I had my laptop taken over the other night by some kind of virus that hijacked my internet explorer and replaced my wallpaper with a fake ad for some security program. If I tried to go to any web site it brought up a page of kiddie portn that I couldn't exit from and had to use the task manager to exit.

I had to take the machine in to have the problem fixed, and they told me that my casino (poker) sites were totaly infected and I should avoind downloading from sites like that with the preponderance of pop up ads they use. Obviously that's not an option for me I need to reload the software, but I'm wondering if anyone else has run into this before??

I had a friend whos computer got infected, she took it somewhere to get it fixed and they told her it was the most infected computer they had ever seen. Said it had come from a casino download. I dunno enough about computers to comment on what/why/how, but just thought I would say I've heard about it happening.

Do you use internet explorer as your browser? You might consider changing over to Mozilla Firefox for security.
Also, when your browser was highjacked did you try running any anti-spyware programs to clean it up (Ad-aware, Spybot S&D . . .)?
Finally, is there a specific casino sight that you suspect?

I recently found a keylogger on my computer. Not sure if it was from a casino download or what, but it means changing all passwords and cancelling all credit cards and bank accounts that I have used online. Nuts.

Regarding spyware, adware, and trojans from downloads - there are two tools that you can use to alleviate such annoyances. One is a freebie called AdAware that scans your system for known ad tracking and keylog programs (get it at http://www.snapfiles.com/get/adaware.html).

The other is the personal firewall ZoneAlarm, which monitors internet traffic and allows you to control which programs have internet access. It costs around $45 for a one-year license. Get it at http://www.zonelabs.com

That being said, no system is completely secure if you are connected to the internet. I have both AdAware and ZoneAlarm in addition to numerous other security programs, and someone still managed to get that keylogger into my system. Sigh.

i had something kind of similar a few days ago.

2+2 is my home-page on explorer but it started going to about:blank with some spyware pop-up ad. no porn though....gosh darn-it!!


everytime i reset the homepage it would revert back to blank.


mcaffee security software told me i had some sort of start-up trojan horse and it could only quarantine it....couldn't delete it.

i had it scan all the files and it didn't find anything else....but it has been acting a bit more sluggishly lately....but mostly only when i am playing on absolute which is a resource-hog to begin with.

seems to be working decently when i'm not on absolute...but is still just a teensy-bit slower. potentially my imagination.


note - i'm not blaming absolute...i just think whatever problems i might have may be more exaggerated when i open a couple absolute tables because they are resource hogs.

i may go get my computer checked out as well.
i assumed that if i had some sort of infection that my security software would detect me and tell me....but evidently the posts here seem to indicate that it not necessarily the case.

I have zonealarm firewall, norton antivirus, and run Adaware and Spybot once a day. I have the settings in the browser set to manually approve/dissaprove cookies. It is incredible the amount of sites trying to get into my/any system.

How can I find out if a keylogger is active in my system?.

Hail, davidross!

The man who named the zoo!

It is a great honor to have you post here.

btw, I hear the zoo is dying - we are counting on you for a new name.

Free Virus Protection (http://www.grisoft.com/)

Safer, and loads better than Internet Explorer (http://www.mozilla.org/products/firefox/)

It's not the poker sites, whomever you took it to are morons.

Free software for malware removal.
Ad-Aware 6.0
SpyBot S&D
HiJack This!
SpySweeper

Turn on TeaTime on Spybot S&D and you should be ok from here on out.

Were you informed which software had the infection?

If, not, which casino programs do you have on your computer?

What were the infections you had?

Enquiring minds want to know!

If you are using Windows 95,98 or ME then it is probably worth getting XP

**Make sure you have all the latest updates for Windows**

Get a virus scanner

It is very unlikely that any reasonably reputable casino has a virus within the casino download itself or downloads viruses directly.

if the casino brings up pop ups these could exploit security flaws in Windows IF you do not have the latest updates for windows installed.

Tim

[ QUOTE ]
It's not the poker sites, whomever you took it to are morons.

[/ QUOTE ]

I would pretty much agree with this, assuming you only have the major sites on your computer. There may be some bad skins out there from no-name sites, but I think we'd all be seeing a lot more posts on this topic if they were spreading trojan horses around.

More likely I'm guessing that you have a cable or DSL hookup, with no firewall, which is asking for trouble.

I run Zone Alarm, and while I have dial-up now, back when I had a cable modem I was amazed at the number of computers Zone Alarm blocked, who were either pinging or trying to see if they could access my machine.

Choice Poker infects your computer with a trojan horse just by accessing their home page. This is not all that uncommon from the shadiest casinos, as I'm pretty sure I got one from visiting Vegas Red Casino's affiliate page.

Some casinos like Golden Palace (and I've recently heard Casino On Net too) will install spyware programs, but you can get rid of these just by running an Ad Aware or Spybot Search & Destroy scan.

