Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
for some reason now, my aim profile has been replaced with a site that once clicked downloads a virus on to your computer. It isnt the realphx virus i dont think, ive ran norton and it could only quarantine it, not remove it. ive run cwshredder, ive tried to removed them manually but even after deleting the link in my profile it comes back!! Any suggestions would be greatly appreciated...
Most of the virus' I have had with Windows XP I had to disable system restore because it would make back-ups of the virus. You can try disabling sys restore then try to remove the virus but I would back up anything you dont want to lose to cd.
0 
I am posting instructions for both more advanced users and a complete walkthrough for less advanced users for removing the Realphx AIM Profile virus. The lengthier instructions for the less advanced users are under the subtitle 'Complete Walkthrough' - scroll down a bit on this post to view.
ADVANCED USERS:
Ctrl+alt+del and end program named "B". For XP, may have to search under different categories to locate file. Next, delete application named 'b'. Then go to profile, delete link, and you're done!COMPLETE WALKTHROUGH:
First hit ctrl+alt+del and select the file named 'B' in the task manager. For Windows XP users, you need to go through all the different categories under the ctrl+alt+del command to locate the virus- i am not familiar with xp. However, the file should still be under one of the categories. Next, go to C:\Windows which can be accessed either by going to the run command under the windows start menu and typing in "C:\WINDOWS" or by going to the desktop, double clicking on My Computer, double clicking on Local Disk C:, (which is drive c), and then double clicking on the WINDOWS folder. If the folder appears to be empty, look to the left of the folder for a link that says "Show All Hidden Files" or along those lines. Click on the link and files and subfolders should appear. Among those files should be an application named "b". Delete this application, then go to the recycling bin and empty that. Next, be sure to go to your AIM profile/info, delete the link, and click finish. Congratulations, the virus is now removed!
0
Does anyone know how to avoid getting this
again? Where does it come from? I've
deleted it from a few computers so far, but
don't know how to avoid these people
getting it again, because I don't know how
they got it in the first place.
0
I have something similair to all of this. I have a link virus on my aim profile. Its not from realphx though. I clicked a link in a friends info that says "whoaaa look what i found" and now its in my info and wont go away, and anyone that clicks it gets the same.
Can anyone tell me anything about this or how to get rid of it??? Any reply would be appreciated.
Thanks
0
Sherri,
This is a variant of the realphx.com bug.
Try going to
http://www.rsaisp.com/software.asp
..and clicking on the binary link choosing "Open". Unless you tried using the removal tool on talkstocks.net this should get rid of your bug.
0
Those guy's lied, I already downloaded the one from talkstock.net and it didn't work and then i tried binary one and that didn't work, and then i tried delting it came back agian everytime i reboot, sum1 help me >< please
0
Personally, I don't think you should trust any "fixes" that come from the website that put this crap on your computer in the first place. Many people here have good removal methods that I agree with. In addition, to remove the toolbar that may be installed, run Ad-Aware (available from www.lavasoft.com) and that should take care of it. For general removal of this malware, I have posted instructions here that have worked on several computers. Also, there are some links which I think you may find useful here. I hope I have helped.
0
www.jayloden.com -my website, with manual and automatic removal steps.
I've been running it since the virus came out and there's a removal tool for download. It simply automates the manual removal steps with javascript. I've been able to help a lot of people with it so hopefully it will be able to help some others who run across this. My apologies if the site is down, it's run on a home computer that's ailing and as a college student I've got no money to replace it!
Take Care!
-J
0
Hi, my friend has a thing that when she opens up a chat window, it sends "Hey, this is a pic of the cam im getting! click here"
as a message EVERYTIME.. and we cant figure how to get rid of it... its extremely annoying, and if someone clicks it it passes it to their comp.. please help me.. THANKS!!!
0
I have that virus to. I saw the link in a friend's profile that said "I can't believe I found %N's Picture here HAHAHA" Well I clicked it and now that has replaced my profile, and everytime I delete it it comes back! everyone who clicks that link gets it... I erased AIM and redownloaded it but it did not fix my problem. I also ran an antivirus thing. It isn't the realpx one or whatever, but when you click the link on the profile, the site is www.buddypicture.net. SOMEONE HELP!
0
Looks can be deceiving. realphx.com and talkstocks.net are registered to the same person in Denmark. buddypicture.net is registered to someone in Mexico. However, follow the packets and you'll find something interesting...realphx.com, talkstocks.net, and buddypicture.net all resolve to the same IP address, 211.162.108.123, which is a Linux server operating on "Greatwall Broadband Network Co. Ltd." in China. I would assume that this was done to escape legal retaliation. Realphx.com was formerly registered in the United States until mid-november, then it was moved to Canada for a short period of time, and has been in China since then. Realphx.com is the oldest of these three. Now, if you're looking for someone to blame, then how about the General Manager of the Greatwall Broadband network? Seems good enough to me. Since this is a security forum, you may be interested in looking at the security of their website if you know how.
0
My first suggestion to people trying to delete this is not to download anything else to try to fix it haha. You'll most likely just load more spyware and adware. THIS WILL REALLY WORK FOR WINDOWS 95, 98, 98SE, 2000 AND ME, NOT SURE ON XP FIRST YOU NEED TO PRESS CONTROL ALT DELETE, SCROLL DOWN YOUR LIST OF FILES AND FIND ONE THAT SAYS AV , YOU NEED TO THEN CLOSE THAT. THEN YOU NEED TO GO TO START FIND FILES AND SEARCH FOR B.exe , BBB.EXE, AV.EXE, AND REGEDIT.exe. YOU NEED TO FIND THESE FILES AND DELETED THEM. YOU MAY NOT HAVE B.exe BUT YOU SHOULD HAVE AV AND REGEDIT. DELETE ALL OF THOSE THAT YOU FIND. DELETE THEM FROM YOUR RECYCLING BIN, THEN RESTART YOUR COMPUTER AND YOU'LL SEE THAT THE VIRUS IS GONE.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
