Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×

VIRUS 555.in.th

ttl

By ttl
in IT and Computers

 Share

Recommended Posts

ttl Senior Member

ttl

Posted
Posted

This virus invades my Google Chrome at drop of a hat. Sick of deleting and reinstalling,which lasts only a few minutes

Any solution would be appreciated

Crossy Star Member

Crossy

Posted
Posted

Google is your friend, many results in Thai (obviously) here's a suggestion in English.

I've not tried the suggestion so no warranty implied or inferred.

Andre0720 Platinum Member

Andre0720

Posted
Posted

This is related to the BAIDU Faster program. Not an easy one to eradicate...

Must be deleted from the control panel, Programs and features, All Baidu Faster programs, as well as Hao 123 client.

After, you go into regedit, and "find" and delete all occurrences of Baidu and Hao, which will still be present..

http://www.fixyourbrowser.com/how-to/remove-baidu-pc-faster/

And after you will have done all of this, you will find that it will still be active.

In the fixyourbrowswer link, you will see that the properties of Internet Browsers must be modified. Resetting as per instructions, or if you right click on the browser icon, and look "Shortcut", and "Target", you will see that the Baidu address has been added at the end of the Target address.

"C:\Program Files\Internet Explorer\iexplore.exe"

This should be the normal address for Internet Explorer, but if you scroll to the end of that address, then you will see that the Baidu address has been added at the end of the string. Delete all of that add-on, and Click Apply and OK.

Turkleton Silver Member

Turkleton

Posted
Posted

Got this <deleted>**ing crap with "JDownloader2" install.

Hijacked all my three browsers.

Open Task manager and look for "nvi64.dll" or "webnavi".

Fortunately I could easily uninstall it via control panel --> programs...look for programs like "webnavi"

If you can't uninstall:

Run "autoruns" and check for something like this

.webnavi File not found: C:\Users\username\AppData\Roaming\webnavi\nvi64.dll

Uncheck all entries, reboot in Safe mode (press F8 during initial boot)

Delete the folder C:\Users\your_username\AppData\Roaming\webnavi

Hope the best.

chingching Advanced Member

chingching

Posted
Posted

AdwCleaner worked well for me. The last time I tried MalwareBytes, it was as annoying as the malware. Constant notices to upgrade or to run a scan. Another good program to have is ERUNT. to restore your registry.

arjunadawn Gold Member

arjunadawn

Posted
Posted

Follow my instructions exactly:

Restart your computer and as soon as it begins to restart press F8 over and over every sec. It may beep. Disregard. You will be given options. Start PC in SafeMode with Networking.

When started everything will appear different. No video driver installed.

If you wish to retain programs, browser, etc, you can try next without uninstalling. Note: at times uninstall wouldn't work in safe mode, but many programs have own installer.

Open browser. No addons should load. Ideally. Search trend microcell in house call. Download and run. This has it's own installer.

Download and run Malwarebytes free. Run both. Delete infected. Restart in regular. Do again!

Update all antivirus and run Malwarebytes every few days.

Never install anything express. Always choose custom and see what wants to load. Download and install zone alarm free firewall. Windows has ok firewall but bad at stopping things from calling out. When your comfortable your PC is licked down again, change passwords on all sites

PM if you've any questions

olddutch Rookie Member

olddutch

Posted
Posted

Like Andre said ADW cleaner is great for cleaning your browsers and specially if it came from Baidu.You should run it every week.

And if you install a program.Install it manual and not automatic.So you can see what is coming with this program.Like ask baidu and many other "programs" you don't want

arjunadawn Gold Member

arjunadawn

Posted
Posted

Actually, you've got some rally good advice here. I use free Ccleaner and Glary Utilities- near daily! I also use Kaspersky internet security, Malwarebytes for weekly scrubs, etc. I clean my browsers out at close! I do some dodgy things from torrents to ... Well, you get it. I remain clean. I follow the instructions I gave you when I suspect infection. Immediately shut it down so it can't cause further harm to call home. Safe mode often prevents bad stuff from self defense while you clean.

DLP Advanced Member

DLP

Posted
Posted

I had same problem yesterday. go to control panel, then uninstall programs. Click on 555, then click on uninstall.

This worked for me

  • Like 1
Paphi1234 Rookie Member

Paphi1234

Posted
Posted

Hi, regarding the 555 virus.

