StarDestroyer.Net BBS

Recently I had a friend over msn (I connect using gaim) start spamming y with some link while his nick was "Don't download Block-Checker". First time I saw the link I clicked it and firefox started up only to offer to download an .exe file from that link. I click cancel and told my friend tell me more about the link, then closed the window. A few minutes later I got the same message with the same link, so I assumed his computer was infected with something, and it was trying to spread.

The next day, spyware doctor on my computer starts telling my I have some spyware called Block-Checker, however since I only have the free version (I can't afford to buy it, even if I actually had some way to buy stuff online) it won't remove it. I am also running Adaware, Spybot and AVG, but they don't detect anything. The suspisous link was the only activity that differes from my usual activity, so unless its a false alarm, it is somehow the cause

This leaves 3 questions:

How can I remove this spyware ?

Since neither gaim or firefox are known for being stupidly insecure, and i didn't download the file, how did it get in ?

What other free anti-spyware programs should I look at ?

Find out what the file is called, then go into safemode and delete its registry to get rid of it. I'm afraid I can't help you with how you managed to become infected.

All I'm given by spyware doctor are registry entries. Here is the infomation from its log:

Infection Name Location Risk
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com## High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com## High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com## High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net## High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com High
Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com## High

edited to add: when I check the quarantine list, I found entries for block checker there, but I keep getting the warnings every time it does a scan

Use this thread!

http://bbs.stardestroyer.net/viewtopic.php?t=54586

That would be useful, if I could find the hyjack this homepage, but google just finds me various sites, some that offer a mirror for downloading hijackthis, some offering their own anti-spyware software. None have any links to anything that looks like thehijack this homepage, so I don't know if they have the latest version of not

bilateralrope wrote:That would be useful, if I could find the hyjack this homepage, but google just finds me various sites, some that offer a mirror for downloading hijackthis, some offering their own anti-spyware software. None have any links to anything that looks like thehijack this homepage, so I don't know if they have the latest version of not

Hmm, there -was- a tools and utilities thread which had the Hijack this! homepage link, but it seems to have been taken out of sticky status.

It was folded into the FAQ thread.

Go straight to the source: www.merijn.org

And all the links you're looking for are in the very first announcement. I'll edit the title to be clearer.