"realphx" virus
11-13-2003, 09:02 PM
#1
Registered User
Thread Starter
"realphx" virus
not sure if any of yall have heard or experienced it yet but it seems to affecting alot of people who use AOL's AIM messageing service.
along with installing ALOT of adware on ur computer it also installs some sort of "trojan", adds toolbars to your browser and seems to redirect your from time to time to **** sites
if any of yall have any experince with these types of things could u help me out, this is getting VERY VERY annoying
along with installing ALOT of adware on ur computer it also installs some sort of "trojan", adds toolbars to your browser and seems to redirect your from time to time to **** sites
if any of yall have any experince with these types of things could u help me out, this is getting VERY VERY annoying
11-13-2003, 09:20 PM
#2
Administrator
Re:"realphx" virus
I don't use AOL IM, but I recently got rid of something that sounds very familiar.
Every reboot, my Explorer home page would be changed to thesten. com (or something like that).
(space before the .com on purpose so people don't click on it,
so Don't get curious and try to go there!)
3 **** sites would be added to the bottom of my Favorites list.
Links on various pages, would be changed to that site as well.
Looking at the HTML source of the page with the messed up lings would show nothing, a blank page.
Refresh the page and the link would revert to whatever it was supposed to be.
HTML source would be what it was supposed to be as well.
Just happened to have that site in my hosts file, so it never displayed anything, just 404-not found, I just assumed it was ****, otherwise it wouldn't have been in the **** section of hosts.
(I have a huge Hosts file, stops popups, ads, ****, etc)
(for more info on Hosts, do a search on Yahoo or Google, too confusing to try to explain here)
This was happening for about a week before I put 2 and 2 together and went looking for it.
Ran Adaware, thinking I got some spyware, but it came up empty.
Ran Norton Antivirus (1yr old definition files, didn't want to pay for updates after the free one ran out),
and it didn't find anything.
Zonealarm was showing 2 Windows Mediaplayer files wanting access to the internet that previously never showed up as wanting access.
I had just updated Media Player, so I didn't think anything of it at first.
Found those 2 files in the Windows Media player folder with dates much older than all the others,
so I deleted them.
They were both dated October 2002 if I remember right.
Media player worked just fine without the files.
Also did a search in my registry for any "thesten" entries and deleted them as well.
Seems to have worked.
Home page has remained Yahoo for a week.
No strange links on web pages anymore.
I think I cleaned out whatever was doing it.
<edit> After reading up on realphx on Symantec.com, it doesn't sound like what I had, but similar.
Symantec has instructions for getting rid of it.
Do a search for realphx on Yahoo and they'll have a link to the Symantec discussion of it.
phox
Every reboot, my Explorer home page would be changed to thesten. com (or something like that).
(space before the .com on purpose so people don't click on it,
so Don't get curious and try to go there!)
3 **** sites would be added to the bottom of my Favorites list.
Links on various pages, would be changed to that site as well.
Looking at the HTML source of the page with the messed up lings would show nothing, a blank page.
Refresh the page and the link would revert to whatever it was supposed to be.
HTML source would be what it was supposed to be as well.
Just happened to have that site in my hosts file, so it never displayed anything, just 404-not found, I just assumed it was ****, otherwise it wouldn't have been in the **** section of hosts.
(I have a huge Hosts file, stops popups, ads, ****, etc)
(for more info on Hosts, do a search on Yahoo or Google, too confusing to try to explain here)
This was happening for about a week before I put 2 and 2 together and went looking for it.
Ran Adaware, thinking I got some spyware, but it came up empty.
Ran Norton Antivirus (1yr old definition files, didn't want to pay for updates after the free one ran out),
and it didn't find anything.
Zonealarm was showing 2 Windows Mediaplayer files wanting access to the internet that previously never showed up as wanting access.
I had just updated Media Player, so I didn't think anything of it at first.
Found those 2 files in the Windows Media player folder with dates much older than all the others,
so I deleted them.
They were both dated October 2002 if I remember right.
Media player worked just fine without the files.
Also did a search in my registry for any "thesten" entries and deleted them as well.
Seems to have worked.
Home page has remained Yahoo for a week.
No strange links on web pages anymore.