This is what I did

1 download Rkiller.exe

2 run Rkiller; this will reset all your exe; bak. batch etc. files to default settings. Note: the virus controls these settings and it automatically changes your default wag browsers hence in my case it changes google to the 555.inf.thai and no matter how I used my adware and malware they did mnot work until I used RKILLER.

Rkiller does not remove it it just stops it from infecting the exe files of your current default engine browser.

3 I use malware bytes and spybot both are very powerful anti ad and mal ware programs. if you have them update the versions please. if not download them they are freeware.

4 now go into safe mode with networking, pressing F8 at start-up.

5 re run Rkiller and read the log it produces. it should tell you that you are now free to run your adware and malware programs - do that now. you can run them both at the same time if you wish they look for different things.

6 once they have finished, read their logs and do what they tell you i.e. put any infected findings into quarantine.

Note:

if you are using a program like reg mechanic, run this now. it will clean up your registry; if you don't have it down load it on trial.

Now go into your network setting and select your permanent browser again this should reset to (in my case google.com) Google chrome has different setting for itself.

when you restart your computer the default should kick back in.

I have in the past used spy hunter, it is a great virus checker very powerful and can be dangerous if you don't know how to set it up. It can be very hard to uninstall it.

if you run malware bytes and spybot on a regular basis they will keep your machine clean and of course be careful where you search and what you look to download.

arjunadawn Gold Member

arjunadawn

Posted
Posted

Hi, regarding the 555 virus.

This is what I did

1 download Rkiller.exe

2 run Rkiller; this will reset all your exe; bak. batch etc. files to default settings. Note: the virus controls these settings and it automatically changes your default wag browsers hence in my case it changes google to the 555.inf.thai and no matter how I used my adware and malware they did mnot work until I used RKILLER.

Rkiller does not remove it it just stops it from infecting the exe files of your current default engine browser.

3 I use malware bytes and spybot both are very powerful anti ad and mal ware programs. if you have them update the versions please. if not download them they are freeware.

4 now go into safe mode with networking, pressing F8 at start-up.

5 re run Rkiller and read the log it produces. it should tell you that you are now free to run your adware and malware programs - do that now. you can run them both at the same time if you wish they look for different things.

6 once they have finished, read their logs and do what they tell you i.e. put any infected findings into quarantine.

Note:

if you are using a program like reg mechanic, run this now. it will clean up your registry; if you don't have it down load it on trial.

Now go into your network setting and select your permanent browser again this should reset to (in my case google.com) Google chrome has different setting for itself.

when you restart your computer the default should kick back in.

I have in the past used spy hunter, it is a great virus checker very powerful and can be dangerous if you don't know how to set it up. It can be very hard to uninstall it.

if you run malware bytes and spybot on a regular basis they will keep your machine clean and of course be careful where you search and what you look to download.

Thanks. So you run first killer in full PC mode then safe mode second time? Ok

I rarely recommend uninstall while on PC mode. At times you've no choice due to installer. The reason is the self defense kernels often rebuild from a locked file on restart. So, let's say you run killer, uninstall, etc, in safe mode, then reboot. Like the poster says you've still a little bit of work.

If you know the folders or file name in c:/programs or programs (x86) or Appdata, or Common Files, or user- or local, or low, or roaming- then delete the remaining folders and if they won't deleted download and run Dekete on a Reboot. Are we done? Not for me.

I'll now share what I do next but caution you. If you are not comfortable in registry don't do it! I open run regedit, and open the Software and/or Wow64 folder on each left side option. Look for the title or the product you've deleted and remove- and delete its entry here. A good example is the trialware Norton SymAntic nonsense, no matter how much you uninstall it it reappears. Why? The problem is contained in a registry entry. Find it, delete it. Then run a registry cleaner of PC. This ensures it's not packaged itself elsewhere, somewhat.

Note: always make a restore point before you mess around. There's a few smart people here, PM someone if you have questions, before you mess up. Pretty good offer- free PC help. I'm free snyway

Paphi1234 Rookie Member

Paphi1234

Posted
Posted (edited)

Thanks for the reply.

My post was sent in to inform the reader with the problem of "how I handled the same infection". There are equally any number of solutions as testimony to the number of ways poste by the persons reading the same post on the same problem.