THey removed, PArty, EMpire and Paradise from my machine, those were the infected libraries. Pokerstars wasn't affected.

This is essentially what they told me too. THey told me I shouldn't download from gaming sites /images/graemlins/smile.gif

WHen I told them the whole reason I had the computer was to play poker they didn't have a solution for me.

Thanks I'm going to do that.

Now that you mention it, I had a firewall built into my router, but when I bought the laptop I replaced my router with a new wireless router, and I bet I don't have one anymore. Clearly I need to speak to someone about securing the entire system.

Your wireless router should give you the option to enable "WEP". You will notice nothing on your side but it will make it more of a challenge for anyone prying.

Also, I think the best tool out there for the homepage hijacking is hijack this. Do a google search for it. When you run it it will show you programs and files that load at startup. It will also show you changes made to your homepage and searching options. All you have to do is put a check by the ones that you want to disable and click fix it.

It removes the entry in your startup routine. You can then uninstall any search helpers and other programs that you didn't install yourself. Not all will be able to be uninstalled, but taking them out of the startup routine will stop them from executing.

The good thing about this tool is that it gives you the filename that it is running. You can then do a google search and find out what it is and if you want to keep it. When running this program it will find things like macromedia, quicktime and antivirus files that startup. You can put a check by the ones that you want to keep and click to ignore them. It then will not show those when you perform the next scan.

Other than that use adaware and enable the WEP on your router.

Oh, when you are uninstalling those pesky search programs. Make sure that you are reading what they are asking. Some try to make you say no when you want to uninstall etc...

pdx

I had exactly the same problem you describe.
I changed from Windows 2000 to XP and it didn't help.
Adware, Spybot and all the others don't help either.
the virus is called purityscan and it is the worst that can happen to your computer.
I too will have to take the computer to the shop to fix the nuisance.

William

McAfee Antivirus caught the one on my system, but only when I ran a full system scan. Update your antivirus software to the latest version and the latest virus definitions, then run a full system scan. That should detect any known keyloggers.

ZoneAlarm should also provide good security, especially if you have it set to where programs have to ask for internet rights on the first access attempt. I deny access to any program that I don't recognize or to any program that should not need to access the internet.

Changing all of my passwords and cancelling credit cards may not even have been necessary, but I've been burned by identity theft before and care not to take any chances.

Ive had similar problems, i just formatted my hard drive and reinstalled everything. this is cheaper and probably faster than taking it to a shop, unless you can't backup your stuff...

[ QUOTE ]
Ive had similar problems, i just formatted my hard drive and reinstalled everything. this is cheaper and probably faster than taking it to a shop, unless you can't backup your stuff...

[/ QUOTE ]

I wanted to do that as well, but I can't figure out how to format the hard drive.
Can someone help? In layman's words?

Thx,
William

For anything you ever need to know about computers try

http://www.majorgeeks.com/vb/index.php

Also, a direct link to a thread about formatting your hard drive:

http://www.majorgeeks.com/vb/showthread.php?t=25831

Hope this helps.

I'll try the links.
Thanks a lot /images/graemlins/smile.gif

William

Thanks for the headsup. Just dl'd this, so far looks better than NS or IE, faster and cleaner. Won't know for sure till have used for awhile, but has very good feel to it.

Have you emailed party support about this? Their answer will probably be very entertaining.

[ QUOTE ]
Other than that use adaware and enable the WEP on your router.

[/ QUOTE ]

What does WEP do? I tried to change it on my router and it had a lot of other codes to put with it ewhen enabled, I don't want to lock my notebook off and not be able to access it from the network. Any additional info you have would be great(I have a Linksys G)

same here, so far I am VERY impressed. I may never use IE again

You may want to look at zonealarm, it's a firewall that is free to try/for personal use. It asks for every program that tries to access the internet, so you know exactly what is running at anytime. It also has a "Safety" panic button that just shuts access to everything if you suspect or see anything happening that you don't like. I purchased the Pro version which has an added bunch of features.

But the first step is to start with a clean system. I use norton antivirus that has near every other day updates for the nasties out there. You should run Adaware v6.0 and spybot too (they are free). There's a ton of adware removal soft for sale out there, but I don't trust the names.

Be very wary of what programs you download/install in your computer. The biggest damage is ALWAYS caused by programs that the users are coerced or conned into running/installing.

IMO, changing to an off-the track browser like mozilla/others is just opening a new can of worms. This is true of ANY off-the-mainstream software.

David,

Often a virus will copy itself "onto" other executable files or files creted by applications, in order to help spread itself. For example, you get a virus, it copies itself into all your Microsoft Word files. You send a Word file to a friend/co-worker. They open it, and bam! they're infected too.

I'm betting that's what happened with the poker .exe files.

