hi guys
My system seems to be infected by some spyware . It keeps launching
this website garmagarmbatein.com if i leave my system idle for some
time with help of weird named executable(THLkohPM.exe). I scanned
with avg & spy bot but both failed to detect it..
Any of you heard of this spyware?
regards,
moses

From: "mosesvas" <d.vasant@gmail.com>

| hi guys
| My system seems to be infected by some spyware . It keeps launching
| this website garmagarmbatein.com if i leave my system idle for some
| time with help of weird named executable(THLkohPM.exe). I scanned
| with avg & spy bot but both failed to detect it..
| Any of you heard of this spyware?
| regards,
| moses


Please submit a sample of THLkohPM.exe to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

I too am facing the same problem. Please help. I think its eating up
my virtual memory space too when active. Please provide a solution.

From: <kennyspeaks@gmail.com>

| I too am facing the same problem. Please help. I think its eating up
| my virtual memory space too when active. Please provide a solution.


Do what I asked to be done.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

On Nov 5, 4:24 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: <kennyspe...@gmail.com>
>
> | I too am facing the same problem. Please help. I think its eating up
> | my virtual memory space too when active. Please provide a solution.
>
> Do what I asked to be done.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

I am also facing this problem in my new lenovo pc.

please help..

From: "Net Guru" <kapilsaggi@gmail.com>

| On Nov 5, 4:24 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
| wrote:
>> From: <kennyspe...@gmail.com>

>> | I too am facing the same problem. Please help. I think its eating up
>> | my virtual memory space too when active. Please provide a solution.

>> Do what I asked to be done.

>> --
>> Davehttp://www.claymania.com/removal-trojan-adware.html
>> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

| I am also facing this problem in my new lenovo pc.

| please help..

This is the LAST time I will say this in this thread!

Do what I asked to be done.

Please submit a sample of THLkohPM.exe to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

David H. Lipman wrote:
[snip]

> This is the LAST time I will say this in this thread!
>
> Do what I asked to be done.


Just one more time please. :) :)

David,
I do not know the virus is contained in which particular file, else I
would have deleted that file. You need to understand that this website
is popping up out of nowhere, whenever I have an active net
connection, using my default web browser, IE, in this case, to open
itself. What is causing it to pop-up, I don't know. I can give you the
exact link that opens up on my PC. Its " http://www.garmagarmbatein.com/?id=532452
". Let me know if you need any other details. As for the
"THLkohPM.exe", I do not see it in my active processes when I open the
TASK MANAGER, so I don't know if this is hidden anywhere in my PC and
if it has anything to do with the virus. Hoping to hear from you soon.
Thank you !

From: <kennyspeaks@gmail.com>

| David,
| I do not know the virus is contained in which particular file, else I
| would have deleted that file. You need to understand that this website
| is popping up out of nowhere, whenever I have an active net
| connection, using my default web browser, IE, in this case, to open
| itself. What is causing it to pop-up, I don't know. I can give you the
| exact link that opens up on my PC. Its " http://www.garmagarmbatein.com/?id=532452
| ". Let me know if you need any other details. As for the
| "THLkohPM.exe", I do not see it in my active processes when I open the
| TASK MANAGER, so I don't know if this is hidden anywhere in my PC and
| if it has anything to do with the virus. Hoping to hear from you soon.
| Thank you !


Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Then post the contents of the HJT log in your post in one of the below expert forums...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

I know what your problem is: > connection, using my default web browser,
IE, in this case, to open

Switch to Firefox, for a start, then follow David's directions:

1) VirusTotal
2) HiJackThis

RB

On Sun, 9 Nov 2008 10:56:19 -0500, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "Net Guru" <kapilsaggi@gmail.com>
>
>| On Nov 5, 4:24 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
>| wrote:
>>> From: <kennyspe...@gmail.com>
>
>>> | I too am facing the same problem. Please help. I think its eating up
>>> | my virtual memory space too when active. Please provide a solution.
>
>>> Do what I asked to be done.
>
>>> --
>>> Davehttp://www.claymania.com/removal-trojan-adware.html
>>> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp
>
>| I am also facing this problem in my new lenovo pc.
>
>| please help..
>

Don't let 'em ramp up your blood pressure David. You probably didn't
notice that all three of them are Googlers.
----
Pete Gebel pfgebel(deletethis)@crisperiodcom
Have the best day possible - all things considered