1 2 3 Previous Next 54 Replies Latest reply on Dec 21, 2010 6:32 AM by Valeinrete

    113577url.cptgt.com

      Recently I have had some issues with my lap top. I keep getting a few web pages that pop up, one for Walmart saying I've won a gift card, another for a video arcade game online, and the last for a Google search page with the search field title as "113577url.cptgt.com". I haven't searched for this at all. Reading some descriptions for links on this search page, it talks about the "1135...." how it is something caused by Google, a virus perhaps. I contacted McAfee earlier this afternoon, and did a live chat. They sent me links for what to do if I do have a virus on my computer. I am currently running a full system scan (which has been going on for HOURS now, and is only at 20%. Normally takes an hour at most!), along with some other virus detector from the McAfee website called "Bugbear Removal". Has anyone else ever heard of this 113577url.cptgt.com, and if so.. help! What is it, and how do I get rid of it? Thank you!!

        • 1. Re: 113577url.cptgt.com
          Peacekeeper

          From my looking this up this is very recent. I would follow the following

           

          Update your dat files and scan your PC with Virusscan in Safe Mode.

           

           

           

          To do this, tap F8 repeatedly while booting up. You'll get a boot screen with choices. Pick Safe Mode. Your PC will boot in a low resolution state as most processes won't be running. Go to "My Computer" (XP) or "Computer" (Vista), right-click the hard drive and select "Scan" from the drop-down menu. You'll see an extra taskbar icon which will show a progress report if you hover over it.

           

           

           

          If you think you have a virus infection on your PC do one or both of the following :

           

          - Run the free Mcafee Stinger program from http://vil.nai.com/vil/stinger/ -

           

          set it to Report Mode and very high sensitivity (in Preferences) and post the logs of anything it detects.

           

          - Join the McAfee Getsusp group at https://community.mcafee.com/groups/getsusp30-beta-feedback

           

          You will have to ask there for Getsusp, which is a Beta program and not yet on general release.

           

          Before you use Getsusp, you should go to this document

           

          https://community.mcafee.com/docs/DOC-1323

           

          and download the PDF file explaining what Getsusp is and how it works, and this document

           

          https://community.mcafee.com/docs/DOC-1761

           

          which downloads the installation guide PDF document.

           

           

           

          If you want a second opinion, or to be on the safe side, then you can do a scan with the free versions of these tools :

           

          Malwarebytes and SuperAntiSpyware

           

           

           

          If you already have Malwarebytes installed, the virus could be protecting itself against it. In that case, in order to get Malwarebytes running you'll need to rename the executable. Open the C:\Program Files\Malwarebytes Antimalware folder, then rename the "mbam.exe" file and double-click directly on the file to open the program. After updating the program, run a full system scan using Malwarebytes.

           

           

           

          Make sure both programs are updated to the latest versions before running them and let them clean anything they find. If they quarantine a file or fail to remove a file try to get a copy of it and send it to Mcafee using the virus submission path described here :

           

           

           

           

           

          Send the file to mcafee labs at http://vil.nai.com/vil/submit-sample.aspx

           

           

           

          Zip the file and password it with password infected.

           

           

           

          You will probably get an autoreply back saying it is infected; reply asking for it to be manually tested.

           

           

           

          Include in your first submission :-

           

          Submission Information
          Please provide the following information along with your sample. It will help us speed the sample review process:

           

           

           

          · A list of all files contained in the sample submission, including a brief description of where or how you found them

           

          · What symptoms cause you to suspect that the sample is malicious

           

          · Whether any security products find a virus (tell us the security vendor, its product name, the version number, and the virus name assigned to the sample)

           

          · Your McAfee product information (product name, engine, and DAT version

           

          · Any system details that may be relevant (operating system, service packs, etc.)

           

           

           

           

           

          As I mentioned it appears to be new so might take a bit to get it removed

          • 2. Re: 113577url.cptgt.com

            Peacekeeper,
              Thank you for your reply! I did as directed, and still working on it first thing this morning. After running the "Stinger" program, posted in the (results?) field "...svchost.exe is infected with the FakeAlert!FakeXPA virus!!!" I joined the group for GetSusp, downloaded and ran this program. The results from this scan identified 3 Suspicious files and 4 Unkown files. "Suspicious samples have been successfully delivered to McAfee Labs"

             

            I am trying to find out how to post the results (log?) in the forum for GetSusp, but I don't know how. I was able to find the report on my computer.. I see "XML Document, XSL Stylesheet, Text Document"

             

            Where do I go from here? Thank you!

             

             

            Message was edited by: sinkingwaterbug on 12/13/10 7:23:51 AM CST
            • 3. Re: 113577url.cptgt.com
              Danii

              Tony,  I have this virus as posted in another thread. Im quite certain that it happened after a Myspace visit, and I've heard this from others that say the same and others from a Facebook visit. Maybe they are targeting social network sites?

               

              I can run Malwarebytes and also McAfee with both uptdated and they turn up nothing.

               

              Since Malwarebytes does run the scan ....should I still change the name of the exe  file then run it.........or is that only if MB does not run at all?

               

              Thanks I'm ok but not all that tech savvy.

               

              Also there is some sort of phantom voice thing (audio pop up) happening....sort of like a radio broadcast even when I shut the browser down. I use Firefox. This is only happening on one user ID out of three in Vista 32.

              • 4. Re: 113577url.cptgt.com
                Peacekeeper

                Post the second zip file in new thread ie teh small 1.

                 

                Dani try getsusp as well. Only rename MWB if it will not update or run

                 

                 

                Message was edited by: Peacekeeper on 14/12/10 6:53:15 AM
                • 5. Re: 113577url.cptgt.com

                  I believe it came from Facebook as well, but I am not certain. I know yesterday when it all began to happen I was on Facebook, Hotmail, and Youtube.

                  • 6. Re: 113577url.cptgt.com

                    When you say post the results in a new thread, are you talking copy and paste.... or as an attachment. Just don't want to attach anything that will cause virus to spread when they open attachement or click on its link. I am not computer savvy so please.. step by step. Thank you for all of your help. As for the Malwarebytes: I have anything that turned up in its results quarintined. I have a couple options at the bottom of the program, "delete, delete all, restore, restore all". I know for sure I don't want to restore! After running the GetSusp, it says "Suspicious samples have been successfully delivered to McAfee Labs". What else can I do in steps to get this virus off my computer?

                    • 7. Re: 113577url.cptgt.com

                      Danii, I had the same thing happen with the "phantom voice". I ended up completely closing my laptop while it was still running to shut it down quickly. I knew right thing that something was horribly wrong! I scanned with McAfee as well, but it turned up clean with only a tracking cookie. Malwarebytes, GetSusp, and Stinger however are telling a different story..

                      • 8. Re: 113577url.cptgt.com
                        Danii

                        sinkingwaterbug.................I just ran stinger after disabling system restore, I set in on very high and report and it found nothing. I think I did it correctly..although when I went back to preferences on stinger (just to check it after the scan) it said very low when I opened up the preference tab the second time after the scan. also bootlogs was not checked....so mabe I have to run it again

                         

                        What number update of Malwarebytes found your problem because mine did not find anything earlier today (Monday).

                         

                        I really hope McAfee gets on this thing in the next day.

                         

                         

                        Is your laptop now clean?

                         

                        Thanks for response

                        • 9. Re: 113577url.cptgt.com
                          Danii

                          I am at a total loss as to what Getsusp is. I read the pdf on it and its very confusing to me.

                           

                          Does it remove the problem if found? Can someone explain how it works?

                          1 2 3 Previous Next