A Digital Age Deserves A Digital Leader

NSIS Media

NSIS Media

Postby Neuromancer » Wed Sep 27, 2006 9:46 pm

Somehow, today I got infected with this little piece of malware.

Its a explorer popup advertising malware, so popup blockers do not effect it.

It normally attacks firefox users, although I do not run firefox and was infected by it.

A quick uninstall, registry sweep and temp folder deletion did not fix it. After restart it appeared again (in Common Files folder).

It is not located in Run or RunOnce but is located in ShellEx hook. I read something about steganos spyware being able to detect it ( a spysweeper rebranding), but do not know more then that.

There are only 2 places I could have gotten it.

Bitcomet .70 from the megaupload link posted on hteir forums, since the standard cnet is problematic at best.

Or abcAVI tag editor. (Since switching to WMP11 half of my TV shows are incorrectly named now and I need to retag about 75 of them :-x )

To prevent it from starting/reinstalling, run the uninst.exe in the common files\NSIS folder, but when it propmpts you to restart.. instead do a hard reset/power off. This will prevent it from reinstalling itself.

You can thereafter still find it listed in the registry under HKLM\Software\NSIS\Media however the data is Optout 1.

I have not tried deleteing that yet to see if it still comes back

Unfortuantely i still dont know where it really resides (although I did see a BitComet refernce in the registry to NSIS, it could have been the NSIS (Nullsoft Install Something). So as soom as I finish my tasks, reformat time. Then I will know for sure if it is bitcomet.
Image

"The spirit of resistance to government is so valuable on certain occasions, that I wish it to be always kept alive. It will often be exercised when wrong, but better so than not to be exercised at all. I like a little rebellion now and then. It is like a storm in the atmosphere."--Thomas Jefferson
PRO GOLD
User avatar
Posts: 5756
Joined: Sun Mar 28, 2004 5:19 am
Location: West Virginia

Postby NT50 » Thu Sep 28, 2006 12:27 am

Try the software Counter Spy, it has a 15 day trail and see if CS will clean it up for you. You can get it here

Edit: Just thought abou this after I posted, try turn system restore off then removing the software.
Dogs Have Owners; Cats Have Staff
PROfessional Member
User avatar
Posts: 8220
Joined: Sat Jun 19, 2004 4:46 pm
Location: Jackson, TN USA
Real Name: Jeff Replogle

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 1 guest

cron
cron