You are either not logged in or not registered with our community. Click here to register.
 
December 09, 2016, 03:46:00 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

Click here if you are having problems.
Default Wide Screen Beige Lilac Rainbow Black & Blue October Send us your theme!

Hark!  The Herald!
Holiday Issue 2016

Wiki Blogs Dicebot

Author Topic: Weird YIM link threat  (Read 3033 times)

0 Members and 1 Guest are viewing this topic.

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #25 on: July 21, 2010, 10:53:57 AM »
I was wrong. The virus is still there. NOTHING gets Rid of it. As soon as I restart my PC its back. NOW I'm starting to get pissed.

Offline Beguile's Mistress

  • Time flies like an arrow ~ Fruit flies like a banana ~ Elliquiy's Fair-E Godmother
  • Dame
  • Carnite
  • *
  • Join Date: Jul 2009
  • Location: Faeleacanvald ~ The Steeler Nation ~ Home of Lord Stanley's Cup 2016 ~ She won't stay throwed! ~ 48\22-5\1\11-5\7
  • Gender: Female
  • Perpetual Notion Machine ~ 'What if...?'
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 3
Re: Weird YIM link threat
« Reply #26 on: July 21, 2010, 11:00:54 AM »
Thanks for that bit of information.  I ran Norton, Avira, Adware and Malwarebytes and it's gone for now but I haven't restarted my laptop.  I'm chicken. 

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #27 on: July 21, 2010, 11:03:19 AM »
Ok folks this thing will force start your YIM program. I have my YIM set to not auto start and it sill started it. Delete your password out of the password bar or it will keep restarting your YIM and sending itself out. This thing is creepy.

Offline Haibane

Re: Weird YIM link threat
« Reply #28 on: July 21, 2010, 11:09:01 AM »
I was wrong. The virus is still there. NOTHING gets Rid of it. As soon as I restart my PC its back. NOW I'm starting to get pissed.
Malwarebytes. I keep saying it. Have you actually run that?

Offline Cybrewaste

Re: Weird YIM link threat
« Reply #29 on: July 21, 2010, 11:12:21 AM »
Ultimate way of getting rid of viruses: Format

Offline Oniya

  • StoreHouse of Useless Trivia
  • Oracle
  • Carnite
  • *
  • Join Date: Sep 2008
  • Location: Just bouncing through. Hi! City of Roses, Pennsylvania
  • Gender: Female
  • One bad Motokifuka. Also cute and FLUFFY!
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 3
Re: Weird YIM link threat
« Reply #30 on: July 21, 2010, 11:18:16 AM »
Ultimate way of getting rid of viruses: Format

Not always, and then you've lost all the important things that you've had on your computer.

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #31 on: July 21, 2010, 11:18:51 AM »
Malwarebytes. I keep saying it. Have you actually run that?

I've ran it twice, and am running it... YET AGAIN.

Umm yea as cyberwaste says I may upgrade to windows 7 early with a full wipe and install.

Offline Oniya

  • StoreHouse of Useless Trivia
  • Oracle
  • Carnite
  • *
  • Join Date: Sep 2008
  • Location: Just bouncing through. Hi! City of Roses, Pennsylvania
  • Gender: Female
  • One bad Motokifuka. Also cute and FLUFFY!
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 3
Re: Weird YIM link threat
« Reply #32 on: July 21, 2010, 11:20:18 AM »
Umm yea as cyberwaste says I may upgrade to windows 7 early with a full wipe and install.

Make sure it's a zero-level, and then still install and run MWB from safe mode as the first thing you do.  I had to do that with the 'Spyware Protect 2009' virus.

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #33 on: July 21, 2010, 11:34:53 AM »
Ok, its not letting me run Malware bytes in Safe or normal mode now.

I get a 440 Runtime Error.

I'm fairly compter savvy and calm, but this thing is starting to scare even me.

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #34 on: July 21, 2010, 11:43:36 AM »
Ok Malwarebytes had to be uninstalled and reinstalled.

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #35 on: July 21, 2010, 11:57:44 AM »
Ok this is what Microsoft Security Essentials found

C:\WINDOWS\jusched.exe

Now it killing that seems to stop the virus program fora  while untill I do a restart.

Can someone tell me what this is before I go into the root file and all that and hunt it down for permenent deletion?
« Last Edit: July 21, 2010, 12:02:22 PM by Paladin »

Offline Haibane

Re: Weird YIM link threat
« Reply #36 on: July 21, 2010, 12:01:44 PM »
Is 'jisched' the right spelling? Google searches hardly know it but know lots about 'jusched' which is part of Java Runtime.

