[Attention] Getting rid of the recent homepage virus

[maclone]

As you may know, MMOwned was hit by a recent attack.
If you visited the homepage (http://mmowned.com/) in the past days, you may have been infected with a virus.

How-to check for and/or remove the virus:

It's preferred that this is all done while your internet is shut off.
(Remove network cable or disable the connection in Control Panel.)

1. Open RegEdit (Press [Win]+[R] to get the 'Run...' dialog, write "regedit.exe" and press enter.)
2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\.
3. Find the key that really doesn't belong there.
   Like the same exe name as the one you got infected with. Make note of the path, as you'll need to go there and delete the file.
   - It's likely to be in
   XP: C:\Documents and Settings\<Your UserName>\ ??? \System32\<ExeName>
   Vista/Win7: C:\Users\<Your UserName>\ ??? \System32\<ExeName>
4. Delete the registry key and the EXE (you may need to end its task with taskmanager first.)
5. Next, open msconfig ('Run...' dialog, -> "msconfig")
   Click on the 'Startup' tab and disable the 2 startup entries. (Delete them if you know how.)

You should be free now.

[Dombo]

I wasn't infected, thanks for the tutorial though. (I also checked in HKEY_LOCAL_MACHINE, just to be sure)

[Allstar .ιllιlı.]

Nothing suspicious here.

[Opirity]

nothing here too

[Danne206]

I don't really find anything suspicious expect for a hidden temp folder ("6EF59C2EE3554AA8B18A3E19A7B8EDE9.TMP"). It was empty tho.
When I got redirected, I got the "nothing found" message - was that just for fooling purposes or didn't it find anything?

[Ravenheart]

Nothing here, but thanks for the tut

[Sychotix]

I pressed cancel I believe and its not there. Firefox ftw? (or maybe it was Bitdefender)

[Hewit]

It was firefox

[-Ryuk-]

Using chrome, and wasnt infected.

Thanks anyway

[Sm00gel]

Uhh what was the virus exe name?

I had a exe called svhost.exe and v3.exe in the folder you said.

I havent been on MMOwned for a few weeks though:O

[Dombo]

I had a exe called svhost.exe and v3.exe in the folder you said.

If you meant "svchost.exe" then there's no worry. Though v3.exe sounds very supsicious.

[Sm00gel]

If you meant "svchost.exe" then there's no worry. Though v3.exe sounds very supsicious.

I thought that. A few days/ a week ago I looked into the v3.exe quickly. It was causing outbound connections. I just assumed it was something to do with windows 7 as I just upgraded. It should be gone now though. deleted the files, and the registry.
Them 2 files I said also don't have an icon. They also keep getting recreated every day (at least, I think. But they do update) and it says both of them files where created at the same time. :O
And it was svhost, not svchost

Edit: The 2 files I said are also having connections from the startup folder.

[Confidence]

Thanks, however I was also unaffected.

[chance96283]

I haven't found anything on my computer, thanks for telling us though, Im sure some people might have been infected and needed this tutorial. /Bows to maclone

[[LT]]

Thanks for letting us know about the attack but seems I was unaffected.