Page 2 of 2

Posted: 2008-08-19 11:35am
by Shroom Man 777
Glocksman, if you're infected, then just do this:
Xeriar wrote:Boot into safemode with networking

Download the batch script from here

http://www.internetinspiration.co.uk/roguefix.htm

Kill the explorer.exe process and run the batch script. Reboot from the task manager. It will probably be gone. If not, repeat but don't reboot, run spybot in safe mode while explorer.exe is shut down, and post a hijackthis log (easier to read a shorter log).

If you don't have at least xp with sp2 installed, it may be significantly tougher, the easiest solution then is just to do a repair install with an sp2 or sp3 windows install disc.
Worked for me, mang.

Posted: 2008-08-19 04:12pm
by Glocksman
Nah, I'm fine.
The popups came from the website I visited, and since I wasn't dumb enough to turn off UAC in Vista and I use AV software, I didn't get infected.

What's funny to me is that when I first looked into this bastard, the screencaps of the popups mimicked Vista dialog boxes, but the machine they were displayed on was running XP with the default bright blue color scheme. :lol:

Posted: 2008-08-20 11:16am
by Azazal
well son of a bitch, just came across one here at work, modified version of the same bug. Went to install superantispyware remover and can't, the infection keeps stopping the windows install service. Trying out malwarebytes right now, and.......

Blew the fucker away :)

Posted: 2008-08-25 07:26am
by Edi
Here's a good breakdown of just what that shit is, what it does and how it works: Link

Posted: 2008-08-25 07:38am
by Shroom Man 777
Goddamn (motherfucking) Ukrainians! I should've known it was them!

Seriously, those evil dicks. :evil:


How come I was infected without having to go through with that bullshit fake "installation process"?

EDIT:

Goddamn, that's one elaborate trap. Makes me want to post an Ackbar pic.