I think I cleaned out whatever was doing it.
<edit> After reading up on realphx on Symantec.com, it doesn't sound like what I had, but similar.
Symantec has instructions for getting rid of it.
Do a search for realphx on Yahoo and they'll have a link to the Symantec discussion of it.
phox
11-13-2003, 10:42 PM
#3
Administrator
Re:"realphx" virus
A couple of things you can do.
Get good virus protection and keep it up to date (such as Norton or McAffee).
There is software out there to rid your computer of spy ware. The one I use is made by Lavasoft and is called Adaware. This is a free application and cleans you PC of all spy and ad ware.
Get a good firewall. Hard or software.
Rich
Get good virus protection and keep it up to date (such as Norton or McAffee).
There is software out there to rid your computer of spy ware. The one I use is made by Lavasoft and is called Adaware. This is a free application and cleans you PC of all spy and ad ware.
Get a good firewall. Hard or software.
Rich
11-14-2003, 06:58 AM
#4
Registered User
Join Date: Sep 2003
Location: Elkridge, MD
Posts: 572
Likes: 0
Received 0 Likes
on
0 Posts
Re:"realphx" virus
[quote author=DieselDaze link=board=10;threadid=22400;start=0#msg209515 date=1068784961]
A couple of things you can do.
Get good virus protection and keep it up to date (such as Norton or McAffee).
There is software out there to rid your computer of spy ware. The one I use is made by Lavasoft and is called Adaware. This is a free application and cleans you PC of all spy and ad ware.
Get a good firewall. Hard or software.
Rich
[/quote]
Couldn't agree with you more. Along with the Anti-Virus and AdAware, you should also try out the Google toolbar. It has an excellent Popup blocker. You can download it from www.google.com
A couple of things you can do.
Get good virus protection and keep it up to date (such as Norton or McAffee).
There is software out there to rid your computer of spy ware. The one I use is made by Lavasoft and is called Adaware. This is a free application and cleans you PC of all spy and ad ware.
Get a good firewall. Hard or software.
Rich
[/quote]
Couldn't agree with you more. Along with the Anti-Virus and AdAware, you should also try out the Google toolbar. It has an excellent Popup blocker. You can download it from www.google.com
11-14-2003, 10:33 AM
#5
Registered User
Join Date: Nov 2003
Location: Where my hat is
Posts: 413
Likes: 0
Received 0 Likes
on
0 Posts
Re:"realphx" virus
A program I have found to be better than Adaware is SpyBot SD http://www.safer-networking.org/inde...;page=download (Price is right, too. Free!) SpyBot will look for many known Trojans, which anti-virus programs are not really designed to do. (There is a huge difference between a trojan and virus) Adaware has also had some known issues with Windows XP.
A very good (again, free) anti-virus program is AVG from Grisoft. It can be downloaded from http://www.grisoft.com
Both programs are highly recommended and you can't beat the price.
A very good (again, free) anti-virus program is AVG from Grisoft. It can be downloaded from http://www.grisoft.com
Both programs are highly recommended and you can't beat the price.
11-14-2003, 10:39 AM
#6
Registered User
Join Date: Feb 2002
Location: Maple Ridge B.C Canada
Posts: 83
Likes: 0
Received 0 Likes
on
0 Posts
Re:"realphx" virus
Tom, i also have AVG and i agree....it is a great program (for a free one), it also runs a scan on *your* scheduale and finds and heals viruses automatically.
it's saved my bacon a few times.
it's saved my bacon a few times.
11-14-2003, 02:33 PM
#7
Registered User
Thread Starter
Re:"realphx" virus
well i went through all the freebies and known seemed to work till i downloaded AVG's full trial version (30 days)
so far it seems to have taken care of some of the affects but i guess ill have to wait until a better solution comes around
hope known of yall are hit by this like i was
thanks for the help
jeff
so far it seems to have taken care of some of the affects but i guess ill have to wait until a better solution comes around
hope known of yall are hit by this like i was
thanks for the help
jeff
Thread
Thread Starter
Forum
Replies
Last Post
PEAKSTRYDE
Suggestions, Comments and Site Questions
1
10-11-2007 04:20 PM