FieryAds virus/worm

hxxp://metallicair.ru/liba/eBook-13-47.html

hxxp://metallicair.ru/getbook.php?id=0JHQu9Cw0LbQtdC90L3RiyDQvNC10YDRgtCy0YvQtQ==

After installing software from this site i do not got any electronic book, but worm spyware install into my system and shows me a screen, that not giving me to work normally and abuse to pay money. It is a terror program. And you host it. Please take attention. Thanks.

the providers gives ticket to the customers for 24h response. But the program FieryAds seems to be a word/virus. You can find it in a search engines. I am using avast home, the latest version of it, 091130-0, but it not react. Please take attention. Thanks for your good job, for my #1 free antivirus for home use!


Welcome to the forums, v_sh. :slight_smile:

Hopefully, someone can give you more information soon.


v_sh, please make the links not clickable by making them like hxxp:// to prevent users from getting an infection.

Note: the site is infected and blocked by Malwarebytes’ Anti-Malware (MBAM) IP protection as IP-BLOCK 89.149.195.131

I put the local time to 2011 year and delete from uninstall that malware/worm, because it says that 3 months didn’t expired and refuse to uninstall. But today that thing shows me sexual content, to buy sexual goods and other. The program was yesterday successfully deleted sayed. But it is in a system stays anyway. I delete it because i do not recieve any electronics books, that i should, as i agreed to watch the spam for that book it’s okay, but i do not recieve any and they, in license agreement state that we have no responibility for…, so and i have no responsibility for giving to normally function for that program FieryAds and decided to delete it. It uninstalls normally, it says, but the spam is anyway now here. So, this is totally spamware/malware and any agreement seems to be provocation.

May help to run mbam (Malwarebytes’ Anti-Malware) and / or SAS (SuperAntiSpyware)

http://www.filehippo.com/download_malwarebytes_anti_malware/

http://www.filehippo.com/download_superantispyware/

See what turns up.
Make sure to take action on checked files at the finish of scans.

Also new release Trend Micro RootkitBuster. Perhaps not what is required, but utility is freeware so nothing to lose giving it a run as well. See how it goes.

http://fileforum.betanews.com/detail/Trend-Micro-RootkitBuster/1166741328/1

Thank you guys, mkis, YoKenny, CharleyO! I beat it - i have to delete it from win registry, regedit search CMedia (as some audiocards, dont’ delete it, i have realtek, so any CMedia is not a sound card files in my system) and delete any entrances of CMedia. After that i deleted all files in Documents and settings\User named Cmedia, Fieryads, in Documents and settings\User\Application Data folder Fieryads and it’s content or CMedia and it’s content. Some files can be deleted after system reboot, after deleting in windows registry any links to that adware. I found that adware is already known to other antiviruses and also long time ago and i have no idea why avast did not take any action. The origin shows German and Russia, it is true. Well, website i encountered is hosted in Germany, abuse team take action very fast, thanks to them, and the site didn’t open now. The text in the spam window is on russian language and for russian auditory, so probably it was made in Russia. :slight_smile:

well done v_sh :slight_smile:

The website w#w.metallicair.ru is online again and have malware content again.(((( Anybody knows how to correct that. I’m already hooked up and know about that site with malware,as you noticed too, but the other users can still be hooked as i am?

Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks. e.g. wXw.metallicair.ru

I would have thought after the other requests to do this to prevent accidental exposure you would have complied with these reasonable requests.

@v_sh

The site is still infected!

Please read:
Every 3.6 seconds a website is infected
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414

You will have to contact the site Webmaster if you are not in controll of that site and have them review this topic.

This site is not infected, it is designed with virus, so webmaster also take part in action. Also i search google, reports to that site is ran from the start of that year from different users, that the site has malware. No action there taken, it is works thru today days. And also yesterday i fill google form of report of malvare site, today i find with google it again and there no mention that site is infected.(((

I read the article, thanks to you, it is new for me and now i be aware of such things too.

“Domain blocked”. The problem now seems to be solved)))