Majorgeeks

[martymas]

hi team for several years ive used majorgeeks to down load software.

but over the holidays .i used the search bar and when majorgeeks.sit came up i clicked on what i thought was a genuine site .

and my page went haywire .i was getting an error and cant find the server page.

and all of a sudden i have a trojon on my sys .

i wouldnt like to point the finger at MG.

so i think the virus came from a site posing as MG.

at the time i was in the process of installing avast .

and my siren went off warning me .

luckly avast arrested the virus.and put it in the vault .

the reason im posting this before xmas my next door neighbor

said she had got a virus from MG .

but i dismiised it.it is easy to blame any one.but now i think she was right .

has any one else experienced this.

im not really comfy posting this.as MG has been a trusted site for me for some time.

marty

[thesidekickcat]

Thanks for the warning.

It is getting hard to know who or what to trust on the internet, especially since there are spoofer/phisher sites around.

I am glad your Avast was able to protect you.

Have a Happy, Safe, Healthy New Year.

God bless everyone.

Edited January 2, 2005 by thesidekickcat

[MajorGeek]

Hi,

I would like the opportunity to look into this. If someone is copying our website to pass off spyware or viruses I would like to track it down and have them shut down. Perhaps you could let me know what search engine and what you typed so I can look into it.

MajorGeeks.com continues to test ALL software before posting for quality, viruses and spyware. We started out this way and will go down this way. Companies use clone websites and even spyware removal tools to infect people, so anything is possible here.

Thanks for your time. We can always easily be contacted through our website for any questions. I will gladly look into this and let you know with more details.

[MajorGeek]

I also would appreciate your contacting a "trusted site" before you go making multiple posts on the internet accusing us of infecting you. I am continuing to look into it, and can only promise you you did not get it from us.

http://forum.worldstart.com/showthread.php...7109#post467109

[MajorGeek]

So far found one website that looks like ours, but nothing newer then May for updates, hopefully it does not fool anyone. Since it is in China, not much we can do, it also does not appear to be doing any harm. This is from still searching Google, have not even begun searching MSN yet. Let me know what you typed it please so I can accurately reproduce your problem if possible.

ehomenet.onlinedown.net/down/

[MajorGeek]

I scream uncle. I searched majorgeek and majorgeeks and got nothing but valid links to us for the first 5-7 pages on both Google and MSN search. Let me know if I can help more or you can offer more information.

[cowsgonemadd3]

Wow Look we got somebody from major geek here!

Just to say your site is good......

[Kat]

Thanks so much for the work you have done regarding this, MajorGeek! Don't be a stranger to our forums!

[MajorGeek]

My pleasure, we are lucky that on our forums our moderators and readers tipped me off to this thread and some searching found another thread written exactly the same by almost the exact same username, but felt it was worth a look.

Again, I am here if the original poster wants to give out some more information but otherwise can only say he or she was probably hijacked by one of the thousands of websites out there people create to run ads or install spyware because some poor person made a typo.

This is a good reason and time to remind people to bookmark their favorite websites, especially sites you have banking or credit information at and never click a link in email or manually type in a website again if you visit or have financial information stored at.

And thanks for the kind words guys, we appreciate your friendship and visits to our website!

[Darrenkook]

Marty,

In the other thread that Majorgeek linked to was a reference to spoofstick. This an excellent program and shows you what site you are on just in case you go to a site that routes you to another site...It's free and definately worth having!!! If you decide to use it...don't freak when the fonts come up huge..You can change that.....

Thanks majorgeek for checking this out also!! I know many many people use that site to download...

[MajorGeek]

Good call, we also have that for download, of course:

http://www.majorgeeks.com/download4453.html

[cowsgonemadd3]

Well I hope the user will help you! I have never had the problem I was linked there by other download site......

Again Good job everyone over there from Cowsgonemadd3!

[MajorGeek]

Thanks again! I dont know what else to do, I am a bit bothered as the day goes by (I think I responded about 13 hours ago) that we were accused on multiple forums (by marty as known in quite a few forums) , without a response back explaining the situation in more detail. I dont see what was to be gained here, other then to take a shot at us since most would directly email a trusted website, but instead this was posted on multiple forums. Oh well, in case I dont get back anytime soon Marty, I am tim, my partner is jim and you can email tim or jim at majorgeeks.com if we can be of further assistance.

[martymas]

hi sorry i havent been back to the thread for some time holidays and all that.

im glad some one from the site has posted.as i said in my post i wasnt comfy .

as ive used the majorgeek site for some years.anf for software it is one o fhte best on the internet.

i havent had a trojon in all the time ive used a compt

so i was a bit chaffed.

tho didnt directly blame the site.

i know a site like this is vulnerable to statements like mine

so i would like to assure posters .

the trojon probably came form the other sources.

it is any help for the MG rep

i was in the MG site installing avast .

when my page went hay wire first i got an error page .

then a cant find the server page .

by that time avast was installed.

at first i thought my urlmon dll file needed to be refreshed.

but once i restarted my compt avast let off a siren and a voice said beware .

yuo are in danger of getting a trojon.

well i paniced and i didnt even to think of reading the name of the trojon.

all i remember was it was in c:windows file.

it deleted easily enough.

so deleted it from the vault .

to assure my self it wasnt the site i went straight back into MG SITE .

