Possible Virus from add here or coincidence???

[Pailin]

heya guys,

thought I'd mention this in case I am not the only one... ::

I was just browsing this forum and had a virus attempt to infect my PC after clicking link back to main page of this "Graphic & Displays" forum as the page loaded up.

Hiloti.V

it tried to change Reg (stopped by Spybot)
from: C:\WINDOWS\system32\userinit.exe,
to: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,

AVG caught and removed Threat:
File name: C:\WINDOWS\uiprfgr.dll
Threat name: Trojan horse Hiloti.V
Detected on open.

from the little reading I have done, not much info out there I've come across yet, it appears to infect PC's though web sites via the users browser.

The Virgin add was displaying on that page load.



Hope is not from here and am guessing this site is totally unrelated

But have visited few other sites today and all are reputable and this part of the forum was active at the moment of attempted infection.

 

[Bluescreendeath]

Yeh, you probably picked it up from somewhere else and now it's infected your browser...

The message popping up when you visited here was probably coincidence.

 

[Bluescreendeath]

Btw, try Aviera/Avast...I found it to be a better anti-virus than AVG. You can run two of them at the same time of course, just make sure you disable one when you're downloading since they might conflict.

I run Nod32 and Aviera (used to run AVG) and it works great.

 

[Pailin]

Thanks for the tips.

we were right - it was a coincidence.

It infected my system 1hr 33mins price to the start of this thread.

Am now just trying to figure out which site I was on when it happened.



BTW

is a really nasty one and a tricky Fcker to get rid of!!! It logs passwords and sends them off to the viruses creators.
It hides itself Really well spreading random named copies of itself all over the place + hidden folders that cannot be seen no matter the view settings on some PCs etc etc! Even though it couldn't change my Reg. because of Spybot, it still manages to be active somehow???

Had got rid of all signs of it according to some sites.
Way to tell if you have it is to kill each svchost.exe process from biggest to smallest - if after closing one it starts that auto shutdown thing (trying to protect itself) then you are infected. for me it was the one roughly 4,900K in size

I used, after some research, a Very helpful program called Malwarebytes' Anti-Malware - which seems to have found all 11 items hidden all over my PC relating to it --- I Hope

I Hate these viruses!!!!!

 

[Pailin]

It infected my system 1hr 33mins price to the start of this thread.

EDIT:

It infected my system 1hr 33mins prior to the start of this thread.


Sorry - can't edit for some reason...

 

[Pailin]

Think I am finally Virus free

But just to clarify some missleading info I got from one site:

Way to tell if you have it is to kill each svchost.exe process from biggest to smallest - if after closing one it starts that auto shutdown thing (trying to protect itself) then you are infected. for me it was the one roughly 4,900K in size

Partly true - with this virus there were about 3 or 4 svchost.exe (kinda like a container program for .dll apps) running a RpcSs (Remote Procedure Call services) type service.

On some systems that are virus free, if a svchost.exe is playing host to RpcSs and you kill it you will get the 60 till shutdown messsage - and this still be a legit process important to system related applications.

This handy program helps you see what is what:

Process Explorer

Now to beef up my security some