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #37 on: July 21, 2010, 12:03:10 PM »
Fixed. yes its Jushed.exe.

And MSE says its bad.

Offline Oniya

  • StoreHouse of Useless Trivia
  • Oracle
  • Carnite
  • *
  • Join Date: Sep 2008
  • Location: Just bouncing through. Hi! City of Roses, Pennsylvania
  • Gender: Female
  • One bad Motokifuka. Also cute and FLUFFY!
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 3
Re: Weird YIM link threat
« Reply #38 on: July 21, 2010, 12:06:31 PM »
Try to uninstall all versions of Java.  Sounds like the virus may be using Javascript as part of its function.

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #39 on: July 21, 2010, 12:24:30 PM »
Yea doing that now.

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #40 on: July 21, 2010, 12:33:28 PM »
Ok I'm also going to delete and reinstall IE as I think its being affected as well. IS there a way to save my Favorites list? I have a loooooong list.

Offline Haibane

Re: Weird YIM link threat
« Reply #41 on: July 21, 2010, 12:34:37 PM »
Deleting IE does not delete your favourites though if you want to be double sure and back them up they are in docs/settings, users, etc (I'm still on XP so can't help with later versions of Windows).

If you are going to get rid of IE you way what to look at the alternatives instead of reinstalling it - I won't promote any in particular but let you think if you want to try a new one.
« Last Edit: July 21, 2010, 12:37:58 PM by Haibane »

Offline Oniya

  • StoreHouse of Useless Trivia
  • Oracle
  • Carnite
  • *
  • Join Date: Sep 2008
  • Location: Just bouncing through. Hi! City of Roses, Pennsylvania
  • Gender: Female
  • One bad Motokifuka. Also cute and FLUFFY!
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 3
Re: Weird YIM link threat
« Reply #42 on: July 21, 2010, 12:40:25 PM »
IE sort of comes part and parcel with Windows.  I'm not sure it's possible to permanently delete it.  There is a function on the File menu for 'Import and Export', which will allow you to export Favorites to an HTML file. 

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #43 on: July 21, 2010, 12:40:40 PM »
Deleting IE does not delete your favourites though if you want to be double sure and back them up they are in docs/settings, users, etc (I'm still on XP so can't help with later versions of Windows).

If you are going to get rid of IE you way what to look at the alternatives instead of reinstalling it - I won't promote any in particular but let you think if you want to try a new one.

I'm on XP as well so throw me that shortcut if you will. As for IE, I enjoy it better than the others, and once Windows 7 is installed IE will be just as good.

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #44 on: July 21, 2010, 12:42:02 PM »
wow thats a whole lot easier than copy pasting each one.

Offline Oniya

  • StoreHouse of Useless Trivia
  • Oracle
  • Carnite
  • *
  • Join Date: Sep 2008
  • Location: Just bouncing through. Hi! City of Roses, Pennsylvania
  • Gender: Female
  • One bad Motokifuka. Also cute and FLUFFY!
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 3
Re: Weird YIM link threat
« Reply #45 on: July 21, 2010, 12:44:31 PM »
Again, I'd recommend scanning it before importing it.  I'm starting to think this one's a Java exploit rather than a nasty rootkit, but this is all going by my gut.

Offline Cybrewaste

Re: Weird YIM link threat
« Reply #46 on: July 21, 2010, 12:45:57 PM »
IE sort of comes part and parcel with Windows.  I'm not sure it's possible to permanently delete it.

You can't

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #47 on: July 21, 2010, 12:46:17 PM »
so am I. wich would explain why I had been so frustrated.

Offline Paladin

  • Angel/Demon Hybrid
  • Restricted
  • Enchanter
  • *
  • Join Date: Jan 2009
  • Location: Southern Indiana
  • Gender: Male
  • Without my Honor I am Nothing. Try to understand
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Weird YIM link threat
« Reply #48 on: July 21, 2010, 12:46:56 PM »
You can't

Actually you can. Its just really hard.

Offline Oniya

  • StoreHouse of Useless Trivia
  • Oracle
  • Carnite
  • *
  • Join Date: Sep 2008
  • Location: Just bouncing through. Hi! City of Roses, Pennsylvania
  • Gender: Female
  • One bad Motokifuka. Also cute and FLUFFY!
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 3
Re: Weird YIM link threat
« Reply #49 on: July 21, 2010, 12:47:45 PM »
You can, however, choose not to use it.  I don't think that the other browsers would be immune to a Java exploit, though.