Automatically heal/remove infections * Report potentially unwanted programs and spyware threats *Use heuristics [dono what that means] *Scan system environment.

I have those checked off to do them but it also has some I don't have checked out which are: *Report enhanced set of potentially unwanted programs *Scan for tracking cookies *Scan inside Archives and *Enable thorough scanning. Should I click any of those to make the scan better? I don't want to mess anything up so I'll wait for your reply first. I'll do a normal scan atm.

I wanna go ahead and destroy all the bad things off my computer now so I never have to deal with them in the future, I hope...



Edit: Finished the scan with my AVG with what I said I have on it. I didn't [and never have] run as Administrator so idk if that makes much of a difference. It found no new threats. But there is always this thing on there that I have had for along time and it wouldn't let me get rid of it. Idk if it is bad or not but it says "Potentially dangerous object". Have had it on there for as long as I can remember, I think...

I don't want to remove it if it's actually part of my computer. On details it said it was "Core" and "Registry" or something like that. I never paid attention to it but I just wanted to ask here. Might as well.

I'll copy/paste the info if you want but idk if it reveals any personal info. Maybe that sound idiotic of me but idk. I'm weird paranoid I guess.
RYO OHKl's avatar

9,050 Points
  • Grunny Grabber 50
  • Grunny Rainbow 100
  • Conventioneer 300
Areweeffingserious


So I updated this. Got any more info or solutions? I'm waiting for an answer from other people aswell but I also wanted to see if you had any info for more help. I also needed a reason to bump back to page 1.
Have you tried checking system-level and browser-specific proxy settings?
Have you tried restoring a copy of your default HOSTS file?

A proxy basically re-routes you through to another computer over the internet instead of directing your traffic through your ISP's servers. Usually people utilize proxies to get around network security software, but proxies can also be used to route you to a DNS server that supplies fake IP resolutions... instead of www.google.com directing you to http://74.125.224.72 (one of many IP addresses assigned to Google), it could direct you to http://208.85.92.78, which is Gaia's external IP address. In other words, typing www.google.com might take you to GaiaOnline.

To check your SYSTEM'S proxy settings:
Start Menu -> Control Panel -> Network Connections (Or Network and Sharing -> Network Connections).
Right-click the connection that you usually use to get access to the internet.
Select "Properties".
Highlight "Internet Protocol TCP/IP" (don't uncheck it).
Click the Properties button.
Make sure "Obtain IP Address Automatically" is selected.
Make sure "Obtain DNS server address automatically" is selected.
Click the "Alternate Configuration" tab.
Make sure "Automatic Private IP Address" is selected.
Click OK.

To check your browser-specific proxy settings, open your installed web browsers.
Go to the Options / Settings menu.
In Firefox, you want Advanced -> Network subtab -> Connections field -> Settings button.
Select "No Proxy". Click OK.
In Internet Explorer, look through the menu until you see "Settings" or "Internet Settings".
You should click on the "Connections" tab, then the "LAN settings" button.
Make sure "Use these proxy settings on your LAN" ISN'T checked. Click OK.

The HOSTS file works about the same way as a DNS server, but it only works locally. The HOSTS file can be edited to block or redirect access to websites.

Your HOSTS file should reside in:
C:WindowsSystem32DriversEct folder.
It's a text file without an icon or a file extension. You don't need to delete it; you just need to overwrite it.


# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine (host) name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


Copy the code segment above and paste it into a new Notepad file.
Don't click save. Select "Save As".
In the save dialog, locate "Save as type" and change that from "Text Documents (*.txt)" to "All Files".
Navigate to C:WindowsSystem32DriversEct and name the file "HOSTS".
Click save. It should ask you if you want to overwrite. Select "Yes".
If Notepad refuses to replace your HOSTS file, save it to your desktop and say something. I should be able to help you from there.
@grim: the roguekiller program I gave her replaces it.

@Op: This is Yuki, just in a slightly cuter account.

Please, do a full scan with this: http://www.superantispyware.com/sasportablehome.php
RYO OHKl's avatar

9,050 Points
  • Grunny Grabber 50
  • Grunny Rainbow 100
  • Conventioneer 300
GrimFusion


lol. Sorry but I really don't understand half of that. But thanks. I'll follow yuki's Advice and if it doesn't work I'll ask you more. I understood half but like not much.

Quick Reply

Submit
Manage Your Items
Other Stuff
Get GCash
Offers
Get Items
More Items
Where Everyone Hangs Out
Other Community Areas
Virtual Spaces
Fun Stuff
Gaia's Games