virus connected to turbobuick.com?

[GerrywithaG]

I've received the same virus from 3 different non-file-sharing computers while browsing turbobuick.com and ONLY turbobuick.com. Anyone else? The virus in question is 'XP Antivirus 2012'. Is it possible somethings attached here? Very frustrating and I'm afraid to come here now

How to remove

EDIT: It sneaks by anti-malware software un-detected. I use Malwarebytes and Avast

 

[RIFF RAFF]

I catch it and quari it every time im on .. Get some mal /url's also .. When tracked back it ends up at a fishing company in singapore..

 

[CHANCE]

Yep I got it to. I had to recover my computer just to get rid of it. So I won't be coming here on my computer till I know its gone

 

[TURBOPOWERED68]

MY COMPUTER HAD AN ACCIDENT this past week but i don't now why. I run MSE and it didn't detect anything????
time to shut my computer down for a full system scan.

 

[SuperSix]

Odd - I had no issues - then right after I visited this thread - MSE popped up with a warning - here's the details:
Encyclopedia entry: Adware:Win32/Hotbar - Learn more about malware - Microsoft Malware Protection Center

Then I ran Malwarebytes - 4 infections. I can't guarantee they are coming from here - but I never have issues like this. Curious.

Malwarebytes log:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 911122702

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/27/2011 10:56:39 AM
mbam-log-2011-12-27 (10-56-39).txt

Scan type: Quick scan
Objects scanned: 171666
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\MSHPLap\AppData\Local\Temp\uq9gzf7y.exe.part (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\MSHPLap\AppData\Local\Temp\nswB3EC.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\MSHPLap\AppData\Local\Temp\~nsu.tmp\Au_.exe (Adware.HotBar.RB) -> Quarantined and deleted successfully.
c:\Users\MSHPLap\downloads\setupregkill2702.exe (Adware.CommonName) -> Quarantined and deleted successfully.

 

[JayC]

Im not seeing it. If I had to guess, I would say its probably a compromised ad. Next time you see it, if it gives you a target URL or anything, please paste it here or PM me with it so I can investigate further.

 

[SuperSix]

Today was the first time MSE caught anything - run Malwarebytes and see what it comes up with.

No login needed to d/l it from CNET/Download.com:
Malwarebytes Anti-Malware - Free software downloads and software reviews - CNET Download.com

 

[JayC]

Today was the first time MSE caught anything - run Malwarebytes and see what it comes up with.

No login needed to d/l it from CNET/Download.com:
Malwarebytes Anti-Malware - Free software downloads and software reviews - CNET Download.com

True and the new trial has an active threat protector so if the site is trying to download malware to your PC, you'll get a notice although I fully expect the IP to be blocked to be a Google one for an ad.

 

[RIFF RAFF]

Yes jay c... Its an ad

 

[TR Custom Parts]

Just got it too from this site around 8:45PM. Only thing I had open and then it shut down IE and came up with a bogus antivirus program! XP Home Security 2012. Didn't click on any ads either as I hate those google ads. Had to do a safe mode start and then a system restore. AVG didn't pick it up. Doing a full scan now. On my laptop right now.

 

[RIFF RAFF]

MALICIOUS URL : fidral.com.............hedlio.com...............tremergy.com/hammol...................sechellos.com/apply..............porexette.com/game/..........bitrid.com....... mark avg sucks ..

 

[Phoneguy]

Man am I glad I have a Mac...I don't have these issues

Bryan

 

[JayC]

MALICIOUS URL : fidral.com.............hedlio.com...............tremergy.com/hammol...................sechellos.com/apply..............porexette.com/game/..........bitrid.com....... mark avg sucks ..

Can you tell if they are being injected through an ad? Im sure they are but Id like some clarification.

Big site update probably tomorrow. That may help.

 

[RIFF RAFF]

jay c .. ad injected .. even have the world wide saturation rates ..but i dont think you need them .

 

[RIFF RAFF]

lots of people here with infected avatars .. tomtomturbo's little bus being one of the worst .. has a nasty trojan hooked to it ..

 

[JayC]

lots of people here with infected avatars .. tomtomturbo's little bus being one of the worst .. has a nasty trojan hooked to it ..

Its the avatars? WOW!

Ill look at it tomorrow. Too much vodka to do so tonight.

 

[davelostmissing]

Pretty sure this site has had a redirector for a long time.
About every 3rd google searched entry to the site would redirect.
Seemed to be related to a VBSEO vulnerability as far as I could research.

 

[SGRIM]

We did have a redirect for a while if you didn't have some good software to clean it out...

Avatars causing trouble?????????? I didn't know that could happen... These computer hackers never cease to amaze me, why create problems for others? I would really like to play target practice with a few of them as an example....

 

[JayC]

Pretty sure this site has had a redirector for a long time.
About every 3rd google searched entry to the site would redirect.
Seemed to be related to a VBSEO vulnerability as far as I could research.

That was fixed with the upgrade to 4.x

 

[salvageV6]

Haterade has herpes!!!