How to remove martfinder.com worm??

Brian Lee · Post by **Brian Lee** » Sun Jun 20, 2004 10:03 am

My roomate recently got a worm on his system that changes his startpage to martfinder.com and he can't seem to get rid of the bloody thing. He's got both Norton Anti-Virus and AdAware 6.0 but neither are effective at removing the reg. file completely. After every re-boot, it just comes back.

I did a quick search and it turns out that many of the programs that are supposed to help you remove this particular worm, are in fact just worms themselves and don't do anything but make the situation worse.

You guys wouldn't have any leads to free removal tools that are legit would ya? We're on a small office network here at the house and I'm not sure if I should be worried about it trying to infest my machine through the network or not. Either way, he's desperate to find a way to get it off his machine.

Thanks.

raindog1970 · Post by **raindog1970** » Sun Jun 20, 2004 10:21 am

HijackThis
http://www.spywareinfo.com/~merijn/downloads.html

Brian Lee · Post by **Brian Lee** » Sun Jun 20, 2004 12:01 pm

Thanks Gary - I *think* we got it solved. Good man!

Brian Lee · Post by **Brian Lee** » Wed Jun 23, 2004 6:49 pm

Hey Gary, it turns out we didn't nuke the bugger after all. But we did manage to get rid of some functionality when using the web.

Any other suggestions? Are there any programs anyone's aware of that target this worm specifically?

Bri~

vomitbunny · Post by **vomitbunny** » Wed Jun 23, 2004 7:30 pm

Find a computer geek forum and post the problem. Someone there most likely will ask you to run Highjackthis and post the results. In fact here is an example of people doing so. http://www.lavasoftsupport.com/index.ph ... opic=26193

Have you tried spybot search and destroy?

Btw, we made the switch from Norton and McAfee last year to AVG, and have no regrets. It has kept us clean.

vomitbunny · Post by **vomitbunny** » Wed Jun 23, 2004 7:38 pm

Oh, and I've been hearing more and more about CWShredder to remove those nasties. Funny, I think I had a program called that years ago. Years befor worms came out in fact.

Ps, I just read that CWShredder will remove it. YOu can read about it and download it from here. http://www.spywareinfo.com/articles/cws/

Brian Lee · Post by **Brian Lee** » Thu Jun 24, 2004 8:25 am

OK, tried the CW Shredder, and nothing. Still get the same re-direct on the home page and some very distasteful sites being added to the favorites list.

May look for Spybot - though isn't that one you have to pay for?

B~

glauber · Post by **glauber** » Thu Jun 24, 2004 8:40 am

This is no real help, but i just read something similar today
http://www.securityfocus.com/columnists/250

Damn these things. We start getting on top of viruses and now these spyware trojans are being just as damaging.

If it were me, i'd go into the discussion forum for HijaackThis, and see if someone there can help.

glauber · Post by **glauber** » Thu Jun 24, 2004 8:48 am

Do a Google search for martfinder.com. There are several Web sites dealing with this problem. Use with caution.

vomitbunny · Post by **vomitbunny** » Thu Jun 24, 2004 10:05 am

It looks like you have a variant that evolved past cwshredder, at least for now. Did you unplug your connection to the web befor you ran it? That was one of the problems we had with a worm a couple of years ago. As files were being removed, the worm was downloading new crap to take it's place. We had the worm (or is it a trojan) that kept redirecting us to lop.com.