I decided not to talk about redgedit for the reasons you state; if you are not familiar with the processes then don't go into the registry.

I found your information informative and it will help me in future.

Regards

Edited by Paphi1234
stoli Gold Member

stoli

Posted
Posted

Not 100% sure that this is your problem, but I had Baidu, a Chinese program, infect my computer and Windows un-install would only remove about 35% of it. I went online and found a program called "Revo Uninstaller Program". It found numerous Baidu files that Windows could not find and remove. Follow their advice closely, and you can uninstall all of the Baidu files from your computer. Some people like Baidu, but they apparently have not found the problems that they will soon have. Never trust your computer to a free program built by the Chinese. They are far worse than the NSA in the states, which is very intrusive. Why not just give Baidu all of you credit card numbers and passwords now, because they can get them whenever they want. They got mine while I was in China. Trust me on this one. They are very good at what they want to do.

Paphi1234 Rookie Member

Paphi1234

Posted
Posted

Not 100% sure that this is your problem, but I had Baidu, a Chinese program, infect my computer and Windows un-install would only remove about 35% of it. I went online and found a program called "Revo Uninstaller Program". It found numerous Baidu files that Windows could not find and remove. Follow their advice closely, and you can uninstall all of the Baidu files from your computer. Some people like Baidu, but they apparently have not found the problems that they will soon have. Never trust your computer to a free program built by the Chinese. They are far worse than the NSA in the states, which is very intrusive. Why not just give Baidu all of you credit card numbers and passwords now, because they can get them whenever they want. They got mine while I was in China. Trust me on this one. They are very good at what they want to do.

Hello there,

I Do use Revo uninstaller generally, it is extremely good at finding leftover and residual information in regards to old and previously uninstalled programs.

I have seen this Baidu pop up on adds suggesting that "one should install its program",

I am and have always been very cautious of unfounded programs and most certainly any that do not have an authentic digital signature. That is why in my post on 555.inf.thai virus, I mention malware bytes and search and destroy spybot. they are proven and very well respected in the antimalware/adware world.

Other persons mention their anti malware products but I don't move from those 2.

An other product that I do use is MS Autoruns, it lets me know about everything that is starting up on my comp at start-up. Being in control of programs that don't need to automatically start up when a logon to my computer helps me keep my comp running faster. a computer that is running slow is not always the victim of adware and malware attack

Auto strat up of prgrams that don't need to be running on your computer can amongst other things impact on the compute's operating speed MS Autoruns helps with that.

regards

Paphi1234 Rookie Member

Paphi1234

Posted
Posted

Not 100% sure that this is your problem, but I had Baidu, a Chinese program, infect my computer and Windows un-install would only remove about 35% of it. I went online and found a program called "Revo Uninstaller Program". It found numerous Baidu files that Windows could not find and remove. Follow their advice closely, and you can uninstall all of the Baidu files from your computer. Some people like Baidu, but they apparently have not found the problems that they will soon have. Never trust your computer to a free program built by the Chinese. They are far worse than the NSA in the states, which is very intrusive. Why not just give Baidu all of you credit card numbers and passwords now, because they can get them whenever they want. They got mine while I was in China. Trust me on this one. They are very good at what they want to do.

Hello there,

I Do use Revo uninstaller generally, it is extremely good at finding leftover and residual information in regards to old and previously uninstalled programs.

I have seen this Baidu pop up on adds suggesting that "one should install its program",

I am and have always been very cautious of unfounded programs and most certainly any that do not have an authentic digital signature. That is why in my post on 555.inf.thai virus, I mention malware bytes and search and destroy spybot. they are proven and very well respected in the antimalware/adware world.

Other persons mention their anti malware products but I don't move from those 2.

An other product that I do use is MS Autoruns, it lets me know about everything that is starting up on my comp at start-up. Being in control of programs that don't need to automatically start up when a logon to my computer helps me keep my comp running faster. a computer that is running slow is not always the victim of adware and malware attack

Auto strat up of prgrams that don't need to be running on your computer can amongst other things impact on the compute's operating speed MS Autoruns helps with that.

regards

Paphi1234 Rookie Member

Paphi1234

Posted
Posted

Not 100% sure that this is your problem, but I had Baidu, a Chinese program, infect my computer and Windows un-install would only remove about 35% of it. I went online and found a program called "Revo Uninstaller Program". It found numerous Baidu files that Windows could not find and remove. Follow their advice closely, and you can uninstall all of the Baidu files from your computer. Some people like Baidu, but they apparently have not found the problems that they will soon have. Never trust your computer to a free program built by the Chinese. They are far worse than the NSA in the states, which is very intrusive. Why not just give Baidu all of you credit card numbers and passwords now, because they can get them whenever they want. They got mine while I was in China. Trust me on this one. They are very good at what they want to do.

