LocusSoftware malware

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My daughter picked up something via MSN the other day and it's proving an
absolute b*sta*rd to clear out.

It one of your usual fake virus alert programs that continually badgers you
about things on your system using very plausible looking messages in your
system tray.  I'm also getting pop-ups for a gambling site (Skypoker) and a
search engine.

I've tried a heap of trusted anti-spyware programs, AVAST and Windows
Defender on it but it won't budge.

One program I used claimed to find (and remove) Winfixer but it keeps coming
back.

In the c:/documents and settings/XXX/local settings/temp folder (where XXX
is my our user name) I keep getting new files with names like qrjatydi.exe
and other such garbage.  Whatever the name, they always say "LocusSoftware,
Installer, LocusSoftware, Inc." beside them.

So far I've used Spyware Blaster, Ad-aware, Avast, SuperAntiSpyware (free
edition), Windows defender and Trend Micro Housecall, all to no avail.

To add to the complications, the laptop won't boot into regular safe-mode,
it always hangs at the same point when loading a driver.  It *will* boot
into a system admin safe mode (which still has network access) but the
malware continues to be active in this mode and makes doing anything tricky.
I just don't seem to be able to shut it down.

Where do I go from here?

TIA

Tim



Re: LocusSoftware malware

Use Remove-it version 14, it's fast and free. It now has over 5000
signatures to remove  All variants of Rogue scanners, Desktop/Homepage
Hijackers, Trojans, Codec's, and related Malware/Spyware. New Feature,
Remove-it will now update your hosts file. This tool is designed to
Specifically remove all variants. Scan time is about 2-10 minutes. Designed
for Windows 2000/XP only.First read this page
http://www.pcbutts1.com/downloads then use the email link on the bottom of
the page to receive the software.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



Quoted text here. Click to load it



Re: LocusSoftware malware

@leythosthestalker.com says...
Quoted text here. Click to load it

It updates your host file to block downloading of quality malware
fighting tools. Do you really want to use something that blocks the
downloading of quality malware fighting tools?

--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

Re: LocusSoftware malware

Quoted text here. Click to load it

Get Hijackthis here:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Then go to the Avast Forum here:
http://forum.avast.com/index.php?topic=5373.msg39361#msg39361
let us know how you make out :)

-jen




Re: LocusSoftware malware

Use Remove-it version 14, it's fast and free. It now has over 5000
signatures to remove  All variants of Rogue scanners, Desktop/Homepage
Hijackers, Trojans, Codec's, and related Malware/Spyware. New Feature,
Remove-it will now update your hosts file. This tool is designed to
Specifically remove all variants. Scan time is about 2-10 minutes. Designed
for Windows 2000/XP only.First read this page
http://www.pcbutts1.com/downloads then use the email link on the bottom of
the page to receive the software.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



Quoted text here. Click to load it



Re: LocusSoftware malware

@leythosthestalker.com says...
Quoted text here. Click to load it
It updates your host file to block downloading of quality malware
fighting tools. Do you really want to use something that blocks the
downloading of quality malware fighting tools?
--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

Re: LocusSoftware malware

Leythos wrote:
Quoted text here. Click to load it

I have to say I'm always suspicious of anyone who emails out executable
files uninvited.

Tim



Re: LocusSoftware malware

First of all you really need to learn what an executable file is. I did not
send you an executable file. Secondly uninvited? you asked for help I gave
you help. I could have just as easily gave you manual removal instructions
but then you don't know the difference between an executable file and a zip
file. You asked for help and was given help if not by me then by Jen, which
will just give a diagnostic, but at any rate those downloads are executables
not mine. Oh and BTW my Remove-it software would have cleaned your daughters
computer in 5 minutes which *is* much faster then a re-install.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



Quoted text here. Click to load it



Re: LocusSoftware malware

pcbutts1 wrote:
Quoted text here. Click to load it

You think it wise to open a zipped file from an unknown person?

Quoted text here. Click to load it

I *didn't* ask for mystery parcels in my email.  A link would have been
fine.

Quoted text here. Click to load it

Which is exactly the sort of advice I was looking for but no, you wanted to
plug your product.

Quoted text here. Click to load it

I do, but I still wasn't about to open a zipped filed email uninvited from a
complete stranger.

Quoted text here. Click to load it

So you say.  Several other products have claimed the same thing.  It was by
believing in unsubstantiated claims that the PC got infected in the first
place.