Your wireless router probably does have a firewall in it, as it's pretty standard, wired or wireless. A firewall will only prevent you from people trying to scan/attack your machine from another machine via your internet connection. It will do nothing to protect you from getting a virus from a file you download, or from a shady website.

Windows XP has a decent software firewall, which is probably sufficient for you, in addition to the wireless router. ZoneAlarm's free firewall is also not bad because of the appllication by application control you get.

You want to make a habit of running spyware scans (AdAware, Spybot Seek and Destroy...), and making sure your anti-virus software is up to date.

I just did an AdAware scan yesterday, and all it got were tracking cookies (no big deal), even though I've been casino whoring and have about 10 casino programs installed (in addition to Party, Paradise, and UB).

[ QUOTE ]
Have you emailed party support about this? Their answer will probably be very entertaining.

[/ QUOTE ]

No kidding. I would expect a response something like this:
------------------------------------------------------------
To: support@partypoker.com
From: Davidross

Dear Party,

My machine recently became infected with a virus, which is hijacking my home page and directing it to other sites. Is it possible your software could contain a Trojan Horse of some sort? Have any other customers had this problem?

Sincerely,

davidross
------------------------------------------------------------

To: davidross
From: support@partypoker.com

Dear davidross,

We're very sorry to hear of your recent illness. We have not heard of any other Party Poker customers becoming ill from using our software. This virus you speak of must have been contracted through something you touched in your neighborhood, or through contact with a sick friend/relative. We recommend you seek medical attention, and your doctor should be able to prescribe antibiotics to kill the virus.

Washing your hands multiple times throughout the day can also prevent the spread of germs.

We also are not sure how a Trojan Horse could be caused by our software, but we would recommend locking your front door, and only allowing people/objects that you're familiar with to enter your home.

Thanks for making Party Poker your online gaming site of choice!

Sincerely,

Jirithra
Party Poker support

why you should dump internet explorer (http://channels.lockergnome.com/news/archives/20040615_why_you_should_dump_internet_explorer.pht ml)

Also, my bank recommended not using IE.

Interesting article. Thanks.

My recommendations would be as follows (some of these have already been mentioned):

1. First off, you should have an antivirus program with updated definition files. There are plenty to choose from.

Norton AV - www.symantec.com (http://www.symantec.com)
McAfee - www.mcafee.com (http://www.mcafee.com)
Panda - www.pandasoftware.com (http://www.pandasoftware.com)

2. I would also recommend getting aw-aware and downloading all of its updates.

www.lavasoftusa.com/software/adaware/ (http://www.lavasoftusa.com/software/adaware/)

With these two pieces of software installed and updated I would take your computer offline and run a complete scan with both them. If your Antivirus finds a virus that it can't remove, you can usually find instructions on the Symantec site on how to manually remove it. This usually entails removing the infected files in safe mode, and removing any related registry keys.

3. If you are running on a windows platform, you should be running (or have set to run automatically) windows update once a month. I believe Microsoft releases their updates on the first Tuesday of month. If you have Microsoft Office, I would recommend you run the updates on this as well.

http://windowsupdate.microsoft.com
http://office.microsoft.com/officeupdate


4. I would also recommend that you have some sort of firewall software on your pc. If you have Windows XP, the new Service pack (SP2RC2) has a more expansive firewall as well as a pop-up blocker for IE. If you would rather use something other than Microsoft for this, I would recommend Zone Alarm. The basic version of the software is free.

www.zonelabs.com (http://www.zonelabs.com)

With this all in place, if you are running on a wireless network make sure you are using your wep encryption. Although it can be cracked, it does make it more difficult to do so. Also remember to setup a strong password for all of you accounts on your pc as well as you router. When I say strong, I recommend at the very least 8 characters in length and using at least one lower, upper, and numeric character within the password.

As for a browser to use, personally I use Mozilla Firefox. But that’s just because I’m a big fan of tabbed browsing! I hope this information helps, let me know if you have any other questions.

I haven't had a virus since January, but today I have received two warnings from my (free) AVG Anti-Virus protection:

Trojan horse Downloader.Agent.BR in C:\WINDOWS\javabn.exe

and

Trojan horse Downloader.Small.6.BA in C:\WINDOWS\msopt.dll

I have no idea where they came from; although I loaded Combat Flight Simulator WWII Europe Series last night, if that's a possibility?

[ QUOTE ]
You may want to look at zonealarm, it's a firewall that is free to try/for personal use. It asks for every program that tries to access the internet, so you know exactly what is running at anytime. It also has a "Safety" panic button that just shuts access to everything if you suspect or see anything happening that you don't like. I purchased the Pro version which has an added bunch of features.

But the first step is to start with a clean system. I use norton antivirus that has near every other day updates for the nasties out there. You should run Adaware v6.0 and spybot too (they are free). There's a ton of adware removal soft for sale out there, but I don't trust the names.