One other thought on MS Autoruns, if you know of it then you might be interested in this link. if you don't know of it and would like to read on some learning material; then you could do far worse than reading this--- good luck on you learning

http://ask-leo.com/how_do_i_determine_what_i_absolutely_need_to_load_at_startup.html

http://askleo.com/how-do-i-keep-a-program-from-loading-at-startup/

Regards http://ask-leo.com/how_do_i_determine_what_i_absolutely_need_to_load_at_startup.html

http://askleo.com/how-do-i-keep-a-program-from-loading-at-startup/

  • 1 month later...
Scott Star Member

Scott

Posted
Posted

Thanks for posting in this thread. In the past couple of months I've managed to get both the 555 and baidu. This is a great reference.

JSixpack Ruby Member

JSixpack

Posted
Posted (edited)

The last time I tried MalwareBytes, it was as annoying as the malware. Constant notices to upgrade or to run a scan.

No, you can run the freeware Malwarebytes manually whenever you want to use it. You don't have to leave it running in the background. It does give a notice to update the antivirus database and on rare occasions the program itself.

Edited by JSixpack
JSixpack Ruby Member

JSixpack

Posted
Posted

The last time I tried MalwareBytes, it was as annoying as the malware. Constant notices to upgrade or to run a scan.

No, you can run the freeware Malwarebytes manually whenever you want to use it. You don't have to leave it running in the background. It does give a notice to update the antivirus database and on rare occasions the program itself.

And there's this: http://lifehacker.com/10-malware-removal-apps-tested-malwarebytes-comes-out-1614046598

lostinisaan Platinum Member

lostinisaan

Posted
Posted

Try Super Anti Spy Pro..and you'll be surprised how much crap, you've got on your machine. Then also run UnInstaller Pro and get rid off all files you don't need, but programs left.

No more 5555 on your computer and more 5555 for you.

  • 3 weeks later...
Deacon Bell Silver Member

Deacon Bell

Posted
Posted

I had same problem yesterday. go to control panel, then uninstall programs. Click on 555, then click on uninstall.

This worked for me

I just got this right knut of a thing.

I just did this. Can't believe it was so easy.

Now however time for a deepscan with all my cleaners.

  • 1 month later...
lostinisaan Platinum Member

lostinisaan

Posted
Posted

Thanks for posting in this thread. In the past couple of months I've managed to get both the 555 and baidu. This is a great reference.

Hi Scott. Just had enough of that bs and found the right way to get rid off it. Please go to: http://www.fixyourbrowser.com/removal-instructions/remove-555-th-hijacker-virus-removal-guide/

Scroll down to step 2. Click on download junk ware removal tool. You'll download the "JRT" program. Run it and your problem with the 555 is gone.

When reading all the threads, it would be a waste of time to follow some peoples' advice. Tried to attach this file, but no permission doing so.

Best of luck and please post your experience, if positive, or negative.

P.S. It's neither a virus, nor does it install any other unwanted programs.

Chicog Star Member

Chicog

Posted
Posted

Thanks for posting in this thread. In the past couple of months I've managed to get both the 555 and baidu. This is a great reference.

Hi Scott. Just had enough of that bs and found the right way to get rid off it. Please go to: http://www.fixyourbrowser.com/removal-instructions/remove-555-th-hijacker-virus-removal-guide/

Scroll down to step 2. Click on download junk ware removal tool. You'll download the "JRT" program. Run it and your problem with the 555 is gone.

When reading all the threads, it would be a waste of time to follow some peoples' advice. Tried to attach this file, but no permission doing so.

Best of luck and please post your experience, if positive, or negative.

P.S. It's neither a virus, nor does it install any other unwanted programs.

It installs a Windows Service that repeatedly hijacks the browser and other start menu links.

How much more unwanted do you want?!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...