TO GET Adaware and all was ok.

the one thing i remember was in the address bar was this address

www.udg.some numbers.majorgeeks.com

so right there and then i thought my sys had been highjacked .

but since then my sys has been ok ive scanned with

avast.avg. and house call.

and they all come up clean.

if you read my original post you will see my neighbor had the same problem .

i said to her rubbish.MG wouldnt exist if this happened.

so to all who use MG

keep using the site.

im sure it was some one posing as MG

i hope this post has helped.

i still use MG

and i hope all others will also

marty

[MajorGeek]

Marty,

What you describe sounds like a browser Hijack. If you visit our forums, I will look at your Hijack This log, which you probably need to run regardless at this point. I would also consider using the Mozilla Firefox browser. While not 100% secure, it eliminates many of the Internet Explorer vulnerabilities that are taken advantage of by these scumbags.

Good luck to you

[Nerelda]

I only go to www.majorgeeks.com for ALL my downloads if possible. I've found the site to be most trustworthy and having the fastest download times.

Thanks for your continued excellent service.

[martymas]

hi thanks i will visit the site i didnt mean to cause any inconveince to your site

ive used it for years.

i relly wanted to see if any one had got the same problem as i did .

when ever ive installed ive got Adaware.regclean. avg .avast.from MG

for some years now .

and i will continue to use it .

you may be right i may have been highjacked.

this is an area im not familiar with.so i will probably need help.

so thanks for your post

marty

[martymas]

ok team for the last hour i cant get the majorgeeks site .

i tried several times .

i typed majorgeeks in to the msn search bar.

and clicked on several site applis but the only one i can get into is one called alexa.

now im not sure what is happening here.when i click one the majorgeeks free ware it just sits there nothin happens

this is what happened when i got the trojon.

so some one is spoofing the site.

i cant seem to get in no how.

EDIT

hi team all morning i havent been able to get on to MG.

i posted the above at about 3.30

it is now 10.30.and aT LAst im in .

so disregard the post above.

cannot tell you reason .

i suppose it is one of those quirks of computing.

hoW ever im on .

ive in stalled HJT.

as you suggested .

but if you dont ind i would like some one from this board to read it instead of going to MG forums .

ive been a menber of this board for some time.and i respect the posters from here.

some of them i used to comunicate with at techtv.

so if some one would allow me to post

my hjt log and read it for me .

thanks

marty

[Nerelda]

I haven't been having any trouble getting to their site at all. Have you just tried typing in "www.majorgeeks.com" into the address bar? Not using search?

[Chachazz]

No problems here...

[tg1911]

Marty,

I'm sure somebody here can help you out.

Download the latest version of HijackThis (HJT), from this link.

Put HijackThis in a Permanent folder:

Click My Computer / C: / File / New / Folder / name the folder; HijackThis

Put HijackThis.exe, in this folder.

This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Read the pinned post in the Security forum, here

Then, run a log, and post it in the HJT forum, at this link. Do NOT, fix anything, yet.

A member, of the HJT Team, will help you out.

[thesidekickcat]

Hi Marty,

When you do the HJT log, wait for the HJT experts come along. They have the title Hijack This experts listed under their avatar pictures I think.

Also regarding your saying that something called Alexa was displayed, well I remembered seeing something somewhere (Spybot S and D?) about it. So I Goolged it, found a Symantec entry. It is spyware, installs a toolbar and/or icon in your existing toolbars etc.

Here is the Symantec article for anyone interested.

Symantec article about Alexa spyware

Good luck in solving your computer problems. I am sure you will be well taken care of by the experts.

God bless everyone.

[martymas]

hi team well i followed tg1911 to the letter.

and here is my log file i cant find any thing suspicious.

so i need to rely on the hjt experts

thanks

Logfile of HijackThis v1.99.0

Scan saved at 6:07:19 p.m., on 7/01/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

----------------------------------------------------------------------------------------------

hey team i wonder how many software and hardware companys monitor these boards.techtv used to monitor the message boards.

------------------------------------------------------------------------------------------------

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\martym\Local Settings\Temporary Internet Files\Content.IE5\IR9KO4SY\HijackThis[1].exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)

O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta

O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{9DA5EFFC-DDDA-4278-A647-689CA5F07C9C}: NameServer = 202.37.101.1 202.37.101.2

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

marty

[tictoc5150]

hi team well i followed tg1911 to the letter.

Marty, this is incorrect.

tg1911 said:

Put HijackThis in a Permanent folder:

Click My Computer / C: / File / New / Folder / name the folder; HijackThis

Put HijackThis.exe, in this folder.

This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Read the pinned post in the Security forum, here

Then, run a log, and post it in the HJT forum, at this link. Do NOT, fix anything, yet.

A member, of the HJT Team, will help you out.

You left HJT in a temp folder and it's very important that you put it in a permanent folder for the reasons tg1911 stated...and also to post the log in the HJT section of the boards, HERE.

I'm not trying to be a jerk, just pointing out the things that'll get you helped in a more timely manner

good luck,

T.

[bar5]

Hi:

I use MajorGeeks for just about ALL my downloads. Never had a problem. Will continue to use it. It is a very trustworthy site. It is the first site I go to if I'm looking for a particular type of software etc.

Good luck Marty, hope you get your computer up and running clean.

Barb