YOU need to learn some email manners.  Always *ask* before sending
attachements to strangers, particularly when the subject concerns computer
viruses.  You've done your company no favours.

Tim



Re: LocusSoftware malware

You are one of those people who are too smart (you think) for your own good.
You are also a hypocrite, First you wrongly complain about a zip file. Then
you complain because the zip file contains an executable yet you are willing
to download an executable had I given you a link, which I did but you didn't
notice it. If I wanted to "plug my product" then I would have sent you a non
working trial version that you have to have pay for to in order for it to
work. Look I do this for free, I can care less whether you use my software
or not but think next time you speak and don't criticize something you know
nothing about like malware.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



Quoted text here. Click to load it



Re: LocusSoftware malware

pcbutts1 wrote:
Quoted text here. Click to load it

No I didn't.  It contained an executable.  YOU lied about the file.

Quoted text here. Click to load it

I might have.  Given what I've found out about you by googling, never in a
million years.

Quoted text here. Click to load it

An you know nothing about netiquette.

Someone who steals software and re-issues it under his own name is hardly
likely to be a trustworthy source of software.  It seems my caution was
absolutely justified.

Tim




Re: LocusSoftware malware

Show me what I stole smart ass. You seem "100% sure" I stole something
because of what you read show me what I stole. You are nothing but a big
headed smart ass who felt embarrassed because you don't know the difference
between a zip file and an exe file. You are too dumb and stupid to realize
that every piece of software you install on a windows box is an executable.
Netiquette is when I zipped the file up as to not send you an executable.
Spyware Blaster, Ad-aware, Avast, SuperAntiSpyware, Windows defender and
Trend Micro Housecall are executable files you dummy. So don't try to bitch
and complain about a zip file that contains an executable. You are WRONG!
you are a bigheaded FOOL! and you should have Googled before you started it
up with me and you would have known that I don't take shit from no one
especially from some idiot like you who thinks I'm a thief. You are a lamer,
who probably got an email from the troll Leythos, who told you to format
your system because that is the only way to be "100% sure" and since you
both have the same mentality you agreed.  Now fuck off and get lost before I
embarrass your ass again.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



Quoted text here. Click to load it



Re: LocusSoftware malware

pcbutts1 wrote:

Quoted text here. Click to load it

Again?  Shouldn't the first thousand times be adequate?

Quoted text here. Click to load it

How about that last link you posted just a couple hours ago?  Aha,
busted again, Buttface!

Quoted text here. Click to load it

<lol!>

Quoted text here. Click to load it

Thinks you're a thief?  KNOWS you're a thief!

Quoted text here. Click to load it

You couldn't embarrass your way out of a paper bag...

--
   -bts
   -Motorcycles defy gravity; cars just suck

Re: LocusSoftware malware


Quoted text here. Click to load it

You're busted.  Get used to it.  Try scaring someone your own age (assuming
their mummies and daddies will let them play on the computer too).

Even if, however unlikely it seems, you're *not* nicking software, your
complete ignorance of how to behave on USENET is all the warning folk need
to stay away from anything you claim to be *your* product.

Tim



Re: LocusSoftware malware

Idiot! loser. You can't win a 5k and you can't win here. I say again fuck
off.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



Quoted text here. Click to load it



Re: LocusSoftware malware

pcbutts1 wrote:
Quoted text here. Click to load it

First use of the "F" word.  You lose.

XX

Tim



Re: LocusSoftware malware

pcbutts1 wrote:
Quoted text here. Click to load it

Having looked more closely at what you sent me I have to ask, what kind of
person considers an executable inside a zipped folder not an executable?

Pot, kettle, black.

Tim



Re: LocusSoftware malware

@obvious.yahoo.co.uk says...
Quoted text here. Click to load it

Last one I saw that did that was easily cleared out with the SmitFraudFix tool.
Google will find that for you.

--
Snob? Were I a snob, I wouldn't be talking to you.

Re: LocusSoftware malware

Quoted text here. Click to load it

The latest "Smitfraud" variants require much more than a smitfraudfix
tool.  He needs expert help from a site that specializes in Hijackthis
log analysis...

-jen



Re: LocusSoftware malware

says...
Quoted text here. Click to load it
Maybe. The last one I saw, about a month ago, was easily taken care of by quite
an old version of
the fix utility.
I was quite surprised. I didn't even need to use Safe Mode, AFAIR.

--
Snob? Were I a snob, I wouldn't be talking to you.

Site Timeline