Page 1 of 1

Merlin.

Posted: Mon Aug 16, 2010 7:45 pm
by Zyn
I believe my computer has caught...something. I was IMing a friend of mine when a link popped up that said "Who took this pic of you : linklinklinklink". I was not suspicious, as she had asked before with links to myspaces or facebooks or whatever. It should have thrown me off that the link was unrecognized, and I cannot recall it now. I will search my archives and pray it wasn't deleted.
Anyway, the next day, at random times, my Yahoo would send everyone on my friends list "Have you seen this pic: linklinklinklink." Annoyed and confused, I delved into the program files of Yahoo! Messenger. I found a file called "merlin.log" that updated each time one of these spams were sent out. I deleted it, and "searched" for all files titled "Merlin" and deleted all of them. The problem persisted. I deleted and reinstalled my yahoo, and nothing. Just shortly, I got frustrated and told my computer to bring up all files created on August 14th (the day I clicked the link) and deleted everything I didn't recognize that was created around 11PM.
Scans have turned up nothing, and I'm currently waiting to see what happens, and I'll inform you whether or not this works. Mainly, I'm hoping one of the more tech-savvy individuals here can tell me what the hell this thing was/is and, if the problem persists, how to remove it.

Anyone had this trouble?

Posted: Mon Aug 16, 2010 8:01 pm
by Azgarth
try a full removal of yahoo messenger, followed by a ccleaner run for starters.

could you post a hijackthis log?
what virus scanner you use? ran a full system scan yet?

Posted: Mon Aug 16, 2010 8:07 pm
by Zyn
Tried the full removal-scan already. It caught nothing.

Hijackthis...?

And three scans, Norton, Malwarebyte, and Spybot-S&D. Nothing all three times. All of these before I started deleting things, so it had to be there.

Mayhaps it be something from a website? Would clearing cookies, temp files, ect. help?

Posted: Mon Aug 16, 2010 8:31 pm
by Azgarth
you use norton? if anything before 2010... ewww.

doubt it would help, not if it's that ingrained.
can you upload a merlin.log? or paste on pastebin?
the exact message you get/send would help too.

Posted: Mon Aug 16, 2010 9:13 pm
by Zyn
http://pastebin.com/67TiDdUD

Merlin Log that just happened. Deleting fest did nothing...

Also, the messages that are sent don't save in my message archive for some reason. Odd.

The Norton was free for a year, so I decided to go with it.

Posted: Mon Aug 16, 2010 9:38 pm
by Azgarth
that's some bleeding weird stuff man.
not sure from where i'm standing.
and a hijackthis log?

Posted: Mon Aug 16, 2010 9:39 pm
by Zyn
Zynathias Bornhold: is this you? h t t p : / / f a c e b o o k h i t . c o m / p h o t o s . p h p

This is the exact message. And I talked to a friend from out of state, apparently a lot of people have been getting this. One teacher recommends just back-up important shit and fragging your hard drive. Not liking that plan too much....

Also, I'll try the program.

EDIT:
http://pastebin.com/3fpTZp8g

My report.

Azedit:
to the few clueless, do NOT go to the above link, those spaces are inserted for a reason.

Posted: Mon Aug 16, 2010 10:27 pm
by Azgarth
... and it links to an exe.
you don't watch what extension the file you're running has?

anyway, from what i read, malwarebytes SHOULD pick up on it after a full scan.

it's said to infect the java updater, so remove java as well.

i'm gonna edit your post to disable the link, don't want to inadvertently infect others.

edit:
i see you've norton 360 3.x, be aware that it's about half as useful as a towel and telling yourself "do not panic".
believe it or not, the best antivirus app around right now is made by microsoft, and actually free. i'd recommend getting microsoft security essentials.
if you're wary of microsoft, try something like avira.

Posted: Mon Aug 16, 2010 11:20 pm
by Zyn
Yea, didn't think it through too well, admitted.

I'll get the microsoft one, though malware caught nothing =/.

Following instructions, update coming as soon as I see whether it worked or not.

EDIT: After learning what terrible things microsoft and spybot would do to each other, my friend here recommended Exterminate It! It found several trojans, and, after a quick google search of the names of the trojans, I found my culprit. Sadly, EI! is pay-for only, so I had to google "manually removing trojans". I found the trojans start-up procedures and disabled them. I'll let Spybot complete his search, then restart the computer and hunt down any remaining traces of "jusched.exe."

This has been too much fun.

Posted: Sat Sep 11, 2010 4:42 am
by Azgarth
wait what?

the hell's you talking about?

Posted: Sat Sep 11, 2010 5:55 am
by Ashreal
there is a link on the bottom of its post in black. BOT BOT BOT BOT BOT........................motor bot

Posted: Sat Sep 11, 2010 10:33 am
by Azgarth
ahh, spotted. didn't think to highlight the post.
it's gone now.

Posted: Thu Nov 04, 2010 3:33 pm
by daemon
Don't click random links.

Posted: Thu Nov 04, 2010 4:12 pm
by Voly
Don't try to sell jewelery in my house, is my response.

Posted: Sun Nov 14, 2010 7:26 am
by Voly
Voly wrote:Don't try to sell jewelery in my house, is my response.

Posted: Sun Nov 14, 2010 12:16 pm
by Azgarth
can't remove just sigs, so both posts removed.

Posted: Sun Nov 14, 2010 2:23 pm
by dickwad
i keep thinking this topic is about the crappy tv show.