everytime i open my computer my antivirus picks this bugger up.

http://i2.photobucket.com/albums/y31/harkoliar/spy.jpg

I am totally at a lost on what to do. I have ran Spybot, Adaware, and SuperAntiSpyware programs. I also ran a full antivirus scan. None of these detected anything related to this antivirus. (cleaned out lots of cookies though [img]tongue.gif[/img] ).

Anyway, upon looking at the alert, it seems to be coming from a website that tries to download its virus every single time. But there must be a trigger that tries to actually let the website know to target my computer. I am compeltely stumped and googling it didnt help much except that this is a trojan virus.

Also, I did Hijackthis program and posting my log here to anyone who can understand. Could it be a false detection error?

log

help?

Assuming you pushed the Terminate button, I would say that it was denied access to your computer. You can prevent it setting the cookie by either avoiding the website, or by raising your security level to verify whether or not you want sites to automatically set cookies. It will prompt you for an action every time a site tries to set a cookie, but, in the long run, it's far better than having something nasty slipped in under the radar.

the thing is.. i never go to that website at all. This threat pops up everytime i log on to my computer.

find the file "\windows\system32\drivers\etc\hosts" on your boot drive and use notepad to add the following line:

127.0.0.1 rat1o.info

It won't remove what is trying to load this address, but it will short-circuit the request until you find out what's going on.

The most likely culprit is GetRight, imo.

Things that look suspicious to me...

Ermmm... I didn't get through all of 'em. <strike>I did see Rody in there... take a look.</strike> Those are all ones that I don't recognize or feel suspicious... Google is your friend to take them out now [img]smile.gif[/img]

*edit* You know what's on your system... I don't. I'm suspicious of anything that calls itself "MegaUpload" or "SuperAntiSpyware"... but that's just me. If they're something you installed on purpose, then I suspect you're fine.

And to restate, as I did below, don't just arbitrarily delete things. Google for them and see if they're related to something you recognize and approve of.

*/edit*

[ 05-26-2007, 11:07 PM: Message edited by: Bungleau ]

Just a warning .. dont go and take the above post as the definitive answer, google for a hijackthis FAQ and confirm everything before you delete anything. In particular, the nod32 entries should be part of your antivirus (although malware can get devious, so check them out as well), and various other entries are part of things you may or may not want to get rid of.

thanks guys. Actually the Rody is me and my profile. I do have a niftly program that loads up thru my desktop (just being a one file.exe file) lolz.

On another note, I do use several of the programs you found suspicious although yet I do have a feeling that its hiding in one of those program names as well. Sigh. Ill give it a shot and see how it goes by googling them one by one :-S.

To Sir Krustin: why would you think it be getright? I do have getright running in my background constantly as my download tool...

Thanks for clarifying, Andrewas. I had to run, and didn't have time to finish taking a look, nor to clarify what I meant to say.

What I meant to say was that for anything that you don't recognize, google for it to see what it is. Various sources may come up; liutilities and castlecop are a couple that I see frequently, and tend to trust.

Don't -- DO NOT -- just arbitrarily remove anything from in the list. It's amazing what you could break... says the voice of experience.

I'll go back and finish up the list from my perspective. Again, these are things that I don't recognize, which may mean diddly squat on your machine. Be your own judge.

thanks heaps guys [img]smile.gif[/img] for some reason its not popping up anymore today. I dont know why though. I havent done anything to critically change any components. Wierd. im going to wait for a few days before i do anything.. research first :D

My guess is your nod antivirus removed it initially but it would appear again a few times from system restore. Now it's removed from there as well...