Be very wary of what programs you download/install in your computer. The biggest damage is ALWAYS caused by programs that the users are coerced or conned into running/installing.

IMO, changing to an off-the track browser like mozilla/others is just opening a new can of worms. This is true of ANY off-the-mainstream software.

[/ QUOTE ]

I use ZoneAlarm, and it does an excellent job.

I also use a router, and the router firewall stops lots of intrusions. When I run my internet connection directly into the computer, without the router, ZoneAlarm encounters numerous intrusions that never even get to the computer through the router. The WEP is for wireless connection security, and prevents access from other wireless computers. Here's an excellent link about wireless security: http://arstechnica.com/paedia/w/wireless-security-howto/home-802.11b-1.html

ZoneAlarm now has an anti-virus program (an addition to the free program, about $15), and I've replaced my Norton Antivirus with this new program. I think it probably does a better job with Email filtering....

I also run Spybot weekly on each computer at home and the office. Once "cleaned", there have been almost no new "spies" with these other security features....

I also use Netsacpe 7.1 (uses Mozilla), and find that it does a superior job of blocking and/or managing both cookies and popups. I only use Internet Explorer when absolutely necessary (i.e., some business-specific applications at the office, and/or Windows Update)

At one point, I had my browser set to prompt me for all cookies. I eventually turned it off. Although some advertising sites use cookies for questionable purposes, such as tracking your web browsing so they can tartet their adds, lots of web sites use cookies for perfectly legitimate purposes. For sites that use Javascript, a cookie is really the only way to store data when you move from one page to another. Javascript variables only last as long as the page that contains the script that set them. Also, there are "session cookies", which are stored in memory and go away when you close your browser, and there are "persistent cookies", which are stored on your hard drive. You can set Internet Explorer to accept session cookies and reject or prompt for persistent cookies.

A lot of the vulnerability in browsing come from aciveX, a microsoft "extension" . ActiveX can install software, and read and write files on your hard drive. They are much more of a vulnerability than cookies and it is best to turn them off or require prompting.

Another reccomendation for security: Use Windows XP Professional (not home edition) or Windows 2000 if you have an older machine, and do your internet activity on an account that does not have administrator priveleges. The account you use for browsing and poker playing should have the most restricted access possible. This will prevent a lot of malicious code from doing what it wants to do. Especially avoid the DOS-based Windows versions (9x and ME) because they have no security whatsoever.

n/m

I like it (foxfire that is) no more IE for me either

what about their email program thunderbird? anyone using that?

I might be ready to dump outlook express and use that.

man these tabs are great

Dink

I just had a rare thought

Will poker tracker be able to use thunderbird or is it only compatible with outlook express?

WEP is Wired Equivelent Privacy. Pretty much uses a passcode to authenticate you to your network. Therefor, keeping others out. This does not make you 100% safe, but it gets you closer.

Here is a link to the router that I have. I think it might be the one you have too. Linksys Wireless Router (ftp://ftp.linksys.com/pdf/wrt54gv1.1_ug.pdf) If not check around on that page for your router. It will tell you in the user guide, and in your user manual how to set it up.

Pretty much all you need to do is go in to the web setup for your router. Goto the security tab. Select WEP from the dropdown. Pick a key. I suggest using a passphrase. It will be easier than making up your own code. Click generate. Save it and I belive that is it. You may find a bit better explanation on the Linksys site.

I get this thing called a Dialer. The virus creates an Application called TELNETXP and places it in the System32 folder. It seems to happen when I have the IEXPLORER open to this WEB SITE. This dialer also creates a Shortcut on desktop Called "Best Online Casino" and then I get the IEXPLORER pop up with a site called CasinoPalooza. NAV will remove it, but it keeps coming back!!!! HELP! I have run NAV, SpySweeper, ADAWARE, nothing stops it from coming back.

Then the funny thing is that I get this windows pop up that says:

Windows File Protection

Windows detects that this computer is infected with a
spyware called "AccessPlugin", "IEMonit", "Whazit/Rnd"
, "GoHip"!

Spyware is software that displays unwanted advertising
and records your communications. Would you like to find
out how spyware removal software can protect your privacy
and boost system performance

Scotty,

Do a Ctrl+Alt+Del and see if a process called taskngr is running.

If so,

Try this site (http://www.dslreports.com/forum/remark,10618836~mode=flat~days=9999~start=20)

Go to www.cexx.org (http://www.cexx.org) and ask for help on their message boards. They'll tell you how to clean your computer.

i thought you were a cs guy? what tech savvy computer user uses internet explorer? thats like playing digital russian roulette.

Lunchmeat and PDX
Thanks a bunch. The links you provided help out a TON!!
I think the problem is resolved. It saved me the time of re-imaging my laptop. Thanks again

Scotty O